1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
package main
import (
"encoding/hex"
"flag"
"fmt"
"io"
"os"
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/readpassword"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
const (
ivLen = contentenc.DefaultIVBits / 8
blockSize = contentenc.DefaultBS + ivLen + cryptocore.AuthTagLen
myName = "gocryptfs-xray"
)
func errExit(err error) {
fmt.Println(err)
os.Exit(1)
}
func prettyPrintHeader(h *contentenc.FileHeader) {
id := hex.EncodeToString(h.ID)
fmt.Printf("Header: Version: %d, Id: %s\n", h.Version, id)
}
func main() {
dumpmasterkey := flag.Bool("dumpmasterkey", false, "Decrypt and dump the master key")
flag.Parse()
if flag.NArg() != 1 {
fmt.Fprintf(os.Stderr, "Usage: %s [OPTIONS] FILE\n"+
"\n"+
"Options:\n", myName)
flag.PrintDefaults()
fmt.Fprintf(os.Stderr, "\n"+
"Examples:\n"+
" gocryptfs-xray myfs/mCXnISiv7nEmyc0glGuhTQ\n"+
" gocryptfs-xray -dumpmasterkey myfs/gocryptfs.conf\n")
os.Exit(1)
}
fn := flag.Arg(0)
fd, err := os.Open(fn)
if err != nil {
errExit(err)
}
defer fd.Close()
if *dumpmasterkey {
dumpMasterKey(fn)
} else {
inspectCiphertext(fd)
}
}
func dumpMasterKey(fn string) {
tlog.Info.Enabled = false
pw := readpassword.Once("")
masterkey, _, err := configfile.LoadConfFile(fn, pw)
if err != nil {
fmt.Fprintln(os.Stderr, err)
exitcodes.Exit(err)
}
fmt.Println(hex.EncodeToString(masterkey))
for i := range pw {
pw[i] = 0
}
}
func inspectCiphertext(fd *os.File) {
headerBytes := make([]byte, contentenc.HeaderLen)
n, err := fd.ReadAt(headerBytes, 0)
if err == io.EOF && n == 0 {
fmt.Println("empty file")
os.Exit(0)
} else if err == io.EOF {
fmt.Printf("incomplete file header: read %d bytes, want %d\n", n, contentenc.HeaderLen)
os.Exit(1)
} else if err != nil {
errExit(err)
}
header, err := contentenc.ParseHeader(headerBytes)
if err != nil {
errExit(err)
}
prettyPrintHeader(header)
var i int64
for i = 0; ; i++ {
blockLen := int64(blockSize)
off := contentenc.HeaderLen + i*blockSize
iv := make([]byte, ivLen)
_, err := fd.ReadAt(iv, off)
if err == io.EOF {
break
} else if err != nil {
errExit(err)
}
tag := make([]byte, cryptocore.AuthTagLen)
_, err = fd.ReadAt(tag, off+blockSize-cryptocore.AuthTagLen)
if err == io.EOF {
fi, err2 := fd.Stat()
if err2 != nil {
errExit(err2)
}
_, err2 = fd.ReadAt(tag, fi.Size()-cryptocore.AuthTagLen)
if err2 != nil {
errExit(err2)
}
blockLen = (fi.Size() - contentenc.HeaderLen) % blockSize
} else if err != nil {
errExit(err)
}
fmt.Printf("Block %2d: IV: %s, Tag: %s, Offset: %5d Len: %d\n",
i, hex.EncodeToString(iv), hex.EncodeToString(tag), off, blockLen)
}
}
|