gocryptfs/cryptfs, branch v0.3.1

gocryptfs/cryptfs, branch v0.3.1 Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=v0.3.1 2015-11-01T11:11:36+00:00 Refactor ciphertext <-> plaintext offset translation functions 2015-11-01T11:11:36+00:00 Jakob Unterwurzacher 2015-11-01T11:11:36+00:00 urn:sha1:902babdf22199d73171716e643f1ffbb65e6fb48 Move all the intelligence into the new file address_translation.go. That the calculations were spread out too much became apparent when adding the file header. This should make the code much easier to modify in the future. Add file header (on-disk-format change) 2015-11-01T00:38:27+00:00 Jakob Unterwurzacher 2015-11-01T00:32:33+00:00 urn:sha1:76311b60f2e208dbd93e1e7b6e9794770c14fede Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random *file id* * Each block uses the file id and its block number as GCM *authentication data* * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error. Activate block number authentication 2015-11-01T00:36:19+00:00 Jakob Unterwurzacher 2015-10-20T18:26:52+00:00 urn:sha1:eac1f5421375913b871132d389dc69393a9ac232 main: check directories for existence early 2015-10-11T16:33:28+00:00 Jakob Unterwurzacher 2015-10-11T16:33:28+00:00 urn:sha1:d1d444435cf4351fc50ffd02c203cf4a2209b8e5 This prevents that the user enters the password only to get an error later. Run go fmt 2015-10-07T20:59:36+00:00 Jakob Unterwurzacher 2015-10-07T20:58:22+00:00 urn:sha1:ed1df49af5bb616e5ec34585b20c9c93a96b8088 Add test.bash 2015-10-07T20:09:34+00:00 Jakob Unterwurzacher 2015-10-07T20:08:30+00:00 urn:sha1:440abcbac63a5994d4bac1b5dfcf838aaaefdbd7 ...also adapt the cryptfs tests for 256 bit long keys Implement "gocryptfs --passwd" (pasword changing) 2015-10-07T19:26:17+00:00 Jakob Unterwurzacher 2015-10-07T19:26:17+00:00 urn:sha1:65ba0739d5de756a437e0f840649583fa835a560 Use block number as authentication data 2015-10-06T20:27:37+00:00 Jakob Unterwurzacher 2015-10-06T20:27:37+00:00 urn:sha1:a3d286069f989dd16c6f91930a0df9fedfa2dd64 Switch to AES-256 2015-10-06T18:51:35+00:00 Jakob Unterwurzacher 2015-10-06T18:51:35+00:00 urn:sha1:5c6df490678e7dc1aa7a09425d2fdf14fb13f7be AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe. Implement proper daemonization 2015-10-05T22:31:18+00:00 Jakob Unterwurzacher 2015-10-05T22:29:08+00:00 urn:sha1:022a6968ae0ede1259141e32b8e32553dad7d824 The shell wrapper sends gocryptfs into the background and waits for SIGUSR1