1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
package configfile
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/toggledlog"
)
import "os"
const (
// The dot "." is not used in base64url (RFC4648), hence
// we can never clash with an encrypted file.
ConfDefaultName = "gocryptfs.conf"
)
type ConfFile struct {
// gocryptfs version string
// This only documents the config file for humans who look at it. The actual
// technical info is contained in FeatureFlags.
Creator string
// Encrypted AES key, unlocked using a password hashed with scrypt
EncryptedKey []byte
// Stores parameters for scrypt hashing (key derivation)
ScryptObject scryptKdf
// The On-Disk-Format version this filesystem uses
Version uint16
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
// File the config is saved to. Not exported to JSON.
filename string
}
// CreateConfFile - create a new config with a random key encrypted with
// "password" and write it to "filename".
// Uses scrypt with cost parameter logN.
func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string) error {
var cf ConfFile
cf.filename = filename
cf.Creator = creator
cf.Version = contentenc.CurrentVersion
// Generate new random master key
key := cryptocore.RandBytes(cryptocore.KeyLen)
// Encrypt it using the password
// This sets ScryptObject and EncryptedKey
cf.EncryptKey(key, password, logN)
// Set feature flags
cf.FeatureFlags = append(cf.FeatureFlags, FlagGCMIV128)
if plaintextNames {
cf.FeatureFlags = append(cf.FeatureFlags, FlagPlaintextNames)
} else {
cf.FeatureFlags = append(cf.FeatureFlags, FlagDirIV)
cf.FeatureFlags = append(cf.FeatureFlags, FlagEMENames)
cf.FeatureFlags = append(cf.FeatureFlags, FlagLongNames)
}
// Write file to disk
return cf.WriteFile()
}
// LoadConfFile - read config file from disk and decrypt the
// contained key using password.
//
// Returns the decrypted key and the ConfFile object
func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
var cf ConfFile
cf.filename = filename
// Read from disk
js, err := ioutil.ReadFile(filename)
if err != nil {
return nil, nil, err
}
// Unmarshal
err = json.Unmarshal(js, &cf)
if err != nil {
toggledlog.Warn.Printf("Failed to unmarshal config file")
return nil, nil, err
}
if cf.Version != contentenc.CurrentVersion {
return nil, nil, fmt.Errorf("Unsupported on-disk format %d", cf.Version)
}
for _, flag := range cf.FeatureFlags {
if cf.isFeatureFlagKnown(flag) == false {
return nil, nil, fmt.Errorf("Unsupported feature flag %s", flag)
}
}
// Generate derived key from password
scryptHash := cf.ScryptObject.DeriveKey(password)
// Unlock master key using password-based key
// We use stock go GCM instead of OpenSSL here as we only use 96-bit IVs,
// speed is not important and we get better error messages
cc := cryptocore.New(scryptHash, false, false)
ce := contentenc.New(cc, 4096)
key, err := ce.DecryptBlock(cf.EncryptedKey, 0, nil)
if err != nil {
toggledlog.Warn.Printf("failed to unlock master key: %s", err.Error())
toggledlog.Warn.Printf("Password incorrect.")
return nil, nil, err
}
return key, &cf, nil
}
// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
// and store it in cf.EncryptedKey.
// Uses scrypt with cost parameter logN and stores the scrypt parameters in
// cf.ScryptObject.
func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
// Generate derived key from password
cf.ScryptObject = NewScryptKdf(logN)
scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key
cc := cryptocore.New(scryptHash, false, false)
ce := contentenc.New(cc, 4096)
cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
}
// WriteFile - write out config in JSON format to file "filename.tmp"
// then rename over "filename".
// This way a password change atomically replaces the file.
func (cf *ConfFile) WriteFile() error {
tmp := cf.filename + ".tmp"
// 0400 permissions: gocryptfs.conf should be kept secret and never be written to.
fd, err := os.OpenFile(tmp, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
if err != nil {
return err
}
js, err := json.MarshalIndent(cf, "", "\t")
if err != nil {
return err
}
_, err = fd.Write(js)
if err != nil {
return err
}
err = fd.Sync()
if err != nil {
return err
}
err = fd.Close()
if err != nil {
return err
}
err = os.Rename(tmp, cf.filename)
if err != nil {
return err
}
return nil
}
const (
// Understood Feature Flags.
// Also teach isFeatureFlagKnown() about any additions and
// add it to CreateConfFile() if you want to have it enabled by default.
FlagPlaintextNames = "PlaintextNames"
FlagDirIV = "DirIV"
FlagEMENames = "EMENames"
FlagGCMIV128 = "GCMIV128"
FlagLongNames = "LongNames"
)
// Verify that we understand a feature flag
func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
switch flag {
case FlagPlaintextNames, FlagDirIV, FlagEMENames, FlagGCMIV128, FlagLongNames:
return true
default:
return false
}
}
// isFeatureFlagSet - is the feature flag "flagWant" enabled?
func (cf *ConfFile) IsFeatureFlagSet(flagWant string) bool {
if !cf.isFeatureFlagKnown(flagWant) {
log.Panicf("BUG: Tried to use unsupported feature flag %s", flagWant)
}
for _, flag := range cf.FeatureFlags {
if flag == flagWant {
return true
}
}
return false
}
|