libgocryptfs/cryptfs/config_file.go

package cryptfs

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
)
import "os"

const (
	// The dot "." is not used in base64url (RFC4648), hence
	// we can never clash with an encrypted file.
	ConfDefaultName = "gocryptfs.conf"
	// Understood Feature Flags
	// Also teach isFeatureFlagKnown() about any additions
	FlagPlaintextNames = "PlaintextNames"
	FlagDirIV          = "DirIV"
)

type ConfFile struct {
	// File the config is saved to. Not exported to JSON.
	filename string
	// Encrypted AES key, unlocked using a password hashed with scrypt
	EncryptedKey []byte
	// Stores parameters for scrypt hashing (key derivation)
	ScryptObject scryptKdf
	// The On-Disk-Format version this filesystem uses
	Version uint16
	// List of feature flags this filesystem has enabled.
	// If gocryptfs encounters a feature flag it does not support, it will refuse
	// mounting. This mechanism is analogous to the ext4 feature flags that are
	// stored in the superblock.
	FeatureFlags []string
}

// CreateConfFile - create a new config with a random key encrypted with
// "password" and write it to "filename"
func CreateConfFile(filename string, password string, plaintextNames bool) error {
	var cf ConfFile
	cf.filename = filename

	// Generate new random master key
	key := RandBytes(KEY_LEN)

	// Encrypt it using the password
	// This sets ScryptObject and EncryptedKey
	cf.EncryptKey(key, password)

	// Set defaults
	cf.Version = HEADER_CURRENT_VERSION
	cf.FeatureFlags = []string{FlagDirIV}

	// Set values chosen by the user
	if plaintextNames {
		cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)
	}

	// Write file to disk
	return cf.WriteFile()
}

// LoadConfFile - read config file from disk and decrypt the
// contained key using password.
//
// Returns the decrypted key and the ConfFile object
func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
	var cf ConfFile
	cf.filename = filename

	// Read from disk
	js, err := ioutil.ReadFile(filename)
	if err != nil {
		return nil, nil, err
	}

	// Unmarshal
	err = json.Unmarshal(js, &cf)
	if err != nil {
		Warn.Printf("Failed to unmarshal config file\n")
		return nil, nil, err
	}

	if cf.Version != HEADER_CURRENT_VERSION {
		return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
	}

	for _, flag := range cf.FeatureFlags {
		if cf.isFeatureFlagKnown(flag) == false {
			return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
		}
	}

	// Generate derived key from password
	scryptHash := cf.ScryptObject.DeriveKey(password)

	// Unlock master key using password-based key
	// We use stock go GCM instead of OpenSSL here as speed is not important
	// and we get better error messages
	cfs := NewCryptFS(scryptHash, false, false)
	key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil)
	if err != nil {
		Warn.Printf("failed to unlock master key: %s\n", err.Error())
		Warn.Printf("Password incorrect.\n")
		return nil, nil, err
	}

	return key, &cf, nil
}

// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
// and store it in cf.EncryptedKey
func (cf *ConfFile) EncryptKey(key []byte, password string) {
	// Generate derived key from password
	cf.ScryptObject = NewScryptKdf()
	scryptHash := cf.ScryptObject.DeriveKey(password)

	// Lock master key using password-based key
	cfs := NewCryptFS(scryptHash, false, false)
	cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil)
}

// WriteFile - write out config in JSON format to file "filename.tmp"
// then rename over "filename".
// This way a password change atomically replaces the file.
func (cf *ConfFile) WriteFile() error {
	tmp := cf.filename + ".tmp"
	// 0400 permissions: gocryptfs.conf should be kept secret and never be written to.
	fd, err := os.OpenFile(tmp, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
	if err != nil {
		return err
	}
	js, err := json.MarshalIndent(cf, "", "\t")
	if err != nil {
		return err
	}
	_, err = fd.Write(js)
	if err != nil {
		return err
	}
	err = fd.Sync()
	if err != nil {
		return err
	}
	err = fd.Close()
	if err != nil {
		return err
	}
	err = os.Rename(tmp, cf.filename)
	if err != nil {
		return err
	}

	return nil
}

// Verify that we understand a feature flag
func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
	switch flag {
	case FlagPlaintextNames, FlagDirIV:
		return true
	default:
		return false
	}
}

// isFeatureFlagSet - is the feature flag "flagWant" enabled?
func (cf *ConfFile) IsFeatureFlagSet(flagWant string) bool {
	if !cf.isFeatureFlagKnown(flagWant) {
		log.Panicf("BUG: Tried to use unsupported feature flag %s", flagWant)
	}
	for _, flag := range cf.FeatureFlags {
		if flag == flagWant {
			return true
		}
	}
	return false
}
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`package cryptfs`

			`import (`
			`"encoding/json"`
Refactor ciphertext <-> plaintext offset translation functions Move all the intelligence into the new file address_translation.go. That the calculations were spread out too much became apparent when adding the file header. This should make the code much easier to modify in the future. 2015-11-01 12:11:36 +01:00			`"fmt"`
Run go fmt 2015-10-04 14:36:20 +02:00			`"io/ioutil"`
diriv: Define "DirIV" feature flag (unused so far) 2015-11-27 22:18:36 +01:00			`"log"`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`)`
			`import "os"`

			`const (`
			`// The dot "." is not used in base64url (RFC4648), hence`
			`// we can never clash with an encrypted file.`
diriv: Define "DirIV" feature flag (unused so far) 2015-11-27 22:18:36 +01:00			`ConfDefaultName = "gocryptfs.conf"`
			`// Understood Feature Flags`
			`// Also teach isFeatureFlagKnown() about any additions`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`FlagPlaintextNames = "PlaintextNames"`
diriv: Define "DirIV" feature flag (unused so far) 2015-11-27 22:18:36 +01:00			`FlagDirIV = "DirIV"`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`)`

Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`type ConfFile struct {`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// File the config is saved to. Not exported to JSON.`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`filename string`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// Encrypted AES key, unlocked using a password hashed with scrypt`
			`EncryptedKey []byte`
			`// Stores parameters for scrypt hashing (key derivation)`
			`ScryptObject scryptKdf`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`// The On-Disk-Format version this filesystem uses`
			`Version uint16`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`// List of feature flags this filesystem has enabled.`
			`// If gocryptfs encounters a feature flag it does not support, it will refuse`
			`// mounting. This mechanism is analogous to the ext4 feature flags that are`
			`// stored in the superblock.`
			`FeatureFlags []string`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// CreateConfFile - create a new config with a random key encrypted with`
			`// "password" and write it to "filename"`
Add "--plaintextnames" option Also, gather all the command line arguments into an anonymous struct "args". 2015-11-02 23:08:51 +01:00			`func CreateConfFile(filename string, password string, plaintextNames bool) error {`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`var cf ConfFile`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`cf.filename = filename`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// Generate new random master key`
			`key := RandBytes(KEY_LEN)`

Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`// Encrypt it using the password`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`// This sets ScryptObject and EncryptedKey`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`cf.EncryptKey(key, password)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00
diriv: use "DirIV" flag to discern and support mounting old filesystems 2015-11-27 23:34:55 +01:00			`// Set defaults`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`cf.Version = HEADER_CURRENT_VERSION`
diriv: use "DirIV" flag to discern and support mounting old filesystems 2015-11-27 23:34:55 +01:00			`cf.FeatureFlags = []string{FlagDirIV}`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00
diriv: use "DirIV" flag to discern and support mounting old filesystems 2015-11-27 23:34:55 +01:00			`// Set values chosen by the user`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`if plaintextNames {`
			`cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)`
			`}`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00
Add "--plaintextnames" option Also, gather all the command line arguments into an anonymous struct "args". 2015-11-02 23:08:51 +01:00			`// Write file to disk`
			`return cf.WriteFile()`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// LoadConfFile - read config file from disk and decrypt the`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`// contained key using password.`
			`//`
			`// Returns the decrypted key and the ConfFile object`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {`
			`var cf ConfFile`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`cf.filename = filename`

Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`// Read from disk`
			`js, err := ioutil.ReadFile(filename)`
			`if err != nil {`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return nil, nil, err`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00
			`// Unmarshal`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`err = json.Unmarshal(js, &cf)`
			`if err != nil {`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`Warn.Printf("Failed to unmarshal config file\n")`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return nil, nil, err`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`if cf.Version != HEADER_CURRENT_VERSION {`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)`
			`}`

Run go fmt and go vet 2015-11-14 17:16:17 +01:00			`for _, flag := range cf.FeatureFlags {`
diriv: Define "DirIV" feature flag (unused so far) 2015-11-27 22:18:36 +01:00			`if cf.isFeatureFlagKnown(flag) == false {`
Run go fmt and go vet 2015-11-14 17:16:17 +01:00			`return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`}`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`}`

Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00			`// Generate derived key from password`
			`scryptHash := cf.ScryptObject.DeriveKey(password)`

			`// Unlock master key using password-based key`
			`// We use stock go GCM instead of OpenSSL here as speed is not important`
			`// and we get better error messages`
Implement PlainTextNames mode Also, forbid access to "gocryptfs.conf" in the root dir. 2015-11-03 00:00:13 +01:00			`cfs := NewCryptFS(scryptHash, false, false)`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`key, err := cfs.DecryptBlock(cf.EncryptedKey, 0, nil)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`if err != nil {`
main: check directories for existence early This prevents that the user enters the password only to get an error later. 2015-10-11 18:33:28 +02:00			`Warn.Printf("failed to unlock master key: %s\n", err.Error())`
			`Warn.Printf("Password incorrect.\n")`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return nil, nil, err`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`
Encrypt key with scrypt-hashed password 2015-09-13 21:47:18 +02:00
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`return key, &cf, nil`
			`}`

			`// EncryptKey - encrypt "key" using an scrypt hash generated from "password"`
			`// and store it in cf.EncryptedKey`
			`func (cf *ConfFile) EncryptKey(key []byte, password string) {`
			`// Generate derived key from password`
			`cf.ScryptObject = NewScryptKdf()`
			`scryptHash := cf.ScryptObject.DeriveKey(password)`

			`// Lock master key using password-based key`
Implement PlainTextNames mode Also, forbid access to "gocryptfs.conf" in the root dir. 2015-11-03 00:00:13 +01:00			`cfs := NewCryptFS(scryptHash, false, false)`
Add file header (on-disk-format change) Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random file id * Each block uses the file id and its block number as GCM authentication data * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. 2015-11-01 01:32:33 +01:00			`cf.EncryptedKey = cfs.EncryptBlock(key, 0, nil)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`}`

			`// WriteFile - write out config in JSON format to file "filename.tmp"`
Tighten file permissions on gocryptfs.conf This file should only be readable by the owner and never be written to. 2015-11-25 20:09:48 +01:00			`// then rename over "filename".`
			`// This way a password change atomically replaces the file.`
Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00			`func (cf *ConfFile) WriteFile() error {`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`tmp := cf.filename + ".tmp"`
Tighten file permissions on gocryptfs.conf This file should only be readable by the owner and never be written to. 2015-11-25 20:09:48 +01:00			`// 0400 permissions: gocryptfs.conf should be kept secret and never be written to.`
			`fd, err := os.OpenFile(tmp, os.O_WRONLY\|os.O_CREATE\|os.O_EXCL, 0400)`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`if err != nil {`
			`return err`
			`}`
Use MarshalIndent for JSON generation 2015-09-14 00:45:41 +02:00			`js, err := json.MarshalIndent(cf, "", "\t")`
Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00			`if err != nil {`
			`return err`
			`}`
			`_, err = fd.Write(js)`
			`if err != nil {`
			`return err`
			`}`
			`err = fd.Sync()`
			`if err != nil {`
			`return err`
			`}`
			`err = fd.Close()`
			`if err != nil {`
			`return err`
			`}`
			`err = os.Rename(tmp, cf.filename)`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00
diriv: Define "DirIV" feature flag (unused so far) 2015-11-27 22:18:36 +01:00			`// Verify that we understand a feature flag`
			`func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {`
			`switch flag {`
			`case FlagPlaintextNames, FlagDirIV:`
			`return true`
			`default:`
			`return false`
			`}`
			`}`

config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`// isFeatureFlagSet - is the feature flag "flagWant" enabled?`
diriv: Define "DirIV" feature flag (unused so far) 2015-11-27 22:18:36 +01:00			`func (cf *ConfFile) IsFeatureFlagSet(flagWant string) bool {`
			`if !cf.isFeatureFlagKnown(flagWant) {`
			`log.Panicf("BUG: Tried to use unsupported feature flag %s", flagWant)`
			`}`
Run go fmt and go vet 2015-11-14 17:16:17 +01:00			`for _, flag := range cf.FeatureFlags {`
config: Introduce ext4-style feature flags // List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string 2015-11-03 21:05:47 +01:00			`if flag == flagWant {`
			`return true`
			`}`
			`}`
			`return false`
			`}`