config: Introduce ext4-style feature flags
// List of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string
This commit is contained in:
parent
28b3af12d1
commit
3e367b29b0
@ -11,6 +11,7 @@ const (
|
||||
// The dot "." is not used in base64url (RFC4648), hence
|
||||
// we can never clash with an encrypted file.
|
||||
ConfDefaultName = "gocryptfs.conf"
|
||||
FlagPlaintextNames = "PlaintextNames"
|
||||
)
|
||||
|
||||
type ConfFile struct {
|
||||
@ -22,8 +23,11 @@ type ConfFile struct {
|
||||
ScryptObject scryptKdf
|
||||
// The On-Disk-Format version this filesystem uses
|
||||
Version uint16
|
||||
// Do not encrypt filenames
|
||||
PlaintextNames bool
|
||||
// List of feature flags this filesystem has enabled.
|
||||
// If gocryptfs encounters a feature flag it does not support, it will refuse
|
||||
// mounting. This mechanism is analogous to the ext4 feature flags that are
|
||||
// stored in the superblock.
|
||||
FeatureFlags []string
|
||||
}
|
||||
|
||||
// CreateConfFile - create a new config with a random key encrypted with
|
||||
@ -41,14 +45,18 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error
|
||||
|
||||
cf.Version = HEADER_CURRENT_VERSION
|
||||
|
||||
cf.PlaintextNames = plaintextNames
|
||||
if plaintextNames {
|
||||
cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)
|
||||
}
|
||||
|
||||
// Write file to disk
|
||||
return cf.WriteFile()
|
||||
}
|
||||
|
||||
// LoadConfFile - read config file from disk and decrypt the
|
||||
// contained key using password
|
||||
// contained key using password.
|
||||
//
|
||||
// Returns the decrypted key and the ConfFile object
|
||||
func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
|
||||
var cf ConfFile
|
||||
cf.filename = filename
|
||||
@ -67,7 +75,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
|
||||
}
|
||||
|
||||
if cf.Version != HEADER_CURRENT_VERSION {
|
||||
return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version)
|
||||
return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
|
||||
}
|
||||
|
||||
// Verify that we know all feature flags
|
||||
for _, flag := range(cf.FeatureFlags) {
|
||||
switch(flag) {
|
||||
case FlagPlaintextNames:
|
||||
continue
|
||||
default:
|
||||
return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
|
||||
}
|
||||
}
|
||||
|
||||
// Generate derived key from password
|
||||
@ -130,3 +148,17 @@ func (cf *ConfFile) WriteFile() error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// isFeatureFlagSet - is the feature flag "flagWant" enabled?
|
||||
func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool {
|
||||
for _, flag := range(cf.FeatureFlags) {
|
||||
if flag == flagWant {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (cf *ConfFile) PlaintextNames() bool {
|
||||
return cf.isFeatureFlagSet(FlagPlaintextNames)
|
||||
}
|
||||
|
@ -60,7 +60,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
|
||||
}
|
||||
|
||||
if len(ciphertext) < NONCE_LEN {
|
||||
Warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext))
|
||||
Warn.Printf("DecryptBlock: Block is too short: %d bytes\n", len(ciphertext))
|
||||
return nil, errors.New("Block is too short")
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user