Improve startup debug output

The startup debug output was very verbose but still missing some effective crypto settings.
2021-06-21 11:32:04 +02:00 · 2021-06-21 11:32:04 +02:00 · 6b0e63c1a8
commit 6b0e63c1a8
parent c5d8fa83ae
4 changed files with 21 additions and 9 deletions
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@ -73,6 +73,9 @@ type ContentEnc struct {

 // New returns an initialized ContentEnc instance.
 func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc {
+	tlog.Debug.Printf("contentenc.New: plainBS=%d, forceDecode=%v",
+		plainBS, forceDecode)
+
 	if fuse.MAX_KERNEL_WRITE%plainBS != 0 {
 		log.Panicf("unaligned MAX_KERNEL_WRITE=%d", fuse.MAX_KERNEL_WRITE)
 	}
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@ -36,6 +36,19 @@ const (
 	BackendAESSIV AEADTypeEnum = 5
 )

+func (a AEADTypeEnum) String() string {
+	switch a {
+	case BackendOpenSSL:
+		return "BackendOpenSSL"
+	case BackendGoGCM:
+		return "BackendGoGCM"
+	case BackendAESSIV:
+		return "BackendAESSIV"
+	default:
+		return fmt.Sprintf("%d", a)
+	}
+}
+
 // CryptoCore is the low level crypto implementation.
 type CryptoCore struct {
 	// EME is used for filename encryption.
@ -58,6 +71,9 @@ type CryptoCore struct {
 // Note: "key" is either the scrypt hash of the password (when decrypting
 // a config file) or the masterkey (when finally mounting the filesystem).
 func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore {
+	tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v, forceDecode=%v",
+		len(key), aeadType, IVBitLen, useHKDF, forceDecode)
+
 	if len(key) != KeyLen {
 		log.Panic(fmt.Sprintf("Unsupported key length %d", len(key)))
 	}
--- a/main.go
+++ b/main.go
@ -176,6 +176,7 @@ func main() {
 	if args.debug {
 		tlog.Debug.Enabled = true
 	}
+	tlog.Debug.Printf("cli args: %q", os.Args)
 	// "-v"
 	if args.version {
 		tlog.Debug.Printf("openssl=%v\n", args.openssl)
@ -282,12 +283,6 @@ func main() {
 	if args.cpuprofile != "" || args.memprofile != "" || args.trace != "" {
 		tlog.Info.Printf("Note: You must unmount gracefully, otherwise the profile file(s) will stay empty!\n")
 	}
-	// "-openssl"
-	if !args.openssl {
-		tlog.Debug.Printf("OpenSSL disabled, using Go GCM")
-	} else {
-		tlog.Debug.Printf("OpenSSL enabled")
-	}
 	// Operation flags
 	nOps := countOpFlags(&args)
 	if nOps == 0 {
--- a/mount.go
+++ b/mount.go
@ -117,8 +117,6 @@ func doMount(args *argContainer) {
 			args.noprealloc = true
 		}
 	}
-	// We cannot use JSON for pretty-printing as the fields are unexported
-	tlog.Debug.Printf("cli args: %#v", args)
 	// Initialize gocryptfs (read config file, ask for password, ...)
 	fs, wipeKeys := initFuseFrontend(args)
 	// Try to wipe secret keys from memory after unmount
@ -308,7 +306,6 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 	if args.allow_other && os.Getuid() == 0 {
 		frontendArgs.PreserveOwner = true
 	}
-	tlog.Debug.Printf("frontendArgs: %s", tlog.JSONDump(frontendArgs))

 	// Init crypto backend
 	cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
@ -321,6 +318,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 	}
 	masterkey = nil
 	// Spawn fusefrontend
+	tlog.Debug.Printf("frontendArgs: %s", tlog.JSONDump(frontendArgs))
 	if args.reverse {
 		if cryptoBackend != cryptocore.BackendAESSIV {
 			log.Panic("reverse mode must use AES-SIV, everything else is insecure")