diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go index a790c51..346bef8 100644 --- a/cryptfs/config_file.go +++ b/cryptfs/config_file.go @@ -11,6 +11,7 @@ const ( // The dot "." is not used in base64url (RFC4648), hence // we can never clash with an encrypted file. ConfDefaultName = "gocryptfs.conf" + FlagPlaintextNames = "PlaintextNames" ) type ConfFile struct { @@ -22,8 +23,11 @@ type ConfFile struct { ScryptObject scryptKdf // The On-Disk-Format version this filesystem uses Version uint16 - // Do not encrypt filenames - PlaintextNames bool + // List of feature flags this filesystem has enabled. + // If gocryptfs encounters a feature flag it does not support, it will refuse + // mounting. This mechanism is analogous to the ext4 feature flags that are + // stored in the superblock. + FeatureFlags []string } // CreateConfFile - create a new config with a random key encrypted with @@ -41,14 +45,18 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error cf.Version = HEADER_CURRENT_VERSION - cf.PlaintextNames = plaintextNames + if plaintextNames { + cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames) + } // Write file to disk return cf.WriteFile() } // LoadConfFile - read config file from disk and decrypt the -// contained key using password +// contained key using password. +// +// Returns the decrypted key and the ConfFile object func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { var cf ConfFile cf.filename = filename @@ -67,7 +75,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { } if cf.Version != HEADER_CURRENT_VERSION { - return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version) + return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version) + } + + // Verify that we know all feature flags + for _, flag := range(cf.FeatureFlags) { + switch(flag) { + case FlagPlaintextNames: + continue + default: + return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag) + } } // Generate derived key from password @@ -130,3 +148,17 @@ func (cf *ConfFile) WriteFile() error { return nil } + +// isFeatureFlagSet - is the feature flag "flagWant" enabled? +func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool { + for _, flag := range(cf.FeatureFlags) { + if flag == flagWant { + return true + } + } + return false +} + +func (cf *ConfFile) PlaintextNames() bool { + return cf.isFeatureFlagSet(FlagPlaintextNames) +} diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go index d74570f..cfd488b 100644 --- a/cryptfs/cryptfs_content.go +++ b/cryptfs/cryptfs_content.go @@ -60,7 +60,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte } if len(ciphertext) < NONCE_LEN { - Warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext)) + Warn.Printf("DecryptBlock: Block is too short: %d bytes\n", len(ciphertext)) return nil, errors.New("Block is too short") } diff --git a/main.go b/main.go index fef5aba..57dbe05 100644 --- a/main.go +++ b/main.go @@ -198,7 +198,7 @@ func main() { var plaintextNames bool if cf != nil { - plaintextNames = cf.PlaintextNames + plaintextNames = cf.PlaintextNames() } srv := pathfsFrontend(key, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl, plaintextNames)