summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--masterkey.go45
-rw-r--r--mount.go33
2 files changed, 47 insertions, 31 deletions
diff --git a/masterkey.go b/masterkey.go
index 6fda035..c67f115 100644
--- a/masterkey.go
+++ b/masterkey.go
@@ -7,8 +7,10 @@ import (
"golang.org/x/crypto/ssh/terminal"
+ "github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
+ "github.com/rfjakob/gocryptfs/internal/readpassword"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -65,3 +67,46 @@ func parseMasterKey(masterkey string, fromStdin bool) []byte {
}
return key
}
+
+// getMasterKey looks at "args" to determine where the master key should come
+// from (-masterkey=a-b-c-d or stdin or from the config file).
+// If it comes from the config file, the user is prompted for the password
+// and a ConfFile instance is returned.
+// Calls os.Exit on failure.
+func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.ConfFile) {
+ masterkeyFromStdin := false
+ // "-masterkey=stdin"
+ if args.masterkey == "stdin" {
+ args.masterkey = string(readpassword.Once("", "Masterkey"))
+ masterkeyFromStdin = true
+ }
+ // "-masterkey=941a6029-3adc6a1c-..."
+ if args.masterkey != "" {
+ return parseMasterKey(args.masterkey, masterkeyFromStdin), nil
+ }
+ // "-zerokey"
+ if args.zerokey {
+ tlog.Info.Printf("Using all-zero dummy master key.")
+ tlog.Info.Printf(tlog.ColorYellow +
+ "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
+ tlog.ColorReset)
+ return make([]byte, cryptocore.KeyLen), nil
+ }
+ var err error
+ // Load master key from config file (normal operation).
+ // Prompts the user for the password.
+ masterkey, confFile, err = loadConfig(args)
+ if err != nil {
+ if args._ctlsockFd != nil {
+ // Close the socket file (which also deletes it)
+ args._ctlsockFd.Close()
+ }
+ exitcodes.Exit(err)
+ }
+ readpassword.CheckTrailingGarbage()
+ if !args.fsck {
+ // We only want to print the masterkey message on a normal mount.
+ printMasterKey(masterkey)
+ }
+ return masterkey, confFile
+}
diff --git a/mount.go b/mount.go
index c5b1c05..c21fa01 100644
--- a/mount.go
+++ b/mount.go
@@ -29,7 +29,6 @@ import (
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
"github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse"
"github.com/rfjakob/gocryptfs/internal/nametransform"
- "github.com/rfjakob/gocryptfs/internal/readpassword"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -96,37 +95,9 @@ func doMount(args *argContainer) {
var confFile *configfile.ConfFile
var srv *fuse.Server
{
- // Get master key (may prompt for the password)
var masterkey []byte
- masterkeyFromStdin := false
- if args.masterkey == "stdin" {
- args.masterkey = string(readpassword.Once("", "Masterkey"))
- masterkeyFromStdin = true
- }
- if args.masterkey != "" {
- // "-masterkey"
- masterkey = parseMasterKey(args.masterkey, masterkeyFromStdin)
- } else if args.zerokey {
- // "-zerokey"
- tlog.Info.Printf("Using all-zero dummy master key.")
- tlog.Info.Printf(tlog.ColorYellow +
- "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
- tlog.ColorReset)
- masterkey = make([]byte, cryptocore.KeyLen)
- } else {
- // Load master key from config file
- // Prompts the user for the password
- masterkey, confFile, err = loadConfig(args)
- if err != nil {
- if args._ctlsockFd != nil {
- // Close the socket file (which also deletes it)
- args._ctlsockFd.Close()
- }
- exitcodes.Exit(err)
- }
- readpassword.CheckTrailingGarbage()
- printMasterKey(masterkey)
- }
+ // Get master key (may prompt for the password)
+ masterkey, confFile = getMasterKey(args)
// We cannot use JSON for pretty-printing as the fields are unexported
tlog.Debug.Printf("cli args: %#v", args)
// Initialize FUSE server