summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-06-21 11:32:04 +0200
committerJakob Unterwurzacher2021-06-21 11:32:04 +0200
commit6b0e63c1a86946de23f549e7d80ea933a4a105f8 (patch)
tree59bc27a3f0822f413997b8fd3bc4e512747c7725
parentc5d8fa83ae702017fc90769dff178fda6a7942a3 (diff)
Improve startup debug output
The startup debug output was very verbose but still missing some effective crypto settings.
-rw-r--r--internal/contentenc/content.go3
-rw-r--r--internal/cryptocore/cryptocore.go16
-rw-r--r--main.go7
-rw-r--r--mount.go4
4 files changed, 21 insertions, 9 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 747bb4c..e023492 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -73,6 +73,9 @@ type ContentEnc struct {
// New returns an initialized ContentEnc instance.
func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc {
+ tlog.Debug.Printf("contentenc.New: plainBS=%d, forceDecode=%v",
+ plainBS, forceDecode)
+
if fuse.MAX_KERNEL_WRITE%plainBS != 0 {
log.Panicf("unaligned MAX_KERNEL_WRITE=%d", fuse.MAX_KERNEL_WRITE)
}
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index d66f390..9f5b9bd 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -36,6 +36,19 @@ const (
BackendAESSIV AEADTypeEnum = 5
)
+func (a AEADTypeEnum) String() string {
+ switch a {
+ case BackendOpenSSL:
+ return "BackendOpenSSL"
+ case BackendGoGCM:
+ return "BackendGoGCM"
+ case BackendAESSIV:
+ return "BackendAESSIV"
+ default:
+ return fmt.Sprintf("%d", a)
+ }
+}
+
// CryptoCore is the low level crypto implementation.
type CryptoCore struct {
// EME is used for filename encryption.
@@ -58,6 +71,9 @@ type CryptoCore struct {
// Note: "key" is either the scrypt hash of the password (when decrypting
// a config file) or the masterkey (when finally mounting the filesystem).
func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore {
+ tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v, forceDecode=%v",
+ len(key), aeadType, IVBitLen, useHKDF, forceDecode)
+
if len(key) != KeyLen {
log.Panic(fmt.Sprintf("Unsupported key length %d", len(key)))
}
diff --git a/main.go b/main.go
index edd61ff..9bd0c78 100644
--- a/main.go
+++ b/main.go
@@ -176,6 +176,7 @@ func main() {
if args.debug {
tlog.Debug.Enabled = true
}
+ tlog.Debug.Printf("cli args: %q", os.Args)
// "-v"
if args.version {
tlog.Debug.Printf("openssl=%v\n", args.openssl)
@@ -282,12 +283,6 @@ func main() {
if args.cpuprofile != "" || args.memprofile != "" || args.trace != "" {
tlog.Info.Printf("Note: You must unmount gracefully, otherwise the profile file(s) will stay empty!\n")
}
- // "-openssl"
- if !args.openssl {
- tlog.Debug.Printf("OpenSSL disabled, using Go GCM")
- } else {
- tlog.Debug.Printf("OpenSSL enabled")
- }
// Operation flags
nOps := countOpFlags(&args)
if nOps == 0 {
diff --git a/mount.go b/mount.go
index 7f818d1..b146660 100644
--- a/mount.go
+++ b/mount.go
@@ -117,8 +117,6 @@ func doMount(args *argContainer) {
args.noprealloc = true
}
}
- // We cannot use JSON for pretty-printing as the fields are unexported
- tlog.Debug.Printf("cli args: %#v", args)
// Initialize gocryptfs (read config file, ask for password, ...)
fs, wipeKeys := initFuseFrontend(args)
// Try to wipe secret keys from memory after unmount
@@ -308,7 +306,6 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
if args.allow_other && os.Getuid() == 0 {
frontendArgs.PreserveOwner = true
}
- tlog.Debug.Printf("frontendArgs: %s", tlog.JSONDump(frontendArgs))
// Init crypto backend
cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
@@ -321,6 +318,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
}
masterkey = nil
// Spawn fusefrontend
+ tlog.Debug.Printf("frontendArgs: %s", tlog.JSONDump(frontendArgs))
if args.reverse {
if cryptoBackend != cryptocore.BackendAESSIV {
log.Panic("reverse mode must use AES-SIV, everything else is insecure")