summaryrefslogtreecommitdiff
path: root/cryptfs
diff options
context:
space:
mode:
Diffstat (limited to 'cryptfs')
-rw-r--r--cryptfs/config_file.go42
-rw-r--r--cryptfs/cryptfs_content.go2
2 files changed, 38 insertions, 6 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go
index a790c51..346bef8 100644
--- a/cryptfs/config_file.go
+++ b/cryptfs/config_file.go
@@ -11,6 +11,7 @@ const (
// The dot "." is not used in base64url (RFC4648), hence
// we can never clash with an encrypted file.
ConfDefaultName = "gocryptfs.conf"
+ FlagPlaintextNames = "PlaintextNames"
)
type ConfFile struct {
@@ -22,8 +23,11 @@ type ConfFile struct {
ScryptObject scryptKdf
// The On-Disk-Format version this filesystem uses
Version uint16
- // Do not encrypt filenames
- PlaintextNames bool
+ // List of feature flags this filesystem has enabled.
+ // If gocryptfs encounters a feature flag it does not support, it will refuse
+ // mounting. This mechanism is analogous to the ext4 feature flags that are
+ // stored in the superblock.
+ FeatureFlags []string
}
// CreateConfFile - create a new config with a random key encrypted with
@@ -41,14 +45,18 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error
cf.Version = HEADER_CURRENT_VERSION
- cf.PlaintextNames = plaintextNames
+ if plaintextNames {
+ cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)
+ }
// Write file to disk
return cf.WriteFile()
}
// LoadConfFile - read config file from disk and decrypt the
-// contained key using password
+// contained key using password.
+//
+// Returns the decrypted key and the ConfFile object
func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
var cf ConfFile
cf.filename = filename
@@ -67,7 +75,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
}
if cf.Version != HEADER_CURRENT_VERSION {
- return nil, nil, fmt.Errorf("Unsupported version %d", cf.Version)
+ return nil, nil, fmt.Errorf("Unsupported on-disk format %d\n", cf.Version)
+ }
+
+ // Verify that we know all feature flags
+ for _, flag := range(cf.FeatureFlags) {
+ switch(flag) {
+ case FlagPlaintextNames:
+ continue
+ default:
+ return nil, nil, fmt.Errorf("Unsupported feature flag %s\n", flag)
+ }
}
// Generate derived key from password
@@ -130,3 +148,17 @@ func (cf *ConfFile) WriteFile() error {
return nil
}
+
+// isFeatureFlagSet - is the feature flag "flagWant" enabled?
+func (cf *ConfFile) isFeatureFlagSet(flagWant string) bool {
+ for _, flag := range(cf.FeatureFlags) {
+ if flag == flagWant {
+ return true
+ }
+ }
+ return false
+}
+
+func (cf *ConfFile) PlaintextNames() bool {
+ return cf.isFeatureFlagSet(FlagPlaintextNames)
+}
diff --git a/cryptfs/cryptfs_content.go b/cryptfs/cryptfs_content.go
index d74570f..cfd488b 100644
--- a/cryptfs/cryptfs_content.go
+++ b/cryptfs/cryptfs_content.go
@@ -60,7 +60,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
}
if len(ciphertext) < NONCE_LEN {
- Warn.Printf("decryptBlock: Block is too short: %d bytes\n", len(ciphertext))
+ Warn.Printf("DecryptBlock: Block is too short: %d bytes\n", len(ciphertext))
return nil, errors.New("Block is too short")
}