-deterministic-names: accept flag on -init
And store it in gocryptfs.conf (=remove DirIV feature flag).
This commit is contained in:
parent
195d9d18a9
commit
2a9dea2973
@ -103,6 +103,14 @@ Defaults are fine.
|
|||||||
Use the AES-SIV encryption mode. This is slower than GCM but is
|
Use the AES-SIV encryption mode. This is slower than GCM but is
|
||||||
secure with deterministic nonces as used in "-reverse" mode.
|
secure with deterministic nonces as used in "-reverse" mode.
|
||||||
|
|
||||||
|
#### -deterministic-names
|
||||||
|
Disable file name randomisation and creation of `gocryptfs.diriv` files.
|
||||||
|
This can prevent sync conflicts conflicts when synchronising files, but
|
||||||
|
leaks information about identical file names across directories
|
||||||
|
("Identical names leak" in https://nuetzlich.net/gocryptfs/comparison/#file-names ).
|
||||||
|
|
||||||
|
The resulting `gocryptfs.conf` has "DirIV" missing from "FeatureFlags".
|
||||||
|
|
||||||
#### -devrandom
|
#### -devrandom
|
||||||
Use `/dev/random` for generating the master key instead of the default Go
|
Use `/dev/random` for generating the master key instead of the default Go
|
||||||
implementation. This is especially useful on embedded systems with Go versions
|
implementation. This is especially useful on embedded systems with Go versions
|
||||||
@ -545,11 +553,6 @@ useful in regression testing.
|
|||||||
|
|
||||||
Applies to: all actions.
|
Applies to: all actions.
|
||||||
|
|
||||||
#### -zerodiriv
|
|
||||||
Create diriv as all-zero files
|
|
||||||
|
|
||||||
Applies to: all actions without `-plaintextnames`.
|
|
||||||
|
|
||||||
#### \-\-
|
#### \-\-
|
||||||
Stop option parsing. Helpful when CIPHERDIR may start with a
|
Stop option parsing. Helpful when CIPHERDIR may start with a
|
||||||
dash "-".
|
dash "-".
|
||||||
|
@ -87,7 +87,8 @@ func initDir(args *argContainer) {
|
|||||||
}
|
}
|
||||||
creator := tlog.ProgramName + " " + GitVersion
|
creator := tlog.ProgramName + " " + GitVersion
|
||||||
err = configfile.Create(args.config, password, args.plaintextnames,
|
err = configfile.Create(args.config, password, args.plaintextnames,
|
||||||
args.scryptn, creator, args.aessiv, args.devrandom, fido2CredentialID, fido2HmacSalt)
|
args.scryptn, creator, args.aessiv, args.devrandom, fido2CredentialID, fido2HmacSalt,
|
||||||
|
args.deterministic_names)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Fatal.Println(err)
|
tlog.Fatal.Println(err)
|
||||||
os.Exit(exitcodes.WriteConf)
|
os.Exit(exitcodes.WriteConf)
|
||||||
|
@ -80,7 +80,8 @@ func randBytesDevRandom(n int) []byte {
|
|||||||
// "password" and write it to "filename".
|
// "password" and write it to "filename".
|
||||||
// Uses scrypt with cost parameter logN.
|
// Uses scrypt with cost parameter logN.
|
||||||
func Create(filename string, password []byte, plaintextNames bool,
|
func Create(filename string, password []byte, plaintextNames bool,
|
||||||
logN int, creator string, aessiv bool, devrandom bool, fido2CredentialID []byte, fido2HmacSalt []byte) error {
|
logN int, creator string, aessiv bool, devrandom bool,
|
||||||
|
fido2CredentialID []byte, fido2HmacSalt []byte, deterministicNames bool) error {
|
||||||
var cf ConfFile
|
var cf ConfFile
|
||||||
cf.filename = filename
|
cf.filename = filename
|
||||||
cf.Creator = creator
|
cf.Creator = creator
|
||||||
@ -92,7 +93,9 @@ func Create(filename string, password []byte, plaintextNames bool,
|
|||||||
if plaintextNames {
|
if plaintextNames {
|
||||||
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagPlaintextNames])
|
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagPlaintextNames])
|
||||||
} else {
|
} else {
|
||||||
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagDirIV])
|
if !deterministicNames {
|
||||||
|
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagDirIV])
|
||||||
|
}
|
||||||
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagEMENames])
|
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagEMENames])
|
||||||
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagLongNames])
|
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagLongNames])
|
||||||
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagRaw64])
|
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagRaw64])
|
||||||
|
@ -62,7 +62,7 @@ func TestLoadV2StrangeFeature(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestCreateConfDefault(t *testing.T) {
|
func TestCreateConfDefault(t *testing.T) {
|
||||||
err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, false, nil, nil)
|
err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, false, nil, nil, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
@ -83,14 +83,14 @@ func TestCreateConfDefault(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestCreateConfDevRandom(t *testing.T) {
|
func TestCreateConfDevRandom(t *testing.T) {
|
||||||
err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, true, nil, nil)
|
err := Create("config_test/tmp.conf", testPw, false, 10, "test", false, true, nil, nil, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCreateConfPlaintextnames(t *testing.T) {
|
func TestCreateConfPlaintextnames(t *testing.T) {
|
||||||
err := Create("config_test/tmp.conf", testPw, true, 10, "test", false, false, nil, nil)
|
err := Create("config_test/tmp.conf", testPw, true, 10, "test", false, false, nil, nil, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
@ -111,7 +111,7 @@ func TestCreateConfPlaintextnames(t *testing.T) {
|
|||||||
|
|
||||||
// Reverse mode uses AESSIV
|
// Reverse mode uses AESSIV
|
||||||
func TestCreateConfFileAESSIV(t *testing.T) {
|
func TestCreateConfFileAESSIV(t *testing.T) {
|
||||||
err := Create("config_test/tmp.conf", testPw, false, 10, "test", true, false, nil, nil)
|
err := Create("config_test/tmp.conf", testPw, false, 10, "test", true, false, nil, nil, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,6 @@ var knownFlags = map[flagIota]string{
|
|||||||
|
|
||||||
// Filesystems that do not have these feature flags set are deprecated.
|
// Filesystems that do not have these feature flags set are deprecated.
|
||||||
var requiredFlagsNormal = []flagIota{
|
var requiredFlagsNormal = []flagIota{
|
||||||
FlagDirIV,
|
|
||||||
FlagEMENames,
|
FlagEMENames,
|
||||||
FlagGCMIV128,
|
FlagGCMIV128,
|
||||||
}
|
}
|
||||||
|
1
mount.go
1
mount.go
@ -282,6 +282,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
|
|||||||
if confFile != nil {
|
if confFile != nil {
|
||||||
// Settings from the config file override command line args
|
// Settings from the config file override command line args
|
||||||
frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
|
frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
|
||||||
|
frontendArgs.DeterministicNames = !confFile.IsFeatureFlagSet(configfile.FlagDirIV)
|
||||||
args.raw64 = confFile.IsFeatureFlagSet(configfile.FlagRaw64)
|
args.raw64 = confFile.IsFeatureFlagSet(configfile.FlagRaw64)
|
||||||
args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF)
|
args.hkdf = confFile.IsFeatureFlagSet(configfile.FlagHKDF)
|
||||||
if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) {
|
if confFile.IsFeatureFlagSet(configfile.FlagAESSIV) {
|
||||||
|
@ -995,3 +995,9 @@ func TestMountCreat(t *testing.T) {
|
|||||||
test_helpers.UnmountPanic(mnt)
|
test_helpers.UnmountPanic(mnt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Test -init -deterministic-names
|
||||||
|
func TestInitDeterministicNames(t *testing.T) {
|
||||||
|
dir := test_helpers.InitFS(t, "-deterministic-names")
|
||||||
|
|
||||||
|
}
|
||||||
|
@ -3,11 +3,13 @@ package deterministic_names
|
|||||||
// integration tests that target "-deterministic-names" specifically
|
// integration tests that target "-deterministic-names" specifically
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/configfile"
|
||||||
"github.com/rfjakob/gocryptfs/tests/test_helpers"
|
"github.com/rfjakob/gocryptfs/tests/test_helpers"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -19,8 +21,18 @@ var testPw = []byte("test")
|
|||||||
// Create and mount "-deterministic-names" fs
|
// Create and mount "-deterministic-names" fs
|
||||||
func TestMain(m *testing.M) {
|
func TestMain(m *testing.M) {
|
||||||
cDir = test_helpers.InitFS(nil, "-deterministic-names")
|
cDir = test_helpers.InitFS(nil, "-deterministic-names")
|
||||||
|
// Check config file sanity
|
||||||
|
_, c, err := configfile.LoadAndDecrypt(cDir+"/"+configfile.ConfDefaultName, testPw)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
if c.IsFeatureFlagSet(configfile.FlagDirIV) {
|
||||||
|
fmt.Println("DirIV flag should be off")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
pDir = cDir + ".mnt"
|
pDir = cDir + ".mnt"
|
||||||
test_helpers.MountOrExit(cDir, pDir, "-deterministic-names", "-extpass", "echo test")
|
test_helpers.MountOrExit(cDir, pDir, "-extpass", "echo test")
|
||||||
r := m.Run()
|
r := m.Run()
|
||||||
test_helpers.UnmountPanic(pDir)
|
test_helpers.UnmountPanic(pDir)
|
||||||
os.Exit(r)
|
os.Exit(r)
|
||||||
|
Loading…
Reference in New Issue
Block a user