nametransform

Documentation

Overview

Package nametransform encrypts and decrypts filenames.

Index

• Constants
• func DeleteLongName(dirfd *os.File, hashName string) error
• func Dir(path string) string
• func IsLongContent(cName string) bool
• func NameType(cName string) int
• func ReadDirIV(dir string) (iv []byte, err error)
• func ReadDirIVAt(dirfd *os.File) (iv []byte, err error)
• func ReadLongName(path string) (string, error)
• func WriteDirIV(dirfd *os.File, dir string) error
• type NameTransform
  • func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform
  • func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error)
  • func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string)
  • func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (string, error)
  • func (n *NameTransform) HashLongName(name string) string
  • func (n *NameTransform) WriteLongName(dirfd *os.File, hashName string, plainName string) (err error)

Constants

const (
	// DirIVLen is identical to AES block size
	DirIVLen = 16
	// DirIVFilename is the filename used to store directory IV.
	// Exported because we have to ignore this name in directory listing.
	DirIVFilename = "gocryptfs.diriv"
)

const (
	// LongNameContent is the file that stores the file content.
	// Example: gocryptfs.longname.URrM8kgxTKYMgCk4hKk7RO9Lcfr30XQof4L_5bD9Iro=
	LongNameContent = iota
	// LongNameFilename is the file that stores the full encrypted filename.
	// Example: gocryptfs.longname.URrM8kgxTKYMgCk4hKk7RO9Lcfr30XQof4L_5bD9Iro=.name
	LongNameFilename = iota
	// LongNameNone is used when the file does not have a long name.
	// Example: i1bpTaVLZq7sRNA9mL_2Ig==
	LongNameNone = iota
)

Values returned by IsLongName

const (
	// LongNameSuffix is the suffix used for files with long names.
	// Files with long names are stored in two files:
	// gocryptfs.longname.[sha256]       <--- File content, prefix = gocryptfs.longname.
	// gocryptfs.longname.[sha256].name  <--- File name, suffix = .name
	LongNameSuffix = ".name"
)

Functions

func DeleteLongName

func DeleteLongName(dirfd *os.File, hashName string) error

DeleteLongName deletes "hashName.name".

func Dir

func Dir(path string) string

Dir is like filepath.Dir but returns "" instead of ".".

func IsLongContent

func IsLongContent(cName string) bool

IsLongContent returns true if "cName" is the content store of a long name file (looks like "gocryptfs.longname.sha256").

func NameType

func NameType(cName string) int

NameType - detect if cName is gocryptfs.longname.sha256 ........ LongNameContent (content of a long name file) gocryptfs.longname.sha256.name .... LongNameFilename (full file name of a long name file) else ................................ LongNameNone (normal file)

func ReadDirIV

func ReadDirIV(dir string) (iv []byte, err error)

ReadDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path) This function is exported because it allows for an efficient readdir implementation. If the directory itself cannot be opened, a syscall error will be returned. Otherwise, a fmt.Errorf() error value is returned with the details.

func ReadDirIVAt

func ReadDirIVAt(dirfd *os.File) (iv []byte, err error)

ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd". Using the dirfd makes it immune to concurrent renames of the directory.

func ReadLongName

func ReadLongName(path string) (string, error)

ReadLongName - read "$path.name"

func WriteDirIV

func WriteDirIV(dirfd *os.File, dir string) error

WriteDirIV - create diriv file inside of the specified directory. If dirfd is nil "dir" should be the absolute path to the directory. If dirfd != nil "dir" should be a path (without slashes) relative to the directory described by "dirfd". This function is exported because it is used from pathfs_frontend, main, and also the automated tests.

Types

type NameTransform

type NameTransform struct {
	DirIVCache dirivcache.DirIVCache
	// B64 = either base64.URLEncoding or base64.RawURLEncoding, depeding
	// on the Raw64 feature flag
	B64 *base64.Encoding
	// contains filtered or unexported fields
}

NameTransform is used to transform filenames.

func New

func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform

New returns a new NameTransform instance.

func (*NameTransform) DecryptName

func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error)

DecryptName decrypts a base64-encoded encrypted filename "cipherName" using the initialization vector "iv".

func (*NameTransform) EncryptName

func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string)

EncryptName encrypts "plainName", returns a base64-encoded "cipherName64". Used internally by EncryptPathDirIV(). The encryption is either CBC or EME, depending on "useEME".

This function is exported because fusefrontend needs access to the full (not hashed) name if longname is used. Otherwise you should use EncryptPathDirIV()

func (*NameTransform) EncryptPathDirIV

func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (string, error)

EncryptPathDirIV - encrypt relative plaintext path "plainPath" using EME with DirIV. "rootDir" is the backing storage root directory. Components that are longer than 255 bytes are hashed if be.longnames == true.

func (*NameTransform) HashLongName

func (n *NameTransform) HashLongName(name string) string

HashLongName - take the hash of a long string "name" and return "gocryptfs.longname.sha256"

func (*NameTransform) WriteLongName

func (n *NameTransform) WriteLongName(dirfd *os.File, hashName string, plainName string) (err error)

WriteLongName encrypts plainName and writes it into "hashName.name". For the convenience of the caller, plainName may also be a path and will be converted internally.