pathiv: move derivedIVContainer into the package
...under the new name "FileIVs". This will also be used by forward mode.
This commit is contained in:
parent
857507e8b1
commit
d202a456f5
|
@ -33,11 +33,6 @@ type reverseFile struct {
|
||||||
|
|
||||||
var inodeTable syncmap.Map
|
var inodeTable syncmap.Map
|
||||||
|
|
||||||
type derivedIVContainer struct {
|
|
||||||
id []byte
|
|
||||||
block0IV []byte
|
|
||||||
}
|
|
||||||
|
|
||||||
func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.Status) {
|
func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.Status) {
|
||||||
absPath, err := rfs.abs(rfs.decryptPath(relPath))
|
absPath, err := rfs.abs(rfs.decryptPath(relPath))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -55,14 +50,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
|
||||||
}
|
}
|
||||||
// See if we have that inode number already in the table
|
// See if we have that inode number already in the table
|
||||||
// (even if Nlink has dropped to 1)
|
// (even if Nlink has dropped to 1)
|
||||||
var derivedIVs derivedIVContainer
|
var derivedIVs pathiv.FileIVs
|
||||||
v, found := inodeTable.Load(st.Ino)
|
v, found := inodeTable.Load(st.Ino)
|
||||||
if found {
|
if found {
|
||||||
tlog.Debug.Printf("ino%d: newFile: found in the inode table", st.Ino)
|
tlog.Debug.Printf("ino%d: newFile: found in the inode table", st.Ino)
|
||||||
derivedIVs = v.(derivedIVContainer)
|
derivedIVs = v.(pathiv.FileIVs)
|
||||||
} else {
|
} else {
|
||||||
derivedIVs.id = pathiv.Derive(relPath, pathiv.PurposeFileID)
|
derivedIVs = pathiv.DeriveFile(relPath)
|
||||||
derivedIVs.block0IV = pathiv.Derive(relPath, pathiv.PurposeBlock0IV)
|
|
||||||
// Nlink > 1 means there is more than one path to this file.
|
// Nlink > 1 means there is more than one path to this file.
|
||||||
// Store the derived values so we always return the same data,
|
// Store the derived values so we always return the same data,
|
||||||
// regardless of the path that is used to access the file.
|
// regardless of the path that is used to access the file.
|
||||||
|
@ -71,7 +65,7 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
|
||||||
v, found = inodeTable.LoadOrStore(st.Ino, derivedIVs)
|
v, found = inodeTable.LoadOrStore(st.Ino, derivedIVs)
|
||||||
if found {
|
if found {
|
||||||
// Another thread has stored a different value before we could.
|
// Another thread has stored a different value before we could.
|
||||||
derivedIVs = v.(derivedIVContainer)
|
derivedIVs = v.(pathiv.FileIVs)
|
||||||
} else {
|
} else {
|
||||||
tlog.Debug.Printf("ino%d: newFile: Nlink=%d, stored in the inode table", st.Ino, st.Nlink)
|
tlog.Debug.Printf("ino%d: newFile: Nlink=%d, stored in the inode table", st.Ino, st.Nlink)
|
||||||
}
|
}
|
||||||
|
@ -79,13 +73,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
|
||||||
}
|
}
|
||||||
header := contentenc.FileHeader{
|
header := contentenc.FileHeader{
|
||||||
Version: contentenc.CurrentVersion,
|
Version: contentenc.CurrentVersion,
|
||||||
ID: derivedIVs.id,
|
ID: derivedIVs.ID,
|
||||||
}
|
}
|
||||||
return &reverseFile{
|
return &reverseFile{
|
||||||
File: nodefs.NewDefaultFile(),
|
File: nodefs.NewDefaultFile(),
|
||||||
fd: fd,
|
fd: fd,
|
||||||
header: header,
|
header: header,
|
||||||
block0IV: derivedIVs.block0IV,
|
block0IV: derivedIVs.Block0IV,
|
||||||
contentEnc: rfs.contentEnc,
|
contentEnc: rfs.contentEnc,
|
||||||
}, fuse.OK
|
}, fuse.OK
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,13 +6,19 @@ import (
|
||||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Purpose identifies for which purpose the IV will be used. This is mixed into the
|
||||||
|
// derivation.
|
||||||
type Purpose string
|
type Purpose string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
PurposeDirIV Purpose = "DIRIV"
|
// PurposeDirIV means the value will be used as a directory IV
|
||||||
PurposeFileID Purpose = "FILEID"
|
PurposeDirIV Purpose = "DIRIV"
|
||||||
|
// PurposeFileID means the value will be used as the file ID in the file header
|
||||||
|
PurposeFileID Purpose = "FILEID"
|
||||||
|
// PurposeSymlinkIV means the value will be used as the IV for symlink encryption
|
||||||
PurposeSymlinkIV Purpose = "SYMLINKIV"
|
PurposeSymlinkIV Purpose = "SYMLINKIV"
|
||||||
PurposeBlock0IV Purpose = "BLOCK0IV"
|
// PurposeBlock0IV means the value will be used as the IV of ciphertext block #0.
|
||||||
|
PurposeBlock0IV Purpose = "BLOCK0IV"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Derive derives an IV from an encrypted path by hashing it with sha256
|
// Derive derives an IV from an encrypted path by hashing it with sha256
|
||||||
|
@ -22,3 +28,17 @@ func Derive(path string, purpose Purpose) []byte {
|
||||||
hash := sha256.Sum256(extended)
|
hash := sha256.Sum256(extended)
|
||||||
return hash[:nametransform.DirIVLen]
|
return hash[:nametransform.DirIVLen]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FileIVs contains both IVs that are needed to create a file.
|
||||||
|
type FileIVs struct {
|
||||||
|
ID []byte
|
||||||
|
Block0IV []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeriveFile derives both IVs that are needed to create a file and returns them
|
||||||
|
// in a container struct.
|
||||||
|
func DeriveFile(path string) (fileIVs FileIVs) {
|
||||||
|
fileIVs.ID = Derive(path, PurposeFileID)
|
||||||
|
fileIVs.Block0IV = Derive(path, PurposeBlock0IV)
|
||||||
|
return fileIVs
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue