commit
f0e45c7b7e
@ -0,0 +1,67 @@
|
||||
package configfile
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"../contentenc"
|
||||
)
|
||||
|
||||
// Validate that the combination of settings makes sense and is supported
|
||||
func (cf *ConfFile) Validate() error {
|
||||
if cf.Version != contentenc.CurrentVersion {
|
||||
return fmt.Errorf("Unsupported on-disk format %d", cf.Version)
|
||||
}
|
||||
// scrypt params ok?
|
||||
if err := cf.ScryptObject.validateParams(); err != nil {
|
||||
return err
|
||||
}
|
||||
// All feature flags that are in the config file are known?
|
||||
for _, flag := range cf.FeatureFlags {
|
||||
if !isFeatureFlagKnown(flag) {
|
||||
return fmt.Errorf("Unknown feature flag %q", flag)
|
||||
}
|
||||
}
|
||||
// File content encryption
|
||||
{
|
||||
switch {
|
||||
case cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && cf.IsFeatureFlagSet(FlagAESSIV):
|
||||
return fmt.Errorf("Can't have both XChaCha20Poly1305 and AESSIV feature flags")
|
||||
case cf.IsFeatureFlagSet(FlagAESSIV):
|
||||
if !cf.IsFeatureFlagSet(FlagGCMIV128) {
|
||||
return fmt.Errorf("AESSIV requires GCMIV128 feature flag")
|
||||
}
|
||||
case cf.IsFeatureFlagSet(FlagXChaCha20Poly1305):
|
||||
if cf.IsFeatureFlagSet(FlagGCMIV128) {
|
||||
return fmt.Errorf("XChaCha20Poly1305 conflicts with GCMIV128 feature flag")
|
||||
}
|
||||
if !cf.IsFeatureFlagSet(FlagHKDF) {
|
||||
return fmt.Errorf("XChaCha20Poly1305 requires HKDF feature flag")
|
||||
}
|
||||
// The absence of other flags means AES-GCM (oldest algorithm)
|
||||
case !cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && !cf.IsFeatureFlagSet(FlagAESSIV):
|
||||
if !cf.IsFeatureFlagSet(FlagGCMIV128) {
|
||||
return fmt.Errorf("AES-GCM requires GCMIV128 feature flag")
|
||||
}
|
||||
}
|
||||
}
|
||||
// Filename encryption
|
||||
{
|
||||
switch {
|
||||
case cf.IsFeatureFlagSet(FlagPlaintextNames) && cf.IsFeatureFlagSet(FlagEMENames):
|
||||
return fmt.Errorf("Can't have both PlaintextNames and EMENames feature flags")
|
||||
case cf.IsFeatureFlagSet(FlagPlaintextNames):
|
||||
if cf.IsFeatureFlagSet(FlagDirIV) {
|
||||
return fmt.Errorf("PlaintextNames conflicts with DirIV feature flag")
|
||||
}
|
||||
if cf.IsFeatureFlagSet(FlagLongNames) {
|
||||
return fmt.Errorf("PlaintextNames conflicts with LongNames feature flag")
|
||||
}
|
||||
if cf.IsFeatureFlagSet(FlagRaw64) {
|
||||
return fmt.Errorf("PlaintextNames conflicts with Raw64 feature flag")
|
||||
}
|
||||
case cf.IsFeatureFlagSet(FlagEMENames):
|
||||
// All combinations of DirIV, LongNames, Raw64 allowed
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
@ -1,52 +0,0 @@
|
||||
// +build without_openssl
|
||||
|
||||
package stupidgcm
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"../exitcodes"
|
||||
)
|
||||
|
||||
type StupidGCM struct{}
|
||||
|
||||
const (
|
||||
// BuiltWithoutOpenssl indicates if openssl been disabled at compile-time
|
||||
BuiltWithoutOpenssl = true
|
||||
)
|
||||
|
||||
func errExit() {
|
||||
fmt.Fprintln(os.Stderr, "gocryptfs has been compiled without openssl support but you are still trying to use openssl")
|
||||
os.Exit(exitcodes.OpenSSL)
|
||||
}
|
||||
|
||||
func New(_ []byte, _ bool) *StupidGCM {
|
||||
errExit()
|
||||
// Never reached
|
||||
return &StupidGCM{}
|
||||
}
|
||||
|
||||
func (g *StupidGCM) NonceSize() int {
|
||||
errExit()
|
||||
return -1
|
||||
}
|
||||
|
||||
func (g *StupidGCM) Overhead() int {
|
||||
errExit()
|
||||
return -1
|
||||
}
|
||||
|
||||
func (g *StupidGCM) Seal(_, _, _, _ []byte) []byte {
|
||||
errExit()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (g *StupidGCM) Open(_, _, _, _ []byte) ([]byte, error) {
|
||||
errExit()
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (g *StupidGCM) Wipe() {
|
||||
errExit()
|
||||
}
|
Loading…
Reference in new issue