From 889ae900814aac1c17c38a76882b1aafa5744be6 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 8 Sep 2015 00:54:24 +0200 Subject: [PATCH] Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I Currently fails main_test.go, will be fixed in part II --- .gitignore | 7 ++ cryptfs/cryptfs_content.go | 39 +++++- cryptfs/log.go | 2 +- main.go | 77 +++++++++--- main_test.go | 2 +- pathfs_frontend/file.go | 235 +++++++++++++++++++++++++++++++++++++ pathfs_frontend/fs.go | 166 ++++++++++++++++++++++++++ 7 files changed, 509 insertions(+), 19 deletions(-) create mode 100644 pathfs_frontend/file.go create mode 100644 pathfs_frontend/fs.go diff --git a/.gitignore b/.gitignore index 8d65432..0929506 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,9 @@ # Binary /gocryptfs + +# Manual test mounts +/cipherdir +/mountpoint + +# main_test.go temporary files +/main_test_tmp diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go index 4658529..e23d9b5 100644 --- a/cryptfs/cryptfs_content.go +++ b/cryptfs/cryptfs_content.go @@ -77,7 +77,7 @@ func (be *CryptFS) EncryptBlock(plaintext []byte) []byte { return ciphertext } -// Split a plaintext byte range into (possible partial) blocks +// Split a plaintext byte range into (possibly partial) blocks func (be *CryptFS) SplitRange(offset uint64, length uint64) []intraBlock { var b intraBlock var parts []intraBlock @@ -113,6 +113,22 @@ func (be *CryptFS) minu64(x uint64, y uint64) uint64 { return y } +// CiphertextRange - Get byte range in backing ciphertext corresponding +// to plaintext range. Returns a range aligned to ciphertext blocks. +func (be *CryptFS) CiphertextRange(offset uint64, length uint64) (uint64, uint64, int) { + // Decrypting the ciphertext will yield too many plaintext bytes. Skip this number + // of bytes from the front. + skip := offset % be.plainBS + + firstBlockNo := offset / be.plainBS + lastBlockNo := ( offset + length - 1 ) / be.plainBS + + alignedOffset := firstBlockNo * be.cipherBS + alignedLength := (lastBlockNo - firstBlockNo + 1) * be.cipherBS + + return alignedOffset, alignedLength, int(skip) +} + // Get the byte range in the ciphertext corresponding to blocks // (full blocks!) func (be *CryptFS) JoinCiphertextRange(blocks []intraBlock) (uint64, uint64) { @@ -138,3 +154,24 @@ func (be *CryptFS) CropPlaintext(plaintext []byte, blocks []intraBlock) []byte { } return cropped } + +// MergeBlocks - Merge newData into oldData at offset +// New block may be bigger than both newData and oldData +func (be *CryptFS) MergeBlocks(oldData []byte, newData []byte, offset int) []byte { + + // Make block of maximum size + out := make([]byte, be.plainBS) + + // Copy old and new data into it + copy(out, oldData) + l := len(newData) + copy(out[offset:offset + l], newData) + + // Crop to length + outLen := len(oldData) + newLen := offset + len(newData) + if outLen < newLen { + outLen = newLen + } + return out[0:outLen] +} diff --git a/cryptfs/log.go b/cryptfs/log.go index f9c46c8..8233529 100644 --- a/cryptfs/log.go +++ b/cryptfs/log.go @@ -15,5 +15,5 @@ func (l logChannel) Printf(format string, args ...interface{}) { } -var Debug = logChannel{false} +var Debug = logChannel{true} var Warn = logChannel{true} diff --git a/main.go b/main.go index c279612..2a140ab 100644 --- a/main.go +++ b/main.go @@ -1,18 +1,29 @@ package main import ( - "bazil.org/fuse" - fusefs "bazil.org/fuse/fs" "flag" "fmt" - frontend "github.com/rfjakob/gocryptfs/cluefs_frontend" "os" "path/filepath" + "time" + + "github.com/rfjakob/gocryptfs/cluefs_frontend" + "github.com/rfjakob/gocryptfs/pathfs_frontend" + + bazilfuse "bazil.org/fuse" + bazilfusefs "bazil.org/fuse/fs" + + "github.com/hanwen/go-fuse/fuse" + "github.com/hanwen/go-fuse/fuse/nodefs" + "github.com/hanwen/go-fuse/fuse/pathfs" ) const ( + USE_CLUEFS = false + USE_OPENSSL = false + PATHFS_DEBUG = false + PROGRAM_NAME = "gocryptfs" - USE_OPENSSL = true ERREXIT_USAGE = 1 ERREXIT_NEWFS = 2 @@ -29,27 +40,34 @@ func main() { fmt.Printf("usage: %s CIPHERDIR MOUNTPOINT\n", PROGRAM_NAME) os.Exit(ERREXIT_USAGE) } - cipherdir, _ := filepath.Abs(flag.Arg(0)) - mountpoint, err := filepath.Abs(flag.Arg(1)) + mountpoint, _ := filepath.Abs(flag.Arg(1)) - // Create the file system object var key [16]byte - cfs, err := frontend.NewFS(key, cipherdir, USE_OPENSSL) + + if USE_CLUEFS { + cluefsFrontend(key, cipherdir, mountpoint) + } else { + pathfsFrontend(key, cipherdir, mountpoint) + } +} + +func cluefsFrontend(key [16]byte, cipherdir string, mountpoint string) { + cfs, err := cluefs_frontend.NewFS(key, cipherdir, USE_OPENSSL) if err != nil { fmt.Println(err) os.Exit(ERREXIT_NEWFS) } // Mount the file system - mountOpts := []fuse.MountOption{ - fuse.FSName(PROGRAM_NAME), - fuse.Subtype(PROGRAM_NAME), - fuse.VolumeName(PROGRAM_NAME), - fuse.LocalVolume(), - fuse.MaxReadahead(1024 * 1024), + mountOpts := []bazilfuse.MountOption{ + bazilfuse.FSName(PROGRAM_NAME), + bazilfuse.Subtype(PROGRAM_NAME), + bazilfuse.VolumeName(PROGRAM_NAME), + bazilfuse.LocalVolume(), + bazilfuse.MaxReadahead(1024 * 1024), } - conn, err := fuse.Mount(mountpoint, mountOpts...) + conn, err := bazilfuse.Mount(mountpoint, mountOpts...) if err != nil { fmt.Println(err) os.Exit(ERREXIT_MOUNT) @@ -57,7 +75,7 @@ func main() { defer conn.Close() // Start serving requests - if err = fusefs.Serve(conn, cfs); err != nil { + if err = bazilfusefs.Serve(conn, cfs); err != nil { fmt.Println(err) os.Exit(ERREXIT_SERVE) } @@ -72,3 +90,30 @@ func main() { // We are done os.Exit(0) } + +func pathfsFrontend(key [16]byte, cipherdir string, mountpoint string){ + + finalFs := pathfs_frontend.NewFS(key, cipherdir, USE_OPENSSL) + + opts := &nodefs.Options{ + // These options are to be compatible with libfuse defaults, + // making benchmarking easier. + NegativeTimeout: time.Second, + AttrTimeout: time.Second, + EntryTimeout: time.Second, + } + pathFs := pathfs.NewPathNodeFs(finalFs, nil) + conn := nodefs.NewFileSystemConnector(pathFs.Root(), opts) + mOpts := &fuse.MountOptions{ + AllowOther: false, + } + state, err := fuse.NewServer(conn.RawFS(), mountpoint, mOpts) + if err != nil { + fmt.Printf("Mount fail: %v\n", err) + os.Exit(1) + } + state.SetDebug(PATHFS_DEBUG) + + fmt.Println("Mounted!") + state.Serve() +} diff --git a/main_test.go b/main_test.go index 6b68b4a..70dbbe2 100644 --- a/main_test.go +++ b/main_test.go @@ -12,7 +12,7 @@ import ( "time" ) -const tmpDir = "test_tmp_dir/" +const tmpDir = "main_test_tmp/" const plainDir = tmpDir + "plain/" const cipherDir = tmpDir + "cipher/" diff --git a/pathfs_frontend/file.go b/pathfs_frontend/file.go new file mode 100644 index 0000000..8b6d61d --- /dev/null +++ b/pathfs_frontend/file.go @@ -0,0 +1,235 @@ +package pathfs_frontend + +import ( + "io" + "bytes" + "fmt" + "os" + "sync" + "syscall" + "time" + + "github.com/hanwen/go-fuse/fuse" + "github.com/hanwen/go-fuse/fuse/nodefs" + "github.com/rfjakob/gocryptfs/cryptfs" +) + +// File - based on loopbackFile in go-fuse/fuse/nodefs/files.go +type file struct { + fd *os.File + + // os.File is not threadsafe. Although fd themselves are + // constant during the lifetime of an open file, the OS may + // reuse the fd number after it is closed. When open races + // with another close, they may lead to confusion as which + // file gets written in the end. + lock sync.Mutex + + // Was the file opened O_WRONLY? + writeOnly bool + + // Parent CryptFS + cfs *cryptfs.CryptFS +} + +func NewFile(fd *os.File, writeOnly bool, cfs *cryptfs.CryptFS) nodefs.File { + return &file{ + fd: fd, + writeOnly: writeOnly, + cfs: cfs, + } +} + +func (f *file) InnerFile() nodefs.File { + return nil +} + +func (f *file) SetInode(n *nodefs.Inode) { +} + +func (f *file) String() string { + return fmt.Sprintf("cryptFile(%s)", f.fd.Name()) +} + +// Read - FUSE call +func (f *file) Read(buf []byte, off int64) (resultData fuse.ReadResult, code fuse.Status) { + cryptfs.Debug.Printf("\n\nGot read request: len=%d off=%d\n", len(buf), off) + + if f.writeOnly { + return nil, fuse.EBADF + } + + // Read the backing ciphertext in one go + alignedOffset, alignedLength, skip := f.cfs.CiphertextRange(uint64(off), uint64(len(buf))) + ciphertext := make([]byte, int(alignedLength)) + _, err := f.fd.ReadAt(ciphertext, int64(alignedOffset)) + if err != nil && err != io.EOF { + cryptfs.Warn.Printf("Read error: %s\n", err.Error()) + return nil, fuse.ToStatus(err) + } + + // Decrypt it + plaintext, err := f.cfs.DecryptBlocks(ciphertext) + if err != nil { + cryptfs.Warn.Printf("Decryption error: %s\n", err.Error()) + return nil, fuse.EIO + } + + // Crop down to the relevant part + var out []byte + lenHave := len(plaintext) + lenWant := skip + len(buf) + if lenHave > lenWant { + out = plaintext[skip:skip + len(buf)] + } else if lenHave > skip { + out = plaintext[skip:lenHave] + } + // else: out stays empty + + fmt.Printf("Read: returning %d bytes\n", len(plaintext)) + + return fuse.ReadResultData(out), fuse.OK +} + +// Write - FUSE call +func (f *file) Write(data []byte, off int64) (uint32, fuse.Status) { + var written uint32 + var status fuse.Status + dataBuf := bytes.NewBuffer(data) + blocks := f.cfs.SplitRange(uint64(off), uint64(len(data))) + for _, b := range(blocks) { + + blockData := dataBuf.Next(int(b.Length)) + + // Incomplete block -> Read-Modify-Write + if b.IsPartial() { + // Read + oldData := make([]byte, f.cfs.PlainBS()) + o, _ := b.PlaintextRange() + res, status := f.Read(oldData, int64(o)) + oldData, _ = res.Bytes(oldData) + if status != fuse.OK { + return written, status + } + // Modify + blockData = f.cfs.MergeBlocks(oldData, blockData, int(b.Offset)) + } + // Write + blockOffset, _ := b.CiphertextRange() + blockData = f.cfs.EncryptBlock(blockData) + _, err := f.fd.WriteAt(blockData, int64(blockOffset)) + + if err != nil { + cryptfs.Warn.Printf("Write failed: %s\n", err.Error()) + status = fuse.ToStatus(err) + break + } + written += uint32(b.Length) + } + + return written, status +} + +// Release - FUSE call, forget file +func (f *file) Release() { + f.lock.Lock() + f.fd.Close() + f.lock.Unlock() +} + +// Flush - FUSE call +func (f *file) Flush() fuse.Status { + f.lock.Lock() + + // Since Flush() may be called for each dup'd fd, we don't + // want to really close the file, we just want to flush. This + // is achieved by closing a dup'd fd. + newFd, err := syscall.Dup(int(f.fd.Fd())) + f.lock.Unlock() + + if err != nil { + return fuse.ToStatus(err) + } + err = syscall.Close(newFd) + return fuse.ToStatus(err) +} + +func (f *file) Fsync(flags int) (code fuse.Status) { + f.lock.Lock() + r := fuse.ToStatus(syscall.Fsync(int(f.fd.Fd()))) + f.lock.Unlock() + + return r +} + +func (f *file) Truncate(size uint64) fuse.Status { + f.lock.Lock() + r := fuse.ToStatus(syscall.Ftruncate(int(f.fd.Fd()), int64(size))) + f.lock.Unlock() + + return r +} + +func (f *file) Chmod(mode uint32) fuse.Status { + f.lock.Lock() + r := fuse.ToStatus(f.fd.Chmod(os.FileMode(mode))) + f.lock.Unlock() + + return r +} + +func (f *file) Chown(uid uint32, gid uint32) fuse.Status { + f.lock.Lock() + r := fuse.ToStatus(f.fd.Chown(int(uid), int(gid))) + f.lock.Unlock() + + return r +} + +func (f *file) GetAttr(a *fuse.Attr) fuse.Status { + st := syscall.Stat_t{} + f.lock.Lock() + err := syscall.Fstat(int(f.fd.Fd()), &st) + f.lock.Unlock() + if err != nil { + return fuse.ToStatus(err) + } + a.FromStat(&st) + + return fuse.OK +} + +func (f *file) Allocate(off uint64, sz uint64, mode uint32) fuse.Status { + f.lock.Lock() + err := syscall.Fallocate(int(f.fd.Fd()), mode, int64(off), int64(sz)) + f.lock.Unlock() + if err != nil { + return fuse.ToStatus(err) + } + return fuse.OK +} + +const _UTIME_NOW = ((1 << 30) - 1) +const _UTIME_OMIT = ((1 << 30) - 2) + +func (f *file) Utimens(a *time.Time, m *time.Time) fuse.Status { + tv := make([]syscall.Timeval, 2) + if a == nil { + tv[0].Usec = _UTIME_OMIT + } else { + n := a.UnixNano() + tv[0] = syscall.NsecToTimeval(n) + } + + if m == nil { + tv[1].Usec = _UTIME_OMIT + } else { + n := a.UnixNano() + tv[1] = syscall.NsecToTimeval(n) + } + + f.lock.Lock() + err := syscall.Futimes(int(f.fd.Fd()), tv) + f.lock.Unlock() + return fuse.ToStatus(err) +} diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go new file mode 100644 index 0000000..2f73462 --- /dev/null +++ b/pathfs_frontend/fs.go @@ -0,0 +1,166 @@ +package pathfs_frontend + +import ( + "os" + "path/filepath" + "time" + "fmt" + + "github.com/hanwen/go-fuse/fuse" + "github.com/hanwen/go-fuse/fuse/nodefs" + "github.com/hanwen/go-fuse/fuse/pathfs" + "github.com/rfjakob/gocryptfs/cryptfs" +) + +type FS struct { + *cryptfs.CryptFS + pathfs.FileSystem // loopbackFileSystem + backing string // Backing directory +} + +// Encrypted FUSE overlay filesystem +func NewFS(key [16]byte, backing string, useOpenssl bool) *FS { + return &FS{ + CryptFS: cryptfs.NewCryptFS(key, useOpenssl), + FileSystem: pathfs.NewLoopbackFileSystem(backing), + backing: backing, + + } +} + +// GetPath - get the absolute path of the backing file +func (fs *FS) GetPath(relPath string) string { + return filepath.Join(fs.backing, fs.EncryptPath(relPath)) +} + +func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) { + a, status := fs.FileSystem.GetAttr(fs.EncryptPath(name), context) + if a == nil { + return a, status + } + + a.Size = fs.PlainSize(a.Size) + return a, status +} + +func (fs *FS) OpenDir(name string, context *fuse.Context) ([]fuse.DirEntry, fuse.Status) { + cipherEntries, status := fs.FileSystem.OpenDir(fs.EncryptPath(name), context); + var plain []fuse.DirEntry + var skipped int + if cipherEntries != nil { + for i := range cipherEntries { + n, err := fs.DecryptPath(cipherEntries[i].Name) + if err != nil { + fmt.Printf("Skipping invalid filename \"%s\": %s\n", cipherEntries[i].Name, err) + skipped++ + continue + } + cipherEntries[i].Name = n + plain = append(plain, cipherEntries[i]) + } + } + return plain, status +} + +// We always need read access to do read-modify-write cycles +func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) { + newFlags = int(flags) + if newFlags & os.O_WRONLY > 0 { + writeOnly = true + newFlags = newFlags ^ os.O_WRONLY | os.O_RDWR + } + // We also cannot open the file in append mode, we need to seek back for RMW + newFlags = newFlags &^ os.O_APPEND + + return newFlags, writeOnly +} + +func (fs *FS) Open(name string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) { + cryptfs.Debug.Printf("Open(%s)\n", name) + + iflags, writeOnly := fs.mangleOpenFlags(flags) + f, err := os.OpenFile(fs.GetPath(name), iflags, 0666) + if err != nil { + return nil, fuse.ToStatus(err) + } + + return NewFile(f, writeOnly, fs.CryptFS), fuse.OK +} + +func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) { + iflags, writeOnly := fs.mangleOpenFlags(flags) + f, err := os.OpenFile(fs.GetPath(path), iflags|os.O_CREATE, os.FileMode(mode)) + if err != nil { + return nil, fuse.ToStatus(err) + } + return NewFile(f, writeOnly, fs.CryptFS), fuse.OK +} + +func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Chmod(fs.EncryptPath(path), mode, context) +} + +func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Chmod(fs.EncryptPath(path), gid, context) +} + +func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Truncate(fs.EncryptPath(path), offset, context) +} + +func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Utimens(fs.EncryptPath(path), Atime, Mtime, context) +} + +func (fs *FS) Readlink(name string, context *fuse.Context) (out string, code fuse.Status) { + return fs.FileSystem.Readlink(fs.EncryptPath(name), context) +} + +func (fs *FS) Mknod(name string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Mknod(fs.EncryptPath(name), mode, dev, context) +} + +func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context) +} + +func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Unlink(fs.EncryptPath(name), context) +} + +func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Rmdir(fs.EncryptPath(name), context) +} + +func (fs *FS) Symlink(pointedTo string, linkName string, context *fuse.Context) (code fuse.Status) { + // TODO symlink encryption + return fs.FileSystem.Symlink(fs.EncryptPath(pointedTo), fs.EncryptPath(linkName), context) +} + +func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (codee fuse.Status) { + return fs.FileSystem.Rename(fs.EncryptPath(oldPath), fs.EncryptPath(newPath), context) +} + +func (fs *FS) Link(orig string, newName string, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Link(fs.EncryptPath(orig), fs.EncryptPath(newName), context) +} + +func (fs *FS) Access(name string, mode uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Access(fs.EncryptPath(name), mode, context) +} + +func (fs *FS) GetXAttr(name string, attr string, context *fuse.Context) ([]byte, fuse.Status) { + return nil, fuse.ENOSYS +} + +func (fs *FS) SetXAttr(name string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status { + return fuse.ENOSYS +} + +func (fs *FS) ListXAttr(name string, context *fuse.Context) ([]string, fuse.Status) { + return nil, fuse.ENOSYS +} + +func (fs *FS) RemoveXAttr(name string, attr string, context *fuse.Context) fuse.Status { + return fuse.ENOSYS +}