gocryptfs/internal/configfile/feature_flags.go, branch xattr_user

gocryptfs/internal/configfile/feature_flags.go, branch xattr_user_buffer Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=xattr_user_buffer 2021-11-01T13:44:32+00:00 docs: names longer than 175 bytes (not 176) are stored in longnames 2021-11-01T13:44:32+00:00 Jakob Unterwurzacher 2021-11-01T13:44:32+00:00 urn:sha1:d530fbd400c88fa54c856d958963d77669ac9cf2 Quoting fusefrontend_reverse/node_helpers.go : // File names are padded to 16-byte multiples, encrypted and // base64-encoded. We can encode at most 176 bytes to stay below the 255 // bytes limit: // * base64(176 bytes) = 235 bytes // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427 configfile: add LongNameMax support 2021-10-21T12:55:30+00:00 Jakob Unterwurzacher 2021-10-21T07:58:37+00:00 urn:sha1:d583bdb79e6f05bce2451a7e220e553209da4c1d Feature flag + numeric paramater https://github.com/rfjakob/gocryptfs/issues/499 configfile: add Validate() function, support FlagXChaCha20Poly1305 2021-08-23T14:00:41+00:00 Jakob Unterwurzacher 2021-08-21T19:43:26+00:00 urn:sha1:97d8340bd81ddd60baac598d3e25ebfb4decb50c We used to do validation using lists of mandatory feature flags. With the introduction of XChaCha20Poly1305, this became too simplistic, as it uses a different IV length, hence disabling GCMIV128. Add a dedicated function, Validate(), with open-coded validation logic. The validation and creation logic also gets XChaCha20Poly1305 support, and gocryptfs -init -xchacha now writes the flag into gocryptfs.conf. Add partial XChaCha20-Poly1305 support (mount flag only) 2021-08-23T14:00:41+00:00 Jakob Unterwurzacher 2021-08-21T10:08:37+00:00 urn:sha1:4764a9bde093f6b61d0370653c6c9d12949ed145 Mount flag only at the moment, not saved to gocryptfs.conf. https://github.com/rfjakob/gocryptfs/issues/452 -deterministic-names: accept flag on -init 2021-08-20T13:57:40+00:00 Jakob Unterwurzacher 2021-08-20T13:57:40+00:00 urn:sha1:2a9dea2973a6141e8efdf8bd26d8ddb2d2c35fc4 And store it in gocryptfs.conf (=remove DirIV feature flag). Add support for FIDO2 tokens 2020-09-12T16:06:54+00:00 Pavol Rusnak 2020-09-05T20:42:15+00:00 urn:sha1:1e624a4cc3aafa57b5fa213c88bcd3689cefd1c3 remove Trezor support 2019-12-28T18:50:49+00:00 Pavol Rusnak 2019-12-27T21:27:57+00:00 urn:sha1:1364b44ae356da31e24e5605fe73a307e9d6fb03 trezor: add skeleton for Trezor support 2018-07-01T18:56:04+00:00 Jakob Unterwurzacher 2018-06-17T13:25:09+00:00 urn:sha1:c6f6e8ec4d71475a24ebbb0e64f19ad94249efd9 readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. full stack: implement HKDF support 2017-03-05T20:59:55+00:00 Jakob Unterwurzacher 2017-03-05T20:59:55+00:00 urn:sha1:d0bc7970f721cee607d993406d97d32e2c660abe ...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it. configfile: reject the "HKDF" flag for now 2017-03-05T17:16:49+00:00 Jakob Unterwurzacher 2017-03-05T17:16:49+00:00 urn:sha1:4fadcbaf68ce25dcdc7665059f43226f5f9a4da5 This will be re-enabled once it is implemented.