hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

libgocryptfs: make gcf_init return error code

Browse Source
This commit is contained in:
Matéo Duparc 2023-05-02 22:30:46 +02:00
parent 79f9a10e35
commit a238cc392f
Signed by: hardcoresushi
GPG Key ID: AFE384344A45E13A
2 changed files with 34 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
internal/configfile/config_file.go
View File

@ -204,6 +204,23 @@ func (cf *ConfFile) setFeatureFlag(flag flagIota) {
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[flag]) cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[flag])
} }
// libgocryptfs function to allow masterkey to be directely decrypted using the scrypt hash
func (cf *ConfFile) DecryptMasterKeyWithScryptHash(scryptHash []byte) ([]byte, error) {
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
ce := getKeyEncrypter(scryptHash, useHKDF)
masterkey, err := ce.DecryptBlock(cf.EncryptedKey, 0, nil)
ce.Wipe()
ce = nil
if err != nil {
return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
}
return masterkey, nil
}
// DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using // DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using
// password. // password.
func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey, scryptHash []byte, err error) { func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey, scryptHash []byte, err error) {
@ -211,10 +228,7 @@ func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey,
scryptHash = cf.ScryptObject.DeriveKey(password) scryptHash = cf.ScryptObject.DeriveKey(password)
// Unlock master key using password-based key // Unlock master key using password-based key
useHKDF := cf.IsFeatureFlagSet(FlagHKDF) masterkey, err = cf.DecryptMasterKeyWithScryptHash(scryptHash)
ce := getKeyEncrypter(scryptHash, useHKDF)
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
if !giveHash { if !giveHash {
// Purge scrypt-derived key // Purge scrypt-derived key
@ -223,14 +237,8 @@ func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey,
} }
scryptHash = nil scryptHash = nil
} }
ce.Wipe()
ce = nil
if err != nil { return masterkey, scryptHash, err
return nil, nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
}
return masterkey, scryptHash, nil
} }
// EncryptKey - encrypt "key" using an scrypt hash generated from "password" // EncryptKey - encrypt "key" using an scrypt hash generated from "password"
@ -260,20 +268,12 @@ func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int, giveHash b
return scryptHash return scryptHash
} }
// DroidFS function to allow masterkey to be decrypted directely using the scrypt hash and return it if requested func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBuff []byte) ([]byte, error) {
func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBuff []byte) []byte {
var masterkey []byte var masterkey []byte
var err error var err error
var scryptHash []byte var scryptHash []byte
if len(givenScryptHash) > 0 { //decrypt with hash if len(givenScryptHash) > 0 { //decrypt with hash
useHKDF := cf.IsFeatureFlagSet(FlagHKDF) masterkey, err = cf.DecryptMasterKeyWithScryptHash(scryptHash)
ce := getKeyEncrypter(givenScryptHash, useHKDF)
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
ce.Wipe()
ce = nil
if err == nil {
return masterkey
}
} else { //decrypt with password } else { //decrypt with password
masterkey, scryptHash, err = cf.DecryptMasterKey(password, len(returnedScryptHashBuff) > 0) masterkey, scryptHash, err = cf.DecryptMasterKey(password, len(returnedScryptHashBuff) > 0)
//copy and wipe scryptHash //copy and wipe scryptHash
@ -281,11 +281,8 @@ func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBu
returnedScryptHashBuff[i] = scryptHash[i] returnedScryptHashBuff[i] = scryptHash[i]
scryptHash[i] = 0 scryptHash[i] = 0
} }
if err == nil {
return masterkey
} }
} return masterkey, err
return nil
} }
// WriteFile - write out config in JSON format to file "filename.tmp" // WriteFile - write out config in JSON format to file "filename.tmp"

21
volume.go
View File

@ -114,17 +114,18 @@ func registerNewVolume(rootCipherDir string, masterkey []byte, cf *configfile.Co
//export gcf_init //export gcf_init
func gcf_init(rootCipherDir string, password, givenScryptHash, returnedScryptHashBuff []byte) int { func gcf_init(rootCipherDir string, password, givenScryptHash, returnedScryptHashBuff []byte) int {
volumeID := -1 defer wipe(password)
cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName)) cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName))
if err == nil { if err != nil {
masterkey := cf.GetMasterkey(password, givenScryptHash, returnedScryptHashBuff) return -1
wipe(password) }
masterkey, err := cf.GetMasterkey(password, givenScryptHash, returnedScryptHashBuff)
if err != nil {
return -2
}
debug.FreeOSMemory() debug.FreeOSMemory()
if masterkey != nil { volumeID := registerNewVolume(rootCipherDir, masterkey, cf)
volumeID = registerNewVolume(rootCipherDir, masterkey, cf)
wipe(masterkey) wipe(masterkey)
}
}
return volumeID return volumeID
} }
@ -160,8 +161,8 @@ func gcf_change_password(rootCipherDir string, oldPassword, givenScryptHash, new
success := false success := false
cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName)) cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName))
if err == nil { if err == nil {
masterkey := cf.GetMasterkey(oldPassword, givenScryptHash, nil) masterkey, err := cf.GetMasterkey(oldPassword, givenScryptHash, nil)
if masterkey != nil { if err == nil {
logN := cf.ScryptObject.LogN() logN := cf.ScryptObject.LogN()
scryptHash := cf.EncryptKey(masterkey, newPassword, logN, len(returnedScryptHashBuff) > 0) scryptHash := cf.EncryptKey(masterkey, newPassword, logN, len(returnedScryptHashBuff) > 0)
wipe(masterkey) wipe(masterkey)