From 24554b11f773cd6c944b8be2f661962867897520 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 9 May 2020 19:11:06 +0200 Subject: [PATCH] gocryptfs-xray: integrate ctlsock path encryption/decryption Implementation seems to work ok, but is missing tests and documentation for now. I will only delete ctlsock-encrypt.bash when both are done. https://github.com/rfjakob/gocryptfs/issues/416 --- gocryptfs-xray/paths_ctlsock.go | 43 +++++++++++++++++++++++++++++++++ gocryptfs-xray/xray_main.go | 37 +++++++++++++++++++++++++--- 2 files changed, 76 insertions(+), 4 deletions(-) create mode 100644 gocryptfs-xray/paths_ctlsock.go diff --git a/gocryptfs-xray/paths_ctlsock.go b/gocryptfs-xray/paths_ctlsock.go new file mode 100644 index 0000000..3c69ec3 --- /dev/null +++ b/gocryptfs-xray/paths_ctlsock.go @@ -0,0 +1,43 @@ +package main + +import ( + "bufio" + "fmt" + "os" + + "github.com/rfjakob/gocryptfs/ctlsock" +) + +func decryptPaths(socketPath string) { + var req ctlsock.RequestStruct + transformPaths(socketPath, &req, &req.DecryptPath) +} + +func encryptPaths(socketPath string) { + var req ctlsock.RequestStruct + transformPaths(socketPath, &req, &req.EncryptPath) +} + +func transformPaths(socketPath string, req *ctlsock.RequestStruct, in *string) { + c, err := ctlsock.New(socketPath) + if err != nil { + fmt.Printf("fatal: %v\n", err) + os.Exit(1) + } + line := 0 + scanner := bufio.NewScanner(os.Stdin) + for scanner.Scan() { + line++ + *in = scanner.Text() + resp, err := c.Query(req) + if err != nil { + fmt.Fprintf(os.Stderr, "error at input line %d %q: %v\n", line, *in, err) + continue + } + if resp.WarnText != "" { + fmt.Fprintf(os.Stderr, "warning at input line %d %q: %v\n", line, *in, resp.WarnText) + } + fmt.Println(resp.Result) + } + os.Exit(0) +} diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index 34f695b..0777524 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -49,25 +49,54 @@ func usage() { " gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n") } +// sum counts the number of true values +func sum(x ...*bool) (s int) { + for _, v := range x { + if *v { + s++ + } + } + return s +} + func main() { - dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") - aessiv := flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") + var args struct { + dumpmasterkey *bool + decryptPaths *bool + encryptPaths *bool + aessiv *bool + } + args.dumpmasterkey = flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") + args.decryptPaths = flag.Bool("decrypt-paths", false, "Decrypt file paths using gocryptfs control socket") + args.encryptPaths = flag.Bool("encrypt-paths", false, "Encrypt file paths using gocryptfs control socket") + args.aessiv = flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") flag.Usage = usage flag.Parse() + s := sum(args.dumpmasterkey, args.decryptPaths, args.encryptPaths) + if s > 1 { + fmt.Printf("fatal: %d operations were requested\n", s) + os.Exit(1) + } if flag.NArg() != 1 { usage() os.Exit(1) } fn := flag.Arg(0) + if *args.decryptPaths { + decryptPaths(fn) + } + if *args.encryptPaths { + encryptPaths(fn) + } fd, err := os.Open(fn) if err != nil { errExit(err) } defer fd.Close() - if *dumpmasterkey { + if *args.dumpmasterkey { dumpMasterKey(fn) } else { - inspectCiphertext(fd, *aessiv) + inspectCiphertext(fd, *args.aessiv) } }