From 6b0e63c1a86946de23f549e7d80ea933a4a105f8 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 21 Jun 2021 11:32:04 +0200 Subject: [PATCH] Improve startup debug output The startup debug output was very verbose but still missing some effective crypto settings. --- internal/contentenc/content.go | 3 +++ internal/cryptocore/cryptocore.go | 16 ++++++++++++++++ main.go | 7 +------ mount.go | 4 +--- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 747bb4c..e023492 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -73,6 +73,9 @@ type ContentEnc struct { // New returns an initialized ContentEnc instance. func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc { + tlog.Debug.Printf("contentenc.New: plainBS=%d, forceDecode=%v", + plainBS, forceDecode) + if fuse.MAX_KERNEL_WRITE%plainBS != 0 { log.Panicf("unaligned MAX_KERNEL_WRITE=%d", fuse.MAX_KERNEL_WRITE) } diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index d66f390..9f5b9bd 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -36,6 +36,19 @@ const ( BackendAESSIV AEADTypeEnum = 5 ) +func (a AEADTypeEnum) String() string { + switch a { + case BackendOpenSSL: + return "BackendOpenSSL" + case BackendGoGCM: + return "BackendGoGCM" + case BackendAESSIV: + return "BackendAESSIV" + default: + return fmt.Sprintf("%d", a) + } +} + // CryptoCore is the low level crypto implementation. type CryptoCore struct { // EME is used for filename encryption. @@ -58,6 +71,9 @@ type CryptoCore struct { // Note: "key" is either the scrypt hash of the password (when decrypting // a config file) or the masterkey (when finally mounting the filesystem). func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore { + tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v, forceDecode=%v", + len(key), aeadType, IVBitLen, useHKDF, forceDecode) + if len(key) != KeyLen { log.Panic(fmt.Sprintf("Unsupported key length %d", len(key))) } diff --git a/main.go b/main.go index edd61ff..9bd0c78 100644 --- a/main.go +++ b/main.go @@ -176,6 +176,7 @@ func main() { if args.debug { tlog.Debug.Enabled = true } + tlog.Debug.Printf("cli args: %q", os.Args) // "-v" if args.version { tlog.Debug.Printf("openssl=%v\n", args.openssl) @@ -282,12 +283,6 @@ func main() { if args.cpuprofile != "" || args.memprofile != "" || args.trace != "" { tlog.Info.Printf("Note: You must unmount gracefully, otherwise the profile file(s) will stay empty!\n") } - // "-openssl" - if !args.openssl { - tlog.Debug.Printf("OpenSSL disabled, using Go GCM") - } else { - tlog.Debug.Printf("OpenSSL enabled") - } // Operation flags nOps := countOpFlags(&args) if nOps == 0 { diff --git a/mount.go b/mount.go index 7f818d1..b146660 100644 --- a/mount.go +++ b/mount.go @@ -117,8 +117,6 @@ func doMount(args *argContainer) { args.noprealloc = true } } - // We cannot use JSON for pretty-printing as the fields are unexported - tlog.Debug.Printf("cli args: %#v", args) // Initialize gocryptfs (read config file, ask for password, ...) fs, wipeKeys := initFuseFrontend(args) // Try to wipe secret keys from memory after unmount @@ -308,7 +306,6 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f if args.allow_other && os.Getuid() == 0 { frontendArgs.PreserveOwner = true } - tlog.Debug.Printf("frontendArgs: %s", tlog.JSONDump(frontendArgs)) // Init crypto backend cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode) @@ -321,6 +318,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f } masterkey = nil // Spawn fusefrontend + tlog.Debug.Printf("frontendArgs: %s", tlog.JSONDump(frontendArgs)) if args.reverse { if cryptoBackend != cryptocore.BackendAESSIV { log.Panic("reverse mode must use AES-SIV, everything else is insecure")