2016-08-25 00:14:36 +02:00
|
|
|
package fusefrontend_reverse
|
|
|
|
|
|
|
|
import (
|
2016-09-02 23:45:52 +02:00
|
|
|
"bytes"
|
2016-09-29 21:29:45 +02:00
|
|
|
"encoding/binary"
|
2016-08-30 00:23:55 +02:00
|
|
|
"fmt"
|
|
|
|
"io"
|
2016-08-25 00:14:36 +02:00
|
|
|
"os"
|
|
|
|
|
|
|
|
"github.com/hanwen/go-fuse/fuse"
|
|
|
|
"github.com/hanwen/go-fuse/fuse/nodefs"
|
|
|
|
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/contentenc"
|
2016-08-30 00:23:55 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
2016-08-25 00:14:36 +02:00
|
|
|
)
|
|
|
|
|
2016-08-30 00:23:55 +02:00
|
|
|
type reverseFile struct {
|
|
|
|
// Embed nodefs.defaultFile for a ENOSYS implementation of all methods
|
|
|
|
nodefs.File
|
|
|
|
// Backing FD
|
2016-08-25 00:14:36 +02:00
|
|
|
fd *os.File
|
2016-09-25 11:20:10 +02:00
|
|
|
// File header (contains the IV)
|
|
|
|
header contentenc.FileHeader
|
2016-09-29 21:29:45 +02:00
|
|
|
// IV for block 0
|
|
|
|
block0IV []byte
|
2016-08-25 00:14:36 +02:00
|
|
|
// Content encryption helper
|
|
|
|
contentEnc *contentenc.ContentEnc
|
|
|
|
}
|
|
|
|
|
2016-09-25 11:20:10 +02:00
|
|
|
func (rfs *reverseFS) NewFile(relPath string, flags uint32) (nodefs.File, fuse.Status) {
|
|
|
|
absPath, err := rfs.abs(rfs.decryptPath(relPath))
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
fd, err := os.OpenFile(absPath, int(flags), 0666)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2016-09-29 21:29:45 +02:00
|
|
|
id := derivePathIV(relPath, ivPurposeFileID)
|
2016-09-25 19:01:50 +02:00
|
|
|
header := contentenc.FileHeader{
|
|
|
|
Version: contentenc.CurrentVersion,
|
2016-10-02 06:14:18 +02:00
|
|
|
ID: id,
|
2016-09-25 19:01:50 +02:00
|
|
|
}
|
2016-08-30 00:23:55 +02:00
|
|
|
return &reverseFile{
|
|
|
|
File: nodefs.NewDefaultFile(),
|
2016-08-25 00:14:36 +02:00
|
|
|
fd: fd,
|
2016-09-25 19:01:50 +02:00
|
|
|
header: header,
|
2016-09-29 21:29:45 +02:00
|
|
|
block0IV: derivePathIV(relPath, ivPurposeBlock0IV),
|
2016-09-25 11:20:10 +02:00
|
|
|
contentEnc: rfs.contentEnc,
|
2016-08-25 00:14:36 +02:00
|
|
|
}, fuse.OK
|
|
|
|
}
|
2016-08-30 00:23:55 +02:00
|
|
|
|
|
|
|
// GetAttr - FUSE call
|
|
|
|
func (rf *reverseFile) GetAttr(*fuse.Attr) fuse.Status {
|
|
|
|
fmt.Printf("reverseFile.GetAttr fd=%d\n", rf.fd.Fd())
|
|
|
|
return fuse.ENOSYS
|
|
|
|
}
|
|
|
|
|
2016-09-29 21:29:45 +02:00
|
|
|
// encryptBlocks - encrypt "plaintext" into a number of ciphertext blocks.
|
|
|
|
// "plaintext" must already be block-aligned.
|
2016-10-02 06:14:18 +02:00
|
|
|
func (rf *reverseFile) encryptBlocks(plaintext []byte, firstBlockNo uint64, fileID []byte, block0IV []byte) []byte {
|
2016-09-29 21:29:45 +02:00
|
|
|
nonce := make([]byte, len(block0IV))
|
|
|
|
copy(nonce, block0IV)
|
|
|
|
block0IVlow := binary.BigEndian.Uint64(block0IV[8:])
|
|
|
|
nonceLow := nonce[8:]
|
|
|
|
|
|
|
|
inBuf := bytes.NewBuffer(plaintext)
|
|
|
|
var outBuf bytes.Buffer
|
|
|
|
bs := int(rf.contentEnc.PlainBS())
|
|
|
|
for blockNo := firstBlockNo; inBuf.Len() > 0; blockNo++ {
|
|
|
|
binary.BigEndian.PutUint64(nonceLow, block0IVlow+blockNo)
|
|
|
|
inBlock := inBuf.Next(bs)
|
2016-10-02 06:14:18 +02:00
|
|
|
outBlock := rf.contentEnc.EncryptBlockNonce(inBlock, blockNo, fileID, nonce)
|
2016-09-29 21:29:45 +02:00
|
|
|
outBuf.Write(outBlock)
|
|
|
|
}
|
|
|
|
return outBuf.Bytes()
|
|
|
|
}
|
|
|
|
|
2016-09-20 16:26:23 +02:00
|
|
|
// readBackingFile: read from the backing plaintext file, encrypt it, return the
|
2016-09-02 23:45:52 +02:00
|
|
|
// ciphertext.
|
|
|
|
// "off" ... ciphertext offset (must be >= HEADER_LEN)
|
|
|
|
// "length" ... ciphertext length
|
2016-09-20 16:26:23 +02:00
|
|
|
func (rf *reverseFile) readBackingFile(off uint64, length uint64) (out []byte, err error) {
|
2016-09-02 23:45:52 +02:00
|
|
|
blocks := rf.contentEnc.ExplodeCipherRange(off, length)
|
2016-08-30 00:23:55 +02:00
|
|
|
|
|
|
|
// Read the backing plaintext in one go
|
|
|
|
alignedOffset, alignedLength := contentenc.JointPlaintextRange(blocks)
|
|
|
|
plaintext := make([]byte, int(alignedLength))
|
|
|
|
n, err := rf.fd.ReadAt(plaintext, int64(alignedOffset))
|
|
|
|
if err != nil && err != io.EOF {
|
2016-09-20 17:21:29 +02:00
|
|
|
tlog.Warn.Printf("readBackingFile: ReadAt: %s", err.Error())
|
2016-09-02 23:45:52 +02:00
|
|
|
return nil, err
|
2016-08-30 00:23:55 +02:00
|
|
|
}
|
|
|
|
// Truncate buffer down to actually read bytes
|
|
|
|
plaintext = plaintext[0:n]
|
|
|
|
|
|
|
|
// Encrypt blocks
|
2016-10-02 06:14:18 +02:00
|
|
|
ciphertext := rf.encryptBlocks(plaintext, blocks[0].BlockNo, rf.header.ID, rf.block0IV)
|
2016-08-30 00:23:55 +02:00
|
|
|
|
|
|
|
// Crop down to the relevant part
|
|
|
|
lenHave := len(ciphertext)
|
|
|
|
skip := blocks[0].Skip
|
|
|
|
endWant := int(skip + length)
|
|
|
|
if lenHave > endWant {
|
2016-09-02 23:45:52 +02:00
|
|
|
out = ciphertext[skip:endWant]
|
2016-08-30 00:23:55 +02:00
|
|
|
} else if lenHave > int(skip) {
|
2016-09-02 23:45:52 +02:00
|
|
|
out = ciphertext[skip:lenHave]
|
|
|
|
} // else: out stays empty, file was smaller than the requested offset
|
|
|
|
|
|
|
|
return out, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read - FUSE call
|
|
|
|
func (rf *reverseFile) Read(buf []byte, ioff int64) (resultData fuse.ReadResult, status fuse.Status) {
|
|
|
|
length := uint64(len(buf))
|
|
|
|
off := uint64(ioff)
|
|
|
|
var out bytes.Buffer
|
2016-09-20 16:26:23 +02:00
|
|
|
var header []byte
|
2016-09-02 23:45:52 +02:00
|
|
|
|
2016-09-20 16:26:23 +02:00
|
|
|
// Synthesize file header
|
2016-10-02 06:14:18 +02:00
|
|
|
if off < contentenc.HeaderLen {
|
2016-09-25 11:20:10 +02:00
|
|
|
header = rf.header.Pack()
|
2016-09-20 16:26:23 +02:00
|
|
|
// Truncate to requested part
|
|
|
|
end := int(off) + len(buf)
|
|
|
|
if end > len(header) {
|
|
|
|
end = len(header)
|
2016-09-02 23:45:52 +02:00
|
|
|
}
|
2016-09-20 16:26:23 +02:00
|
|
|
header = header[off:end]
|
|
|
|
// Write into output buffer and adjust offsets
|
|
|
|
out.Write(header)
|
|
|
|
hLen := uint64(len(header))
|
|
|
|
off += hLen
|
|
|
|
length -= hLen
|
2016-09-02 23:45:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Read actual file data
|
|
|
|
if length > 0 {
|
2016-09-20 16:26:23 +02:00
|
|
|
fileData, err := rf.readBackingFile(off, length)
|
2016-09-02 23:45:52 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
if len(fileData) == 0 {
|
|
|
|
// If we could not read any actual data, we also don't want to
|
|
|
|
// return the file header. An empty file stays empty in encrypted
|
|
|
|
// form.
|
|
|
|
return nil, fuse.OK
|
|
|
|
}
|
|
|
|
out.Write(fileData)
|
2016-08-30 00:23:55 +02:00
|
|
|
}
|
|
|
|
|
2016-09-02 23:45:52 +02:00
|
|
|
return fuse.ReadResultData(out.Bytes()), fuse.OK
|
2016-08-30 00:23:55 +02:00
|
|
|
}
|
2016-09-25 11:20:10 +02:00
|
|
|
|
|
|
|
// Release - FUSE call, close file
|
|
|
|
func (rf *reverseFile) Release() {
|
|
|
|
rf.fd.Close()
|
|
|
|
}
|