diff options
| author | Jakob Unterwurzacher | 2021-08-21 21:43:26 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2021-08-23 16:00:41 +0200 |
| commit | 97d8340bd81ddd60baac598d3e25ebfb4decb50c (patch) | |
| tree | 2f5444d523ca142e847b0b51422bc51ad8203a75 /internal/configfile/scrypt.go | |
| parent | 4764a9bde093f6b61d0370653c6c9d12949ed145 (diff) | |
configfile: add Validate() function, support FlagXChaCha20Poly1305
We used to do validation using lists of mandatory feature flags.
With the introduction of XChaCha20Poly1305, this became too
simplistic, as it uses a different IV length, hence disabling
GCMIV128.
Add a dedicated function, Validate(), with open-coded validation
logic.
The validation and creation logic also gets XChaCha20Poly1305
support, and gocryptfs -init -xchacha now writes the flag into
gocryptfs.conf.
Diffstat (limited to 'internal/configfile/scrypt.go')
| -rw-r--r-- | internal/configfile/scrypt.go | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/internal/configfile/scrypt.go b/internal/configfile/scrypt.go index 7ac822e..0ce8777 100644 --- a/internal/configfile/scrypt.go +++ b/internal/configfile/scrypt.go @@ -1,6 +1,7 @@ package configfile import ( + "fmt" "log" "math" "os" @@ -62,8 +63,10 @@ func NewScryptKDF(logN int) ScryptKDF { // DeriveKey returns a new key from a supplied password. func (s *ScryptKDF) DeriveKey(pw []byte) []byte { - s.validateParams() - + if err := s.validateParams(); err != nil { + tlog.Fatal.Println(err.Error()) + os.Exit(exitcodes.ScryptParams) + } k, err := scrypt.Key(pw, s.Salt, s.N, s.R, s.P, s.KeyLen) if err != nil { log.Panicf("DeriveKey failed: %v", err) @@ -81,26 +84,22 @@ func (s *ScryptKDF) LogN() int { // If not, it exists with an error message. // This makes sure we do not get weak parameters passed through a // rougue gocryptfs.conf. -func (s *ScryptKDF) validateParams() { +func (s *ScryptKDF) validateParams() error { minN := 1 << scryptMinLogN if s.N < minN { - tlog.Fatal.Println("Fatal: scryptn below 10 is too low to make sense") - os.Exit(exitcodes.ScryptParams) + return fmt.Errorf("Fatal: scryptn below 10 is too low to make sense") } if s.R < scryptMinR { - tlog.Fatal.Printf("Fatal: scrypt parameter R below minimum: value=%d, min=%d", s.R, scryptMinR) - os.Exit(exitcodes.ScryptParams) + return fmt.Errorf("Fatal: scrypt parameter R below minimum: value=%d, min=%d", s.R, scryptMinR) } if s.P < scryptMinP { - tlog.Fatal.Printf("Fatal: scrypt parameter P below minimum: value=%d, min=%d", s.P, scryptMinP) - os.Exit(exitcodes.ScryptParams) + return fmt.Errorf("Fatal: scrypt parameter P below minimum: value=%d, min=%d", s.P, scryptMinP) } if len(s.Salt) < scryptMinSaltLen { - tlog.Fatal.Printf("Fatal: scrypt salt length below minimum: value=%d, min=%d", len(s.Salt), scryptMinSaltLen) - os.Exit(exitcodes.ScryptParams) + return fmt.Errorf("Fatal: scrypt salt length below minimum: value=%d, min=%d", len(s.Salt), scryptMinSaltLen) } if s.KeyLen < cryptocore.KeyLen { - tlog.Fatal.Printf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.KeyLen) - os.Exit(exitcodes.ScryptParams) + return fmt.Errorf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.KeyLen) } + return nil } |