aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/configfile/config_file.go32
-rw-r--r--internal/configfile/feature_flags.go13
2 files changed, 43 insertions, 2 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 006f6fe..ea023d0 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -92,12 +92,40 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
return nil, nil, fmt.Errorf("Unsupported on-disk format %d", cf.Version)
}
+ // Check that all set feature flags are known
for _, flag := range cf.FeatureFlags {
- if cf.isFeatureFlagKnown(flag) == false {
- return nil, nil, fmt.Errorf("Unsupported feature flag %s", flag)
+ if !cf.isFeatureFlagKnown(flag) {
+ return nil, nil, fmt.Errorf("Unsupported feature flag %q", flag)
}
}
+ // Check that all required feature flags are set
+ var requiredFlags []flagIota
+ if cf.IsFeatureFlagSet(FlagPlaintextNames) {
+ requiredFlags = requiredFlagsPlaintextNames
+ } else {
+ requiredFlags = requiredFlagsNormal
+ }
+ deprecatedFs := false
+ for _, i := range requiredFlags {
+ if !cf.IsFeatureFlagSet(i) {
+ // For now, warn but continue.
+ fmt.Printf("Deprecated filesystem: feature flag %q is missing\n", knownFlags[i])
+ deprecatedFs = true
+ //return nil, nil, fmt.Errorf("Required feature flag %q is missing", knownFlags[i])
+ }
+ }
+ if deprecatedFs {
+ fmt.Printf("\033[33m" + `
+ This filesystem was created by gocryptfs v0.6 or earlier. You are missing
+ security improvements. gocryptfs v1.0 is scheduled to drop support for this
+ filesystem, please upgrade!
+ If you disagree with the plan or have trouble upgrading, please join the
+ discussion at https://github.com/rfjakob/gocryptfs/issues/29 .
+
+` + "\033[0m")
+ }
+
// Generate derived key from password
scryptHash := cf.ScryptObject.DeriveKey(password)
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index d439363..bac8ce8 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -19,6 +19,19 @@ var knownFlags map[flagIota]string = map[flagIota]string{
FlagLongNames: "LongNames",
}
+// Filesystems that do not have these feature flags set are deprecated.
+var requiredFlagsNormal []flagIota = []flagIota{
+ FlagDirIV,
+ FlagEMENames,
+ FlagGCMIV128,
+}
+
+// Filesystems without filename encryption obviously don't have or need the
+// related feature flags.
+var requiredFlagsPlaintextNames []flagIota = []flagIota{
+ FlagGCMIV128,
+}
+
// isFeatureFlagKnown verifies that we understand a feature flag
func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
for _, knownFlag := range knownFlags {