libgocryptfs: make gcf_init return error code

This commit is contained in:
Matéo Duparc 2023-05-02 22:30:46 +02:00
parent 79f9a10e35
commit a238cc392f
Signed by: hardcoresushi
GPG Key ID: AFE384344A45E13A
2 changed files with 34 additions and 36 deletions

View File

@ -204,6 +204,23 @@ func (cf *ConfFile) setFeatureFlag(flag flagIota) {
cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[flag])
}
// libgocryptfs function to allow masterkey to be directely decrypted using the scrypt hash
func (cf *ConfFile) DecryptMasterKeyWithScryptHash(scryptHash []byte) ([]byte, error) {
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
ce := getKeyEncrypter(scryptHash, useHKDF)
masterkey, err := ce.DecryptBlock(cf.EncryptedKey, 0, nil)
ce.Wipe()
ce = nil
if err != nil {
return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
}
return masterkey, nil
}
// DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using
// password.
func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey, scryptHash []byte, err error) {
@ -211,10 +228,7 @@ func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey,
scryptHash = cf.ScryptObject.DeriveKey(password)
// Unlock master key using password-based key
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
ce := getKeyEncrypter(scryptHash, useHKDF)
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
masterkey, err = cf.DecryptMasterKeyWithScryptHash(scryptHash)
if !giveHash {
// Purge scrypt-derived key
@ -223,14 +237,8 @@ func (cf *ConfFile) DecryptMasterKey(password []byte, giveHash bool) (masterkey,
}
scryptHash = nil
}
ce.Wipe()
ce = nil
if err != nil {
return nil, nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
}
return masterkey, scryptHash, nil
return masterkey, scryptHash, err
}
// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
@ -260,20 +268,12 @@ func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int, giveHash b
return scryptHash
}
// DroidFS function to allow masterkey to be decrypted directely using the scrypt hash and return it if requested
func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBuff []byte) []byte {
func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBuff []byte) ([]byte, error) {
var masterkey []byte
var err error
var scryptHash []byte
if len(givenScryptHash) > 0 { //decrypt with hash
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
ce := getKeyEncrypter(givenScryptHash, useHKDF)
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
ce.Wipe()
ce = nil
if err == nil {
return masterkey
}
masterkey, err = cf.DecryptMasterKeyWithScryptHash(scryptHash)
} else { //decrypt with password
masterkey, scryptHash, err = cf.DecryptMasterKey(password, len(returnedScryptHashBuff) > 0)
//copy and wipe scryptHash
@ -281,11 +281,8 @@ func (cf *ConfFile) GetMasterkey(password, givenScryptHash, returnedScryptHashBu
returnedScryptHashBuff[i] = scryptHash[i]
scryptHash[i] = 0
}
if err == nil {
return masterkey
}
}
return nil
return masterkey, err
}
// WriteFile - write out config in JSON format to file "filename.tmp"

View File

@ -114,17 +114,18 @@ func registerNewVolume(rootCipherDir string, masterkey []byte, cf *configfile.Co
//export gcf_init
func gcf_init(rootCipherDir string, password, givenScryptHash, returnedScryptHashBuff []byte) int {
volumeID := -1
defer wipe(password)
cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName))
if err == nil {
masterkey := cf.GetMasterkey(password, givenScryptHash, returnedScryptHashBuff)
wipe(password)
if err != nil {
return -1
}
masterkey, err := cf.GetMasterkey(password, givenScryptHash, returnedScryptHashBuff)
if err != nil {
return -2
}
debug.FreeOSMemory()
if masterkey != nil {
volumeID = registerNewVolume(rootCipherDir, masterkey, cf)
volumeID := registerNewVolume(rootCipherDir, masterkey, cf)
wipe(masterkey)
}
}
return volumeID
}
@ -160,8 +161,8 @@ func gcf_change_password(rootCipherDir string, oldPassword, givenScryptHash, new
success := false
cf, err := configfile.Load(filepath.Join(rootCipherDir, configfile.ConfDefaultName))
if err == nil {
masterkey := cf.GetMasterkey(oldPassword, givenScryptHash, nil)
if masterkey != nil {
masterkey, err := cf.GetMasterkey(oldPassword, givenScryptHash, nil)
if err == nil {
logN := cf.ScryptObject.LogN()
scryptHash := cf.EncryptKey(masterkey, newPassword, logN, len(returnedScryptHashBuff) > 0)
wipe(masterkey)