aboutsummaryrefslogtreecommitdiff
path: root/cli_args.go
diff options
context:
space:
mode:
authordanim72017-04-08 02:09:28 +0200
committerJakob Unterwurzacher2017-04-23 23:11:56 +0200
commitf1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (patch)
treef6a555c9d7fedb0da6f5e21981f4154fa413c8c0 /cli_args.go
parent9777e4bf7ea2aa75ab443dc6e15c42103eb6b027 (diff)
Add -forcedecode
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
Diffstat (limited to 'cli_args.go')
-rw-r--r--cli_args.go25
1 files changed, 24 insertions, 1 deletions
diff --git a/cli_args.go b/cli_args.go
index 9414e67..f0bfb48 100644
--- a/cli_args.go
+++ b/cli_args.go
@@ -10,6 +10,7 @@ import (
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/prefer_openssl"
+ "github.com/rfjakob/gocryptfs/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -18,7 +19,7 @@ type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, fg, version,
plaintextnames, quiet, nosyslog, wpanic,
longnames, allow_other, ro, reverse, aessiv, nonempty, raw64,
- noprealloc, speed, hkdf, serialize_reads bool
+ noprealloc, speed, hkdf, serialize_reads, forcedecode bool
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
memprofile, ko, passfile, ctlsock, fsname string
// Configuration file name override
@@ -113,6 +114,8 @@ func parseCliOpts() (args argContainer) {
flagSet.BoolVar(&args.speed, "speed", false, "Run crypto speed test")
flagSet.BoolVar(&args.hkdf, "hkdf", true, "Use HKDF as an additional key derivation step")
flagSet.BoolVar(&args.serialize_reads, "serialize_reads", false, "Try to serialize read operations")
+ flagSet.BoolVar(&args.forcedecode, "forcedecode", false, "Force decode of files even if integrity check fails."+
+ " Requires gocryptfs to be compiled with openssl support and implies -openssl true")
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
@@ -154,6 +157,26 @@ func parseCliOpts() (args argContainer) {
os.Exit(ErrExitUsage)
}
}
+ // "-forcedecode" only works with openssl. Check compilation and command line parameters
+ if args.forcedecode == true {
+ if stupidgcm.BuiltWithoutOpenssl == true {
+ tlog.Fatal.Printf("The -forcedecode flag requires openssl support, but gocryptfs was compiled without it!")
+ os.Exit(ErrExitUsage)
+ }
+ if args.aessiv == true {
+ tlog.Fatal.Printf("The -forcedecode and -aessiv flags are incompatible because they use different crypto libs (openssl vs native Go)")
+ os.Exit(ErrExitUsage)
+ }
+ if args.reverse == true {
+ tlog.Fatal.Printf("The reverse mode and the -forcedecode option are not compatible")
+ os.Exit(ErrExitUsage)
+ }
+ v, e := strconv.ParseBool(opensslAuto)
+ if e == nil && v == false {
+ tlog.Warn.Printf("-openssl set to true, as it is required by -forcedecode flag")
+ }
+ args.openssl = true
+ }
// '-passfile FILE' is a shortcut for -extpass='/bin/cat -- FILE'
if args.passfile != "" {
args.extpass = "/bin/cat -- " + args.passfile