diriv: Create gocryptfs.diriv in every directory
This commit is contained in:
Jakob Unterwurzacher
parent
d8bf6e7836
commit
4d466c3412
|
|
@ -14,6 +14,8 @@ const (
|
|||
NONCE_LEN = 12
|
||||
AUTH_TAG_LEN = 16
|
||||
BLOCK_OVERHEAD = NONCE_LEN + AUTH_TAG_LEN
|
||||
DIRIV_LEN = 16 // identical to AES block size
|
||||
DIRIV_FILENAME = "gocryptfs.diriv"
|
||||
)
|
||||
|
||||
type CryptFS struct {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ func (be *CryptFS) decryptName(cipherName string) (string, error) {
|
|||
}
|
||||
|
||||
if len(bin)%aes.BlockSize != 0 {
|
||||
return "", errors.New(fmt.Sprintf("Name len=%d is not a multiple of 16", len(bin)))
|
||||
return "", fmt.Errorf("Decoded length %d is not a multiple of the AES block size", len(bin))
|
||||
}
|
||||
|
||||
iv := make([]byte, aes.BlockSize) // TODO ?
|
||||
|
|
|
|||
13
main.go
13
main.go
|
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
|
|
@ -43,6 +44,18 @@ func initDir(args *argContainer) {
|
|||
os.Exit(ERREXIT_INIT)
|
||||
}
|
||||
|
||||
// Create gocryptfs.diriv in the root dir
|
||||
diriv := cryptfs.RandBytes(cryptfs.DIRIV_LEN)
|
||||
dirivPath := filepath.Join(args.cipherdir, cryptfs.DIRIV_FILENAME)
|
||||
cryptfs.Debug.Printf("Creating %s\n", dirivPath)
|
||||
// 0444 permissions: the file is not secret but should not be written to
|
||||
err = ioutil.WriteFile(dirivPath, diriv, 0444)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(ERREXIT_INIT)
|
||||
}
|
||||
|
||||
// Create gocryptfs.conf
|
||||
cryptfs.Info.Printf("Choose a password for protecting your files.\n")
|
||||
password := readPasswordTwice(args.extpass)
|
||||
err = cryptfs.CreateConfFile(args.config, password, args.plaintextnames)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import (
|
|||
func readPasswordTwice(extpass string) string {
|
||||
fmt.Printf("Password: ")
|
||||
p1 := readPassword(extpass)
|
||||
fmt.Printf("Repeat: ")
|
||||
fmt.Printf("Repeat: ")
|
||||
p2 := readPassword(extpass)
|
||||
if p1 != p2 {
|
||||
fmt.Printf("Passwords do not match\n")
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
package pathfs_frontend
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"syscall"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
|
@ -14,7 +15,7 @@ import (
|
|||
|
||||
type FS struct {
|
||||
*cryptfs.CryptFS
|
||||
pathfs.FileSystem // loopbackFileSystem
|
||||
pathfs.FileSystem // loopbackFileSystem, see go-fuse/fuse/pathfs/loopback.go
|
||||
backing string // Backing directory
|
||||
}
|
||||
|
||||
|
|
@ -27,7 +28,8 @@ func NewFS(key []byte, backing string, useOpenssl bool, plaintextNames bool) *FS
|
|||
}
|
||||
}
|
||||
|
||||
// GetPath - get the absolute path of the backing file
|
||||
// GetPath - get the absolute encrypted path of the backing file
|
||||
// from the relative plaintext path "relPath"
|
||||
func (fs *FS) GetPath(relPath string) string {
|
||||
return filepath.Join(fs.backing, fs.EncryptPath(relPath))
|
||||
}
|
||||
|
|
@ -63,9 +65,13 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
|
|||
// silently ignore "gocryptfs.conf" in the top level dir
|
||||
continue
|
||||
}
|
||||
if cName == cryptfs.DIRIV_FILENAME {
|
||||
// silently ignore "gocryptfs.diriv" everywhere
|
||||
continue
|
||||
}
|
||||
name, err := fs.DecryptPath(cName)
|
||||
if err != nil {
|
||||
fmt.Printf("Invalid name \"%s\" in dir \"%s\": %s\n", cName, name, err)
|
||||
cryptfs.Warn.Printf("Invalid name \"%s\" in dir \"%s\": %s\n", cName, dirName, err)
|
||||
continue
|
||||
}
|
||||
cipherEntries[i].Name = name
|
||||
|
|
@ -160,11 +166,30 @@ func (fs *FS) Readlink(name string, context *fuse.Context) (out string, status f
|
|||
return dstPlain, status
|
||||
}
|
||||
|
||||
func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if fs.CryptFS.IsFiltered(path) {
|
||||
func (fs *FS) Mkdir(relPath string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if fs.CryptFS.IsFiltered(relPath) {
|
||||
return fuse.EPERM
|
||||
}
|
||||
return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context)
|
||||
encPath := fs.GetPath(relPath)
|
||||
diriv := cryptfs.RandBytes(cryptfs.DIRIV_LEN)
|
||||
dirivPath := filepath.Join(encPath, cryptfs.DIRIV_FILENAME)
|
||||
// Create directory
|
||||
err := os.Mkdir(encPath, os.FileMode(mode))
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
// Create gocryptfs.diriv inside
|
||||
// 0444 permissions: the file is not secret but should not be written to
|
||||
err = ioutil.WriteFile(dirivPath, diriv, 0444)
|
||||
if err != nil {
|
||||
cryptfs.Warn.Printf("Creating %s in dir %s failed: %v\n", cryptfs.DIRIV_FILENAME, encPath, err)
|
||||
err2 := syscall.Rmdir(encPath)
|
||||
if err2 != nil {
|
||||
cryptfs.Warn.Printf("Removing broken directory failed: %v\n", err2)
|
||||
}
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
return fuse.OK
|
||||
}
|
||||
|
||||
func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue