diff options
author | Valient Gough | 2016-10-01 21:14:18 -0700 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-10-04 23:18:33 +0200 |
commit | b764917cd5c1b1d61b8ce08e7af0b29793fbbb80 (patch) | |
tree | 22222f3f245d43c1c534a38d7d57b900f50d0e08 /internal/configfile | |
parent | 31a8f8b83973867a50ac08106effb1bba3fdcb2d (diff) |
lint fixes
Diffstat (limited to 'internal/configfile')
-rw-r--r-- | internal/configfile/config_file.go | 24 | ||||
-rw-r--r-- | internal/configfile/feature_flags.go | 18 | ||||
-rw-r--r-- | internal/configfile/kdf.go | 14 | ||||
-rw-r--r-- | internal/configfile/kdf_test.go | 2 |
4 files changed, 37 insertions, 21 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 9152523..79960e4 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -14,31 +14,35 @@ import ( import "os" const ( + // ConfDefaultName is the default configuration file name. // The dot "." is not used in base64url (RFC4648), hence // we can never clash with an encrypted file. ConfDefaultName = "gocryptfs.conf" - // In reverse mode, the config file gets stored next to the plain-text - // files. Make it hidden (start with dot) to not annoy the user. + // ConfReverseName is the default configuration file name in reverse mode, + // the config file gets stored next to the plain-text files. Make it hidden + // (start with dot) to not annoy the user. ConfReverseName = ".gocryptfs.reverse.conf" ) +// ConfFile is the content of a config file. type ConfFile struct { - // gocryptfs version string + // Creator is the gocryptfs version string. // This only documents the config file for humans who look at it. The actual // technical info is contained in FeatureFlags. Creator string - // Encrypted AES key, unlocked using a password hashed with scrypt + // EncryptedKey holds an encrypted AES key, unlocked using a password + // hashed with scrypt EncryptedKey []byte - // Stores parameters for scrypt hashing (key derivation) - ScryptObject scryptKdf - // The On-Disk-Format version this filesystem uses + // ScryptObject stores parameters for scrypt hashing (key derivation) + ScryptObject ScryptKDF + // Version is the On-Disk-Format version this filesystem uses Version uint16 - // List of feature flags this filesystem has enabled. + // FeatureFlags is a list of feature flags this filesystem has enabled. // If gocryptfs encounters a feature flag it does not support, it will refuse // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string - // File the config is saved to. Not exported to JSON. + // Filename is the name of the config file. Not exported to JSON. filename string } @@ -162,7 +166,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { // cf.ScryptObject. func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { // Generate derived key from password - cf.ScryptObject = NewScryptKdf(logN) + cf.ScryptObject = NewScryptKDF(logN) scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index ad7bec1..d3601b1 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -3,16 +3,24 @@ package configfile type flagIota int const ( + // FlagPlaintextNames indicates that filenames are unencrypted. FlagPlaintextNames flagIota = iota + // FlagDirIV indicates that a per-directory IV file is used. FlagDirIV + // FlagEMENames indicates EME (ECB-Mix-ECB) filename encryption. + // This flag is mandatory since gocryptfs v1.0. FlagEMENames + // FlagGCMIV128 indicates 128-bit GCM IVs. + // This flag is mandatory since gocryptfs v1.0. FlagGCMIV128 + // FlagLongNames allows file names longer than 176 bytes. FlagLongNames + // FlagAESSIV selects an AES-SIV based crypto backend. FlagAESSIV ) // knownFlags stores the known feature flags and their string representation -var knownFlags map[flagIota]string = map[flagIota]string{ +var knownFlags = map[flagIota]string{ FlagPlaintextNames: "PlaintextNames", FlagDirIV: "DirIV", FlagEMENames: "EMENames", @@ -22,7 +30,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{ } // Filesystems that do not have these feature flags set are deprecated. -var requiredFlagsNormal []flagIota = []flagIota{ +var requiredFlagsNormal = []flagIota{ FlagDirIV, FlagEMENames, FlagGCMIV128, @@ -30,11 +38,11 @@ var requiredFlagsNormal []flagIota = []flagIota{ // Filesystems without filename encryption obviously don't have or need the // filename related feature flags. -var requiredFlagsPlaintextNames []flagIota = []flagIota{ +var requiredFlagsPlaintextNames = []flagIota{ FlagGCMIV128, } -// isFeatureFlagKnown verifies that we understand a feature flag +// isFeatureFlagKnown verifies that we understand a feature flag. func (cf *ConfFile) isFeatureFlagKnown(flag string) bool { for _, knownFlag := range knownFlags { if knownFlag == flag { @@ -44,7 +52,7 @@ func (cf *ConfFile) isFeatureFlagKnown(flag string) bool { return false } -// isFeatureFlagSet - is the feature flag "flagWant" enabled? +// IsFeatureFlagSet returns true if the feature flag "flagWant" is enabled. func (cf *ConfFile) IsFeatureFlagSet(flagWant flagIota) bool { flagString := knownFlags[flagWant] for _, flag := range cf.FeatureFlags { diff --git a/internal/configfile/kdf.go b/internal/configfile/kdf.go index ca87975..31bcbe4 100644 --- a/internal/configfile/kdf.go +++ b/internal/configfile/kdf.go @@ -12,12 +12,14 @@ import ( ) const ( + // ScryptDefaultLogN is the default scrypt logN configuration parameter. // 1 << 16 uses 64MB of memory, // takes 4 seconds on my Atom Z3735F netbook ScryptDefaultLogN = 16 ) -type scryptKdf struct { +// ScryptKDF is an instance of the scrypt key deriviation function. +type ScryptKDF struct { Salt []byte N int R int @@ -25,8 +27,9 @@ type scryptKdf struct { KeyLen int } -func NewScryptKdf(logN int) scryptKdf { - var s scryptKdf +// NewScryptKDF returns a new instance of ScryptKDF. +func NewScryptKDF(logN int) ScryptKDF { + var s ScryptKDF s.Salt = cryptocore.RandBytes(cryptocore.KeyLen) if logN <= 0 { s.N = 1 << ScryptDefaultLogN @@ -43,7 +46,8 @@ func NewScryptKdf(logN int) scryptKdf { return s } -func (s *scryptKdf) DeriveKey(pw string) []byte { +// DeriveKey returns a new key from a supplied password. +func (s *ScryptKDF) DeriveKey(pw string) []byte { k, err := scrypt.Key([]byte(pw), s.Salt, s.N, s.R, s.P, s.KeyLen) if err != nil { log.Panicf("DeriveKey failed: %v", err) @@ -53,6 +57,6 @@ func (s *scryptKdf) DeriveKey(pw string) []byte { // LogN - N is saved as 2^LogN, but LogN is much easier to work with. // This function gives you LogN = Log2(N). -func (s *scryptKdf) LogN() int { +func (s *ScryptKDF) LogN() int { return int(math.Log2(float64(s.N)) + 0.5) } diff --git a/internal/configfile/kdf_test.go b/internal/configfile/kdf_test.go index bc095ab..c1a656a 100644 --- a/internal/configfile/kdf_test.go +++ b/internal/configfile/kdf_test.go @@ -21,7 +21,7 @@ ok github.com/rfjakob/gocryptfs/cryptfs 18.772s */ func benchmarkScryptN(n int, b *testing.B) { - kdf := NewScryptKdf(n) + kdf := NewScryptKDF(n) for i := 0; i < b.N; i++ { kdf.DeriveKey("test") } |