diff options
| -rw-r--r-- | cryptfs/config_file.go | 31 | ||||
| -rw-r--r-- | cryptfs/config_test.go | 13 | ||||
| -rw-r--r-- | cryptfs/cryptfs_names.go | 3 | ||||
| -rw-r--r-- | cryptfs/names_diriv.go | 4 | ||||
| -rw-r--r-- | main.go | 2 |
5 files changed, 36 insertions, 17 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go index f258a5e..1e7e3b3 100644 --- a/cryptfs/config_file.go +++ b/cryptfs/config_file.go @@ -4,14 +4,18 @@ import ( "encoding/json" "fmt" "io/ioutil" + "log" ) import "os" const ( // The dot "." is not used in base64url (RFC4648), hence // we can never clash with an encrypted file. - ConfDefaultName = "gocryptfs.conf" + ConfDefaultName = "gocryptfs.conf" + // Understood Feature Flags + // Also teach isFeatureFlagKnown() about any additions FlagPlaintextNames = "PlaintextNames" + FlagDirIV = "DirIV" ) type ConfFile struct { @@ -78,12 +82,8 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version) } - // Verify that we know all feature flags for _, flag := range cf.FeatureFlags { - switch flag { - case FlagPlaintextNames: - continue - default: + if cf.isFeatureFlagKnown(flag) == false { return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag) } } @@ -151,8 +151,21 @@ func (cf *ConfFile) WriteFile() error { return nil } +// Verify that we understand a feature flag +func (cf *ConfFile) isFeatureFlagKnown(flag string) bool { + switch flag { + case FlagPlaintextNames, FlagDirIV: + return true + default: + return false + } +} + // isFeatureFlagSet - is the feature flag "flagWant" enabled? -func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool { +func (cf *ConfFile) IsFeatureFlagSet(flagWant string) bool { + if !cf.isFeatureFlagKnown(flagWant) { + log.Panicf("BUG: Tried to use unsupported feature flag %s", flagWant) + } for _, flag := range cf.FeatureFlags { if flag == flagWant { return true @@ -160,7 +173,3 @@ func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool { } return false } - -func (cf *ConfFile) PlaintextNames() bool { - return cf.isFeatureFlagSet(FlagPlaintextNames) -} diff --git a/cryptfs/config_test.go b/cryptfs/config_test.go index cd8ed2f..e052428 100644 --- a/cryptfs/config_test.go +++ b/cryptfs/config_test.go @@ -69,3 +69,16 @@ func TestCreateConfFile(t *testing.T) { } } + +func TestIsFeatureFlagKnown(t *testing.T) { + var cf ConfFile + if !cf.isFeatureFlagKnown(FlagDirIV) { + t.Errorf("This flag should be known") + } + if !cf.isFeatureFlagKnown(FlagPlaintextNames) { + t.Errorf("This flag should be known") + } + if cf.isFeatureFlagKnown("StrangeFeatureFlag") { + t.Errorf("This flag should be NOT known") + } +} diff --git a/cryptfs/cryptfs_names.go b/cryptfs/cryptfs_names.go index 37a769f..2a5f158 100644 --- a/cryptfs/cryptfs_names.go +++ b/cryptfs/cryptfs_names.go @@ -65,7 +65,6 @@ func (be *CryptFS) encryptName(plainName string, iv []byte) string { return cipherName64 } - // TranslatePathZeroIV - encrypt or decrypt path using CBC with a constant all-zero IV. // Just splits the string on "/" and hands the parts to encryptName() / decryptName() func (be *CryptFS) TranslatePathZeroIV(path string, op int) (string, error) { @@ -155,5 +154,3 @@ func (be *CryptFS) unPad16(orig []byte) ([]byte, error) { } return orig[0:newLen], nil } - - diff --git a/cryptfs/names_diriv.go b/cryptfs/names_diriv.go index 1415bcb..46e2bfd 100644 --- a/cryptfs/names_diriv.go +++ b/cryptfs/names_diriv.go @@ -1,9 +1,9 @@ package cryptfs import ( - "path/filepath" - "io/ioutil" "fmt" + "io/ioutil" + "path/filepath" "strings" ) @@ -264,7 +264,7 @@ func main() { var confFile *cryptfs.ConfFile masterkey, confFile = loadConfig(&args) printMasterKey(masterkey) - args.plaintextnames = confFile.PlaintextNames() + args.plaintextnames = confFile.IsFeatureFlagSet(cryptfs.FlagPlaintextNames) } // Initialize FUSE server srv := pathfsFrontend(masterkey, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl, args.plaintextnames) |