Compare commits
11 Commits
1973153602
...
d6e75be376
Author | SHA1 | Date |
---|---|---|
Matéo Duparc | d6e75be376 | |
Matéo Duparc | f86a1aa6a8 | |
Jakob Unterwurzacher | 4ba0ced3c7 | |
Jakob Unterwurzacher | b0bddc5ed0 | |
Charles Duffy | 8ec872e330 | |
Jakob Unterwurzacher | 3b881b0174 | |
Jakob Unterwurzacher | 75cace0568 | |
Jakob Unterwurzacher | 5406284b9b | |
Jakob Unterwurzacher | e8e3598284 | |
Jakob Unterwurzacher | c8996d2664 | |
Jakob Unterwurzacher | db1824a23a |
|
@ -3,4 +3,4 @@ libgocryptfs is a re-desing of the original [gocryptfs](https://github.com/rfjak
|
|||
- Reduce attack surface by restricting volumes access to only one process rather than one user
|
||||
|
||||
## Warning !
|
||||
The only goal of this library is to be integrated in [DroidFS](https://forge.chapril.org/hardcoresushi/DroidFS). It's not actually ready for other usages. libgocryptfs doesn't implement all features provided by gocryptfs like symbolic links creation, thread-safety, reverse volume creation... Use it at your own risk !
|
||||
The only goal of this library is to be integrated in [DroidFS](https://forge.chapril.org/hardcoresushi/DroidFS). It's not actually ready for other usages. libgocryptfs doesn't implement all features provided by gocryptfs like symbolic links creation, thread-safety, reverse volume creation... Use it at your own risk !
|
||||
|
|
|
@ -30,6 +30,7 @@ func gcf_get_attrs(sessionID int, relPath string) (uint64, int64, bool) {
|
|||
return size, int64(st.Mtim.Sec), true
|
||||
}
|
||||
|
||||
// libgocryptfs: using Renameat instead of Renameat2 to support older kernels
|
||||
//export gcf_rename
|
||||
func gcf_rename(sessionID int, oldPath string, newPath string) bool {
|
||||
volume := OpenedVolumes[sessionID]
|
||||
|
@ -47,7 +48,7 @@ func gcf_rename(sessionID int, oldPath string, newPath string) bool {
|
|||
|
||||
// Easy case.
|
||||
if volume.plainTextNames {
|
||||
return errToBool(syscallcompat.Renameat2(dirfd, cName, dirfd2, cName2, 0))
|
||||
return errToBool(syscallcompat.Renameat(dirfd, cName, dirfd2, cName2))
|
||||
}
|
||||
// Long destination file name: create .name file
|
||||
nameFileAlreadyThere := false
|
||||
|
@ -63,7 +64,7 @@ func gcf_rename(sessionID int, oldPath string, newPath string) bool {
|
|||
}
|
||||
}
|
||||
// Actual rename
|
||||
err = syscallcompat.Renameat2(dirfd, cName, dirfd2, cName2, 0)
|
||||
err = syscallcompat.Renameat(dirfd, cName, dirfd2, cName2)
|
||||
if err == syscall.ENOTEMPTY || err == syscall.EEXIST {
|
||||
// If an empty directory is overwritten we will always get an error as
|
||||
// the "empty" directory will still contain gocryptfs.diriv.
|
||||
|
@ -71,7 +72,7 @@ func gcf_rename(sessionID int, oldPath string, newPath string) bool {
|
|||
// We handle that by trying to fs.Rmdir() the target directory and trying
|
||||
// again.
|
||||
if gcf_rmdir(sessionID, newPath) {
|
||||
err = syscallcompat.Renameat2(dirfd, cName, dirfd2, cName2, 0)
|
||||
err = syscallcompat.Renameat(dirfd, cName, dirfd2, cName2)
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
|
|
8
go.mod
8
go.mod
|
@ -3,8 +3,8 @@ module libgocryptfs/v2
|
|||
go 1.16
|
||||
|
||||
require (
|
||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115 // indirect
|
||||
github.com/rfjakob/eme v1.1.2 // indirect
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
|
||||
golang.org/x/sys v0.0.0-20211023085530-d6a326fbbf70 // indirect
|
||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115
|
||||
github.com/rfjakob/eme v1.1.2
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e
|
||||
)
|
||||
|
|
7
go.sum
7
go.sum
|
@ -4,11 +4,18 @@ github.com/rfjakob/eme v1.1.2 h1:SxziR8msSOElPayZNFfQw4Tjx/Sbaeeh3eRvrHVMUs4=
|
|||
github.com/rfjakob/eme v1.1.2/go.mod h1:cVvpasglm/G3ngEfcfT/Wt0GwhkuO32pf/poW6Nyk1k=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211023085530-d6a326fbbf70 h1:SeSEfdIxyvwGJliREIJhRPPXvW6sDlLT+UQ3B0hD0NA=
|
||||
golang.org/x/sys v0.0.0-20211023085530-d6a326fbbf70/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
|
|
|
@ -27,28 +27,36 @@ const (
|
|||
|
||||
// AEADTypeEnum indicates the type of AEAD backend in use.
|
||||
type AEADTypeEnum struct {
|
||||
Name string
|
||||
// Algo is the encryption algorithm. Example: "AES-GCM-256"
|
||||
Algo string
|
||||
// Lib is the library where Algo is implemented. Either "Go" or "OpenSSL".
|
||||
Lib string
|
||||
NonceSize int
|
||||
}
|
||||
|
||||
// String returns something like "AES-GCM-256-OpenSSL"
|
||||
func (a AEADTypeEnum) String() string {
|
||||
return a.Algo + "-" + a.Lib
|
||||
}
|
||||
|
||||
// BackendOpenSSL specifies the OpenSSL AES-256-GCM backend.
|
||||
// "AES-GCM-256-OpenSSL" in gocryptfs -speed.
|
||||
var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-OpenSSL", 16}
|
||||
var BackendOpenSSL = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16}
|
||||
|
||||
// BackendGoGCM specifies the Go based AES-256-GCM backend.
|
||||
// "AES-GCM-256-Go" in gocryptfs -speed.
|
||||
var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-Go", 16}
|
||||
var BackendGoGCM = AEADTypeEnum{"AES-GCM-256", "Go", 16}
|
||||
|
||||
// BackendAESSIV specifies an AESSIV backend.
|
||||
// "AES-SIV-512-Go" in gocryptfs -speed.
|
||||
var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512-Go", siv_aead.NonceSize}
|
||||
var BackendAESSIV = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize}
|
||||
|
||||
// BackendXChaCha20Poly1305 specifies XChaCha20-Poly1305-Go.
|
||||
// "XChaCha20-Poly1305-Go" in gocryptfs -speed.
|
||||
var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305-Go", chacha20poly1305.NonceSizeX}
|
||||
var BackendXChaCha20Poly1305 = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX}
|
||||
|
||||
// BackendXChaCha20Poly1305OpenSSL specifies XChaCha20-Poly1305-OpenSSL.
|
||||
var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305-OpenSSL", chacha20poly1305.NonceSizeX}
|
||||
var BackendXChaCha20Poly1305OpenSSL = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX}
|
||||
|
||||
// CryptoCore is the low level crypto implementation.
|
||||
type CryptoCore struct {
|
||||
|
@ -172,7 +180,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoC
|
|||
log.Panic(err)
|
||||
}
|
||||
} else {
|
||||
log.Panicf("unknown cipher backend %q", aeadType.Name)
|
||||
log.Panicf("unknown cipher backend %q", aeadType)
|
||||
}
|
||||
|
||||
if aeadCipher.NonceSize()*8 != IVBitLen {
|
||||
|
|
|
@ -47,12 +47,3 @@ func Getdents(fd int) ([]DirEntry, error) {
|
|||
entries, _, err := getdents(fd)
|
||||
return entries, err
|
||||
}
|
||||
|
||||
// Renameat2 does not exist on Darwin, so we have to wrap it here.
|
||||
// Retries on EINTR.
|
||||
func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
|
||||
err = retryEINTR(func() error {
|
||||
return unix.Renameat2(olddirfd, oldpath, newdirfd, newpath, flags)
|
||||
})
|
||||
return err
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue