summaryrefslogtreecommitdiff
path: root/internal/configfile
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-09-08 12:19:19 +0200
committerJakob Unterwurzacher2018-09-08 12:19:19 +0200
commit09d28c293e2f4142cda8dbfee0741aee7213748d (patch)
tree7907279437cc728f10def88b5648d1f37315746c /internal/configfile
parent21eaa8f164cba9fe6032a6a15de0c51ae1a16f8b (diff)
configfile: split off masterkey decryption
Preparation for fixing https://github.com/rfjakob/gocryptfs/issues/258
Diffstat (limited to 'internal/configfile')
-rw-r--r--internal/configfile/config_file.go18
1 files changed, 14 insertions, 4 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 31646ef..b18d6a7 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -189,6 +189,17 @@ func Load(filename string, password []byte) ([]byte, *ConfFile, error) {
return nil, &cf, nil
}
+ key, err := cf.DecryptMasterKey(password)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ return key, &cf, err
+}
+
+// DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using
+// password.
+func (cf *ConfFile) DecryptMasterKey(password []byte) (masterkey []byte, err error) {
// Generate derived key from password
scryptHash := cf.ScryptObject.DeriveKey(password)
@@ -197,14 +208,13 @@ func Load(filename string, password []byte) ([]byte, *ConfFile, error) {
ce := getKeyEncrypter(scryptHash, useHKDF)
tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
- key, err := ce.DecryptBlock(cf.EncryptedKey, 0, nil)
+ masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
tlog.Warn.Enabled = true
if err != nil {
tlog.Warn.Printf("failed to unlock master key: %s", err.Error())
- return nil, nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
+ return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
}
-
- return key, &cf, err
+ return masterkey, nil
}
// EncryptKey - encrypt "key" using an scrypt hash generated from "password"