configfile: warn about missing feature flags

The plan is to drop support for the oldest filesystem versions in gocryptfs v1.0. For now, we only warn the user.
2016-06-06 23:13:10 +02:00 · 2016-06-06 23:13:10 +02:00 · 0f4d350136
parent cc5d5a3fcd
commit 0f4d350136
2 changed files with 43 additions and 2 deletions
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@ -92,12 +92,40 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 		return nil, nil, fmt.Errorf("Unsupported on-disk format %d", cf.Version)
 	}

+	// Check that all set feature flags are known
 	for _, flag := range cf.FeatureFlags {
-		if cf.isFeatureFlagKnown(flag) == false {
-			return nil, nil, fmt.Errorf("Unsupported feature flag %s", flag)
+		if !cf.isFeatureFlagKnown(flag) {
+			return nil, nil, fmt.Errorf("Unsupported feature flag %q", flag)
 		}
 	}

+	// Check that all required feature flags are set
+	var requiredFlags []flagIota
+	if cf.IsFeatureFlagSet(FlagPlaintextNames) {
+		requiredFlags = requiredFlagsPlaintextNames
+	} else {
+		requiredFlags = requiredFlagsNormal
+	}
+	deprecatedFs := false
+	for _, i := range requiredFlags {
+		if !cf.IsFeatureFlagSet(i) {
+			// For now, warn but continue.
+			fmt.Printf("Deprecated filesystem: feature flag %q is missing\n", knownFlags[i])
+			deprecatedFs = true
+			//return nil, nil, fmt.Errorf("Required feature flag %q is missing", knownFlags[i])
+		}
+	}
+	if deprecatedFs {
+		fmt.Printf("\033[33m" + `
+    This filesystem was created by gocryptfs v0.6 or earlier. You are missing
+    security improvements. gocryptfs v1.0 is scheduled to drop support for this
+    filesystem, please upgrade!
+    If you disagree with the plan or have trouble upgrading, please join the
+    discussion at https://github.com/rfjakob/gocryptfs/issues/29 .
+
+` + "\033[0m")
+	}
+
 	// Generate derived key from password
 	scryptHash := cf.ScryptObject.DeriveKey(password)

--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@ -19,6 +19,19 @@ var knownFlags map[flagIota]string = map[flagIota]string{
 	FlagLongNames:      "LongNames",
 }

+// Filesystems that do not have these feature flags set are deprecated.
+var requiredFlagsNormal []flagIota = []flagIota{
+	FlagDirIV,
+	FlagEMENames,
+	FlagGCMIV128,
+}
+
+// Filesystems without filename encryption obviously don't have or need the
+// related feature flags.
+var requiredFlagsPlaintextNames []flagIota = []flagIota{
+	FlagGCMIV128,
+}
+
 // isFeatureFlagKnown verifies that we understand a feature flag
 func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
 	for _, knownFlag := range knownFlags {