From 44c7576f2125fc33a3f3d0c7bf11a033634bb8eb Mon Sep 17 00:00:00 2001 From: Ben RUBSON Date: Mon, 2 Oct 2017 19:02:55 +0200 Subject: [PATCH] Add a new option --reversewrite to clearly indicate we want to mount reverse in write mode. --- encfs/FileUtils.cpp | 28 ++++++++++------------------ encfs/encfs.pod | 13 +++++++++++-- encfs/main.cpp | 9 +++++++++ integration/reverse.t.pl | 4 ++-- 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/encfs/FileUtils.cpp b/encfs/FileUtils.cpp index c477786..0431501 100644 --- a/encfs/FileUtils.cpp +++ b/encfs/FileUtils.cpp @@ -1064,14 +1064,6 @@ RootPtr createV6Config(EncFS_Context *ctx, if (opts->requireMac) { blockMACBytes = 8; } - if (reverseEncryption) { - /* Reverse mounts are read-only by default (set in main.cpp). - * If uniqueIV is off, writing can be allowed, because there - * is no header that could be overwritten */ - if (!uniqueIV) { - opts->readOnly = false; - } - } } if (answer[0] == 'x' || alg.name.empty()) { @@ -1095,11 +1087,11 @@ RootPtr createV6Config(EncFS_Context *ctx, if (reverseEncryption) { cout << _("reverse encryption - chained IV and MAC disabled") << "\n"; uniqueIV = selectUniqueIV(false); - /* Reverse mounts are read-only by default (set in main.cpp). - * If uniqueIV is off, writing can be allowed, because there - * is no header that could be overwritten */ - if (!uniqueIV) { - opts->readOnly = false; + /* If uniqueIV is off, writing can be allowed, because there + * is no header that could be overwritten. + * So if it is on, enforce readOnly. */ + if (uniqueIV) { + opts->readOnly = true; } } else { chainedIV = selectChainedIV(); @@ -1581,11 +1573,11 @@ RootPtr initFS(EncFS_Context *ctx, const std::shared_ptr &opts) { "The configuration loaded is not compatible with --reverse\n"); return rootInfo; } - /* Reverse mounts are read-only by default (set in main.cpp). - * If uniqueIV is off, writing can be allowed, because there - * is no header that could be overwritten */ - if (!config->uniqueIV) { - opts->readOnly = false; + /* If uniqueIV is off, writing can be allowed, because there + * is no header that could be overwritten. + * So if it is on, enforce readOnly. */ + if (config->uniqueIV) { + opts->readOnly = true; } } diff --git a/encfs/encfs.pod b/encfs/encfs.pod index 55fada0..63eb3d5 100644 --- a/encfs/encfs.pod +++ b/encfs/encfs.pod @@ -18,7 +18,7 @@ encfs - mounts or creates an encrypted virtual filesystem B [B<--version>] [B<-v>|B<--verbose>] [B<-t>|B<--syslogtag>] [B<-s>] [B<-f>] [B<--annotate>] [B<--standard>] [B<--paranoia>] -[B<--reverse>] [B<--extpass=program>] [B<-S>|B<--stdinpass>] +[B<--reverse>] [B<--reversewrite>] [B<--extpass=program>] [B<-S>|B<--stdinpass>] [B<--anykey>] [B<--forcedecode>] [B<-require-macs>] [B<-i MINUTES>|B<--idle=MINUTES>] [B<-m>|B<--ondemand>] [B<--delaymount>] [B<--public>] [B<--nocache>] [B<--no-default-flags>] @@ -115,7 +115,13 @@ reproduce the unencrypted data: Now /tmp/plain-view contains the same data as /home/me Note that B<--reverse> mode only works with limited configuration options, so -many settings may be disabled when used. +many settings may be disabled when used. Incompatible options as for now : +Filename Initialization Vector Chaining and External IV Chaining. + +=item B<--reversewrite> + +Same as B<--reverse> but will allow writes, if possible (configuration must have +UniqueIV disabled). Incompatible option : Per-File Initialization Vectors. =item B<--extpass=program> @@ -500,6 +506,9 @@ initialization vector, so that each file is encrypted in a different way. This option is enabled by default. +Reverse mode derivates IV from inode number, it may then change for example +when source files are copied from one FS to another. + =item I B. This option is closely related to Per-File Initialization diff --git a/encfs/main.cpp b/encfs/main.cpp index 345a853..5421096 100644 --- a/encfs/main.cpp +++ b/encfs/main.cpp @@ -160,6 +160,8 @@ static void usage(const char *name) { "\t\t\t(encfs must be run as root)\n") << _(" --reverse\t\t" "reverse encryption\n") + << _(" --reversewrite\t\t" + "reverse encryption with writes enabled\n") // xgroup(usage) << _(" --extpass=program\tUse external program for password prompt\n" @@ -249,6 +251,7 @@ static bool processArgs(int argc, char *argv[], {"verbose", 0, nullptr, 'v'}, // verbose mode {"version", 0, nullptr, 'V'}, // version {"reverse", 0, nullptr, 'r'}, // reverse encryption + {"reversewrite", 0, nullptr, 'R'}, // reverse encryption with write enabled {"standard", 0, nullptr, '1'}, // standard configuration {"paranoia", 0, nullptr, '2'}, // standard configuration {"require-macs", 0, nullptr, LONG_OPT_REQUIRE_MAC}, // require MACs @@ -336,6 +339,12 @@ static bool processArgs(int argc, char *argv[], * slowdown. If you are concerned about inconsistencies, * please use --nocache. */ break; + case 'R': + out->opts->reverseEncryption = true; + /* At least this is what the user wants, we will see later + if it is possible */ + out->opts->readOnly = false; + break; case LONG_OPT_NOCACHE: /* Disable EncFS block cache * Causes reverse grow tests to fail because short reads diff --git a/integration/reverse.t.pl b/integration/reverse.t.pl index e38d48a..24c1b71 100755 --- a/integration/reverse.t.pl +++ b/integration/reverse.t.pl @@ -3,7 +3,7 @@ # Test EncFS --reverse mode use warnings; -use Test::More tests => 25; +use Test::More tests => 31; use File::Path; use File::Temp; use IO::Handle; @@ -212,7 +212,7 @@ symlink_test("foo"); # relative symlink_test("/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/15/17/18"); # long symlink_test("!ยง\$%&/()\\<>#+="); # special characters symlink_test("$plain/foo"); -# writesDenied(); # disabled as writes are allowed when (uniqueIV == false), we would need a specific reverse conf with (uniqueIV == true). +writesDenied(); # Umount and delete files cleanup();