2021-08-21 21:43:26 +02:00
|
|
|
package configfile
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/contentenc"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Validate that the combination of settings makes sense and is supported
|
|
|
|
func (cf *ConfFile) Validate() error {
|
|
|
|
if cf.Version != contentenc.CurrentVersion {
|
|
|
|
return fmt.Errorf("Unsupported on-disk format %d", cf.Version)
|
|
|
|
}
|
|
|
|
// scrypt params ok?
|
|
|
|
if err := cf.ScryptObject.validateParams(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// All feature flags that are in the config file are known?
|
|
|
|
for _, flag := range cf.FeatureFlags {
|
|
|
|
if !isFeatureFlagKnown(flag) {
|
|
|
|
return fmt.Errorf("Unknown feature flag %q", flag)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// File content encryption
|
|
|
|
{
|
2021-10-21 14:47:29 +02:00
|
|
|
if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && cf.IsFeatureFlagSet(FlagAESSIV) {
|
2021-08-21 21:43:26 +02:00
|
|
|
return fmt.Errorf("Can't have both XChaCha20Poly1305 and AESSIV feature flags")
|
2021-10-21 14:47:29 +02:00
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagAESSIV) && !cf.IsFeatureFlagSet(FlagGCMIV128) {
|
|
|
|
|
|
|
|
return fmt.Errorf("AESSIV requires GCMIV128 feature flag")
|
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) {
|
2021-08-21 21:43:26 +02:00
|
|
|
if cf.IsFeatureFlagSet(FlagGCMIV128) {
|
|
|
|
return fmt.Errorf("XChaCha20Poly1305 conflicts with GCMIV128 feature flag")
|
|
|
|
}
|
|
|
|
if !cf.IsFeatureFlagSet(FlagHKDF) {
|
|
|
|
return fmt.Errorf("XChaCha20Poly1305 requires HKDF feature flag")
|
|
|
|
}
|
2021-10-21 14:47:29 +02:00
|
|
|
}
|
2021-08-21 21:43:26 +02:00
|
|
|
// The absence of other flags means AES-GCM (oldest algorithm)
|
2021-10-21 14:47:29 +02:00
|
|
|
if !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV) {
|
2021-08-21 21:43:26 +02:00
|
|
|
if !cf.IsFeatureFlagSet(FlagGCMIV128) {
|
|
|
|
return fmt.Errorf("AES-GCM requires GCMIV128 feature flag")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Filename encryption
|
|
|
|
{
|
2021-10-21 14:47:29 +02:00
|
|
|
if cf.IsFeatureFlagSet(FlagPlaintextNames) && cf.IsFeatureFlagSet(FlagEMENames) {
|
2021-08-21 21:43:26 +02:00
|
|
|
return fmt.Errorf("Can't have both PlaintextNames and EMENames feature flags")
|
2021-10-21 14:47:29 +02:00
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagPlaintextNames) {
|
2021-08-21 21:43:26 +02:00
|
|
|
if cf.IsFeatureFlagSet(FlagDirIV) {
|
|
|
|
return fmt.Errorf("PlaintextNames conflicts with DirIV feature flag")
|
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagLongNames) {
|
|
|
|
return fmt.Errorf("PlaintextNames conflicts with LongNames feature flag")
|
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagRaw64) {
|
|
|
|
return fmt.Errorf("PlaintextNames conflicts with Raw64 feature flag")
|
|
|
|
}
|
2021-10-21 14:47:29 +02:00
|
|
|
}
|
|
|
|
if cf.IsFeatureFlagSet(FlagEMENames) {
|
2021-08-21 21:43:26 +02:00
|
|
|
// All combinations of DirIV, LongNames, Raw64 allowed
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|