hardcoresushi
/
libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop deprecated "-emenames" option 

The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
This commit is contained in:
Jakob Unterwurzacher 2016-06-23 21:56:50 +02:00
parent e970b1fdb5
commit 3d59a72ba9
6 changed files with 7 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Documentation/MANPAGE.md
View File

@ -46,11 +46,6 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
**-d, -debug** **-d, -debug**
: Enable debug output : Enable debug output
**-emenames**
: Use EME filename encryption (default true), implies diriv.
This flag is useful when recovering old gocryptfs filesystems using
"-masterkey". It is ignored (stays at the default) otherwise.
**-extpass string** **-extpass string**
: Use an external program (like ssh-askpass) for the password prompt. : Use an external program (like ssh-askpass) for the password prompt.
The program should return the password on stdout, a trailing newline is The program should return the password on stdout, a trailing newline is

1
internal/fusefrontend/args.go
View File

@ -6,7 +6,6 @@ type Args struct {
Cipherdir string Cipherdir string
OpenSSL bool OpenSSL bool
PlaintextNames bool PlaintextNames bool
EMENames bool
GCMIV128 bool GCMIV128 bool
LongNames bool LongNames bool
} }

2
internal/fusefrontend/fs.go
View File

@ -38,7 +38,7 @@ func NewFS(args Args) *FS {
cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, args.GCMIV128) cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, args.GCMIV128)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.EMENames, args.LongNames) nameTransform := nametransform.New(cryptoCore, args.LongNames)
return &FS{ return &FS{
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir), FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),

27
internal/nametransform/names.go
View File

@ -4,7 +4,6 @@ package nametransform
import ( import (
"crypto/aes" "crypto/aes"
"crypto/cipher"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
@ -15,16 +14,14 @@ import (
type NameTransform struct { type NameTransform struct {
cryptoCore *cryptocore.CryptoCore cryptoCore *cryptocore.CryptoCore
useEME bool
longNames bool longNames bool
DirIVCache dirIVCache DirIVCache dirIVCache
} }
func New(c *cryptocore.CryptoCore, useEME bool, longNames bool) *NameTransform { func New(c *cryptocore.CryptoCore, longNames bool) *NameTransform {
return &NameTransform{ return &NameTransform{
cryptoCore: c, cryptoCore: c,
longNames: longNames, longNames: longNames,
useEME: useEME,
} }
} }
@ -35,28 +32,18 @@ func New(c *cryptocore.CryptoCore, useEME bool, longNames bool) *NameTransform {
// This function is exported because it allows for a very efficient readdir // This function is exported because it allows for a very efficient readdir
// implementation (read IV once, decrypt all names using this function). // implementation (read IV once, decrypt all names using this function).
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) { func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
bin, err := base64.URLEncoding.DecodeString(cipherName) bin, err := base64.URLEncoding.DecodeString(cipherName)
if err != nil { if err != nil {
return "", err return "", err
} }
if len(bin)%aes.BlockSize != 0 { if len(bin)%aes.BlockSize != 0 {
return "", fmt.Errorf("Decoded length %d is not a multiple of the AES block size", len(bin)) return "", fmt.Errorf("Decoded length %d is not a multiple of the AES block size", len(bin))
} }
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt)
if n.useEME {
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionDecrypt)
} else {
cbc := cipher.NewCBCDecrypter(n.cryptoCore.BlockCipher, iv)
cbc.CryptBlocks(bin, bin)
}
bin, err = unPad16(bin) bin, err = unPad16(bin)
if err != nil { if err != nil {
return "", err return "", err
} }
plain := string(bin) plain := string(bin)
return plain, err return plain, err
} }
@ -68,17 +55,9 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
// This function is exported because fusefrontend needs access to the full (not hashed) // This function is exported because fusefrontend needs access to the full (not hashed)
// name if longname is used. Otherwise you should use EncryptPathDirIV() // name if longname is used. Otherwise you should use EncryptPathDirIV()
func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) { func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
bin := []byte(plainName) bin := []byte(plainName)
bin = pad16(bin) bin = pad16(bin)
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt)
if n.useEME {
bin = eme.Transform(n.cryptoCore.BlockCipher, iv, bin, eme.DirectionEncrypt)
} else {
cbc := cipher.NewCBCEncrypter(n.cryptoCore.BlockCipher, iv)
cbc.CryptBlocks(bin, bin)
}
cipherName64 = base64.URLEncoding.EncodeToString(bin) cipherName64 = base64.URLEncoding.EncodeToString(bin)
return cipherName64 return cipherName64
} }

9
main.go
View File

@ -42,7 +42,7 @@ const (
type argContainer struct { type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
plaintextnames, quiet, emenames, gcmiv128, nosyslog, wpanic, plaintextnames, quiet, gcmiv128, nosyslog, wpanic,
longnames, allow_other, ro bool longnames, allow_other, ro bool
masterkey, mountpoint, cipherdir, cpuprofile, config, extpass, masterkey, mountpoint, cipherdir, cpuprofile, config, extpass,
memprofile string memprofile string
@ -174,7 +174,6 @@ func main() {
flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names") flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names")
flagSet.BoolVar(&args.quiet, "q", false, "") flagSet.BoolVar(&args.quiet, "q", false, "")
flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages") flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages")
flagSet.BoolVar(&args.emenames, "emenames", true, "Use EME filename encryption. This option implies diriv.")
flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits") flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits")
flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background") flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately") flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately")
@ -369,7 +368,6 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
Masterkey: key, Masterkey: key,
OpenSSL: args.openssl, OpenSSL: args.openssl,
PlaintextNames: args.plaintextnames, PlaintextNames: args.plaintextnames,
EMENames: args.emenames,
GCMIV128: args.gcmiv128, GCMIV128: args.gcmiv128,
LongNames: args.longnames, LongNames: args.longnames,
} }
@ -377,13 +375,8 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
if confFile != nil { if confFile != nil {
// Settings from the config file override command line args // Settings from the config file override command line args
frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames) frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
frontendArgs.EMENames = confFile.IsFeatureFlagSet(configfile.FlagEMENames)
frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128) frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128)
} }
// PlainTexnames disables EMENames
if frontendArgs.PlaintextNames {
frontendArgs.EMENames = false
}
jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t") jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes)) tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes))

16
tests/example_filesystems/example_filesystems_test.go
View File

@ -104,24 +104,12 @@ func TestExampleFSv04(t *testing.T) {
// Test example_filesystems/v0.5 // Test example_filesystems/v0.5
// with password mount and -masterkey mount // with password mount and -masterkey mount
func TestExampleFSv05(t *testing.T) { func TestExampleFSv05(t *testing.T) {
pDir := test_helpers.TmpDir + "TestExampleFsV05/"
cDir := "v0.5" cDir := "v0.5"
err := os.Mkdir(pDir, 0777) pDir := test_helpers.TmpDir + cDir
if err != nil { err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
t.Fatal(err)
}
err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
if err == nil { if err == nil {
t.Errorf("Mounting deprecated FS should fail") t.Errorf("Mounting deprecated FS should fail")
} }
test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "199eae55-36bff4af-83b9a3a2-4fa16f65-"+
"1549ccdb-2d08d1f0-b1b26965-1b61f896", "-emenames=false", "-gcmiv128=false")
checkExampleFS(t, pDir, true)
test_helpers.Unmount(pDir)
err = os.Remove(pDir)
if err != nil {
t.Error(err)
}
} }
// Test example_filesystems/v0.6 // Test example_filesystems/v0.6