config: Introduce ext4-style feature flags

// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string

cryptfs/config_file.go

@@ -11,6 +11,7 @@ const (
 	// The dot "." is not used in base64url (RFC4648), hence
 	// we can never clash with an encrypted file.
 	ConfDefaultName = "gocryptfs.conf"
+	FlagPlaintextNames = "PlaintextNames"
 )
 
 type ConfFile struct {
@@ -22,8 +23,11 @@ type ConfFile struct {
 	ScryptObject scryptKdf
 	// The On-Disk-Format version this filesystem uses
 	Version uint16
-	// Do not encrypt filenames
-	PlaintextNames bool
+	// List of feature flags this filesystem has enabled.
+	// If gocryptfs encounters a feature flag it does not support, it will refuse
+	// mounting. This mechanism is analogous to the ext4 feature flags that are
+	// stored in the superblock.
+	FeatureFlags []string
 }
 
 // CreateConfFile - create a new config with a random key encrypted with
@@ -41,14 +45,18 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error
 
 	cf.Version = HEADER_CURRENT_VERSION
 
-	cf.PlaintextNames = plaintextNames
+	if plaintextNames {
+		cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)
+	}
 
 	// Write file to disk
 	return cf.WriteFile()
 }
 
 // LoadConfFile - read config file from disk and decrypt the
-// contained key using password
+// contained key using password.
+//
+// Returns the decrypted key and the ConfFile object
 func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 	var cf ConfFile
 	cf.filename = filename
@@ -67,7 +75,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 	}
 
 	if cf.Version != HEADER_CURRENT_VERSION {
-		return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version)
+		return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
+	}
+
+	// Verify that we know all feature flags
+	for _, flag := range(cf.FeatureFlags) {
+		switch(flag) {
+			case FlagPlaintextNames:
+				continue
+			default:
+				return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
+		}
 	}
 
 	// Generate derived key from password
@@ -130,3 +148,17 @@ func (cf *ConfFile) WriteFile() error {
 
 	return nil
 }
+
+// isFeatureFlagSet - is the feature flag "flagWant" enabled?
+func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool {
+	for _, flag := range(cf.FeatureFlags) {
+		if flag == flagWant {
+			return true
+		}
+	}
+	return false
+}
+
+func (cf *ConfFile) PlaintextNames() bool {
+	return cf.isFeatureFlagSet(FlagPlaintextNames)
+}

cryptfs/cryptfs_content.go

@@ -60,7 +60,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
 	}
 
 	if len(ciphertext) < NONCE_LEN {
-		Warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext))
+		Warn.Printf("DecryptBlock: Block is too short: %d bytes\n", len(ciphertext))
 		return nil, errors.New("Block is too short")
 	}
 

main.go

@@ -198,7 +198,7 @@ func main() {
 
 	var plaintextNames bool
 	if cf != nil {
-		plaintextNames = cf.PlaintextNames
+		plaintextNames = cf.PlaintextNames()
 	}
 	srv := pathfsFrontend(key, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl, plaintextNames)