gocryptfs/internal/fusefrontend, branch detMirror of gocryptfs source code on Githubhttp://nuetzlich.net/cgit/gocryptfs/atom?h=det2017-05-28T18:44:54+00:00fusefrontend: aessiv: enable deterministiv file id and block iv2017-05-28T18:44:54+00:00Jakob Unterwurzacher2017-05-28T18:44:54+00:00urn:sha1:791c78b203be199960274053ea2b1d44c63b07c6
Seems to work ok:
$ echo aaaaaaaaaaaaaaaaaaa > b/foo
$ gocryptfs-xray a/LAh7EiK-kjleJhStVZ1JGg
Header: Version: 2, Id: 8d76d368438112fb00cb807fa8210a74
Block 0: IV: b05bb152f77816678230885d09a4a596, Tag: c1c7d580fe01dd1eb543efd9d8eda8ad, Offset: 18 Len: 52
$ > b/foo
$ echo aaaaaaaaaaaaaaaaaaa > b/foo
$ gocryptfs-xray a/LAh7EiK-kjleJhStVZ1JGg
Header: Version: 2, Id: 8d76d368438112fb00cb807fa8210a74
Block 0: IV: b05bb152f77816678230885d09a4a596, Tag: c1c7d580fe01dd1eb543efd9d8eda8ad, Offset: 18 Len: 52
Deterministic diriv generation is still missing.
Part of https://github.com/rfjakob/gocryptfs/issues/108
nametransform: harden name decryption against invalid input2017-05-23T19:26:38+00:00Jakob Unterwurzacher2017-05-23T18:46:24+00:00urn:sha1:e827763f2e6226d9f5778d56c28270264950c0f5
This fixes a few issues I have found reviewing the code:
1) Limit the amount of data ReadLongName() will read. Previously,
you could send gocryptfs into out-of-memory by symlinking
gocryptfs.diriv to /dev/zero.
2) Handle the empty input case in unPad16() by returning an
error. Previously, it would panic with an out-of-bounds array
read. It is unclear to me if this could actually be triggered.
3) Reject empty names after base64-decoding in DecryptName().
An empty name crashes emeCipher.Decrypt().
It is unclear to me if B64.DecodeString() can actually return
a non-error empty result, but let's guard against it anyway.
fusefrontend: implement path decryption via ctlsock2017-05-07T19:01:39+00:00Jakob Unterwurzacher2017-05-07T19:01:39+00:00urn:sha1:ad7942f434fea567f24458e67a0919291b5ec8dd
Closes https://github.com/rfjakob/gocryptfs/issues/84 .
nametranform, fusefrontend: better errors on invalid names2017-05-07T18:58:27+00:00Jakob Unterwurzacher2017-05-07T18:58:27+00:00urn:sha1:26881538e1753e613b4143b28fa339812a9a6d16
nametransform.DecryptName() now always returns syscall.EBADMSG if
the name was invalid.
fusefrontend.OpenDir error messages have been normalized.
fusefrontend: log "too many open files" errors2017-05-03T21:46:52+00:00Jakob Unterwurzacher2017-05-03T21:46:52+00:00urn:sha1:c52e1abc5869dd27a28f71ff43ec4e1c1917acf4
This usually indicates that the open file limit for gocryptfs is
too low. We should report this to the user.
openfiletable: rename WriteLock to ContentLock2017-05-01T19:57:18+00:00Jakob Unterwurzacher2017-05-01T19:57:18+00:00urn:sha1:fb3cc6ea407b83e4e1acf4e1a80e3b7d09c5b1db
...and IDLock to HeaderLock. This matches what the locks actually
protect.
fusefrontend: rely on nodefs.defaultFile for no-op functions2017-05-01T17:12:37+00:00Jakob Unterwurzacher2017-05-01T17:12:37+00:00urn:sha1:f322ee87e31a6ceb04c25fa62dcde4df6e45f92a
Now that we embed nodefs.NewDefaultFile(), we can drop our own
no-ops.
fusefrontend: drop writeOnly flag2017-05-01T15:49:37+00:00Jakob Unterwurzacher2017-05-01T15:49:37+00:00urn:sha1:9ab11aa4d775f7c1242e8b044cc2f8957cc2c784
We do not have to track the writeOnly status because the kernel
will not forward read requests on a write-only FD to us anyway.
I have verified this behavoir manually on a 4.10.8 kernel and also
added a testcase.
fusefronted, openfiletable: move the open file table to its own package2017-05-01T15:26:50+00:00Jakob Unterwurzacher2017-05-01T15:26:50+00:00urn:sha1:514f515dd7196e26ca8df6886ac4a34e928e50dd
The open file table code needs some room to grow for the upcoming
FD multiplexing implementation.
fusefrontend: rename write_lock.go -> open_file_table.go2017-04-29T20:24:38+00:00Jakob Unterwurzacher2017-04-02T19:32:01+00:00urn:sha1:863c3ca36fe756767ad2f86348a0646f2e7a09a5
The data structure was originally called write lock table, but
is now simply called the open file table. Rename the file to
reflect that.