Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=det 2017-05-28T18:44:54+00:00 2017-05-28T18:44:54+00:00 Jakob Unterwurzacher 2017-05-28T18:44:54+00:00 urn:sha1:791c78b203be199960274053ea2b1d44c63b07c6 Seems to work ok: $ echo aaaaaaaaaaaaaaaaaaa > b/foo $ gocryptfs-xray a/LAh7EiK-kjleJhStVZ1JGg Header: Version: 2, Id: 8d76d368438112fb00cb807fa8210a74 Block 0: IV: b05bb152f77816678230885d09a4a596, Tag: c1c7d580fe01dd1eb543efd9d8eda8ad, Offset: 18 Len: 52 $ > b/foo $ echo aaaaaaaaaaaaaaaaaaa > b/foo $ gocryptfs-xray a/LAh7EiK-kjleJhStVZ1JGg Header: Version: 2, Id: 8d76d368438112fb00cb807fa8210a74 Block 0: IV: b05bb152f77816678230885d09a4a596, Tag: c1c7d580fe01dd1eb543efd9d8eda8ad, Offset: 18 Len: 52 Deterministic diriv generation is still missing. Part of https://github.com/rfjakob/gocryptfs/issues/108 2017-05-28T18:43:48+00:00 Jakob Unterwurzacher 2017-05-28T18:43:48+00:00 urn:sha1:e2341c93d5b113457905b338b414e41892113ec4 This was implemented in fusefrontend_reverse, but we need it in fusefrontend as well. Move the algorithm into pathiv.BlockIV(). 2017-05-28T16:33:05+00:00 Jakob Unterwurzacher 2017-05-28T16:33:05+00:00 urn:sha1:35f4f8af56ec4da9952df4feba4981f5d148b2cf ...under the new name "FileIVs". This will also be used by forward mode. 2017-05-28T16:09:02+00:00 Jakob Unterwurzacher 2017-05-28T16:09:02+00:00 urn:sha1:ab10cf63ed21d09e239986ac125b990fe06b5572 We will also need it in forward mode. 2017-05-27T12:41:20+00:00 Jakob Unterwurzacher 2017-05-27T12:41:20+00:00 urn:sha1:d6ef283c3f076ba45dd873d69e1c7d86ed29b14a These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag. 2017-05-25T19:33:16+00:00 Jakob Unterwurzacher 2017-05-25T19:33:16+00:00 urn:sha1:9ecf2d1a3f69e3d995012073afe3fc664bd928f2 With hard links, the path to a file is not unique. This means that the ciphertext data depends on the path that is used to access the files. Fix that by storing the derived values when we encounter a hard-linked file. This means that the first path wins. 2017-05-25T12:21:55+00:00 Jakob Unterwurzacher 2017-05-25T12:21:55+00:00 urn:sha1:9a3f9350fe29083de04bbbe71e20ea169b2e691e This should never happen in normal operation and is a sign of data corruption. Catch it early. 2017-05-25T12:20:27+00:00 Jakob Unterwurzacher 2017-05-25T12:20:17+00:00 urn:sha1:2ce269ec63e0a9c87b2fce45a5bf0cf09abf5bba This should never happen in normal operation and is a sign of data corruption. Catch it early. 2017-05-25T12:18:44+00:00 Jakob Unterwurzacher 2017-05-25T12:18:44+00:00 urn:sha1:c0e411f81d01607fa59338365933232231738581 Log the message ourselves and return EINVAL. Before: gocryptfs[26962]: go-fuse: can't convert error type: ParseHeader: invalid version: got 0, want 2 After: gocryptfs[617]: ParseHeader: invalid version: want 2, got 0. Returning EINVAL. 2017-05-23T19:26:38+00:00 Jakob Unterwurzacher 2017-05-23T18:46:24+00:00 urn:sha1:e827763f2e6226d9f5778d56c28270264950c0f5 This fixes a few issues I have found reviewing the code: 1) Limit the amount of data ReadLongName() will read. Previously, you could send gocryptfs into out-of-memory by symlinking gocryptfs.diriv to /dev/zero. 2) Handle the empty input case in unPad16() by returning an error. Previously, it would panic with an out-of-bounds array read. It is unclear to me if this could actually be triggered. 3) Reject empty names after base64-decoding in DecryptName(). An empty name crashes emeCipher.Decrypt(). It is unclear to me if B64.DecodeString() can actually return a non-error empty result, but let's guard against it anyway.