Add `-masterkey=stdin` functionality

https://github.com/rfjakob/gocryptfs/issues/218
2018-03-22 00:02:10 +01:00 · 2018-03-22 00:02:10 +01:00 · 9bc039a4ba
parent 9c86daf499
commit 9bc039a4ba
10 changed files with 80 additions and 29 deletions
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@ -142,20 +142,24 @@ This flag is useful when recovering old gocryptfs filesystems using
 "-masterkey". It is ignored (stays at the default) otherwise.
 #### -masterkey string
-Use a explicit master key specified on the command line. This
+Use a explicit master key specified on the command line or, if the special
 value "stdin" is used, read the masterkey from stdin. This
 option can be used to mount a gocryptfs filesystem without a config file.
 Note that the command line, and with it the master key, is visible to
-anybody on the machine who can execute "ps -auxwww".
+anybody on the machine who can execute "ps -auxwww". Use "-masterkey=stdin"
-This is meant as a recovery option for emergencies, such as if you have
+to avoid that risk.
-forgotten the password or lost the config file.
+
 The masterkey option is meant as a recovery option for emergencies, such as
 if you have forgotten the password or lost the config file.
 Even if a config file exists, it will not be used. All non-standard
 settings have to be passed on the command line: `-aessiv` when you
 mount a filesystem that was created using reverse mode, or
 `-plaintextnames` for a filesystem that was created with that option.
-Example master key:  
+Examples:  
-6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
+-masterkey=6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d  
 -masterkey=stdin
 #### -memprofile string
 Write memory profile to the specified file. This is useful when debugging
--- a/README.md
+++ b/README.md
@ -153,6 +153,10 @@ RM:    4.42
 Changelog
 ---------
 vNEXT, in progress
 * Add `-masterkey=stdin` functionality
  ([#218](https://github.com/rfjakob/gocryptfs/issues/218))
 v1.4.4, 2018-03-18
 * Overwrite secrets in memory with zeros as soon as possible
  ([#211](https://github.com/rfjakob/gocryptfs/issues/211))
--- a/gocryptfs-xray/xray_main.go
+++ b/gocryptfs-xray/xray_main.go
@ -60,7 +60,7 @@ func main() {
 func dumpMasterKey(fn string) {
 	tlog.Info.Enabled = false
-	pw := readpassword.Once("")
+	pw := readpassword.Once("", "")
 	masterkey, _, err := configfile.LoadConfFile(fn, pw)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
--- a/internal/readpassword/extpass_test.go
+++ b/internal/readpassword/extpass_test.go
@ -26,7 +26,7 @@ func TestExtpass(t *testing.T) {
 func TestOnceExtpass(t *testing.T) {
 	p1 := "lkadsf0923rdfi48rqwhdsf"
-	p2 := string(Once("echo " + p1))
+	p2 := string(Once("echo "+p1, ""))
 	if p1 != p2 {
 		t.Errorf("p1=%q != p2=%q", p1, p2)
 	}
@ -34,7 +34,7 @@ func TestOnceExtpass(t *testing.T) {
 func TestTwiceExtpass(t *testing.T) {
 	p1 := "w5w44t3wfe45srz434"
-	p2 := string(Once("echo " + p1))
+	p2 := string(Once("echo "+p1, ""))
 	if p1 != p2 {
 		t.Errorf("p1=%q != p2=%q", p1, p2)
 	}
--- a/internal/readpassword/read.go
+++ b/internal/readpassword/read.go
@ -23,15 +23,18 @@ const (
 )
 // Once tries to get a password from the user, either from the terminal, extpass
-// or stdin.
+// or stdin. Leave "prompt" empty to use the default "Password: " prompt.
-func Once(extpass string) []byte {
+func Once(extpass string, prompt string) []byte {
 	if extpass != "" {
 		return readPasswordExtpass(extpass)
 	}
-	if !terminal.IsTerminal(int(os.Stdin.Fd())) {
+	if prompt == "" {
-		return readPasswordStdin()
+		prompt = "Password"
 	}
-	return readPasswordTerminal("Password: ")
+	if !terminal.IsTerminal(int(os.Stdin.Fd())) {
 		return readPasswordStdin(prompt)
 	}
 	return readPasswordTerminal(prompt + ": ")
 }
 // Twice is the same as Once but will prompt twice if we get the password from
@ -41,7 +44,7 @@ func Twice(extpass string) []byte {
 		return readPasswordExtpass(extpass)
 	}
 	if !terminal.IsTerminal(int(os.Stdin.Fd())) {
-		return readPasswordStdin()
+		return readPasswordStdin("Password")
 	}
 	p1 := readPasswordTerminal("Password: ")
 	p2 := readPasswordTerminal("Repeat: ")
@ -77,11 +80,11 @@ func readPasswordTerminal(prompt string) []byte {
 // readPasswordStdin reads a line from stdin.
 // It exits with a fatal error on read error or empty result.
-func readPasswordStdin() []byte {
+func readPasswordStdin(prompt string) []byte {
-	tlog.Info.Println("Reading password from stdin")
+	tlog.Info.Printf("Reading %s from stdin", prompt)
 	p := readLineUnbuffered(os.Stdin)
 	if len(p) == 0 {
-		tlog.Fatal.Println("Got empty password from stdin")
+		tlog.Fatal.Printf("Got empty %s from stdin", prompt)
 		os.Exit(exitcodes.ReadPassword)
 	}
 	return p
--- a/internal/readpassword/stdin_test.go
+++ b/internal/readpassword/stdin_test.go
@ -11,7 +11,7 @@ import (
 func TestStdin(t *testing.T) {
 	p1 := "g55434t55wef"
 	if os.Getenv("TEST_SLAVE") == "1" {
-		p2 := string(readPasswordStdin())
+		p2 := string(readPasswordStdin("foo"))
 		if p1 != p2 {
 			fmt.Fprintf(os.Stderr, "%q != %q", p1, p2)
 			os.Exit(1)
@ -44,7 +44,7 @@ func TestStdin(t *testing.T) {
 func TestStdinEof(t *testing.T) {
 	p1 := "asd45as5f4a36"
 	if os.Getenv("TEST_SLAVE") == "1" {
-		p2 := string(readPasswordStdin())
+		p2 := string(readPasswordStdin("foo"))
 		if p1 != p2 {
 			fmt.Fprintf(os.Stderr, "%q != %q", p1, p2)
 			os.Exit(1)
@ -76,7 +76,7 @@ func TestStdinEof(t *testing.T) {
 // Provide empty password via stdin
 func TestStdinEmpty(t *testing.T) {
 	if os.Getenv("TEST_SLAVE") == "1" {
-		readPasswordStdin()
+		readPasswordStdin("foo")
 	}
 	cmd := exec.Command(os.Args[0], "-test.run=TestStdinEmpty$")
 	cmd.Env = append(os.Environ(), "TEST_SLAVE=1")
--- a/main.go
+++ b/main.go
@ -43,10 +43,10 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
 	// The user has passed the master key (probably because he forgot the
 	// password).
 	if args.masterkey != "" {
-		masterkey = parseMasterKey(args.masterkey)
+		masterkey = parseMasterKey(args.masterkey, false)
 		_, confFile, err = configfile.LoadConfFile(args.config, nil)
 	} else {
-		pw := readpassword.Once(args.extpass)
+		pw := readpassword.Once(args.extpass, "")
 		tlog.Info.Println("Decrypting master key")
 		masterkey, confFile, err = configfile.LoadConfFile(args.config, pw)
 		for i := range pw {
--- a/masterkey.go
+++ b/masterkey.go
@ -46,7 +46,7 @@ paper and store it in a drawer. Use "-q" to suppress this message.
 // parseMasterKey - Parse a hex-encoded master key that was passed on the command line
 // Calls os.Exit on failure
-func parseMasterKey(masterkey string) []byte {
+func parseMasterKey(masterkey string, fromStdin bool) []byte {
 	masterkey = strings.Replace(masterkey, "-", "", -1)
 	key, err := hex.DecodeString(masterkey)
 	if err != nil {
@ -58,8 +58,10 @@ func parseMasterKey(masterkey string) []byte {
 		os.Exit(exitcodes.MasterKey)
 	}
 	tlog.Info.Printf("Using explicit master key.")
-	tlog.Info.Printf(tlog.ColorYellow +
+	if !fromStdin {
-		"THE MASTER KEY IS VISIBLE VIA \"ps ax\" AND MAY BE STORED IN YOUR SHELL HISTORY!\n" +
+		tlog.Info.Printf(tlog.ColorYellow +
-		"ONLY USE THIS MODE FOR EMERGENCIES." + tlog.ColorReset)
+			"THE MASTER KEY IS VISIBLE VIA \"ps ax\" AND MAY BE STORED IN YOUR SHELL HISTORY!\n" +
 			"ONLY USE THIS MODE FOR EMERGENCIES" + tlog.ColorReset)
 	}
 	return key
 }
--- a/mount.go
+++ b/mount.go
@ -98,9 +98,14 @@ func doMount(args *argContainer) {
 	{
 		// Get master key (may prompt for the password)
 		var masterkey []byte
 		masterkeyFromStdin := false
 		if args.masterkey == "stdin" {
 			args.masterkey = string(readpassword.Once("", "Masterkey"))
 			masterkeyFromStdin = true
 		}
 		if args.masterkey != "" {
 			// "-masterkey"
-			masterkey = parseMasterKey(args.masterkey)
+			masterkey = parseMasterKey(args.masterkey, masterkeyFromStdin)
 		} else if args.zerokey {
 			// "-zerokey"
 			tlog.Info.Printf("Using all-zero dummy master key.")
@ -354,7 +359,7 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
 	}
 	srv, err := fuse.NewServer(conn.RawFS(), args.mountpoint, &mOpts)
 	if err != nil {
-		tlog.Fatal.Printf("fuse.NewServer failed: %v", err)
+		tlog.Fatal.Printf("fuse.NewServer failed: %q", err)
 		if runtime.GOOS == "darwin" {
 			tlog.Info.Printf("Maybe you should run: /Library/Filesystems/osxfuse.fs/Contents/Resources/load_osxfuse")
 		}
--- a/tests/example_filesystems/example_filesystems_test.go
+++ b/tests/example_filesystems/example_filesystems_test.go
@ -10,6 +10,7 @@ import (
 	"flag"
 	"fmt"
 	"os"
 	"os/exec"
 	"syscall"
 	"testing"
@ -252,6 +253,38 @@ func TestExampleFSv13(t *testing.T) {
 	test_helpers.UnmountPanic(pDir)
 }
 // Check that the masterkey=stdin cli option works.
 func TestExampleFSv13MasterkeyStdin(t *testing.T) {
 	cDir := "v1.3"
 	pDir := test_helpers.TmpDir + "/TestExampleFSv13MasterkeyStdin.mnt"
 	err := os.Mkdir(pDir, 0777)
 	if err != nil {
 		t.Fatal(err)
 	}
 	args := []string{"-q", "-masterkey=stdin", opensslOpt, cDir, pDir}
 	cmd := exec.Command(test_helpers.GocryptfsBinary, args...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	p, err := cmd.StdinPipe()
 	if err != nil {
 		t.Fatal(err)
 	}
 	err = cmd.Start()
 	if err != nil {
 		t.Error(err)
 	}
 	// Write masterkey to stdin
 	p.Write([]byte("fd890dab-86bf61cf-ec5ad460-ad3ed01f-9c52d546-2a31783d-a56b088d-3d05232e"))
 	p.Close()
 	err = cmd.Wait()
 	if err != nil {
 		t.Error(err)
 	}
 	// Check that the fs decrypts ok & unmount
 	checkExampleFSLongnames(t, pDir)
 	test_helpers.UnmountPanic(pDir)
 }
 // gocryptfs v1.3 introduced HKDF.
 // We check the md5 sum of the encrypted version of a file to make sure we don't
 // accidentially change the ciphertext generation.