MCPcopy
hub / github.com/syncthing/syncthing / ccCheckEncryption

Method ccCheckEncryption

lib/model/model.go:1528–1631  ·  view source on GitHub ↗
(fcfg config.FolderConfiguration, folderDevice config.FolderDeviceConfiguration, ccDeviceInfos *clusterConfigDeviceInfo, deviceUntrusted bool)

Source from the content-addressed store, hash-verified

1526}
1527
1528func (m *model) ccCheckEncryption(fcfg config.FolderConfiguration, folderDevice config.FolderDeviceConfiguration, ccDeviceInfos *clusterConfigDeviceInfo, deviceUntrusted bool) error {
1529 hasTokenRemote := len(ccDeviceInfos.remote.EncryptionPasswordToken) > 0
1530 hasTokenLocal := len(ccDeviceInfos.local.EncryptionPasswordToken) > 0
1531 isEncryptedRemote := folderDevice.EncryptionPassword != ""
1532 isEncryptedLocal := fcfg.Type == config.FolderTypeReceiveEncrypted
1533
1534 if !isEncryptedRemote && !isEncryptedLocal && deviceUntrusted {
1535 return errEncryptionNotEncryptedUntrusted
1536 }
1537
1538 if !(hasTokenRemote || hasTokenLocal || isEncryptedRemote || isEncryptedLocal) {
1539 // No one cares about encryption here
1540 return nil
1541 }
1542
1543 if isEncryptedRemote && isEncryptedLocal {
1544 // Should never happen, but config raciness and be safe.
1545 return errEncryptionInvConfigLocal
1546 }
1547
1548 if hasTokenRemote && hasTokenLocal {
1549 return errEncryptionInvConfigRemote
1550 }
1551
1552 if !(hasTokenRemote || hasTokenLocal) {
1553 if isEncryptedRemote {
1554 return errEncryptionPlainForRemoteEncrypted
1555 } else {
1556 return errEncryptionPlainForReceiveEncrypted
1557 }
1558 }
1559
1560 if !(isEncryptedRemote || isEncryptedLocal) {
1561 return errEncryptionNotEncryptedLocal
1562 }
1563
1564 if isEncryptedRemote {
1565 passwordToken := protocol.PasswordToken(m.keyGen, fcfg.ID, folderDevice.EncryptionPassword)
1566 var match bool
1567 if hasTokenLocal {
1568 match = bytes.Equal(passwordToken, ccDeviceInfos.local.EncryptionPasswordToken)
1569 } else {
1570 // hasTokenRemote == true
1571 match = bytes.Equal(passwordToken, ccDeviceInfos.remote.EncryptionPasswordToken)
1572 }
1573 if !match {
1574 return errEncryptionPassword
1575 }
1576 return nil
1577 }
1578
1579 // isEncryptedLocal == true
1580
1581 var ccToken []byte
1582 if hasTokenLocal {
1583 ccToken = ccDeviceInfos.local.EncryptionPasswordToken
1584 } else {
1585 // hasTokenRemote == true

Callers 2

ccHandleFoldersMethod · 0.95
TestCcCheckEncryptionFunction · 0.80

Calls 9

sendClusterConfigMethod · 0.95
PasswordTokenFunction · 0.92
IsNotExistFunction · 0.92
readEncryptionTokenFunction · 0.85
redactPathErrorFunction · 0.85
writeEncryptionTokenFunction · 0.85
UnlockMethod · 0.80
DeviceIDsMethod · 0.80
EqualMethod · 0.45

Tested by 1

TestCcCheckEncryptionFunction · 0.64