Drop deprecated "-diriv" option
The DirIV feature flag is already mandatory, dropping the command line option is the final step.
This commit is contained in:
Jakob Unterwurzacher
parent
8a2e1a543a
commit
b17f0465c7
@ -46,11 +46,6 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
|
||||
**-d, -debug**
|
||||
: Enable debug output
|
||||
|
||||
**-diriv**
|
||||
: Use per-directory file name IV (default true)
|
||||
This flag is useful when recovering old gocryptfs filesystems using
|
||||
"-masterkey". It is ignored (stays at the default) otherwise.
|
||||
|
||||
**-emenames**
|
||||
: Use EME filename encryption (default true), implies diriv.
|
||||
This flag is useful when recovering old gocryptfs filesystems using
|
||||
|
||||
@ -6,7 +6,6 @@ type Args struct {
|
||||
Cipherdir string
|
||||
OpenSSL bool
|
||||
PlaintextNames bool
|
||||
DirIV bool
|
||||
EMENames bool
|
||||
GCMIV128 bool
|
||||
LongNames bool
|
||||
|
||||
@ -249,17 +249,10 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
|
||||
if status != fuse.OK {
|
||||
return "", status
|
||||
}
|
||||
// Old filesystem: symlinks are encrypted like paths (CBC)
|
||||
if !fs.args.DirIV {
|
||||
var target string
|
||||
target, err = fs.decryptPath(cTarget)
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Readlink: CBC decryption failed: %v", err)
|
||||
return "", fuse.EIO
|
||||
}
|
||||
return target, fuse.OK
|
||||
if fs.args.PlaintextNames {
|
||||
return cTarget, fuse.OK
|
||||
}
|
||||
// Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
|
||||
// Symlinks are encrypted like file contents (GCM) and base64-encoded
|
||||
cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Readlink: %v", err)
|
||||
@ -316,19 +309,11 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
// Before v0.5, symlinks were encrypted like paths (CBC)
|
||||
// TODO drop compatibility and simplify code?
|
||||
if !fs.args.DirIV {
|
||||
var cTarget string
|
||||
cTarget, err = fs.encryptPath(target)
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Symlink: BUG: we should not get an error here: %v", err)
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
err = os.Symlink(cTarget, cPath)
|
||||
if fs.args.PlaintextNames {
|
||||
err = os.Symlink(target, cPath)
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
|
||||
// Symlinks are encrypted like file contents (GCM) and base64-encoded
|
||||
cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)
|
||||
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
|
||||
|
||||
|
||||
@ -46,9 +46,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
if !fs.args.DirIV {
|
||||
return fuse.ToStatus(os.Mkdir(cPath, os.FileMode(mode)))
|
||||
}
|
||||
// We need write and execute permissions to create gocryptfs.diriv
|
||||
origMode := mode
|
||||
mode = mode | 0300
|
||||
@ -98,9 +95,6 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) {
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
if !fs.args.DirIV {
|
||||
return fuse.ToStatus(syscall.Rmdir(cPath))
|
||||
}
|
||||
|
||||
parentDir := filepath.Dir(cPath)
|
||||
parentDirFd, err := os.Open(parentDir)
|
||||
@ -215,10 +209,10 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
|
||||
if cipherEntries == nil {
|
||||
return nil, status
|
||||
}
|
||||
// Get DirIV (stays nil if DirIV if off)
|
||||
// Get DirIV (stays nil if PlaintextNames is used)
|
||||
var cachedIV []byte
|
||||
var cDirAbsPath string
|
||||
if fs.args.DirIV {
|
||||
if !fs.args.PlaintextNames {
|
||||
// Read the DirIV once and use it for all later name decryptions
|
||||
cDirAbsPath = filepath.Join(fs.args.Cipherdir, cDirName)
|
||||
cachedIV, err = nametransform.ReadDirIV(cDirAbsPath)
|
||||
@ -237,7 +231,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
|
||||
// silently ignore "gocryptfs.conf" in the top level dir
|
||||
continue
|
||||
}
|
||||
if fs.args.DirIV && cName == nametransform.DirIVFilename {
|
||||
if !fs.args.PlaintextNames && cName == nametransform.DirIVFilename {
|
||||
// silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
|
||||
continue
|
||||
}
|
||||
|
||||
@ -44,9 +44,6 @@ func (fs *FS) encryptPath(plainPath string) (string, error) {
|
||||
if fs.args.PlaintextNames {
|
||||
return plainPath, nil
|
||||
}
|
||||
if !fs.args.DirIV {
|
||||
return fs.nameTransform.EncryptPathNoIV(plainPath), nil
|
||||
}
|
||||
fs.dirIVLock.RLock()
|
||||
cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
|
||||
tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err)
|
||||
@ -59,9 +56,6 @@ func (fs *FS) decryptPath(cipherPath string) (string, error) {
|
||||
if fs.args.PlaintextNames {
|
||||
return cipherPath, nil
|
||||
}
|
||||
if !fs.args.DirIV {
|
||||
return fs.nameTransform.DecryptPathNoIV(cipherPath)
|
||||
}
|
||||
fs.dirIVLock.RLock()
|
||||
defer fs.dirIVLock.RUnlock()
|
||||
return fs.nameTransform.DecryptPathDirIV(cipherPath, fs.args.Cipherdir)
|
||||
|
||||
14
main.go
14
main.go
@ -42,7 +42,7 @@ const (
|
||||
|
||||
type argContainer struct {
|
||||
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
|
||||
plaintextnames, quiet, diriv, emenames, gcmiv128, nosyslog, wpanic,
|
||||
plaintextnames, quiet, emenames, gcmiv128, nosyslog, wpanic,
|
||||
longnames, allow_other, ro bool
|
||||
masterkey, mountpoint, cipherdir, cpuprofile, config, extpass,
|
||||
memprofile string
|
||||
@ -77,7 +77,7 @@ func initDir(args *argContainer) {
|
||||
os.Exit(ERREXIT_INIT)
|
||||
}
|
||||
|
||||
if args.diriv && !args.plaintextnames {
|
||||
if !args.plaintextnames {
|
||||
// Create gocryptfs.diriv in the root dir
|
||||
err = nametransform.WriteDirIV(args.cipherdir)
|
||||
if err != nil {
|
||||
@ -174,7 +174,6 @@ func main() {
|
||||
flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names")
|
||||
flagSet.BoolVar(&args.quiet, "q", false, "")
|
||||
flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages")
|
||||
flagSet.BoolVar(&args.diriv, "diriv", true, "Use per-directory file name IV")
|
||||
flagSet.BoolVar(&args.emenames, "emenames", true, "Use EME filename encryption. This option implies diriv.")
|
||||
flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits")
|
||||
flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
|
||||
@ -370,7 +369,6 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
|
||||
Masterkey: key,
|
||||
OpenSSL: args.openssl,
|
||||
PlaintextNames: args.plaintextnames,
|
||||
DirIV: args.diriv,
|
||||
EMENames: args.emenames,
|
||||
GCMIV128: args.gcmiv128,
|
||||
LongNames: args.longnames,
|
||||
@ -379,17 +377,11 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
|
||||
if confFile != nil {
|
||||
// Settings from the config file override command line args
|
||||
frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
|
||||
frontendArgs.DirIV = confFile.IsFeatureFlagSet(configfile.FlagDirIV)
|
||||
frontendArgs.EMENames = confFile.IsFeatureFlagSet(configfile.FlagEMENames)
|
||||
frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128)
|
||||
}
|
||||
// EMENames implies DirIV, both on the command line and in the config file.
|
||||
if frontendArgs.EMENames {
|
||||
frontendArgs.DirIV = true
|
||||
}
|
||||
// PlainTexnames disables both EMENames and DirIV
|
||||
// PlainTexnames disables EMENames
|
||||
if frontendArgs.PlaintextNames {
|
||||
frontendArgs.DirIV = false
|
||||
frontendArgs.EMENames = false
|
||||
}
|
||||
jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
|
||||
|
||||
@ -86,14 +86,15 @@ func TestExampleFSv04(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
|
||||
err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
|
||||
if err == nil {
|
||||
t.Errorf("Mounting deprecated FS should fail")
|
||||
}
|
||||
test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "74676e34-0b47c145-00dac61a-17a92316-"+
|
||||
err = test_helpers.Mount(cDir, pDir, false, "-masterkey", "74676e34-0b47c145-00dac61a-17a92316-"+
|
||||
"bb57044c-e205b71f-65f4fdca-7cabd4b3", "-diriv=false", "-emenames=false", "-gcmiv128=false")
|
||||
checkExampleFS(t, pDir, true)
|
||||
test_helpers.Unmount(pDir)
|
||||
if err == nil {
|
||||
t.Errorf("Mounting deprecated FS should fail")
|
||||
}
|
||||
err = os.Remove(pDir)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
@ -109,7 +110,7 @@ func TestExampleFSv05(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
|
||||
err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
|
||||
if err == nil {
|
||||
t.Errorf("Mounting deprecated FS should fail")
|
||||
}
|
||||
@ -132,7 +133,7 @@ func TestExampleFSv06(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
|
||||
err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
|
||||
if err == nil {
|
||||
t.Errorf("Mounting deprecated FS should fail")
|
||||
}
|
||||
@ -157,7 +158,7 @@ func TestExampleFSv06PlaintextNames(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
|
||||
err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
|
||||
if err == nil {
|
||||
t.Errorf("Mounting deprecated FS should fail")
|
||||
}
|
||||
|
||||
@ -91,7 +91,7 @@ func InitFS(t *testing.T, extraArgs ...string) string {
|
||||
|
||||
// Mount CIPHERDIR "c" on PLAINDIR "p"
|
||||
// Creates "p" if it does not exist.
|
||||
func Mount(c string, p string, extraArgs ...string) error {
|
||||
func Mount(c string, p string, showOutput bool, extraArgs ...string) error {
|
||||
var args []string
|
||||
args = append(args, extraArgs...)
|
||||
args = append(args, "-nosyslog", "-q", "-wpanic")
|
||||
@ -108,15 +108,17 @@ func Mount(c string, p string, extraArgs ...string) error {
|
||||
}
|
||||
|
||||
cmd := exec.Command(GocryptfsBinary, args...)
|
||||
cmd.Stderr = os.Stderr
|
||||
cmd.Stdout = os.Stdout
|
||||
if showOutput {
|
||||
cmd.Stderr = os.Stderr
|
||||
cmd.Stdout = os.Stdout
|
||||
}
|
||||
|
||||
return cmd.Run()
|
||||
}
|
||||
|
||||
// MountOrExit calls mount() and exits on failure.
|
||||
func MountOrExit(c string, p string, extraArgs ...string) {
|
||||
err := Mount(c, p, extraArgs...)
|
||||
err := Mount(c, p, true, extraArgs...)
|
||||
if err != nil {
|
||||
fmt.Printf("mount failed: %v", err)
|
||||
os.Exit(1)
|
||||
@ -125,7 +127,7 @@ func MountOrExit(c string, p string, extraArgs ...string) {
|
||||
|
||||
// MountOrFatal calls mount() and calls t.Fatal() on failure.
|
||||
func MountOrFatal(t *testing.T, c string, p string, extraArgs ...string) {
|
||||
err := Mount(c, p, extraArgs...)
|
||||
err := Mount(c, p, true, extraArgs...)
|
||||
if err != nil {
|
||||
t.Fatal(fmt.Errorf("mount failed: %v", err))
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user