summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-04-24 00:25:02 +0200
committerJakob Unterwurzacher2017-04-24 00:25:02 +0200
commit3409ade2723d931097560fbbe35e461553c5912c (patch)
treec12f3eb3fa93eba352170ab597d70d6a72498ce2 /internal
parentf1945c4daae65074cfca8f0ab5b97ac5a50c24a0 (diff)
forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
Diffstat (limited to 'internal')
-rw-r--r--internal/contentenc/content.go9
-rw-r--r--internal/fusefrontend/file.go12
-rw-r--r--internal/stupidgcm/autherr.go8
-rw-r--r--internal/stupidgcm/stupidgcm.go9
-rw-r--r--internal/stupidgcm/without_openssl.go3
5 files changed, 24 insertions, 17 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 9998c06..8220d89 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -86,7 +86,9 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file
var pBlock []byte
pBlock, err = be.DecryptBlock(cBlock, firstBlockNo, fileID)
if err != nil {
- if be.forceDecode == false || (be.forceDecode == true && stupidgcm.AuthError != err) {
+ if be.forceDecode && err == stupidgcm.ErrAuth {
+ tlog.Warn.Printf("DecryptBlocks: authentication failure in block #%d, overriden by forcedecode", firstBlockNo)
+ } else {
break
}
}
@@ -139,11 +141,10 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b
if err != nil {
tlog.Warn.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig))
tlog.Debug.Println(hex.Dump(ciphertextOrig))
- if be.forceDecode == true {
+ if be.forceDecode && err == stupidgcm.ErrAuth {
return plaintext, err
- } else {
- return nil, err
}
+ return nil, err
}
return plaintext, nil
diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go
index 4d75d64..111775c 100644
--- a/internal/fusefrontend/file.go
+++ b/internal/fusefrontend/file.go
@@ -18,6 +18,7 @@ import (
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/serialize_reads"
+ "github.com/rfjakob/gocryptfs/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -200,9 +201,14 @@ func (f *file) doRead(off uint64, length uint64) ([]byte, fuse.Status) {
// Decrypt it
plaintext, err := f.contentEnc.DecryptBlocks(ciphertext, firstBlockNo, fileID)
if err != nil {
- curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
- tlog.Warn.Printf("ino%d: doRead: corrupt block #%d: %v", f.devIno.ino, curruptBlockNo, err)
- if (f.fs.args.ForceDecode == false) {
+ if f.fs.args.ForceDecode && err == stupidgcm.ErrAuth {
+ // We do not have the information which block was corrupt here anymore,
+ // but DecryptBlocks() has already logged it anyway.
+ tlog.Warn.Printf("ino%d: doRead off=%d len=%d: returning corrupt data due to forcedecode",
+ f.devIno.ino, off, length)
+ } else {
+ curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
+ tlog.Warn.Printf("ino%d: doRead: corrupt block #%d: %v", f.devIno.ino, curruptBlockNo, err)
return nil, fuse.EIO
}
}
diff --git a/internal/stupidgcm/autherr.go b/internal/stupidgcm/autherr.go
new file mode 100644
index 0000000..e59f92e
--- /dev/null
+++ b/internal/stupidgcm/autherr.go
@@ -0,0 +1,8 @@
+package stupidgcm
+
+import (
+ "fmt"
+)
+
+// ErrAuth is returned when the message authentication fails
+var ErrAuth = fmt.Errorf("stupidgcm: message authentication failed")
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 133ee1a..5cc6c3c 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -10,7 +10,6 @@ import "C"
import (
"crypto/cipher"
- "fmt"
"log"
"unsafe"
)
@@ -30,9 +29,6 @@ type stupidGCM struct {
forceDecode bool
}
-//authentication error
-var AuthError error = fmt.Errorf("stupidgcm: message authentication failed")
-
var _ cipher.AEAD = &stupidGCM{}
// New returns a new cipher.AEAD implementation..
@@ -193,10 +189,9 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
// The error code must always be checked by the calling function, because the decrypted buffer
// may contain corrupted data that we are returning in case the user forced reads
if g.forceDecode == true {
- return append(dst, buf...), AuthError
- } else {
- return nil, AuthError
+ return append(dst, buf...), ErrAuth
}
+ return nil, ErrAuth
}
return append(dst, buf...), nil
diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go
index 52d8fa0..1c6ebcf 100644
--- a/internal/stupidgcm/without_openssl.go
+++ b/internal/stupidgcm/without_openssl.go
@@ -14,9 +14,6 @@ const (
BuiltWithoutOpenssl = true
)
-//authentication error - needed to compile as same varaible is exported when openssl is enable via stupidgcm.go
-var AuthError error = fmt.Errorf("stupidgcm: message authentication failed with openssl disabled!")
-
func errExit() {
fmt.Fprintln(os.Stderr, "gocryptfs has been compiled without openssl support but you are still trying to use openssl")
os.Exit(2)