From 0f4d3501369e13c8ba6ee4c9fc7df02a3cc698b1 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 6 Jun 2016 23:13:10 +0200 Subject: configfile: warn about missing feature flags The plan is to drop support for the oldest filesystem versions in gocryptfs v1.0. For now, we only warn the user. --- internal/configfile/config_file.go | 32 ++++++++++++++++++++++++++++++-- internal/configfile/feature_flags.go | 13 +++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) (limited to 'internal/configfile') diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 006f6fe..ea023d0 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -92,12 +92,40 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { return nil, nil, fmt.Errorf("Unsupported on-disk format %d", cf.Version) } + // Check that all set feature flags are known for _, flag := range cf.FeatureFlags { - if cf.isFeatureFlagKnown(flag) == false { - return nil, nil, fmt.Errorf("Unsupported feature flag %s", flag) + if !cf.isFeatureFlagKnown(flag) { + return nil, nil, fmt.Errorf("Unsupported feature flag %q", flag) } } + // Check that all required feature flags are set + var requiredFlags []flagIota + if cf.IsFeatureFlagSet(FlagPlaintextNames) { + requiredFlags = requiredFlagsPlaintextNames + } else { + requiredFlags = requiredFlagsNormal + } + deprecatedFs := false + for _, i := range requiredFlags { + if !cf.IsFeatureFlagSet(i) { + // For now, warn but continue. + fmt.Printf("Deprecated filesystem: feature flag %q is missing\n", knownFlags[i]) + deprecatedFs = true + //return nil, nil, fmt.Errorf("Required feature flag %q is missing", knownFlags[i]) + } + } + if deprecatedFs { + fmt.Printf("\033[33m" + ` + This filesystem was created by gocryptfs v0.6 or earlier. You are missing + security improvements. gocryptfs v1.0 is scheduled to drop support for this + filesystem, please upgrade! + If you disagree with the plan or have trouble upgrading, please join the + discussion at https://github.com/rfjakob/gocryptfs/issues/29 . + +` + "\033[0m") + } + // Generate derived key from password scryptHash := cf.ScryptObject.DeriveKey(password) diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index d439363..bac8ce8 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -19,6 +19,19 @@ var knownFlags map[flagIota]string = map[flagIota]string{ FlagLongNames: "LongNames", } +// Filesystems that do not have these feature flags set are deprecated. +var requiredFlagsNormal []flagIota = []flagIota{ + FlagDirIV, + FlagEMENames, + FlagGCMIV128, +} + +// Filesystems without filename encryption obviously don't have or need the +// related feature flags. +var requiredFlagsPlaintextNames []flagIota = []flagIota{ + FlagGCMIV128, +} + // isFeatureFlagKnown verifies that we understand a feature flag func (cf *ConfFile) isFeatureFlagKnown(flag string) bool { for _, knownFlag := range knownFlags { -- cgit v1.2.3