libgocryptfs/cryptfs/config_file.go

package cryptfs

import (
	"fmt"
	"encoding/json"
	"io/ioutil"
)
import "os"

const (
	// The dot "." is not used in base64url (RFC4648), hence
	// we can never clash with an encrypted file.
	ConfDefaultName = "gocryptfs.conf"
)

type ConfFile struct {
	// File the config is saved to. Not exported to JSON.
	filename string
	// Encrypted AES key, unlocked using a password hashed with scrypt
	EncryptedKey []byte
	// Stores parameters for scrypt hashing (key derivation)
	ScryptObject scryptKdf
	// The On-Disk-Format version this filesystem uses
	Version uint16
}

// CreateConfFile - create a new config with a random key encrypted with
// "password" and write it to "filename"
func CreateConfFile(filename string, password string) error {
	var cf ConfFile
	cf.filename = filename

	// Generate new random master key
	key := RandBytes(KEY_LEN)

	// Encrypt it using the password
	// This sets ScryptObject and EncryptedKey
	cf.EncryptKey(key, password)

	cf.Version = HEADER_CURRENT_VERSION

	// Write file to disk
	err := cf.WriteFile()

	return err
}

// LoadConfFile - read config file from disk and decrypt the
// contained key using password
func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
	var cf ConfFile
	cf.filename = filename

	// Read from disk
	js, err := ioutil.ReadFile(filename)
	if err != nil {
		return nil, nil, err
	}

	// Unmarshal
	err = json.Unmarshal(js, &cf)
	if err != nil {
		Warn.Printf("Failed to unmarshal config file\n")
		return nil, nil, err
	}

	if cf.Version != HEADER_CURRENT_VERSION {
		return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version)
	}

	// Generate derived key from password
	scryptHash := cf.ScryptObject.DeriveKey(password)

	// Unlock master key using password-based key
	// We use stock go GCM instead of OpenSSL here as speed is not important
	// and we get better error messages
	cfs := NewCryptFS(scryptHash, false)
	key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil)
	if err != nil {
		Warn.Printf("failed to unlock master key: %s\n", err.Error())
		Warn.Printf("Password incorrect.\n")
		return nil, nil, err
	}

	return key, &cf, nil
}

// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
// and store it in cf.EncryptedKey
func (cf *ConfFile) EncryptKey(key []byte, password string) {
	// Generate derived key from password
	cf.ScryptObject = NewScryptKdf()
	scryptHash := cf.ScryptObject.DeriveKey(password)

	// Lock master key using password-based key
	cfs := NewCryptFS(scryptHash, false)
	cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil)
}

// WriteFile - write out config in JSON format to file "filename.tmp"
// then rename over "filename"
func (cf *ConfFile) WriteFile() error {
	tmp := cf.filename + ".tmp"
	fd, err := os.Create(tmp)
	if err != nil {
		return err
	}
	js, err := json.MarshalIndent(cf, "", "\t")
	if err != nil {
		return err
	}
	_, err = fd.Write(js)
	if err != nil {
		return err
	}
	err = fd.Sync()
	if err != nil {
		return err
	}
	err = fd.Close()
	if err != nil {
		return err
	}
	err = os.Rename(tmp, cf.filename)
	if err != nil {
		return err
	}

	return nil
}
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`package cryptfs`

			`import (`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`"fmt"`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`"encoding/json"`
Run go fmt 2015-10-04 14:36:20 +02:00			`"io/ioutil"`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`)`
			`import "os"`

			`const (`
			`// The dot "." is not used in base64url (RFC4648), hence`
			`// we can never clash with an encrypted file.`
			`ConfDefaultName = "gocryptfs.conf"`
			`)`

Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`type ConfFile struct {`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// File the config is saved to. Not exported to JSON.`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`filename string`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// Encrypted AES key, unlocked using a password hashed with scrypt`
			`EncryptedKey []byte`
			`// Stores parameters for scrypt hashing (key derivation)`
			`ScryptObject scryptKdf`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`// The On-Disk-Format version this filesystem uses`
			`Version uint16`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// CreateConfFile - create a new config with a random key encrypted with`
			`// "password" and write it to "filename"`
			`func CreateConfFile(filename string, password string) error {`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`var cf ConfFile`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`cf.filename = filename`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// Generate new random master key`
			`key := RandBytes(KEY_LEN)`

Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`// Encrypt it using the password`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`// This sets ScryptObject and EncryptedKey`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`cf.EncryptKey(key, password)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`cf.Version = HEADER_CURRENT_VERSION`

Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`// Write file to disk`
			`err := cf.WriteFile()`

			`return err`
			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// LoadConfFile - read config file from disk and decrypt the`
			`// contained key using password`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {`
			`var cf ConfFile`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`cf.filename = filename`

Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`// Read from disk`
			`js, err := ioutil.ReadFile(filename)`
			`if err != nil {`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return nil, nil, err`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00
			`// Unmarshal`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`err = json.Unmarshal(js, &cf)`
			`if err != nil {`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`Warn.Printf("Failed to unmarshal config file\n")`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return nil, nil, err`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`if cf.Version != HEADER_CURRENT_VERSION {`
			`return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version)`
			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// Generate derived key from password`
			`scryptHash := cf.ScryptObject.DeriveKey(password)`

			`// Unlock master key using password-based key`
			`// We use stock go GCM instead of OpenSSL here as speed is not important`
			`// and we get better error messages`
			`cfs := NewCryptFS(scryptHash, false)`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`if err != nil {`
main: check directories for existence early This prevents that the user enters the password only to get an error later. 2015-10-11 18:33:28 +02:00			`Warn.Printf("failed to unlock master key: %s\n", err.Error())`
			`Warn.Printf("Password incorrect.\n")`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return nil, nil, err`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return key, &cf, nil`
			`}`

			`// EncryptKey - encrypt "key" using an scrypt hash generated from "password"`
			`// and store it in cf.EncryptedKey`
			`func (cf *ConfFile) EncryptKey(key []byte, password string) {`
			`// Generate derived key from password`
			`cf.ScryptObject = NewScryptKdf()`
			`scryptHash := cf.ScryptObject.DeriveKey(password)`

			`// Lock master key using password-based key`
			`cfs := NewCryptFS(scryptHash, false)`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

			`// WriteFile - write out config in JSON format to file "filename.tmp"`
			`// then rename over "filename"`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`func (cf *ConfFile) WriteFile() error {`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`tmp := cf.filename + ".tmp"`
			`fd, err := os.Create(tmp)`
			`if err != nil {`
			`return err`
			`}`
Use MarshalIndent for JSON generation 2015-09-14 00:45:41 +02:00			`js, err := json.MarshalIndent(cf, "", "\t")`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`if err != nil {`
			`return err`
			`}`
			`_, err = fd.Write(js)`
			`if err != nil {`
			`return err`
			`}`
			`err = fd.Sync()`
			`if err != nil {`
			`return err`
			`}`
			`err = fd.Close()`
			`if err != nil {`
			`return err`
			`}`
			`err = os.Rename(tmp, cf.filename)`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`