aboutsummaryrefslogtreecommitdiff
path: root/internal/configfile/config_file.go
diff options
context:
space:
mode:
authorSebastian Lackner2017-11-19 13:30:04 +0100
committerrfjakob2017-11-21 23:37:06 +0100
commitf3c777d5eaa682d878c638192311e52f9c204294 (patch)
treedc3fcf616371479abec93ab93688f9e2937e7d9d /internal/configfile/config_file.go
parent1b0426bcb23a1850f3a03619a15413281dc733e3 (diff)
main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy.
Diffstat (limited to 'internal/configfile/config_file.go')
-rw-r--r--internal/configfile/config_file.go26
1 files changed, 24 insertions, 2 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index fea4a84..67d67f0 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -5,7 +5,9 @@ package configfile
import (
"encoding/json"
"fmt"
+ "io"
"io/ioutil"
+ "log"
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
@@ -47,10 +49,25 @@ type ConfFile struct {
filename string
}
+// randBytesDevRandom gets "n" random bytes from /dev/random or panics
+func randBytesDevRandom(n int) []byte {
+ f, err := os.Open("/dev/random")
+ if err != nil {
+ log.Panic("Failed to open /dev/random: " + err.Error())
+ }
+ defer f.Close()
+ b := make([]byte, n)
+ _, err = io.ReadFull(f, b)
+ if err != nil {
+ log.Panic("Failed to read random bytes: " + err.Error())
+ }
+ return b
+}
+
// CreateConfFile - create a new config with a random key encrypted with
// "password" and write it to "filename".
// Uses scrypt with cost parameter logN.
-func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, aessiv bool) error {
+func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, aessiv bool, devrandom bool) error {
var cf ConfFile
cf.filename = filename
cf.Creator = creator
@@ -72,7 +89,12 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN
}
// Generate new random master key
- key := cryptocore.RandBytes(cryptocore.KeyLen)
+ var key []byte
+ if devrandom {
+ key = randBytesDevRandom(cryptocore.KeyLen)
+ } else {
+ key = cryptocore.RandBytes(cryptocore.KeyLen)
+ }
// Encrypt it using the password
// This sets ScryptObject and EncryptedKey