config: Introduce ext4-style feature flags

// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
This commit is contained in:
Jakob Unterwurzacher 2015-11-03 21:05:47 +01:00
parent 28b3af12d1
commit 3e367b29b0
3 changed files with 39 additions and 7 deletions

View File

@ -11,6 +11,7 @@ const (
// The dot "." is not used in base64url (RFC4648), hence
// we can never clash with an encrypted file.
ConfDefaultName = "gocryptfs.conf"
FlagPlaintextNames = "PlaintextNames"
)
type ConfFile struct {
@ -22,8 +23,11 @@ type ConfFile struct {
ScryptObject scryptKdf
// The On-Disk-Format version this filesystem uses
Version uint16
// Do not encrypt filenames
PlaintextNames bool
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
}
// CreateConfFile - create a new config with a random key encrypted with
@ -41,14 +45,18 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error
cf.Version = HEADER_CURRENT_VERSION
cf.PlaintextNames = plaintextNames
if plaintextNames {
cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)
}
// Write file to disk
return cf.WriteFile()
}
// LoadConfFile - read config file from disk and decrypt the
// contained key using password
// contained key using password.
//
// Returns the decrypted key and the ConfFile object
func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
var cf ConfFile
cf.filename = filename
@ -67,7 +75,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
}
if cf.Version != HEADER_CURRENT_VERSION {
return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version)
return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
}
// Verify that we know all feature flags
for _, flag := range(cf.FeatureFlags) {
switch(flag) {
case FlagPlaintextNames:
continue
default:
return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
}
}
// Generate derived key from password
@ -130,3 +148,17 @@ func (cf *ConfFile) WriteFile() error {
return nil
}
// isFeatureFlagSet - is the feature flag "flagWant" enabled?
func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool {
for _, flag := range(cf.FeatureFlags) {
if flag == flagWant {
return true
}
}
return false
}
func (cf *ConfFile) PlaintextNames() bool {
return cf.isFeatureFlagSet(FlagPlaintextNames)
}

View File

@ -60,7 +60,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
}
if len(ciphertext) < NONCE_LEN {
Warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext))
Warn.Printf("DecryptBlock: Block is too short: %d bytes\n", len(ciphertext))
return nil, errors.New("Block is too short")
}

View File

@ -198,7 +198,7 @@ func main() {
var plaintextNames bool
if cf != nil {
plaintextNames = cf.PlaintextNames
plaintextNames = cf.PlaintextNames()
}
srv := pathfsFrontend(key, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl, plaintextNames)