Implement file hole passtrough

Fixes xfstests generic/010 Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00 · 2015-10-03 13:34:33 +02:00 · 38bf8a2fcf
commit 38bf8a2fcf
parent 3fef613591
2 changed files with 15 additions and 1 deletions
--- a/cryptfs/cryptfs.go
+++ b/cryptfs/cryptfs.go
@ -20,6 +20,8 @@ type CryptFS struct {
 	gcm cipher.AEAD
 	plainBS	uint64
 	cipherBS uint64
+	// Stores an all-zero block of size cipherBS
+	allZeroBlock []byte
 }

 func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {
@ -45,11 +47,14 @@ func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {
 		}
 	}

+	cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN
+
 	return &CryptFS{
 		blockCipher: b,
 		gcm: gcm,
 		plainBS: DEFAULT_PLAINBS,
-		cipherBS: DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN,
+		cipherBS: uint64(cipherBS),
+		allZeroBlock: make([]byte, cipherBS),
 	}
 }

--- a/cryptfs/cryptfs_content.go
+++ b/cryptfs/cryptfs_content.go
@ -32,6 +32,9 @@ func (be *CryptFS) DecryptBlocks(ciphertext []byte) ([]byte, error) {
 }

 // DecryptBlock - Verify and decrypt GCM block
+//
+// Corner case: A full-sized block of all-zero ciphertext bytes is translated
+// to an all-zero plaintext block, i.e. file hole passtrough.
 func (be *CryptFS) DecryptBlock(ciphertext []byte) ([]byte, error) {

 	// Empty block?
@ -39,6 +42,12 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte) ([]byte, error) {
 		return ciphertext, nil
 	}

+	// All-zero block?
+	if bytes.Equal(ciphertext, be.allZeroBlock) {
+		Debug.Printf("DecryptBlock: file hole encountered\n")
+		return make([]byte, be.plainBS), nil
+	}
+
 	if len(ciphertext) < NONCE_LEN {
 		Warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext))
 		return nil, errors.New("Block is too short")