rebase: bump github.com/google/fscrypt from 0.3.3 to 0.3.4

Bumps [github.com/google/fscrypt](https://github.com/google/fscrypt) from 0.3.3 to 0.3.4.
- [Release notes](https://github.com/google/fscrypt/releases)
- [Changelog](https://github.com/google/fscrypt/blob/master/NEWS.md)
- [Commits](https://github.com/google/fscrypt/compare/v0.3.3...v0.3.4)

---
updated-dependencies:
- dependency-name: github.com/google/fscrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-02-20 14:30:55 +00:00 committed by mergify[bot]
parent 991c21f7fd
commit f84d43c6d1
13 changed files with 852 additions and 441 deletions

2
go.mod
View File

@ -14,7 +14,7 @@ require (
github.com/csi-addons/spec v0.1.2-0.20221101132540-98eff76b0ff8
github.com/gemalto/kmip-go v0.0.8
github.com/golang/protobuf v1.5.2
github.com/google/fscrypt v0.3.3
github.com/google/fscrypt v0.3.4
github.com/google/uuid v1.3.0
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0

13
go.sum
View File

@ -67,6 +67,7 @@ github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRY
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@ -220,6 +221,7 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
@ -422,8 +424,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
github.com/google/fscrypt v0.3.3 h1:qwx9OCR/xZE68VGr/r0/yugFhlGpIOGsH9JHrttP7vc=
github.com/google/fscrypt v0.3.3/go.mod h1:H1JHtH8BVe0dYNhzx1Ztkn3azQ0OBdoOmM828vEWAXc=
github.com/google/fscrypt v0.3.4 h1:XGSVMIsQFooj82aRRfYn3JpgU/4fOTnzXPnjhxC8uH8=
github.com/google/fscrypt v0.3.4/go.mod h1:BRpw7vaeDitXGRvXa281i/ivQszAdBIiUYDWHjVTkcs=
github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
@ -1010,6 +1012,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad/go.mod h1:Hy8o65+MXnS6EwGElrSRjUzQDLXreJlzYLlWiHtt8hM=
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
@ -1114,6 +1117,7 @@ golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220408190544-5352b0902921/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
@ -1128,6 +1132,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -1343,7 +1348,6 @@ golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210422114643-f5beecf764ed/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
@ -1395,7 +1399,6 @@ golang.org/x/tools v0.0.0-20190718200317-82a3ea8a504c/go.mod h1:jcCCGcm9btYwXyDq
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191025023517-2077df36852e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@ -1440,6 +1443,7 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -1673,6 +1677,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.3.0/go.mod h1:vlRD9XErLMGT+mDuofSr0mMMquscM/1nQqtRSsh6m70=
k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ=
k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=

View File

@ -29,6 +29,7 @@ import (
"time"
"golang.org/x/sys/unix"
"google.golang.org/protobuf/proto"
"github.com/google/fscrypt/crypto"
"github.com/google/fscrypt/filesystem"
@ -186,11 +187,17 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
log.Printf("Finding hashing costs that take %v\n", target)
// Start out with the minimal possible costs that use all the CPUs.
nCPUs := int64(runtime.NumCPU())
parallelism := int64(runtime.NumCPU())
// golang.org/x/crypto/argon2 only supports parallelism up to 255.
// For compatibility, don't use more than that amount.
if parallelism > metadata.MaxParallelism {
parallelism = metadata.MaxParallelism
}
costs := &metadata.HashingCosts{
Time: 1,
Memory: 8 * nCPUs,
Parallelism: nCPUs,
Time: 1,
Memory: 8 * parallelism,
Parallelism: parallelism,
TruncationFixed: true,
}
// If even the minimal costs are not fast enough, just return the
@ -210,7 +217,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
memoryKiBLimit := memoryBytesLimit() / 1024
for {
// Store a copy of the previous costs
costsPrev := *costs
costsPrev := proto.Clone(costs).(*metadata.HashingCosts)
tPrev := t
// Double the memory up to the max, then double the time.
@ -223,7 +230,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
// If our hashing failed, return the last good set of costs.
if t, err = timeHashingCosts(costs); err != nil {
log.Printf("Hashing with costs={%v} failed: %v\n", costs, err)
return &costsPrev, nil
return costsPrev, nil
}
log.Printf("Costs={%v}\t-> %v\n", costs, t)
@ -232,9 +239,10 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
if t >= target {
f := float64(target-tPrev) / float64(t-tPrev)
return &metadata.HashingCosts{
Time: betweenCosts(costsPrev.Time, costs.Time, f),
Memory: betweenCosts(costsPrev.Memory, costs.Memory, f),
Parallelism: costs.Parallelism,
Time: betweenCosts(costsPrev.Time, costs.Time, f),
Memory: betweenCosts(costsPrev.Memory, costs.Memory, f),
Parallelism: costs.Parallelism,
TruncationFixed: costs.TruncationFixed,
}, nil
}
}

View File

@ -25,8 +25,8 @@ import (
"os"
"os/user"
"github.com/golang/protobuf/proto"
"github.com/pkg/errors"
"google.golang.org/protobuf/proto"
"github.com/google/fscrypt/crypto"
"github.com/google/fscrypt/filesystem"

View File

@ -23,6 +23,8 @@ import (
"os"
"strconv"
"google.golang.org/protobuf/proto"
"github.com/google/fscrypt/crypto"
"github.com/google/fscrypt/metadata"
"github.com/google/fscrypt/util"
@ -31,10 +33,10 @@ import (
// modifiedContextWithSource returns a copy of ctx with the protector source
// replaced by source.
func modifiedContextWithSource(ctx *Context, source metadata.SourceType) *Context {
modifiedConfig := *ctx.Config
modifiedConfig := proto.Clone(ctx.Config).(*metadata.Config)
modifiedConfig.Source = source
modifiedCtx := *ctx
modifiedCtx.Config = &modifiedConfig
modifiedCtx.Config = modifiedConfig
return &modifiedCtx
}

View File

@ -35,7 +35,6 @@ package filesystem
import (
"fmt"
"io"
"io/ioutil"
"log"
"os"
"os/user"
@ -45,9 +44,9 @@ import (
"syscall"
"time"
"github.com/golang/protobuf/proto"
"github.com/pkg/errors"
"golang.org/x/sys/unix"
"google.golang.org/protobuf/proto"
"github.com/google/fscrypt/metadata"
"github.com/google/fscrypt/util"
@ -335,7 +334,7 @@ func (m *Mount) PolicyPath(descriptor string) string {
// directory and returns a temporary Mount which represents this temporary
// directory. The caller is responsible for removing this temporary directory.
func (m *Mount) tempMount() (*Mount, error) {
tempDir, err := ioutil.TempDir(filepath.Dir(m.BaseDir()), tempPrefix)
tempDir, err := os.MkdirTemp(filepath.Dir(m.BaseDir()), tempPrefix)
return &Mount{Path: tempDir}, err
}
@ -393,7 +392,7 @@ func (m *Mount) isFscryptSetupAllowed() bool {
return true
}
switch m.FilesystemType {
case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs":
case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs", "lustre":
return true
default:
return false
@ -635,7 +634,7 @@ func (m *Mount) writeData(path string, data []byte, owner *user.User, mode os.Fi
// Write the data to a temporary file, sync it, then rename into place
// so that the operation will be atomic.
dirPath := filepath.Dir(path)
tempFile, err := ioutil.TempFile(dirPath, tempPrefix)
tempFile, err := os.CreateTemp(dirPath, tempPrefix)
if err != nil {
log.Print(err)
if os.IsPermission(err) {
@ -767,7 +766,7 @@ func readMetadataFileSafe(path string, trustedUser *user.User) ([]byte, int64, e
}
// Read the file contents, allowing at most maxMetadataFileSize bytes.
reader := &io.LimitedReader{R: file, N: maxMetadataFileSize + 1}
data, err := ioutil.ReadAll(reader)
data, err := io.ReadAll(reader)
if err != nil {
return nil, -1, err
}

View File

@ -25,7 +25,6 @@ import (
"bufio"
"fmt"
"io"
"io/ioutil"
"log"
"os"
"path/filepath"
@ -537,11 +536,15 @@ func getMountFromLink(link string) (*Mount, error) {
}
func (mnt *Mount) getFilesystemUUID() (string, error) {
dirContents, err := ioutil.ReadDir(uuidDirectory)
dirEntries, err := os.ReadDir(uuidDirectory)
if err != nil {
return "", err
}
for _, fileInfo := range dirContents {
for _, dirEntry := range dirEntries {
fileInfo, err := dirEntry.Info()
if err != nil {
continue
}
if fileInfo.Mode()&os.ModeSymlink == 0 {
continue // Only interested in UUID symlinks
}

View File

@ -20,8 +20,11 @@
package metadata
import (
"github.com/golang/protobuf/proto"
"log"
"math"
"github.com/pkg/errors"
"google.golang.org/protobuf/proto"
"github.com/google/fscrypt/util"
)
@ -57,20 +60,37 @@ func (s SourceType) CheckValidity() error {
return nil
}
// MaxParallelism is the maximum allowed value for HashingCosts.Parallelism.
const MaxParallelism = math.MaxUint8
// CheckValidity ensures the hash costs will be accepted by Argon2.
func (h *HashingCosts) CheckValidity() error {
if h == nil {
return errNotInitialized
}
if h.Time <= 0 {
return errors.Errorf("time=%d is not positive", h.Time)
minP := int64(1)
p := uint8(h.Parallelism)
if h.Parallelism < minP || h.Parallelism > MaxParallelism {
if h.TruncationFixed || p == 0 {
return errors.Errorf("parallelism cost %d is not in range [%d, %d]",
h.Parallelism, minP, MaxParallelism)
}
// Previously we unconditionally casted costs.Parallelism to a uint8,
// so we replicate this behavior for backwards compatibility.
log.Printf("WARNING: Truncating parallelism cost of %d to %d", h.Parallelism, p)
}
if h.Parallelism <= 0 {
return errors.Errorf("parallelism=%d is not positive", h.Parallelism)
minT := int64(1)
maxT := int64(math.MaxUint32)
if h.Time < minT || h.Time > maxT {
return errors.Errorf("time cost %d is not in range [%d, %d]", h.Time, minT, maxT)
}
minMemory := 8 * h.Parallelism
if h.Memory < minMemory {
return errors.Errorf("memory=%d is less than minimum (%d)", h.Memory, minMemory)
minM := 8 * int64(p)
maxM := int64(math.MaxUint32)
if h.Memory < minM || h.Memory > maxM {
return errors.Errorf("memory cost %d KiB is not in range [%d, %d]", h.Memory, minM, maxM)
}
return nil
}

View File

@ -29,31 +29,39 @@ package metadata
import (
"io"
"github.com/golang/protobuf/jsonpb"
"google.golang.org/protobuf/encoding/protojson"
)
// WriteConfig outputs the Config data as nicely formatted JSON
func WriteConfig(config *Config, out io.Writer) error {
m := jsonpb.Marshaler{
EmitDefaults: true,
EnumsAsInts: false,
Indent: "\t",
OrigName: true,
m := protojson.MarshalOptions{
Multiline: true,
Indent: "\t",
UseProtoNames: true,
UseEnumNumbers: false,
EmitUnpopulated: true,
}
if err := m.Marshal(out, config); err != nil {
bytes, err := m.Marshal(config)
if err != nil {
return err
}
_, err := out.Write([]byte{'\n'})
if _, err = out.Write(bytes); err != nil {
return err
}
_, err = out.Write([]byte{'\n'})
return err
}
// ReadConfig writes the JSON data into the config structure
func ReadConfig(in io.Reader) (*Config, error) {
config := new(Config)
// Allow (and ignore) unknown fields for forwards compatibility.
u := jsonpb.Unmarshaler{
AllowUnknownFields: true,
bytes, err := io.ReadAll(in)
if err != nil {
return nil, err
}
return config, u.Unmarshal(in, config)
config := new(Config)
// Discard unknown fields for forwards compatibility.
u := protojson.UnmarshalOptions{
DiscardUnknown: true,
}
return config, u.Unmarshal(bytes, config)
}

File diff suppressed because it is too large Load Diff

View File

@ -19,15 +19,20 @@
* the License.
*/
// If you modify this file, be sure to run "go generate" on this package.
// If the *.proto file is modified, be sure to run "make gen" (at the project
// root) to recreate the *.pb.go file.
syntax = "proto3";
package metadata;
option go_package = "github.com/google/fscrypt/metadata";
// Cost parameters to be used in our hashing functions.
message HashingCosts {
int64 time = 2;
int64 memory = 3;
int64 parallelism = 4;
// If true, parallelism should no longer be truncated to 8 bits.
bool truncation_fixed = 5;
}
// This structure is used for our authenticated wrapping/unwrapping of keys.
@ -73,6 +78,7 @@ message EncryptionOptions {
AES_128_CBC = 5;
AES_128_CTS = 6;
Adiantum = 9;
AES_256_HCTR2 = 10;
}
Mode contents = 2;

View File

@ -94,7 +94,7 @@ func (err *ErrNotEncrypted) Error() string {
return fmt.Sprintf("file or directory %q is not encrypted", err.Path)
}
func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
func getPolicyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), request, uintptr(arg))
if errno == 0 {
return nil
@ -102,6 +102,19 @@ func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
return errno
}
func setPolicy(file *os.File, arg unsafe.Pointer) error {
_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), unix.FS_IOC_SET_ENCRYPTION_POLICY, uintptr(arg))
if errno != 0 {
return errno
}
if err := file.Sync(); err != nil {
return err
}
return nil
}
// Maps EncryptionOptions.Padding <-> FSCRYPT_POLICY_FLAGS
var (
paddingArray = []int64{4, 8, 16, 32}
@ -159,10 +172,10 @@ func GetPolicy(path string) (*PolicyData, error) {
var arg unix.FscryptGetPolicyExArg
arg.Size = uint64(unsafe.Sizeof(arg.Policy))
policyPtr := util.Ptr(arg.Policy[:])
err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
if err == unix.ENOTTY {
// Fall back to the old version of the ioctl. This works for v1 policies only.
err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
arg.Size = uint64(unsafe.Sizeof(unix.FscryptPolicyV1{}))
}
switch err {
@ -235,7 +248,7 @@ func setV1Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
}
copy(policy.Master_key_descriptor[:], descriptorBytes)
return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
return setPolicy(file, unsafe.Pointer(&policy))
}
func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []byte) error {
@ -252,7 +265,7 @@ func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
}
copy(policy.Master_key_identifier[:], descriptorBytes)
return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
return setPolicy(file, unsafe.Pointer(&policy))
}
// SetPolicy sets up the specified directory to be encrypted with the specified
@ -332,7 +345,7 @@ func CheckSupport(path string) error {
Flags: math.MaxUint8,
}
err = policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&badPolicy))
err = setPolicy(file, unsafe.Pointer(&badPolicy))
switch err {
case nil:
log.Panicf(`FS_IOC_SET_ENCRYPTION_POLICY succeeded when it should have failed.

4
vendor/modules.txt vendored
View File

@ -228,8 +228,8 @@ github.com/golang/protobuf/ptypes/wrappers
# github.com/golang/snappy v0.0.4
## explicit
github.com/golang/snappy
# github.com/google/fscrypt v0.3.3
## explicit; go 1.11
# github.com/google/fscrypt v0.3.4
## explicit; go 1.16
github.com/google/fscrypt/actions
github.com/google/fscrypt/crypto
github.com/google/fscrypt/filesystem