Add ability to disable file data encoding

encfs/FSConfig.h

@@ -67,6 +67,8 @@ struct EncFSConfig {
   int kdfIterations;
   long desiredKDFDuration;
 
+  bool plainData;         // do not encrypt file content
+
   int blockMACBytes;      // MAC headers on blocks..
   int blockMACRandBytes;  // number of random bytes in the block header
 
@@ -79,6 +81,7 @@ struct EncFSConfig {
   EncFSConfig() : keyData(), salt() {
     cfgType = Config_None;
     subVersion = 0;
+    plainData = false;
     blockMACBytes = 0;
     blockMACRandBytes = 0;
     uniqueIV = false;

encfs/FileUtils.cpp

@@ -319,6 +319,7 @@ bool readV6Config(const char *configFile, EncFSConfig *cfg, ConfigInfo *info) {
   config->read("keySize", &cfg->keySize);
 
   config->read("blockSize", &cfg->blockSize);
+  config->read("plainData", &cfg->plainData);
   config->read("uniqueIV", &cfg->uniqueIV);
   config->read("chainedNameIV", &cfg->chainedNameIV);
   config->read("externalIVChaining", &cfg->externalIVChaining);
@@ -547,6 +548,7 @@ bool writeV6Config(const char *configFile, const EncFSConfig *cfg) {
   addEl(doc, config, "nameAlg", cfg->nameIface);
   addEl(doc, config, "keySize", cfg->keySize);
   addEl(doc, config, "blockSize", cfg->blockSize);
+  addEl(doc, config, "plainData", (int)cfg->plainData);
   addEl(doc, config, "uniqueIV", (int)cfg->uniqueIV);
   addEl(doc, config, "chainedNameIV", (int)cfg->chainedNameIV);
   addEl(doc, config, "externalIVChaining", (int)cfg->externalIVChaining);
@@ -875,6 +877,20 @@ static bool boolDefaultYes(const char *prompt) {
   return boolDefault(prompt, true);
 }
 
+/**
+ * Ask the user to select plain data
+ */
+static bool selectPlainData(bool unsafe) {
+  bool plainData = false;
+  if (unsafe) {
+    plainData = boolDefaultNo(
+        _("You used --unsafe, you can then disable file data encoding\n"
+           "which is of course abolutely discouraged.\n"
+           "Disable file data encoding?"));
+  }
+  return plainData;
+}
+
 /**
  * Ask the user whether to enable block MAC and random header bytes
  */
@@ -1020,6 +1036,7 @@ RootPtr createV6Config(EncFS_Context *ctx,
   Interface nameIOIface;        // selectNameCoding()
   int blockMACBytes = 0;        // selectBlockMAC()
   int blockMACRandBytes = 0;    // selectBlockMAC()
+  bool plainData = false;       // selectPlainData()
   bool uniqueIV = true;         // selectUniqueIV()
   bool chainedIV = true;        // selectChainedIV()
   bool externalIV = false;      // selectExternalChainedIV()
@@ -1100,30 +1117,42 @@ RootPtr createV6Config(EncFS_Context *ctx,
     alg = selectCipherAlgorithm();
     keySize = selectKeySize(alg);
     blockSize = selectBlockSize(alg);
+    plainData = selectPlainData(opts->unsafe);
     nameIOIface = selectNameCoding();
-    if (reverseEncryption) {
-      cout << _("reverse encryption - chained IV and MAC disabled") << "\n";
-      uniqueIV = selectUniqueIV(false);
-      /* If uniqueIV is off, writing can be allowed, because there
-       * is no header that could be overwritten.
-       * So if it is on, enforce readOnly. */
-      if (uniqueIV) {
-        opts->readOnly = true;
-      }
-    } else {
-      chainedIV = selectChainedIV();
-      uniqueIV = selectUniqueIV(true);
-      if (chainedIV && uniqueIV) {
-        externalIV = selectExternalChainedIV();
+    if (plainData) {
+      cout << _("plain data - IV, MAC and file-hole disabled") << "\n";
+      allowHoles = false;
+      chainedIV = false;
+      externalIV = false;
+      uniqueIV = false;
+      blockMACBytes = 0;
+      blockMACRandBytes = 0;
+    }
+    else {
+      if (reverseEncryption) {
+        cout << _("reverse encryption - chained IV and MAC disabled") << "\n";
+        uniqueIV = selectUniqueIV(false);
+        /* If uniqueIV is off, writing can be allowed, because there
+         * is no header that could be overwritten.
+         * So if it is on, enforce readOnly. */
+        if (uniqueIV) {
+          opts->readOnly = true;
+        }
       } else {
-        // xgroup(setup)
-        cout << _("External chained IV disabled, as both 'IV chaining'\n"
-                  "and 'unique IV' features are required for this option.")
-             << "\n";
-        externalIV = false;
+        chainedIV = selectChainedIV();
+        uniqueIV = selectUniqueIV(true);
+        if (chainedIV && uniqueIV) {
+          externalIV = selectExternalChainedIV();
+        } else {
+          // xgroup(setup)
+          cout << _("External chained IV disabled, as both 'IV chaining'\n"
+                    "and 'unique IV' features are required for this option.")
+               << "\n";
+          externalIV = false;
+        }
+        selectBlockMAC(&blockMACBytes, &blockMACRandBytes, opts->requireMac);
+        allowHoles = selectZeroBlockPassThrough();
       }
-      selectBlockMAC(&blockMACBytes, &blockMACRandBytes, opts->requireMac);
-      allowHoles = selectZeroBlockPassThrough();
     }
   }
 
@@ -1143,6 +1172,7 @@ RootPtr createV6Config(EncFS_Context *ctx,
   config->cipherIface = cipher->interface();
   config->keySize = keySize;
   config->blockSize = blockSize;
+  config->plainData = plainData;
   config->nameIface = nameIOIface;
   config->creator = "EncFS " VERSION;
   config->subVersion = V6SubVersion;
@@ -1234,7 +1264,13 @@ RootPtr createV6Config(EncFS_Context *ctx,
   nameCoder->setReverseEncryption(reverseEncryption);
 
   FSConfigPtr fsConfig(new FSConfig);
-  fsConfig->cipher = cipher;
+  if (plainData) {
+    static Interface NullInterface("nullCipher", 1, 0, 0);
+    fsConfig->cipher = Cipher::New(NullInterface, 0);
+  }
+  else {
+    fsConfig->cipher = cipher;
+  }
   fsConfig->key = volumeKey;
   fsConfig->nameCoding = nameCoder;
   fsConfig->config = config;
@@ -1664,7 +1700,17 @@ RootPtr initFS(EncFS_Context *ctx, const std::shared_ptr<EncFS_Opts> &opts) {
     nameCoder->setReverseEncryption(opts->reverseEncryption);
 
     FSConfigPtr fsConfig(new FSConfig);
-    fsConfig->cipher = cipher;
+    if (config->plainData) {
+      if (! opts->unsafe) {
+        cout << _("Configuration use plainData but you did not use --unsafe\n");
+        return rootInfo;
+      }
+      static Interface NullInterface("nullCipher", 1, 0, 0);
+      fsConfig->cipher = Cipher::New(NullInterface, 0);
+    }
+    else {
+      fsConfig->cipher = cipher;
+    }
     fsConfig->key = volumeKey;
     fsConfig->nameCoding = nameCoder;
     fsConfig->config = config;

encfs/FileUtils.h

@@ -96,6 +96,8 @@ struct EncFS_Opts {
 
   bool readOnly;  // Mount read-only
 
+  bool unsafe; // Allow to use plain data / to disable data encoding
+
   bool requireMac;  // Throw an error if MAC is disabled
 
   ConfigMode configMode;
@@ -116,6 +118,7 @@ struct EncFS_Opts {
     configMode = Config_Prompt;
     noCache = false;
     readOnly = false;
+    unsafe = false;
     requireMac = false;
   }
 };

encfs/encfs.pod

@@ -17,7 +17,7 @@ encfs - mounts or creates an encrypted virtual filesystem
 =head1 SYNOPSIS
 
 B<encfs> [B<--version>] [B<-v>|B<--verbose>] [B<-c>|B<--config>] [B<-t>|B<--syslogtag>] 
-[B<-s>] [B<-f>] [B<--annotate>] [B<--standard>] [B<--paranoia>] 
+[B<-s>] [B<-f>] [B<--annotate>] [B<--standard>] [B<--paranoia>] [B<--unsafe>] 
 [B<--reverse>] [B<--reversewrite>] [B<--extpass=program>] [B<-S>|B<--stdinpass>] 
 [B<--anykey>] [B<--forcedecode>] [B<-require-macs>] 
 [B<-i MINUTES>|B<--idle=MINUTES>] [B<-m>|B<--ondemand>] [B<--delaymount>] [B<-u>|B<--unmount>] 
@@ -97,6 +97,11 @@ When not creating a filesystem, this flag does nothing.
 
 Same as B<--standard>, but for B<paranoia> mode.
 
+=item B<--unsafe>
+
+Allows you to disable data encoding, thus to pass plain data as is.  Fully
+discouraged of course!
+
 =item B<--reverse>
 
 Normally B<EncFS> provides a plaintext view of data on demand: it stores

encfs/main.cpp

@@ -48,6 +48,7 @@
 #define LONG_OPT_ANNOTATE 513
 #define LONG_OPT_NOCACHE 514
 #define LONG_OPT_REQUIRE_MAC 515
+#define LONG_OPT_UNSAFE 516
 
 using namespace std;
 using namespace encfs;
@@ -221,6 +222,7 @@ static bool processArgs(int argc, char *argv[],
   out->opts->annotate = false;
   out->opts->reverseEncryption = false;
   out->opts->requireMac = false;
+  out->opts->unsafe = false;
   out->opts->unmount = false;
 
   bool useDefaultFlags = true;
@@ -260,6 +262,7 @@ static bool processArgs(int argc, char *argv[],
       {"standard", 0, nullptr, '1'},              // standard configuration
       {"paranoia", 0, nullptr, '2'},              // standard configuration
       {"require-macs", 0, nullptr, LONG_OPT_REQUIRE_MAC},  // require MACs
+      {"unsafe", 0, nullptr, LONG_OPT_UNSAFE},  // require MACs
       {"config", 1, nullptr, 'c'},                // command-line-supplied config location
       {"unmount", 1, nullptr, 'u'},               // unmount
       {nullptr, 0, nullptr, 0}};
@@ -307,6 +310,9 @@ static bool processArgs(int argc, char *argv[],
       case LONG_OPT_REQUIRE_MAC:
         out->opts->requireMac = true;
         break;
+      case LONG_OPT_UNSAFE:
+        out->opts->unsafe = true;
+        break;
       case 'c':
         /* Take config file path from command 
          * line instead of ENV variable */