hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

gocryptfs-xray: integrate ctlsock path encryption/decryption

Browse Source 
Implementation seems to work ok, but is missing tests and
documentation for now.
I will only delete ctlsock-encrypt.bash when both are
done.

https://github.com/rfjakob/gocryptfs/issues/416
This commit is contained in:
Jakob Unterwurzacher 2020-05-09 19:11:06 +02:00
parent 171b1eac91
commit 24554b11f7
2 changed files with 76 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
gocryptfs-xray/paths_ctlsock.go Normal file
View File

@ -0,0 +1,43 @@
package main
import (
"bufio"
"fmt"
"os"
"github.com/rfjakob/gocryptfs/ctlsock"
)
func decryptPaths(socketPath string) {
var req ctlsock.RequestStruct
transformPaths(socketPath, &req, &req.DecryptPath)
}
func encryptPaths(socketPath string) {
var req ctlsock.RequestStruct
transformPaths(socketPath, &req, &req.EncryptPath)
}
func transformPaths(socketPath string, req *ctlsock.RequestStruct, in *string) {
c, err := ctlsock.New(socketPath)
if err != nil {
fmt.Printf("fatal: %v\n", err)
os.Exit(1)
}
line := 0
scanner := bufio.NewScanner(os.Stdin)
for scanner.Scan() {
line++
*in = scanner.Text()
resp, err := c.Query(req)
if err != nil {
fmt.Fprintf(os.Stderr, "error at input line %d %q: %v\n", line, *in, err)
continue
}
if resp.WarnText != "" {
fmt.Fprintf(os.Stderr, "warning at input line %d %q: %v\n", line, *in, resp.WarnText)
}
fmt.Println(resp.Result)
}
os.Exit(0)
}

37
gocryptfs-xray/xray_main.go
View File

@ -49,25 +49,54 @@ func usage() {
" gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n") " gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n")
} }
// sum counts the number of true values
func sum(x ...*bool) (s int) {
for _, v := range x {
if *v {
s++
}
}
return s
}
func main() { func main() {
dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key") var args struct {
aessiv := flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM") dumpmasterkey *bool
decryptPaths *bool
encryptPaths *bool
aessiv *bool
}
args.dumpmasterkey = flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key")
args.decryptPaths = flag.Bool("decrypt-paths", false, "Decrypt file paths using gocryptfs control socket")
args.encryptPaths = flag.Bool("encrypt-paths", false, "Encrypt file paths using gocryptfs control socket")
args.aessiv = flag.Bool("aessiv", false, "Assume AES-SIV mode instead of AES-GCM")
flag.Usage = usage flag.Usage = usage
flag.Parse() flag.Parse()
s := sum(args.dumpmasterkey, args.decryptPaths, args.encryptPaths)
if s > 1 {
fmt.Printf("fatal: %d operations were requested\n", s)
os.Exit(1)
}
if flag.NArg() != 1 { if flag.NArg() != 1 {
usage() usage()
os.Exit(1) os.Exit(1)
} }
fn := flag.Arg(0) fn := flag.Arg(0)
if *args.decryptPaths {
decryptPaths(fn)
}
if *args.encryptPaths {
encryptPaths(fn)
}
fd, err := os.Open(fn) fd, err := os.Open(fn)
if err != nil { if err != nil {
errExit(err) errExit(err)
} }
defer fd.Close() defer fd.Close()
if *dumpmasterkey { if *args.dumpmasterkey {
dumpMasterKey(fn) dumpMasterKey(fn)
} else { } else {
inspectCiphertext(fd, *aessiv) inspectCiphertext(fd, *args.aessiv)
} }
} }