libgocryptfs/pathfs_frontend/fs.go
Jakob Unterwurzacher 1caa925868 Increase GCM IV size from 96 to 128 bits
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00

360 lines
10 KiB
Go

package pathfs_frontend
// FUSE operations on paths
import (
"encoding/base64"
"os"
"path/filepath"
"sync"
"syscall"
"time"
"github.com/hanwen/go-fuse/fuse"
"github.com/hanwen/go-fuse/fuse/nodefs"
"github.com/hanwen/go-fuse/fuse/pathfs"
"github.com/rfjakob/gocryptfs/cryptfs"
)
type FS struct {
*cryptfs.CryptFS
pathfs.FileSystem // loopbackFileSystem, see go-fuse/fuse/pathfs/loopback.go
args Args // Stores configuration arguments
// dirIVLock: Lock()ed if any "gocryptfs.diriv" file is modified
// Readers must RLock() it to prevent them from seeing intermediate
// states
dirIVLock sync.RWMutex
}
// Encrypted FUSE overlay filesystem
func NewFS(args Args) *FS {
return &FS{
CryptFS: cryptfs.NewCryptFS(args.Masterkey, args.OpenSSL, args.PlaintextNames, args.GCMIV128),
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
args: args,
}
}
// GetBackingPath - get the absolute encrypted path of the backing file
// from the relative plaintext path "relPath"
func (fs *FS) getBackingPath(relPath string) (string, error) {
cPath, err := fs.encryptPath(relPath)
if err != nil {
return "", err
}
cAbsPath := filepath.Join(fs.args.Cipherdir, cPath)
cryptfs.Debug.Printf("getBackingPath: %s + %s -> %s\n", fs.args.Cipherdir, relPath, cAbsPath)
return cAbsPath, nil
}
func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
cryptfs.Debug.Printf("FS.GetAttr('%s')\n", name)
if fs.isFiltered(name) {
return nil, fuse.EPERM
}
cName, err := fs.encryptPath(name)
if err != nil {
return nil, fuse.ToStatus(err)
}
a, status := fs.FileSystem.GetAttr(cName, context)
if a == nil {
cryptfs.Debug.Printf("FS.GetAttr failed: %s\n", status.String())
return a, status
}
if a.IsRegular() {
a.Size = fs.CipherSizeToPlainSize(a.Size)
} else if a.IsSymlink() {
target, _ := fs.Readlink(name, context)
a.Size = uint64(len(target))
}
return a, status
}
func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, fuse.Status) {
cryptfs.Debug.Printf("OpenDir(%s)\n", dirName)
cDirName, err := fs.encryptPath(dirName)
if err != nil {
return nil, fuse.ToStatus(err)
}
// Read ciphertext directory
cipherEntries, status := fs.FileSystem.OpenDir(cDirName, context)
if cipherEntries == nil {
return nil, status
}
// Get DirIV (stays zero if DirIV if off)
cachedIV := make([]byte, cryptfs.DIRIV_LEN)
if fs.args.DirIV {
// Read the DirIV once and use it for all later name decryptions
cDirAbsPath := filepath.Join(fs.args.Cipherdir, cDirName)
cachedIV, err = fs.CryptFS.ReadDirIV(cDirAbsPath)
if err != nil {
return nil, fuse.ToStatus(err)
}
}
// Filter and decrypt filenames
var plain []fuse.DirEntry
for i := range cipherEntries {
cName := cipherEntries[i].Name
if dirName == "" && cName == cryptfs.ConfDefaultName {
// silently ignore "gocryptfs.conf" in the top level dir
continue
}
if fs.args.DirIV && cName == cryptfs.DIRIV_FILENAME {
// silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
continue
}
var name string = cName
if !fs.args.PlaintextNames {
name, err = fs.CryptFS.DecryptName(cName, cachedIV, fs.args.EMENames)
if err != nil {
cryptfs.Warn.Printf("Invalid name \"%s\" in dir \"%s\": %s\n", cName, dirName, err)
continue
}
}
cipherEntries[i].Name = name
plain = append(plain, cipherEntries[i])
}
return plain, status
}
// We always need read access to do read-modify-write cycles
func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) {
newFlags = int(flags)
if newFlags&os.O_WRONLY > 0 {
writeOnly = true
newFlags = newFlags ^ os.O_WRONLY | os.O_RDWR
}
// We also cannot open the file in append mode, we need to seek back for RMW
newFlags = newFlags &^ os.O_APPEND
return newFlags, writeOnly
}
func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
if fs.isFiltered(path) {
return nil, fuse.EPERM
}
iflags, writeOnly := fs.mangleOpenFlags(flags)
cPath, err := fs.getBackingPath(path)
if err != nil {
cryptfs.Debug.Printf("Open: getBackingPath: %v\n", err)
return nil, fuse.ToStatus(err)
}
cryptfs.Debug.Printf("Open: %s\n", cPath)
f, err := os.OpenFile(cPath, iflags, 0666)
if err != nil {
return nil, fuse.ToStatus(err)
}
return NewFile(f, writeOnly, fs.CryptFS), fuse.OK
}
func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) {
if fs.isFiltered(path) {
return nil, fuse.EPERM
}
iflags, writeOnly := fs.mangleOpenFlags(flags)
cPath, err := fs.getBackingPath(path)
if err != nil {
return nil, fuse.ToStatus(err)
}
f, err := os.OpenFile(cPath, iflags|os.O_CREATE, os.FileMode(mode))
if err != nil {
return nil, fuse.ToStatus(err)
}
return NewFile(f, writeOnly, fs.CryptFS), fuse.OK
}
func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(path) {
return fuse.EPERM
}
cPath, err := fs.encryptPath(path)
if err != nil {
return fuse.ToStatus(err)
}
return fs.FileSystem.Chmod(cPath, mode, context)
}
func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(path) {
return fuse.EPERM
}
cPath, err := fs.encryptPath(path)
if err != nil {
return fuse.ToStatus(err)
}
return fs.FileSystem.Chown(cPath, uid, gid, context)
}
func (fs *FS) Mknod(path string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(path) {
return fuse.EPERM
}
cPath, err := fs.encryptPath(path)
if err != nil {
return fuse.ToStatus(err)
}
return fs.FileSystem.Mknod(cPath, mode, dev, context)
}
func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code fuse.Status) {
cryptfs.Warn.Printf("Truncate of a closed file is not supported, returning ENOSYS\n")
return fuse.ENOSYS
}
func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(path) {
return fuse.EPERM
}
cPath, err := fs.encryptPath(path)
if err != nil {
return fuse.ToStatus(err)
}
return fs.FileSystem.Utimens(cPath, Atime, Mtime, context)
}
func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status fuse.Status) {
cPath, err := fs.encryptPath(path)
if err != nil {
return "", fuse.ToStatus(err)
}
cTarget, status := fs.FileSystem.Readlink(cPath, context)
if status != fuse.OK {
return "", status
}
// Old filesystem: symlinks are encrypted like paths (CBC)
if !fs.args.DirIV {
target, err := fs.decryptPath(cTarget)
if err != nil {
cryptfs.Warn.Printf("Readlink: CBC decryption failed: %v", err)
return "", fuse.EIO
}
return target, fuse.OK
}
// Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)
if err != nil {
cryptfs.Warn.Printf("Readlink: %v\n", err)
return "", fuse.EIO
}
target, err := fs.CryptFS.DecryptBlock([]byte(cBinTarget), 0, nil)
if err != nil {
cryptfs.Warn.Printf("Readlink: %v\n", err)
return "", fuse.EIO
}
return string(target), fuse.OK
}
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(path) {
return fuse.EPERM
}
cPath, err := fs.getBackingPath(path)
if err != nil {
return fuse.ToStatus(err)
}
return fuse.ToStatus(syscall.Unlink(cPath))
}
func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (code fuse.Status) {
cryptfs.Debug.Printf("Symlink(\"%s\", \"%s\")\n", target, linkName)
if fs.isFiltered(linkName) {
return fuse.EPERM
}
cPath, err := fs.getBackingPath(linkName)
if err != nil {
return fuse.ToStatus(err)
}
// Old filesystem: symlinks are encrypted like paths (CBC)
if !fs.args.DirIV {
cTarget, err := fs.encryptPath(target)
if err != nil {
cryptfs.Warn.Printf("Symlink: BUG: we should not get an error here: %v\n", err)
return fuse.ToStatus(err)
}
err = os.Symlink(cTarget, cPath)
return fuse.ToStatus(err)
}
// Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
cBinTarget := fs.CryptFS.EncryptBlock([]byte(target), 0, nil)
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
err = os.Symlink(cTarget, cPath)
cryptfs.Debug.Printf("Symlink: os.Symlink(%s, %s) = %v\n", cTarget, cPath, err)
return fuse.ToStatus(err)
}
func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(newPath) {
return fuse.EPERM
}
cOldPath, err := fs.getBackingPath(oldPath)
if err != nil {
return fuse.ToStatus(err)
}
cNewPath, err := fs.getBackingPath(newPath)
if err != nil {
return fuse.ToStatus(err)
}
// The Rename may cause a directory to take the place of another directory.
// That directory may still be in the DirIV cache, clear it.
fs.CryptFS.DirIVCacheEnc.Clear()
err = os.Rename(cOldPath, cNewPath)
if lerr, ok := err.(*os.LinkError); ok && lerr.Err == syscall.ENOTEMPTY {
// If an empty directory is overwritten we will always get
// ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
// Handle that case by removing the target directory and trying again.
cryptfs.Debug.Printf("Rename: Handling ENOTEMPTY\n")
if fs.Rmdir(newPath, context) == fuse.OK {
err = os.Rename(cOldPath, cNewPath)
}
}
return fuse.ToStatus(err)
}
func (fs *FS) Link(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(newPath) {
return fuse.EPERM
}
cOldPath, err := fs.getBackingPath(oldPath)
if err != nil {
return fuse.ToStatus(err)
}
cNewPath, err := fs.getBackingPath(newPath)
if err != nil {
return fuse.ToStatus(err)
}
return fuse.ToStatus(os.Link(cOldPath, cNewPath))
}
func (fs *FS) Access(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
if fs.isFiltered(path) {
return fuse.EPERM
}
cPath, err := fs.getBackingPath(path)
if err != nil {
return fuse.ToStatus(err)
}
return fuse.ToStatus(syscall.Access(cPath, mode))
}
func (fs *FS) GetXAttr(name string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
return nil, fuse.ENOSYS
}
func (fs *FS) SetXAttr(name string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
return fuse.ENOSYS
}
func (fs *FS) ListXAttr(name string, context *fuse.Context) ([]string, fuse.Status) {
return nil, fuse.ENOSYS
}
func (fs *FS) RemoveXAttr(name string, attr string, context *fuse.Context) fuse.Status {
return fuse.ENOSYS
}