nametransform: fix Raw64 not affecting symlink targets

The symlink functions incorrectly hardcoded the padded
base64 variant.
This commit is contained in:
Jakob Unterwurzacher 2017-03-05 22:59:25 +01:00
parent 5b54577d2e
commit 445b5019e3
4 changed files with 10 additions and 11 deletions

View File

@ -4,7 +4,6 @@ package fusefrontend
// FUSE operations on paths
import (
"encoding/base64"
"os"
"path/filepath"
"sync"
@ -298,7 +297,7 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
return cTarget, fuse.OK
}
// Symlinks are encrypted like file contents (GCM) and base64-encoded
cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)
cBinTarget, err := fs.nameTransform.B64.DecodeString(cTarget)
if err != nil {
tlog.Warn.Printf("Readlink: %v", err)
return "", fuse.EIO
@ -362,7 +361,7 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
}
// Symlinks are encrypted like file contents (GCM) and base64-encoded
cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
cTarget := fs.nameTransform.B64.EncodeToString(cBinTarget)
// Handle long file name
cName := filepath.Base(cPath)
if nametransform.IsLongContent(cName) {

View File

@ -1,7 +1,6 @@
package fusefrontend_reverse
import (
"encoding/base64"
"fmt"
"log"
"os"
@ -355,6 +354,6 @@ func (rfs *ReverseFS) Readlink(cipherPath string, context *fuse.Context) (string
nonce := derivePathIV(cipherPath, ivPurposeSymlinkIV)
// Symlinks are encrypted like file contents and base64-encoded
cBinTarget := rfs.contentEnc.EncryptBlockNonce([]byte(plainTarget), 0, nil, nonce)
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
cTarget := rfs.nameTransform.B64.EncodeToString(cBinTarget)
return cTarget, fuse.OK
}

View File

@ -25,7 +25,7 @@ const (
// "gocryptfs.longname.[sha256]"
func (n *NameTransform) HashLongName(name string) string {
hashBin := sha256.Sum256([]byte(name))
hashBase64 := n.b64.EncodeToString(hashBin[:])
hashBase64 := n.B64.EncodeToString(hashBin[:])
return longNamePrefix + hashBase64
}

View File

@ -16,8 +16,9 @@ type NameTransform struct {
emeCipher *eme.EMECipher
longNames bool
DirIVCache dirIVCache
// b64 = either base64.URLEncoding or base64.RawURLEncoding
b64 *base64.Encoding
// B64 = either base64.URLEncoding or base64.RawURLEncoding, depeding
// on the Raw64 feature flag
B64 *base64.Encoding
}
// New returns a new NameTransform instance.
@ -29,7 +30,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
return &NameTransform{
emeCipher: e,
longNames: longNames,
b64: b64,
B64: b64,
}
}
@ -38,7 +39,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
// This function is exported because it allows for a very efficient readdir
// implementation (read IV once, decrypt all names using this function).
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
bin, err := n.b64.DecodeString(cipherName)
bin, err := n.B64.DecodeString(cipherName)
if err != nil {
return "", err
}
@ -69,6 +70,6 @@ func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 s
bin := []byte(plainName)
bin = pad16(bin)
bin = n.emeCipher.Encrypt(iv, bin)
cipherName64 = n.b64.EncodeToString(bin)
cipherName64 = n.B64.EncodeToString(bin)
return cipherName64
}