libgocryptfs/init_dir.go

package main

import (
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"strings"
	"syscall"

	"github.com/rfjakob/gocryptfs/v2/internal/configfile"
	"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
	"github.com/rfjakob/gocryptfs/v2/internal/exitcodes"
	"github.com/rfjakob/gocryptfs/v2/internal/fido2"
	"github.com/rfjakob/gocryptfs/v2/internal/nametransform"
	"github.com/rfjakob/gocryptfs/v2/internal/readpassword"
	"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"
	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)

// isEmptyDir checks if "dir" exists and is an empty directory.
// Returns an *os.PathError if Stat() on the path fails.
func isEmptyDir(dir string) error {
	err := isDir(dir)
	if err != nil {
		return err
	}
	entries, err := ioutil.ReadDir(dir)
	if err != nil {
		return err
	}
	if len(entries) == 0 {
		return nil
	}
	return fmt.Errorf("directory %s not empty", dir)
}

// isDir checks if "dir" exists and is a directory.
func isDir(dir string) error {
	fi, err := os.Stat(dir)
	if err != nil {
		return err
	}
	if !fi.IsDir() {
		return fmt.Errorf("%s is not a directory", dir)
	}
	return nil
}

// initDir handles "gocryptfs -init". It prepares a directory for use as a
// gocryptfs storage directory.
// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv
// files in an empty directory.
// In reverse mode, we create .gocryptfs.reverse.conf and the directory does
// not need to be empty.
func initDir(args *argContainer) {
	var err error
	if args.reverse {
		_, err = os.Stat(args.config)
		if err == nil {
			tlog.Fatal.Printf("Config file %q already exists", args.config)
			os.Exit(exitcodes.Init)
		}
	} else {
		err = isEmptyDir(args.cipherdir)
		if err != nil {
			tlog.Fatal.Printf("Invalid cipherdir: %v", err)
			os.Exit(exitcodes.CipherDir)
		}
	}
	// Choose password for config file
	if len(args.extpass) == 0 && args.fido2 == "" {
		tlog.Info.Printf("Choose a password for protecting your files.")
	}
	{
		var password []byte
		var fido2CredentialID, fido2HmacSalt []byte
		if args.fido2 != "" {
			fido2CredentialID = fido2.Register(args.fido2, filepath.Base(args.cipherdir))
			fido2HmacSalt = cryptocore.RandBytes(32)
			password = fido2.Secret(args.fido2, fido2CredentialID, fido2HmacSalt)
		} else {
			// normal password entry
			password = readpassword.Twice([]string(args.extpass), []string(args.passfile))
			fido2CredentialID = nil
			fido2HmacSalt = nil
		}
		creator := tlog.ProgramName + " " + GitVersion
		err = configfile.Create(&configfile.CreateArgs{
			Filename:           args.config,
			Password:           password,
			PlaintextNames:     args.plaintextnames,
			LogN:               args.scryptn,
			Creator:            creator,
			AESSIV:             args.aessiv,
			Fido2CredentialID:  fido2CredentialID,
			Fido2HmacSalt:      fido2HmacSalt,
			DeterministicNames: args.deterministic_names,
			XChaCha20Poly1305:  args.xchacha})
		if err != nil {
			tlog.Fatal.Println(err)
			os.Exit(exitcodes.WriteConf)
		}
		for i := range password {
			password[i] = 0
		}
		// password runs out of scope here
	}
	// Forward mode with filename encryption enabled needs a gocryptfs.diriv file
	// in the root dir
	if !args.plaintextnames && !args.reverse && !args.deterministic_names {
		// Open cipherdir (following symlinks)
		dirfd, err := syscall.Open(args.cipherdir, syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
		if err == nil {
			err = nametransform.WriteDirIVAt(dirfd)
			syscall.Close(dirfd)
		}
		if err != nil {
			tlog.Fatal.Println(err)
			os.Exit(exitcodes.Init)
		}
	}
	mountArgs := ""
	fsName := "gocryptfs"
	if args.reverse {
		mountArgs = " -reverse"
		fsName = "gocryptfs-reverse"
	}
	tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,
		fsName)
	wd, _ := os.Getwd()
	friendlyPath, _ := filepath.Rel(wd, args.cipherdir)
	if strings.HasPrefix(friendlyPath, "../") {
		// A relative path that starts with "../" is pretty unfriendly, just
		// keep the absolute path.
		friendlyPath = args.cipherdir
	}
	if strings.Contains(friendlyPath, " ") {
		friendlyPath = "\"" + friendlyPath + "\""
	}
	tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,
		tlog.ProgramName, mountArgs, friendlyPath)
}
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`package main`

			`import (`
main: move and rename checkDir() helper To avoid confusion with fsck, rename to isDir() and move the functions into init_dir.go. 2018-04-01 12:31:44 +02:00			`"fmt"`
			`"io/ioutil"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`"os"`
			`"path/filepath"`
			`"strings"`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`"syscall"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00
go mod: declare module version v2 Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go \| xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/% 2021-08-23 15:05:15 +02:00			`"github.com/rfjakob/gocryptfs/v2/internal/configfile"`
			`"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"`
			`"github.com/rfjakob/gocryptfs/v2/internal/exitcodes"`
			`"github.com/rfjakob/gocryptfs/v2/internal/fido2"`
			`"github.com/rfjakob/gocryptfs/v2/internal/nametransform"`
			`"github.com/rfjakob/gocryptfs/v2/internal/readpassword"`
			`"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"`
			`"github.com/rfjakob/gocryptfs/v2/internal/tlog"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`)`

Rename isDirEmpty -> isEmptyDir The function actually answers the question: "is this an empty dir"? 2019-08-04 14:13:00 +02:00			`// isEmptyDir checks if "dir" exists and is an empty directory.`
main: move and rename checkDir() helper To avoid confusion with fsck, rename to isDir() and move the functions into init_dir.go. 2018-04-01 12:31:44 +02:00			`// Returns an *os.PathError if Stat() on the path fails.`
Rename isDirEmpty -> isEmptyDir The function actually answers the question: "is this an empty dir"? 2019-08-04 14:13:00 +02:00			`func isEmptyDir(dir string) error {`
main: move and rename checkDir() helper To avoid confusion with fsck, rename to isDir() and move the functions into init_dir.go. 2018-04-01 12:31:44 +02:00			`err := isDir(dir)`
			`if err != nil {`
			`return err`
			`}`
			`entries, err := ioutil.ReadDir(dir)`
			`if err != nil {`
			`return err`
			`}`
			`if len(entries) == 0 {`
			`return nil`
			`}`
			`return fmt.Errorf("directory %s not empty", dir)`
			`}`

			`// isDir checks if "dir" exists and is a directory.`
			`func isDir(dir string) error {`
			`fi, err := os.Stat(dir)`
			`if err != nil {`
			`return err`
			`}`
			`if !fi.IsDir() {`
			`return fmt.Errorf("%s is not a directory", dir)`
			`}`
			`return nil`
			`}`

trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// initDir handles "gocryptfs -init". It prepares a directory for use as a`
			`// gocryptfs storage directory.`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv`
			`// files in an empty directory.`
			`// In reverse mode, we create .gocryptfs.reverse.conf and the directory does`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// not need to be empty.`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`func initDir(args *argContainer) {`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`var err error`
main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-20 22:49:23 +02:00			`if args.reverse {`
			`_, err = os.Stat(args.config)`
			`if err == nil {`
			`tlog.Fatal.Printf("Config file %q already exists", args.config)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-20 22:49:23 +02:00			`}`
			`} else {`
Rename isDirEmpty -> isEmptyDir The function actually answers the question: "is this an empty dir"? 2019-08-04 14:13:00 +02:00			`err = isEmptyDir(args.cipherdir)`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`if err != nil {`
			`tlog.Fatal.Printf("Invalid cipherdir: %v", err)`
gocryptfs -init: fix wrong exit code on non-empty dir Fixes https://github.com/rfjakob/gocryptfs/pull/503 2020-09-06 11:35:25 +02:00			`os.Exit(exitcodes.CipherDir)`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`}`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// Choose password for config file`
main: take advantage of pflag slice types Our multipleStrings type is now built in. 2021-08-10 19:09:58 +02:00			`if len(args.extpass) == 0 && args.fido2 == "" {`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`tlog.Info.Printf("Choose a password for protecting your files.")`
			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`{`
Add support for FIDO2 tokens 2020-09-05 22:42:15 +02:00			`var password []byte`
			`var fido2CredentialID, fido2HmacSalt []byte`
			`if args.fido2 != "" {`
			`fido2CredentialID = fido2.Register(args.fido2, filepath.Base(args.cipherdir))`
			`fido2HmacSalt = cryptocore.RandBytes(32)`
			`password = fido2.Secret(args.fido2, fido2CredentialID, fido2HmacSalt)`
			`} else {`
			`// normal password entry`
			`password = readpassword.Twice([]string(args.extpass), []string(args.passfile))`
			`fido2CredentialID = nil`
			`fido2HmacSalt = nil`
			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`creator := tlog.ProgramName + " " + GitVersion`
configfile: pass struct to Create 2/2 Drop Create and rename Create2 to Create. 2021-08-21 14:04:04 +02:00			`err = configfile.Create(&configfile.CreateArgs{`
configfile: pass struct to Create 1/2 The argument list got too long. Part 1: Replace with Create2 2021-08-21 14:01:58 +02:00			`Filename: args.config,`
			`Password: password,`
			`PlaintextNames: args.plaintextnames,`
			`LogN: args.scryptn,`
			`Creator: creator,`
			`AESSIV: args.aessiv,`
			`Fido2CredentialID: fido2CredentialID,`
			`Fido2HmacSalt: fido2HmacSalt,`
configfile: add Validate() function, support FlagXChaCha20Poly1305 We used to do validation using lists of mandatory feature flags. With the introduction of XChaCha20Poly1305, this became too simplistic, as it uses a different IV length, hence disabling GCMIV128. Add a dedicated function, Validate(), with open-coded validation logic. The validation and creation logic also gets XChaCha20Poly1305 support, and gocryptfs -init -xchacha now writes the flag into gocryptfs.conf. 2021-08-21 21:43:26 +02:00			`DeterministicNames: args.deterministic_names,`
			`XChaCha20Poly1305: args.xchacha})`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`if err != nil {`
			`tlog.Fatal.Println(err)`
			`os.Exit(exitcodes.WriteConf)`
			`}`
main: zero password once we are done with it Overwrite the password we have got from the user with zeros once we don't need it anymore, and make sure the variable runs out of scope. 2018-02-18 15:22:22 +01:00			`for i := range password {`
			`password[i] = 0`
			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`// password runs out of scope here`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// Forward mode with filename encryption enabled needs a gocryptfs.diriv file`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// in the root dir`
Implement -deterministic-names: extended -zerodiriv -deterministc-names uses all-zero dirivs but does not write them to disk anymore. 2021-08-20 10:57:26 +02:00			`if !args.plaintextnames && !args.reverse && !args.deterministic_names {`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`// Open cipherdir (following symlinks)`
Omit syscall.O_RDONLY flag when passing O_PATH. When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY, and O_NOFOLLOW are ignored. 2019-01-03 18:11:07 +01:00			`dirfd, err := syscall.Open(args.cipherdir, syscall.O_DIRECTORY\|syscallcompat.O_PATH, 0)`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`if err == nil {`
Implement -deterministic-names: extended -zerodiriv -deterministc-names uses all-zero dirivs but does not write them to disk anymore. 2021-08-20 10:57:26 +02:00			`err = nametransform.WriteDirIVAt(dirfd)`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`syscall.Close(dirfd)`
			`}`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`if err != nil {`
			`tlog.Fatal.Println(err)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
			`}`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`mountArgs := ""`
			`fsName := "gocryptfs"`
			`if args.reverse {`
			`mountArgs = " -reverse"`
			`fsName = "gocryptfs-reverse"`
			`}`
			`tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,`
			`fsName)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`wd, _ := os.Getwd()`
			`friendlyPath, _ := filepath.Rel(wd, args.cipherdir)`
			`if strings.HasPrefix(friendlyPath, "../") {`
			`// A relative path that starts with "../" is pretty unfriendly, just`
			`// keep the absolute path.`
			`friendlyPath = args.cipherdir`
			`}`
main: init: handle spaces in mount suggestion message Before: You can now mount it using: gocryptfs a x MOUNTPOINT After: You can now mount it using: gocryptfs "a x" MOUNTPOINT This is still not bulletproof but should handle the common case of having a space in the directory name. After all, it's only a suggestion. 2016-10-09 18:27:03 +02:00			`if strings.Contains(friendlyPath, " ") {`
			`friendlyPath = "\"" + friendlyPath + "\""`
			`}`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,`
			`tlog.ProgramName, mountArgs, friendlyPath)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`