22 changed files with 277 additions and 377 deletions
@ -0,0 +1,67 @@
|
||||
package configfile |
||||
|
||||
import ( |
||||
"fmt" |
||||
|
||||
"../contentenc" |
||||
) |
||||
|
||||
// Validate that the combination of settings makes sense and is supported
|
||||
func (cf *ConfFile) Validate() error { |
||||
if cf.Version != contentenc.CurrentVersion { |
||||
return fmt.Errorf("Unsupported on-disk format %d", cf.Version) |
||||
} |
||||
// scrypt params ok?
|
||||
if err := cf.ScryptObject.validateParams(); err != nil { |
||||
return err |
||||
} |
||||
// All feature flags that are in the config file are known?
|
||||
for _, flag := range cf.FeatureFlags { |
||||
if !isFeatureFlagKnown(flag) { |
||||
return fmt.Errorf("Unknown feature flag %q", flag) |
||||
} |
||||
} |
||||
// File content encryption
|
||||
{ |
||||
switch { |
||||
case cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && cf.IsFeatureFlagSet(FlagAESSIV): |
||||
return fmt.Errorf("Can't have both XChaCha20Poly1305 and AESSIV feature flags") |
||||
case cf.IsFeatureFlagSet(FlagAESSIV): |
||||
if !cf.IsFeatureFlagSet(FlagGCMIV128) { |
||||
return fmt.Errorf("AESSIV requires GCMIV128 feature flag") |
||||
} |
||||
case cf.IsFeatureFlagSet(FlagXChaCha20Poly1305): |
||||
if cf.IsFeatureFlagSet(FlagGCMIV128) { |
||||
return fmt.Errorf("XChaCha20Poly1305 conflicts with GCMIV128 feature flag") |
||||
} |
||||
if !cf.IsFeatureFlagSet(FlagHKDF) { |
||||
return fmt.Errorf("XChaCha20Poly1305 requires HKDF feature flag") |
||||
} |
||||
// The absence of other flags means AES-GCM (oldest algorithm)
|
||||
case !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV): |
||||
if !cf.IsFeatureFlagSet(FlagGCMIV128) { |
||||
return fmt.Errorf("AES-GCM requires GCMIV128 feature flag") |
||||
} |
||||
} |
||||
} |
||||
// Filename encryption
|
||||
{ |
||||
switch { |
||||
case cf.IsFeatureFlagSet(FlagPlaintextNames) && cf.IsFeatureFlagSet(FlagEMENames): |
||||
return fmt.Errorf("Can't have both PlaintextNames and EMENames feature flags") |
||||
case cf.IsFeatureFlagSet(FlagPlaintextNames): |
||||
if cf.IsFeatureFlagSet(FlagDirIV) { |
||||
return fmt.Errorf("PlaintextNames conflicts with DirIV feature flag") |
||||
} |
||||
if cf.IsFeatureFlagSet(FlagLongNames) { |
||||
return fmt.Errorf("PlaintextNames conflicts with LongNames feature flag") |
||||
} |
||||
if cf.IsFeatureFlagSet(FlagRaw64) { |
||||
return fmt.Errorf("PlaintextNames conflicts with Raw64 feature flag") |
||||
} |
||||
case cf.IsFeatureFlagSet(FlagEMENames): |
||||
// All combinations of DirIV, LongNames, Raw64 allowed
|
||||
} |
||||
} |
||||
return nil |
||||
} |
@ -1,52 +0,0 @@
|
||||
// +build without_openssl
|
||||
|
||||
package stupidgcm |
||||
|
||||
import ( |
||||
"fmt" |
||||
"os" |
||||
|
||||
"../exitcodes" |
||||
) |
||||
|
||||
type StupidGCM struct{} |
||||
|
||||
const ( |
||||
// BuiltWithoutOpenssl indicates if openssl been disabled at compile-time
|
||||
BuiltWithoutOpenssl = true |
||||
) |
||||
|
||||
func errExit() { |
||||
fmt.Fprintln(os.Stderr, "gocryptfs has been compiled without openssl support but you are still trying to use openssl") |
||||
os.Exit(exitcodes.OpenSSL) |
||||
} |
||||
|
||||
func New(_ []byte, _ bool) *StupidGCM { |
||||
errExit() |
||||
// Never reached
|
||||
return &StupidGCM{} |
||||
} |
||||
|
||||
func (g *StupidGCM) NonceSize() int { |
||||
errExit() |
||||
return -1 |
||||
} |
||||
|
||||
func (g *StupidGCM) Overhead() int { |
||||
errExit() |
||||
return -1 |
||||
} |
||||
|
||||
func (g *StupidGCM) Seal(_, _, _, _ []byte) []byte { |
||||
errExit() |
||||
return nil |
||||
} |
||||
|
||||
func (g *StupidGCM) Open(_, _, _, _ []byte) ([]byte, error) { |
||||
errExit() |
||||
return nil, nil |
||||
} |
||||
|
||||
func (g *StupidGCM) Wipe() { |
||||
errExit() |
||||
} |
Loading…
Reference in new issue