Jakob Unterwurzacher
parent
798e5eb5e7
commit
6acd772cf9
|
|
@ -4,14 +4,18 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
)
|
)
|
||||||
import "os"
|
import "os"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// The dot "." is not used in base64url (RFC4648), hence
|
// The dot "." is not used in base64url (RFC4648), hence
|
||||||
// we can never clash with an encrypted file.
|
// we can never clash with an encrypted file.
|
||||||
ConfDefaultName = "gocryptfs.conf"
|
ConfDefaultName = "gocryptfs.conf"
|
||||||
|
// Understood Feature Flags
|
||||||
|
// Also teach isFeatureFlagKnown() about any additions
|
||||||
FlagPlaintextNames = "PlaintextNames"
|
FlagPlaintextNames = "PlaintextNames"
|
||||||
|
FlagDirIV = "DirIV"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ConfFile struct {
|
type ConfFile struct {
|
||||||
|
|
@ -78,12 +82,8 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
|
||||||
return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
|
return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify that we know all feature flags
|
|
||||||
for _, flag := range cf.FeatureFlags {
|
for _, flag := range cf.FeatureFlags {
|
||||||
switch flag {
|
if cf.isFeatureFlagKnown(flag) == false {
|
||||||
case FlagPlaintextNames:
|
|
||||||
continue
|
|
||||||
default:
|
|
||||||
return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
|
return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -151,8 +151,21 @@ func (cf *ConfFile) WriteFile() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verify that we understand a feature flag
|
||||||
|
func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
|
||||||
|
switch flag {
|
||||||
|
case FlagPlaintextNames, FlagDirIV:
|
||||||
|
return true
|
||||||
|
default:
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// isFeatureFlagSet - is the feature flag "flagWant" enabled?
|
// isFeatureFlagSet - is the feature flag "flagWant" enabled?
|
||||||
func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool {
|
func (cf *ConfFile) IsFeatureFlagSet(flagWant string) bool {
|
||||||
|
if !cf.isFeatureFlagKnown(flagWant) {
|
||||||
|
log.Panicf("BUG: Tried to use unsupported feature flag %s", flagWant)
|
||||||
|
}
|
||||||
for _, flag := range cf.FeatureFlags {
|
for _, flag := range cf.FeatureFlags {
|
||||||
if flag == flagWant {
|
if flag == flagWant {
|
||||||
return true
|
return true
|
||||||
|
|
@ -160,7 +173,3 @@ func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool {
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cf *ConfFile) PlaintextNames() bool {
|
|
||||||
return cf.isFeatureFlagSet(FlagPlaintextNames)
|
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -69,3 +69,16 @@ func TestCreateConfFile(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsFeatureFlagKnown(t *testing.T) {
|
||||||
|
var cf ConfFile
|
||||||
|
if !cf.isFeatureFlagKnown(FlagDirIV) {
|
||||||
|
t.Errorf("This flag should be known")
|
||||||
|
}
|
||||||
|
if !cf.isFeatureFlagKnown(FlagPlaintextNames) {
|
||||||
|
t.Errorf("This flag should be known")
|
||||||
|
}
|
||||||
|
if cf.isFeatureFlagKnown("StrangeFeatureFlag") {
|
||||||
|
t.Errorf("This flag should be NOT known")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,6 @@ func (be *CryptFS) encryptName(plainName string, iv []byte) string {
|
||||||
return cipherName64
|
return cipherName64
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// TranslatePathZeroIV - encrypt or decrypt path using CBC with a constant all-zero IV.
|
// TranslatePathZeroIV - encrypt or decrypt path using CBC with a constant all-zero IV.
|
||||||
// Just splits the string on "/" and hands the parts to encryptName() / decryptName()
|
// Just splits the string on "/" and hands the parts to encryptName() / decryptName()
|
||||||
func (be *CryptFS) TranslatePathZeroIV(path string, op int) (string, error) {
|
func (be *CryptFS) TranslatePathZeroIV(path string, op int) (string, error) {
|
||||||
|
|
@ -155,5 +154,3 @@ func (be *CryptFS) unPad16(orig []byte) ([]byte, error) {
|
||||||
}
|
}
|
||||||
return orig[0:newLen], nil
|
return orig[0:newLen], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"path/filepath"
|
|
||||||
"io/ioutil"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
2
main.go
2
main.go
|
|
@ -264,7 +264,7 @@ func main() {
|
||||||
var confFile *cryptfs.ConfFile
|
var confFile *cryptfs.ConfFile
|
||||||
masterkey, confFile = loadConfig(&args)
|
masterkey, confFile = loadConfig(&args)
|
||||||
printMasterKey(masterkey)
|
printMasterKey(masterkey)
|
||||||
args.plaintextnames = confFile.PlaintextNames()
|
args.plaintextnames = confFile.IsFeatureFlagSet(cryptfs.FlagPlaintextNames)
|
||||||
}
|
}
|
||||||
// Initialize FUSE server
|
// Initialize FUSE server
|
||||||
srv := pathfsFrontend(masterkey, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl, args.plaintextnames)
|
srv := pathfsFrontend(masterkey, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl, args.plaintextnames)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue