2016-07-06 21:51:25 +02:00
|
|
|
// Package configfile reads and writes gocryptfs.conf does the key
|
|
|
|
// wrapping.
|
2016-02-06 19:20:54 +01:00
|
|
|
package configfile
|
2015-09-13 17:55:07 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2015-11-01 12:11:36 +01:00
|
|
|
"fmt"
|
2015-10-04 14:36:20 +02:00
|
|
|
"io/ioutil"
|
2019-04-07 22:04:21 +02:00
|
|
|
"syscall"
|
2016-02-06 19:20:54 +01:00
|
|
|
|
2020-09-05 22:42:15 +02:00
|
|
|
"os"
|
|
|
|
|
2021-08-23 15:05:15 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/contentenc"
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/exitcodes"
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
2015-09-13 17:55:07 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-10-02 06:14:18 +02:00
|
|
|
// ConfDefaultName is the default configuration file name.
|
2015-09-13 17:55:07 +02:00
|
|
|
// The dot "." is not used in base64url (RFC4648), hence
|
|
|
|
// we can never clash with an encrypted file.
|
2015-11-27 22:18:36 +01:00
|
|
|
ConfDefaultName = "gocryptfs.conf"
|
2016-10-02 06:14:18 +02:00
|
|
|
// ConfReverseName is the default configuration file name in reverse mode,
|
|
|
|
// the config file gets stored next to the plain-text files. Make it hidden
|
|
|
|
// (start with dot) to not annoy the user.
|
2016-08-29 22:05:39 +02:00
|
|
|
ConfReverseName = ".gocryptfs.reverse.conf"
|
2015-09-13 17:55:07 +02:00
|
|
|
)
|
|
|
|
|
2020-09-05 22:42:15 +02:00
|
|
|
// FIDO2Params is a structure for storing FIDO2 parameters.
|
|
|
|
type FIDO2Params struct {
|
|
|
|
// FIDO2 credential
|
|
|
|
CredentialID []byte
|
|
|
|
// FIDO2 hmac-secret salt
|
|
|
|
HMACSalt []byte
|
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// ConfFile is the content of a config file.
|
2015-10-07 21:26:17 +02:00
|
|
|
type ConfFile struct {
|
2016-10-02 06:14:18 +02:00
|
|
|
// Creator is the gocryptfs version string.
|
2016-06-05 11:33:54 +02:00
|
|
|
// This only documents the config file for humans who look at it. The actual
|
|
|
|
// technical info is contained in FeatureFlags.
|
|
|
|
Creator string
|
2016-10-02 06:14:18 +02:00
|
|
|
// EncryptedKey holds an encrypted AES key, unlocked using a password
|
|
|
|
// hashed with scrypt
|
2015-09-13 21:47:18 +02:00
|
|
|
EncryptedKey []byte
|
2016-10-02 06:14:18 +02:00
|
|
|
// ScryptObject stores parameters for scrypt hashing (key derivation)
|
|
|
|
ScryptObject ScryptKDF
|
|
|
|
// Version is the On-Disk-Format version this filesystem uses
|
2015-11-01 01:32:33 +01:00
|
|
|
Version uint16
|
2016-10-02 06:14:18 +02:00
|
|
|
// FeatureFlags is a list of feature flags this filesystem has enabled.
|
2015-11-03 21:05:47 +01:00
|
|
|
// If gocryptfs encounters a feature flag it does not support, it will refuse
|
|
|
|
// mounting. This mechanism is analogous to the ext4 feature flags that are
|
|
|
|
// stored in the superblock.
|
|
|
|
FeatureFlags []string
|
2020-09-05 22:42:15 +02:00
|
|
|
// FIDO2 parameters
|
fido2: hide "FIDO2" in gocryptfs.conf if not used
Result of:
$ gocryptfs -init foo
$ cat foo/gocryptfs.conf
Before:
{
"Creator": "gocryptfs v2.0.1",
"EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==",
"ScryptObject": {
"Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=",
"N": 65536,
"R": 8,
"P": 1,
"KeyLen": 32
},
"Version": 2,
"FeatureFlags": [
"GCMIV128",
"HKDF",
"DirIV",
"EMENames",
"LongNames",
"Raw64"
],
"FIDO2": {
"CredentialID": null,
"HMACSalt": null
}
}
After:
{
"Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent",
"EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==",
"ScryptObject": {
"Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=",
"N": 65536,
"R": 8,
"P": 1,
"KeyLen": 32
},
"Version": 2,
"FeatureFlags": [
"GCMIV128",
"HKDF",
"DirIV",
"EMENames",
"LongNames",
"Raw64"
]
}
2021-06-20 12:59:45 +02:00
|
|
|
FIDO2 *FIDO2Params `json:",omitempty"`
|
2021-10-21 09:58:37 +02:00
|
|
|
// LongNameMax corresponds to the -longnamemax flag
|
|
|
|
LongNameMax uint8 `json:",omitempty"`
|
2016-10-02 06:14:18 +02:00
|
|
|
// Filename is the name of the config file. Not exported to JSON.
|
2016-06-05 11:33:54 +02:00
|
|
|
filename string
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
|
|
|
|
2021-08-21 14:01:58 +02:00
|
|
|
// CreateArgs exists because the argument list to Create became too long.
|
|
|
|
type CreateArgs struct {
|
|
|
|
Filename string
|
|
|
|
Password []byte
|
|
|
|
PlaintextNames bool
|
|
|
|
LogN int
|
|
|
|
Creator string
|
|
|
|
AESSIV bool
|
|
|
|
Fido2CredentialID []byte
|
|
|
|
Fido2HmacSalt []byte
|
|
|
|
DeterministicNames bool
|
2021-08-21 21:43:26 +02:00
|
|
|
XChaCha20Poly1305 bool
|
2021-10-21 09:58:37 +02:00
|
|
|
LongNameMax uint8
|
2021-08-21 14:01:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Create - create a new config with a random key encrypted with
|
|
|
|
// "Password" and write it to "Filename".
|
|
|
|
// Uses scrypt with cost parameter "LogN".
|
2021-08-21 14:04:04 +02:00
|
|
|
func Create(args *CreateArgs) error {
|
2021-08-21 21:43:26 +02:00
|
|
|
cf := ConfFile{
|
|
|
|
filename: args.Filename,
|
|
|
|
Creator: args.Creator,
|
|
|
|
Version: contentenc.CurrentVersion,
|
|
|
|
}
|
|
|
|
// Feature flags
|
|
|
|
cf.setFeatureFlag(FlagHKDF)
|
|
|
|
if args.XChaCha20Poly1305 {
|
|
|
|
cf.setFeatureFlag(FlagXChaCha20Poly1305)
|
|
|
|
} else {
|
|
|
|
// 128-bit IVs are mandatory for AES-GCM (default is 96!) and AES-SIV,
|
|
|
|
// XChaCha20Poly1305 uses even an even longer IV of 192 bits.
|
|
|
|
cf.setFeatureFlag(FlagGCMIV128)
|
|
|
|
}
|
2021-08-21 14:01:58 +02:00
|
|
|
if args.PlaintextNames {
|
2021-08-21 21:43:26 +02:00
|
|
|
cf.setFeatureFlag(FlagPlaintextNames)
|
2015-12-08 16:13:29 +01:00
|
|
|
} else {
|
2021-08-21 14:01:58 +02:00
|
|
|
if !args.DeterministicNames {
|
2021-08-21 21:43:26 +02:00
|
|
|
cf.setFeatureFlag(FlagDirIV)
|
2021-08-20 15:57:40 +02:00
|
|
|
}
|
2021-10-21 09:58:37 +02:00
|
|
|
// 0 means to *use* the default (which means we don't have to save it), and
|
|
|
|
// 255 *is* the default, which means we don't have to save it either.
|
|
|
|
if args.LongNameMax != 0 && args.LongNameMax != 255 {
|
|
|
|
cf.LongNameMax = args.LongNameMax
|
|
|
|
cf.setFeatureFlag(FlagLongNameMax)
|
|
|
|
}
|
2021-08-21 21:43:26 +02:00
|
|
|
cf.setFeatureFlag(FlagEMENames)
|
|
|
|
cf.setFeatureFlag(FlagLongNames)
|
|
|
|
cf.setFeatureFlag(FlagRaw64)
|
2015-11-03 21:05:47 +01:00
|
|
|
}
|
2021-08-21 14:01:58 +02:00
|
|
|
if args.AESSIV {
|
2021-08-21 21:43:26 +02:00
|
|
|
cf.setFeatureFlag(FlagAESSIV)
|
2016-09-20 22:59:10 +02:00
|
|
|
}
|
2021-08-21 14:01:58 +02:00
|
|
|
if len(args.Fido2CredentialID) > 0 {
|
2021-08-21 21:43:26 +02:00
|
|
|
cf.setFeatureFlag(FlagFIDO2)
|
fido2: hide "FIDO2" in gocryptfs.conf if not used
Result of:
$ gocryptfs -init foo
$ cat foo/gocryptfs.conf
Before:
{
"Creator": "gocryptfs v2.0.1",
"EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==",
"ScryptObject": {
"Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=",
"N": 65536,
"R": 8,
"P": 1,
"KeyLen": 32
},
"Version": 2,
"FeatureFlags": [
"GCMIV128",
"HKDF",
"DirIV",
"EMENames",
"LongNames",
"Raw64"
],
"FIDO2": {
"CredentialID": null,
"HMACSalt": null
}
}
After:
{
"Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent",
"EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==",
"ScryptObject": {
"Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=",
"N": 65536,
"R": 8,
"P": 1,
"KeyLen": 32
},
"Version": 2,
"FeatureFlags": [
"GCMIV128",
"HKDF",
"DirIV",
"EMENames",
"LongNames",
"Raw64"
]
}
2021-06-20 12:59:45 +02:00
|
|
|
cf.FIDO2 = &FIDO2Params{
|
2021-08-21 14:01:58 +02:00
|
|
|
CredentialID: args.Fido2CredentialID,
|
|
|
|
HMACSalt: args.Fido2HmacSalt,
|
fido2: hide "FIDO2" in gocryptfs.conf if not used
Result of:
$ gocryptfs -init foo
$ cat foo/gocryptfs.conf
Before:
{
"Creator": "gocryptfs v2.0.1",
"EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==",
"ScryptObject": {
"Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=",
"N": 65536,
"R": 8,
"P": 1,
"KeyLen": 32
},
"Version": 2,
"FeatureFlags": [
"GCMIV128",
"HKDF",
"DirIV",
"EMENames",
"LongNames",
"Raw64"
],
"FIDO2": {
"CredentialID": null,
"HMACSalt": null
}
}
After:
{
"Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent",
"EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==",
"ScryptObject": {
"Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=",
"N": 65536,
"R": 8,
"P": 1,
"KeyLen": 32
},
"Version": 2,
"FeatureFlags": [
"GCMIV128",
"HKDF",
"DirIV",
"EMENames",
"LongNames",
"Raw64"
]
}
2021-06-20 12:59:45 +02:00
|
|
|
}
|
2020-09-05 22:42:15 +02:00
|
|
|
}
|
2021-08-21 21:43:26 +02:00
|
|
|
// Catch bugs and invalid cli flag combinations early
|
|
|
|
cf.ScryptObject = NewScryptKDF(args.LogN)
|
|
|
|
if err := cf.Validate(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-02-18 12:37:37 +01:00
|
|
|
{
|
|
|
|
// Generate new random master key
|
2021-08-25 12:36:38 +02:00
|
|
|
key := cryptocore.RandBytes(cryptocore.KeyLen)
|
2018-06-26 20:44:10 +02:00
|
|
|
tlog.PrintMasterkeyReminder(key)
|
2018-02-18 12:37:37 +01:00
|
|
|
// Encrypt it using the password
|
|
|
|
// This sets ScryptObject and EncryptedKey
|
|
|
|
// Note: this looks at the FeatureFlags, so call it AFTER setting them.
|
2021-08-21 14:01:58 +02:00
|
|
|
cf.EncryptKey(key, args.Password, args.LogN)
|
2018-02-18 12:37:37 +01:00
|
|
|
for i := range key {
|
|
|
|
key[i] = 0
|
|
|
|
}
|
|
|
|
// key runs out of scope here
|
2017-11-19 13:30:04 +01:00
|
|
|
}
|
2015-11-02 23:08:51 +01:00
|
|
|
// Write file to disk
|
|
|
|
return cf.WriteFile()
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
|
|
|
|
2018-09-08 12:40:29 +02:00
|
|
|
// LoadAndDecrypt - read config file from disk and decrypt the
|
2017-01-26 21:32:08 +01:00
|
|
|
// contained key using "password".
|
2015-11-03 21:05:47 +01:00
|
|
|
// Returns the decrypted key and the ConfFile object
|
2017-01-26 21:32:08 +01:00
|
|
|
//
|
|
|
|
// If "password" is empty, the config file is read
|
|
|
|
// but the key is not decrypted (returns nil in its place).
|
2018-09-08 12:40:29 +02:00
|
|
|
func LoadAndDecrypt(filename string, password []byte) ([]byte, *ConfFile, error) {
|
|
|
|
cf, err := Load(filename)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
if len(password) == 0 {
|
|
|
|
// We have validated the config file, but without a password we cannot
|
|
|
|
// decrypt the master key. Return only the parsed config.
|
|
|
|
return nil, cf, nil
|
|
|
|
// TODO: Make this an error in gocryptfs v1.7. All code should now call
|
|
|
|
// Load() instead of calling LoadAndDecrypt() with an empty password.
|
|
|
|
}
|
|
|
|
|
|
|
|
// Decrypt the masterkey using the password
|
|
|
|
key, err := cf.DecryptMasterKey(password)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return key, cf, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Load loads and parses the config file at "filename".
|
|
|
|
func Load(filename string) (*ConfFile, error) {
|
2015-10-07 21:26:17 +02:00
|
|
|
var cf ConfFile
|
2015-09-13 21:47:18 +02:00
|
|
|
cf.filename = filename
|
|
|
|
|
2015-09-13 17:55:07 +02:00
|
|
|
// Read from disk
|
|
|
|
js, err := ioutil.ReadFile(filename)
|
|
|
|
if err != nil {
|
2018-09-08 12:40:29 +02:00
|
|
|
return nil, err
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
2018-09-08 12:18:26 +02:00
|
|
|
if len(js) == 0 {
|
2018-09-08 12:40:29 +02:00
|
|
|
return nil, fmt.Errorf("Config file is empty")
|
2018-09-08 12:18:26 +02:00
|
|
|
}
|
2015-09-13 21:47:18 +02:00
|
|
|
|
|
|
|
// Unmarshal
|
2015-09-13 17:55:07 +02:00
|
|
|
err = json.Unmarshal(js, &cf)
|
|
|
|
if err != nil {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Warn.Printf("Failed to unmarshal config file")
|
2018-09-08 12:40:29 +02:00
|
|
|
return nil, err
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
|
|
|
|
2021-08-21 21:43:26 +02:00
|
|
|
if err := cf.Validate(); err != nil {
|
|
|
|
return nil, exitcodes.NewErr(err.Error(), exitcodes.DeprecatedFS)
|
2018-09-08 12:19:19 +02:00
|
|
|
}
|
|
|
|
|
2018-09-08 12:40:29 +02:00
|
|
|
// All good
|
|
|
|
return &cf, nil
|
2018-09-08 12:19:19 +02:00
|
|
|
}
|
|
|
|
|
2021-08-21 21:43:26 +02:00
|
|
|
func (cf *ConfFile) setFeatureFlag(flag flagIota) {
|
|
|
|
if cf.IsFeatureFlagSet(flag) {
|
|
|
|
// Already set, ignore
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[flag])
|
|
|
|
}
|
|
|
|
|
2018-09-08 12:19:19 +02:00
|
|
|
// DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using
|
|
|
|
// password.
|
|
|
|
func (cf *ConfFile) DecryptMasterKey(password []byte) (masterkey []byte, err error) {
|
2015-09-13 21:47:18 +02:00
|
|
|
// Generate derived key from password
|
|
|
|
scryptHash := cf.ScryptObject.DeriveKey(password)
|
|
|
|
|
|
|
|
// Unlock master key using password-based key
|
2017-03-05 21:59:55 +01:00
|
|
|
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
|
|
|
|
ce := getKeyEncrypter(scryptHash, useHKDF)
|
2016-02-06 19:20:54 +01:00
|
|
|
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
|
2018-09-08 12:19:19 +02:00
|
|
|
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Warn.Enabled = true
|
2018-12-26 21:17:54 +01:00
|
|
|
|
|
|
|
// Purge scrypt-derived key
|
|
|
|
for i := range scryptHash {
|
|
|
|
scryptHash[i] = 0
|
|
|
|
}
|
|
|
|
scryptHash = nil
|
|
|
|
ce.Wipe()
|
|
|
|
ce = nil
|
|
|
|
|
2015-09-13 17:55:07 +02:00
|
|
|
if err != nil {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Warn.Printf("failed to unlock master key: %s", err.Error())
|
2018-09-08 12:19:19 +02:00
|
|
|
return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
2018-09-08 12:19:19 +02:00
|
|
|
return masterkey, nil
|
2015-10-07 21:26:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
|
2015-11-29 18:52:58 +01:00
|
|
|
// and store it in cf.EncryptedKey.
|
|
|
|
// Uses scrypt with cost parameter logN and stores the scrypt parameters in
|
|
|
|
// cf.ScryptObject.
|
2018-02-18 14:26:54 +01:00
|
|
|
func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int) {
|
2018-02-18 12:37:37 +01:00
|
|
|
// Generate scrypt-derived key from password
|
2016-10-02 06:14:18 +02:00
|
|
|
cf.ScryptObject = NewScryptKDF(logN)
|
2015-10-07 21:26:17 +02:00
|
|
|
scryptHash := cf.ScryptObject.DeriveKey(password)
|
2018-12-26 21:17:54 +01:00
|
|
|
|
2015-10-07 21:26:17 +02:00
|
|
|
// Lock master key using password-based key
|
2017-03-05 21:59:55 +01:00
|
|
|
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
|
|
|
|
ce := getKeyEncrypter(scryptHash, useHKDF)
|
2016-09-29 21:29:45 +02:00
|
|
|
cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
|
2018-12-26 21:17:54 +01:00
|
|
|
|
2018-02-18 12:37:37 +01:00
|
|
|
// Purge scrypt-derived key
|
|
|
|
for i := range scryptHash {
|
|
|
|
scryptHash[i] = 0
|
|
|
|
}
|
2018-12-26 21:17:54 +01:00
|
|
|
scryptHash = nil
|
|
|
|
ce.Wipe()
|
|
|
|
ce = nil
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// WriteFile - write out config in JSON format to file "filename.tmp"
|
2015-11-25 20:09:48 +01:00
|
|
|
// then rename over "filename".
|
|
|
|
// This way a password change atomically replaces the file.
|
2015-10-07 21:26:17 +02:00
|
|
|
func (cf *ConfFile) WriteFile() error {
|
2021-08-21 21:43:26 +02:00
|
|
|
if err := cf.Validate(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2015-09-13 17:55:07 +02:00
|
|
|
tmp := cf.filename + ".tmp"
|
2015-11-25 20:09:48 +01:00
|
|
|
// 0400 permissions: gocryptfs.conf should be kept secret and never be written to.
|
|
|
|
fd, err := os.OpenFile(tmp, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
|
2015-09-13 17:55:07 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2015-09-14 00:45:41 +02:00
|
|
|
js, err := json.MarshalIndent(cf, "", "\t")
|
2015-09-13 17:55:07 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-10-21 08:43:39 +02:00
|
|
|
// For convenience for the user, add a newline at the end.
|
|
|
|
js = append(js, '\n')
|
2015-09-13 17:55:07 +02:00
|
|
|
_, err = fd.Write(js)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
err = fd.Sync()
|
|
|
|
if err != nil {
|
2019-04-07 22:04:21 +02:00
|
|
|
// This can happen on network drives: FRITZ.NAS mounted on MacOS returns
|
2021-08-30 11:31:01 +02:00
|
|
|
// "operation not supported": https://github.com/rfjakob/gocryptfs/issues/390
|
2019-04-07 22:04:21 +02:00
|
|
|
tlog.Warn.Printf("Warning: fsync failed: %v", err)
|
|
|
|
// Try sync instead
|
|
|
|
syscall.Sync()
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
|
|
|
err = fd.Close()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
err = os.Rename(tmp, cf.filename)
|
2016-09-25 19:48:21 +02:00
|
|
|
return err
|
2015-09-13 17:55:07 +02:00
|
|
|
}
|
2017-03-05 21:59:55 +01:00
|
|
|
|
|
|
|
// getKeyEncrypter is a helper function that returns the right ContentEnc
|
|
|
|
// instance for the "useHKDF" setting.
|
|
|
|
func getKeyEncrypter(scryptHash []byte, useHKDF bool) *contentenc.ContentEnc {
|
|
|
|
IVLen := 96
|
|
|
|
// gocryptfs v1.2 and older used 96-bit IVs for master key encryption.
|
|
|
|
// v1.3 adds the "HKDF" feature flag, which also enables 128-bit nonces.
|
|
|
|
if useHKDF {
|
|
|
|
IVLen = contentenc.DefaultIVBits
|
|
|
|
}
|
2021-09-10 12:14:19 +02:00
|
|
|
cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen, useHKDF)
|
|
|
|
ce := contentenc.New(cc, 4096)
|
2017-03-05 21:59:55 +01:00
|
|
|
return ce
|
|
|
|
}
|
2021-08-23 22:10:23 +02:00
|
|
|
|
|
|
|
// ContentEncryption tells us which content encryption algorithm is selected
|
|
|
|
func (cf *ConfFile) ContentEncryption() (algo cryptocore.AEADTypeEnum, err error) {
|
|
|
|
if err := cf.Validate(); err != nil {
|
|
|
|
return cryptocore.AEADTypeEnum{}, err
|
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) {
|
|
|
|
return cryptocore.BackendXChaCha20Poly1305, nil
|
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagAESSIV) {
|
|
|
|
return cryptocore.BackendAESSIV, nil
|
|
|
|
}
|
|
|
|
// If neither AES-SIV nor XChaCha are selected, we must be using AES-GCM
|
|
|
|
return cryptocore.BackendGoGCM, nil
|
|
|
|
}
|