2016-06-05 12:53:10 +02:00
|
|
|
package configfile
|
|
|
|
|
|
|
|
type flagIota int
|
|
|
|
|
|
|
|
const (
|
2016-10-02 06:14:18 +02:00
|
|
|
// FlagPlaintextNames indicates that filenames are unencrypted.
|
2016-06-05 12:53:10 +02:00
|
|
|
FlagPlaintextNames flagIota = iota
|
2016-10-02 06:14:18 +02:00
|
|
|
// FlagDirIV indicates that a per-directory IV file is used.
|
2016-06-05 12:53:10 +02:00
|
|
|
FlagDirIV
|
2016-10-02 06:14:18 +02:00
|
|
|
// FlagEMENames indicates EME (ECB-Mix-ECB) filename encryption.
|
|
|
|
// This flag is mandatory since gocryptfs v1.0.
|
2016-06-05 12:53:10 +02:00
|
|
|
FlagEMENames
|
2016-10-02 06:14:18 +02:00
|
|
|
// FlagGCMIV128 indicates 128-bit GCM IVs.
|
2021-08-21 21:43:26 +02:00
|
|
|
// This flag is mandatory since gocryptfs v1.0,
|
|
|
|
// except when XChaCha20Poly1305 is used.
|
2016-06-05 12:53:10 +02:00
|
|
|
FlagGCMIV128
|
2021-11-01 14:44:32 +01:00
|
|
|
// FlagLongNames allows file names longer than 175 bytes.
|
2016-06-05 12:53:10 +02:00
|
|
|
FlagLongNames
|
2021-10-21 09:58:37 +02:00
|
|
|
// FlagLongNameMax sets a custom name length limit, names longer than that
|
|
|
|
// will be hashed.
|
|
|
|
FlagLongNameMax
|
2016-10-02 06:14:18 +02:00
|
|
|
// FlagAESSIV selects an AES-SIV based crypto backend.
|
2016-09-26 23:25:13 +02:00
|
|
|
FlagAESSIV
|
2016-11-01 18:43:22 +01:00
|
|
|
// FlagRaw64 enables raw (unpadded) base64 encoding for file names
|
|
|
|
FlagRaw64
|
2017-02-26 21:25:58 +01:00
|
|
|
// FlagHKDF enables HKDF-derived keys for use with GCM, EME and SIV
|
|
|
|
// instead of directly using the master key (GCM and EME) or the SHA-512
|
|
|
|
// hashed master key (SIV).
|
|
|
|
// Note that this flag does not change the password hashing algorithm
|
|
|
|
// which always is scrypt.
|
|
|
|
FlagHKDF
|
2020-09-05 22:42:15 +02:00
|
|
|
// FlagFIDO2 means that "-fido2" was used when creating the filesystem.
|
|
|
|
// The masterkey is protected using a FIDO2 token instead of a password.
|
|
|
|
FlagFIDO2
|
2021-08-21 12:08:37 +02:00
|
|
|
// FlagXChaCha20Poly1305 means we use XChaCha20-Poly1305 file content encryption
|
|
|
|
FlagXChaCha20Poly1305
|
2016-06-05 12:53:10 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// knownFlags stores the known feature flags and their string representation
|
2016-10-02 06:14:18 +02:00
|
|
|
var knownFlags = map[flagIota]string{
|
2021-08-21 12:08:37 +02:00
|
|
|
FlagPlaintextNames: "PlaintextNames",
|
|
|
|
FlagDirIV: "DirIV",
|
|
|
|
FlagEMENames: "EMENames",
|
|
|
|
FlagGCMIV128: "GCMIV128",
|
|
|
|
FlagLongNames: "LongNames",
|
2021-10-21 09:58:37 +02:00
|
|
|
FlagLongNameMax: "LongNameMax",
|
2021-08-21 12:08:37 +02:00
|
|
|
FlagAESSIV: "AESSIV",
|
|
|
|
FlagRaw64: "Raw64",
|
|
|
|
FlagHKDF: "HKDF",
|
|
|
|
FlagFIDO2: "FIDO2",
|
|
|
|
FlagXChaCha20Poly1305: "XChaCha20Poly1305",
|
2016-06-05 12:53:10 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// isFeatureFlagKnown verifies that we understand a feature flag.
|
2021-08-21 21:43:26 +02:00
|
|
|
func isFeatureFlagKnown(flag string) bool {
|
2016-06-05 12:53:10 +02:00
|
|
|
for _, knownFlag := range knownFlags {
|
|
|
|
if knownFlag == flag {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// IsFeatureFlagSet returns true if the feature flag "flagWant" is enabled.
|
2016-06-05 12:53:10 +02:00
|
|
|
func (cf *ConfFile) IsFeatureFlagSet(flagWant flagIota) bool {
|
|
|
|
flagString := knownFlags[flagWant]
|
|
|
|
for _, flag := range cf.FeatureFlags {
|
|
|
|
if flag == flagString {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|