libgocryptfs: make gcf_init return error code
This commit is contained in:
parent
79f9a10e35
commit
a238cc392f
GPG Key ID:
AFE384344A45E13A
@ -204,6 +204,23 @@ func (cf *ConfFile) setFeatureFlag(flag flagIota) {
|
||||
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[flag])
|
||||
}
|
||||
|
||||
// libgocryptfs function to allow masterkey to be directely decrypted using the scrypt hash
|
||||
func (cf *ConfFile) DecryptMasterKeyWithScryptHash(scryptHash []byte) ([]byte, error) {
|
||||
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
|
||||
ce := getKeyEncrypter(scryptHash, useHKDF)
|
||||
|
||||
masterkey, err := ce.DecryptBlock(cf.EncryptedKey, 0, nil)
|
||||
|
||||
ce.Wipe()
|
||||
ce = nil
|
||||
|
||||
if err != nil {
|
||||
return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
|
||||
}
|
||||
|
||||
return masterkey, nil
|
||||
}
|
||||
|
||||
// DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using
|
||||
// password.
|
||||
func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey, scryptHash []byte, err error) {
|
||||
@ -211,10 +228,7 @@ func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey,
|
||||
scryptHash = cf.ScryptObject.DeriveKey(password)
|
||||
|
||||
// Unlock master key using password-based key
|
||||
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
|
||||
ce := getKeyEncrypter(scryptHash, useHKDF)
|
||||
|
||||
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
|
||||
masterkey, err = cf.DecryptMasterKeyWithScryptHash(scryptHash)
|
||||
|
||||
if !giveHash {
|
||||
// Purge scrypt-derived key
|
||||
@ -223,14 +237,8 @@ func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey,
|
||||
}
|
||||
scryptHash = nil
|
||||
}
|
||||
ce.Wipe()
|
||||
ce = nil
|
||||
|
||||
if err != nil {
|
||||
return nil, nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
|
||||
}
|
||||
|
||||
return masterkey, scryptHash, nil
|
||||
return masterkey, scryptHash, err
|
||||
}
|
||||
|
||||
// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
|
||||
@ -260,20 +268,12 @@ func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int, giveHash b
|
||||
return scryptHash
|
||||
}
|
||||
|
||||
// DroidFS function to allow masterkey to be decrypted directely using the scrypt hash and return it if requested
|
||||
func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBuff []byte) []byte {
|
||||
func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBuff []byte) ([]byte, error) {
|
||||
var masterkey []byte
|
||||
var err error
|
||||
var scryptHash []byte
|
||||
if len(givenScryptHash) > 0 { //decrypt with hash
|
||||
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
|
||||
ce := getKeyEncrypter(givenScryptHash, useHKDF)
|
||||
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
|
||||
ce.Wipe()
|
||||
ce = nil
|
||||
if err == nil {
|
||||
return masterkey
|
||||
}
|
||||
masterkey, err = cf.DecryptMasterKeyWithScryptHash(scryptHash)
|
||||
} else { //decrypt with password
|
||||
masterkey, scryptHash, err = cf.DecryptMasterKey(password, len(returnedScryptHashBuff) > 0)
|
||||
//copy and wipe scryptHash
|
||||
@ -281,11 +281,8 @@ func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBu
|
||||
returnedScryptHashBuff[i] = scryptHash[i]
|
||||
scryptHash[i] = 0
|
||||
}
|
||||
if err == nil {
|
||||
return masterkey
|
||||
}
|
||||
}
|
||||
return nil
|
||||
return masterkey, err
|
||||
}
|
||||
|
||||
// WriteFile - write out config in JSON format to file "filename.tmp"
|
||||
|
||||
23
volume.go
23
volume.go
@ -114,17 +114,18 @@ func registerNewVolume(rootCipherDir string, masterkey []byte, cf *configfile.Co
|
||||
|
||||
//export gcf_init
|
||||
func gcf_init(rootCipherDir string, password, givenScryptHash, returnedScryptHashBuff []byte) int {
|
||||
volumeID := -1
|
||||
defer wipe(password)
|
||||
cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName))
|
||||
if err == nil {
|
||||
masterkey := cf.GetMasterkey(password, givenScryptHash, returnedScryptHashBuff)
|
||||
wipe(password)
|
||||
debug.FreeOSMemory()
|
||||
if masterkey != nil {
|
||||
volumeID = registerNewVolume(rootCipherDir, masterkey, cf)
|
||||
wipe(masterkey)
|
||||
}
|
||||
if err != nil {
|
||||
return -1
|
||||
}
|
||||
masterkey, err := cf.GetMasterkey(password, givenScryptHash, returnedScryptHashBuff)
|
||||
if err != nil {
|
||||
return -2
|
||||
}
|
||||
debug.FreeOSMemory()
|
||||
volumeID := registerNewVolume(rootCipherDir, masterkey, cf)
|
||||
wipe(masterkey)
|
||||
return volumeID
|
||||
}
|
||||
|
||||
@ -160,8 +161,8 @@ func gcf_change_password(rootCipherDir string, oldPassword, givenScryptHash, new
|
||||
success := false
|
||||
cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName))
|
||||
if err == nil {
|
||||
masterkey := cf.GetMasterkey(oldPassword, givenScryptHash, nil)
|
||||
if masterkey != nil {
|
||||
masterkey, err := cf.GetMasterkey(oldPassword, givenScryptHash, nil)
|
||||
if err == nil {
|
||||
logN := cf.ScryptObject.LogN()
|
||||
scryptHash := cf.EncryptKey(masterkey, newPassword, logN, len(returnedScryptHashBuff) > 0)
|
||||
wipe(masterkey)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user