Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=LockSharedStorage 2023-01-08T21:17:14+00:00 2023-01-08T21:17:14+00:00 Jakob Unterwurzacher 2023-01-08T21:15:39+00:00 urn:sha1:88bc0aa60748405db94410c8f149e62683638f80 Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ , and add benchmarks to double-check the numbers. They match. 2021-11-01T13:44:32+00:00 Jakob Unterwurzacher 2021-11-01T13:44:32+00:00 urn:sha1:d530fbd400c88fa54c856d958963d77669ac9cf2 Quoting fusefrontend_reverse/node_helpers.go : // File names are padded to 16-byte multiples, encrypted and // base64-encoded. We can encode at most 176 bytes to stay below the 255 // bytes limit: // * base64(176 bytes) = 235 bytes // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427 2021-10-21T13:58:19+00:00 Jakob Unterwurzacher 2021-10-21T13:58:19+00:00 urn:sha1:d14c9340d6fb473e9837e91db8b6e869c37ad8e5 Fixes https://github.com/rfjakob/gocryptfs/issues/499 2021-10-21T12:55:30+00:00 Jakob Unterwurzacher 2021-10-21T07:58:37+00:00 urn:sha1:d583bdb79e6f05bce2451a7e220e553209da4c1d Feature flag + numeric paramater https://github.com/rfjakob/gocryptfs/issues/499 2021-10-21T12:55:30+00:00 Jakob Unterwurzacher 2021-10-21T12:47:29+00:00 urn:sha1:a652be805e1562948aff4dc232bd1c516ff01d00 Because switch only matches once, we could have missed invalid cases. Replace the switch statements with a straight if rake. 2021-09-10T10:14:19+00:00 Jakob Unterwurzacher 2021-09-10T10:14:19+00:00 urn:sha1:d023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility) 2021-08-30T09:31:01+00:00 Jakob Unterwurzacher 2021-08-30T09:31:01+00:00 urn:sha1:34d8a498c4899b1493f7bea16c22486d6725c9b1 Commit 69d88505fd7f4cb0d9e4f1918de296342fe05858 go mod: declare module version v2 translated all instances of "github.com/rfjakob/gocryptfs/" to "github.com/rfjakob/gocryptfs/v2/". Unfortunately, this included hyperlinks. Unbreak the hyperlinks like this: find . -name \*.go | xargs sed -i s%https://github.com/rfjakob/gocryptfs/v2/%https://github.com/rfjakob/gocryptfs/v2/% 2021-08-25T10:39:17+00:00 Jakob Unterwurzacher 2021-08-25T10:36:38+00:00 urn:sha1:61ef6b00a675456ee05d40f1ce44d693bc4be350 Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596 2021-08-23T20:10:23+00:00 Jakob Unterwurzacher 2021-08-23T20:10:23+00:00 urn:sha1:806334eacf2e50d712844761aca2b11014ec99df Have the information in one centralized place, and access it from main as needed. 2021-08-23T14:00:41+00:00 Jakob Unterwurzacher 2021-08-21T19:43:26+00:00 urn:sha1:97d8340bd81ddd60baac598d3e25ebfb4decb50c We used to do validation using lists of mandatory feature flags. With the introduction of XChaCha20Poly1305, this became too simplistic, as it uses a different IV length, hence disabling GCMIV128. Add a dedicated function, Validate(), with open-coded validation logic. The validation and creation logic also gets XChaCha20Poly1305 support, and gocryptfs -init -xchacha now writes the flag into gocryptfs.conf.