aboutsummaryrefslogtreecommitdiff
path: root/cli_args.go
diff options
context:
space:
mode:
Diffstat (limited to 'cli_args.go')
-rw-r--r--cli_args.go25
1 files changed, 24 insertions, 1 deletions
diff --git a/cli_args.go b/cli_args.go
index 9414e67..f0bfb48 100644
--- a/cli_args.go
+++ b/cli_args.go
@@ -10,6 +10,7 @@ import (
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/prefer_openssl"
+ "github.com/rfjakob/gocryptfs/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
@@ -18,7 +19,7 @@ type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, fg, version,
plaintextnames, quiet, nosyslog, wpanic,
longnames, allow_other, ro, reverse, aessiv, nonempty, raw64,
- noprealloc, speed, hkdf, serialize_reads bool
+ noprealloc, speed, hkdf, serialize_reads, forcedecode bool
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
memprofile, ko, passfile, ctlsock, fsname string
// Configuration file name override
@@ -113,6 +114,8 @@ func parseCliOpts() (args argContainer) {
flagSet.BoolVar(&args.speed, "speed", false, "Run crypto speed test")
flagSet.BoolVar(&args.hkdf, "hkdf", true, "Use HKDF as an additional key derivation step")
flagSet.BoolVar(&args.serialize_reads, "serialize_reads", false, "Try to serialize read operations")
+ flagSet.BoolVar(&args.forcedecode, "forcedecode", false, "Force decode of files even if integrity check fails."+
+ " Requires gocryptfs to be compiled with openssl support and implies -openssl true")
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
@@ -154,6 +157,26 @@ func parseCliOpts() (args argContainer) {
os.Exit(ErrExitUsage)
}
}
+ // "-forcedecode" only works with openssl. Check compilation and command line parameters
+ if args.forcedecode == true {
+ if stupidgcm.BuiltWithoutOpenssl == true {
+ tlog.Fatal.Printf("The -forcedecode flag requires openssl support, but gocryptfs was compiled without it!")
+ os.Exit(ErrExitUsage)
+ }
+ if args.aessiv == true {
+ tlog.Fatal.Printf("The -forcedecode and -aessiv flags are incompatible because they use different crypto libs (openssl vs native Go)")
+ os.Exit(ErrExitUsage)
+ }
+ if args.reverse == true {
+ tlog.Fatal.Printf("The reverse mode and the -forcedecode option are not compatible")
+ os.Exit(ErrExitUsage)
+ }
+ v, e := strconv.ParseBool(opensslAuto)
+ if e == nil && v == false {
+ tlog.Warn.Printf("-openssl set to true, as it is required by -forcedecode flag")
+ }
+ args.openssl = true
+ }
// '-passfile FILE' is a shortcut for -extpass='/bin/cat -- FILE'
if args.passfile != "" {
args.extpass = "/bin/cat -- " + args.passfile