gocryptfs/internal/fusefrontend_reverse, branch v1.4.1

gocryptfs/internal/fusefrontend_reverse, branch v1.4.1 Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=v1.4.1 2017-08-11T17:02:26+00:00 main: purge masterkey from memory as soon as possible 2017-08-11T17:02:26+00:00 Jakob Unterwurzacher 2017-08-11T16:42:30+00:00 urn:sha1:0c520845f3623eff28f0277a52e3ccffd928f5c2 Remove the "Masterkey" field from fusefrontend.Args because it should not be stored longer than neccessary. Instead pass the masterkey as a separate argument to the filesystem initializers. Then overwrite it with zeros immediately so we don't have to wait for garbage collection. Note that the crypto implementation still stores at least a masterkey-derived value, so this change makes it harder, but not impossible, to extract the encryption keys from memory. Suggested at https://github.com/rfjakob/gocryptfs/issues/137 nametransform: add Dir() function 2017-08-06T21:14:39+00:00 Jakob Unterwurzacher 2017-08-06T21:12:27+00:00 urn:sha1:75ec94a87a52a7230c9b7d9b3e150a0da2725e58 Dir is like filepath.Dir but returns "" instead of ".". This was already implemented in fusefrontend_reverse as saneDir(). We will need it in nametransform for the improved diriv caching. fusefronted_reverse: fix ino collision between .name and .diriv files 2017-07-29T14:15:49+00:00 Jakob Unterwurzacher 2017-07-29T14:13:38+00:00 urn:sha1:d12aa577156101a1c6a05765de751f0a54b58aa8 A directory with a long name has two associated virtual files: the .name file and the .diriv files. These used to get the same inode number: $ ls -di1 * */* 33313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw 1000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw/gocryptfs.diriv 1000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw.name With this change we use another prefix (2 instead of 1) for .name files. $ ls -di1 * */* 33313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw 1000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw/gocryptfs.diriv 2000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw.name fusefrontend_reverse: return ENOENT for undecryptable names 2017-07-27T18:31:22+00:00 Jakob Unterwurzacher 2017-07-27T18:31:22+00:00 urn:sha1:d5133ca5ac4f241ff22ef145a3605a9fdb341bb6 This was working until DecryptName switched to returning EBADMSG instead of EINVAL. Add a test to catch the regression next time. Implement force_owner option to display ownership as a specific user. 2017-05-31T22:26:17+00:00 Charles Duffy 2017-05-30T21:01:06+00:00 urn:sha1:cf1ded5236157e2f9ec06eeea26023b67b40f16d pathiv: move block IV algorithm into this package 2017-05-30T15:04:46+00:00 Jakob Unterwurzacher 2017-05-28T18:43:48+00:00 urn:sha1:9a217ce786581ee7ec18b27e46f0096763c85f9e This was implemented in fusefrontend_reverse, but we need it in fusefrontend as well. Move the algorithm into pathiv.BlockIV(). pathiv: move derivedIVContainer into the package 2017-05-30T15:04:46+00:00 Jakob Unterwurzacher 2017-05-28T16:33:05+00:00 urn:sha1:d202a456f56ec9923626ef6839254d40f2c8ee37 ...under the new name "FileIVs". This will also be used by forward mode. fusefrontend_reverse: move pathiv to its own package 2017-05-30T15:04:46+00:00 Jakob Unterwurzacher 2017-05-28T16:09:02+00:00 urn:sha1:857507e8b100626ae0471fae793efc52bf552821 We will also need it in forward mode. fusefrontend_reverse: store derived values for hard-linked files 2017-05-25T19:33:16+00:00 Jakob Unterwurzacher 2017-05-25T19:33:16+00:00 urn:sha1:9ecf2d1a3f69e3d995012073afe3fc664bd928f2 With hard links, the path to a file is not unique. This means that the ciphertext data depends on the path that is used to access the files. Fix that by storing the derived values when we encounter a hard-linked file. This means that the first path wins. fix golint complaints 2017-04-29T12:50:58+00:00 Jakob Unterwurzacher 2017-04-29T12:50:58+00:00 urn:sha1:edb3e19cb5543c580261052395d461fa47c7cf58