aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-08main: check if the config file can opened before prompting for passwordJakob Unterwurzacher
This was frustrating: $ gocryptfs a b Password: Decrypting master key open a/gocryptfs.conf: permission denied
2016-10-07MANPAGE: note that "-f" implies "-nosyslog"Jakob Unterwurzacher
Also explain why AES-SIV exists.
2016-10-07main: daemonize more thoroughlyJakob Unterwurzacher
As described at http://software.clapper.org/daemonize/ , a daemon should chdir to / and close its FDs.
2016-10-07nametransform: better error code on invalid diriv lengthJakob Unterwurzacher
go-fuse translates errors unknown to it into "function not implemented", which is wrong in this case.
2016-10-07main: clarify nosyslog code pathJakob Unterwurzacher
Split the block up and add a comment why notifypid is important.
2016-10-06main: add "-nonempty" optionJakob Unterwurzacher
2016-10-05reverse: initialize the longname cache only when reverse mode is usedJakob Unterwurzacher
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-04A few more lint fixesJakob Unterwurzacher
2016-10-04lint fixesValient Gough
2016-10-04tests: skip "go tool vet" if the command is not availableJakob Unterwurzacher
"vet" is not availably by default on Go 1.4.
2016-10-04tests: drop Go 1.3.3 from Travis testingJakob Unterwurzacher
Does not support testing.M, which means we cannot run the test suite, which means we cannot claim to support it at all.
2016-10-04tests: skip tests with -openssl=false on Go 1.4 and lowerJakob Unterwurzacher
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes a panic in the test.
2016-10-04tests: enable FUSE tests on Travis CIJakob Unterwurzacher
2016-10-04tests: symlink to "/" instead of "/etc/motd"Jakob Unterwurzacher
This file does not exist on all systems, causing spurious test failures. See #40, #43
2016-10-04tests: fallocate: skip some disk usage checks on btrfsJakob Unterwurzacher
The expected allocated sizes are verified for tmpfs and ext4. btrfs gives different results, but that's not an error. Also, simplify test_helpers.Du and several code paths. Fixes #43.
2016-10-04fusefrontend_reverse cast Stat_t.Dev to uint64 (#44)Romain
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`.
2016-10-04maxlen.bash: result was 1 too highJakob Unterwurzacher
Additionally, output 0 instead of 7 on permission errors.
2016-10-04without_openssl: support compiling completely without opensslJakob Unterwurzacher
Build helper script: build-without-openssl.bash
2016-10-04cryptocore: rename "gcm" variable to generic "aeadCipher"Jakob Unterwurzacher
As we now also support AES-SIV the old name is no longer correct.
2016-10-04cryptocore: derive 512-bit key for AES-SIVJakob Unterwurzacher
AES-SIV uses 1/2 of the key for authentication, 1/2 for encryption, so we need a 64-byte key for AES-256. Derive it from the master key by hashing it with SHA-512.
2016-10-03siv_aead: Overhead is always 16Jakob Unterwurzacher
Add a test for that. Also test operations using a 64-byte key.
2016-09-29xray: print block offsetsJakob Unterwurzacher
2016-09-29reverse: use per-purpose nonce generationJakob Unterwurzacher
Also pull all the deterministic nonce code into fusefrontend_reverse to greatly simplify the normal code path.
2016-09-28reverse: move newDirIVFile into virtualfile.goJakob Unterwurzacher
After all, is's a virtual file.
2016-09-28main: get rid of duplicate "extpass" messageJakob Unterwurzacher
$ gocryptfs -init -extpass "echo test" a Using password provided via -extpass. <<< DUPLICATE Reading password from extpass program The gocryptfs filesystem has been created successfully. You can now mount it using: gocryptfs a MOUNTPOINT
2016-09-26README: storage overhead is 32 bytesJakob Unterwurzacher
As stated in file-format.md.
2016-09-26reverse: switch from GCM-SIV to AES-SIVv1.1-beta1Jakob Unterwurzacher
GCM-SIV is not yet finalized, and the reference implemenation is painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26siv_aead: add AES-SIV AEAD wrapperJakob Unterwurzacher
2016-09-25stupidgcm: add GCM-SIV benchmarkJakob Unterwurzacher
On a CPU without AES-NI: $ go test -bench . Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
2016-09-25tests: add reverse linux tarball testJakob Unterwurzacher
2016-09-25nametransform: downgrade invalid length warningJakob Unterwurzacher
This happens all the time in reverse mode when somebody stats an encrypted symlink target.
2016-09-25Implement changes proposed by gosimple.Jakob Unterwurzacher
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25tests: enable all go vet checksJakob Unterwurzacher
...and fix reported errors: internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
2016-09-25nametransform: delete unused function DecryptPathDirIVJakob Unterwurzacher
2016-09-25contentenc: rename constant "IVBitLen" to "DefaultIVBits" and clarify commentJakob Unterwurzacher
128-bit IVs are NOT used everywhere.
2016-09-25reverse: add symlink encryption and Readlink supportJakob Unterwurzacher
2016-09-25contentenc: add "ExternalNonce" modeJakob Unterwurzacher
This will be used for strong symlink encryption in reverse mode.
2016-09-25fusefrontend: handle Readlink directlyJakob Unterwurzacher
Calling into go-fuse's loopbackFileSystem does not add any value here.
2016-09-25reverse: more thorough longname stat testJakob Unterwurzacher
Now also verifies the returned file size.
2016-09-25reverse: add gcmsiv flag and associated testsJakob Unterwurzacher
2016-09-25tests: smarter error handling in ResetTmpDirJakob Unterwurzacher
Look at the error code from os.Remove and decide about the right thing to do. Gets rid of spurious fusermount error messages.
2016-09-25reverse: derive file ID and block IVs from file pathsJakob Unterwurzacher
2016-09-25xray: add "gocryptfs-xray", on-disk-format exploration toolJakob Unterwurzacher
Example output for a file encrypted in reverse mode: Header: Version: 2, Id: 0b7f5e2574e4afa859a9bb156a2e7772 Block 0: IV: 0b7f5e2574e4afa859a9bb156a2e7773, Tag: bf39279ac6b1ccd852567aaf26ee386b, Len: 4128 Block 1: IV: 0b7f5e2574e4afa859a9bb156a2e7774, Tag: a4f0f9cde7f70a752254aa8fe7718699, Len: 4128 Block 2: IV: 0b7f5e2574e4afa859a9bb156a2e7775, Tag: b467b153016fc1d531818b65ab9e24f6, Len: 4128 Block 3: IV: 0b7f5e2574e4afa859a9bb156a2e7776, Tag: 1fcb7ffd8f1816fbe807df8148718a5c, Len: 4128 Block 4: IV: 0b7f5e2574e4afa859a9bb156a2e7777, Tag: a217e7933ef434c9f03ad931bb5fde9b, Len: 4128 Block 5: IV: 0b7f5e2574e4afa859a9bb156a2e7778, Tag: f3e6240d75cd66371a0b301111d6f1fc, Len: 4128 Block 6: IV: 0b7f5e2574e4afa859a9bb156a2e7779, Tag: bc85d322ebc7761ae5ef114ea3903a56, Len: 4128 Block 7: IV: 0b7f5e2574e4afa859a9bb156a2e777a, Tag: efda01c6b794690f939a12d6d49ac3af, Len: 4128 Block 8: IV: 0b7f5e2574e4afa859a9bb156a2e777b, Tag: b198329d489d1392080f710206932ff0, Len: 2907
2016-09-25reverse: add longname benchmarkJakob Unterwurzacher
2016-09-25reverse: add longnameParentCacheJakob Unterwurzacher
findLongnameParent has to read the whole directory to find the right file; add a simple cache to avoid most directory scans.
2016-09-25tests: extractloop: use tmp dir based on script nameJakob Unterwurzacher
This is how this should be done as well in future test scripts.
2016-09-25reverse: resolve long names in Open and GetAttrJakob Unterwurzacher
The last patch added functionality for generating gocryptfs.longname.* files, this patch adds support for mapping them back to the full filenames. Note that resolving a long name needs a full readdir. A cache will be implemented later on to improve performance.
2016-09-25reverse: transform long names in OpenDirJakob Unterwurzacher
2016-09-25nametransform: implement ReadDirIV without OpenatJakob Unterwurzacher
As ReadDirIV operates on a path anyway, opening the directory has no clear safety advantage w.r.t. concurrent renames. If the backing directory is a reverse-mounted gocryptfs filesystem, each directory open is an OPENDIR, and this causes a full directory read! This patch improves the "ls -lR" performance of an DIR --> gocryptfs-reverse --> gocryptfs chain by a factor of ~10. OPENDIR counts for ls -lR: Before 15570 After 2745
2016-09-25nametransform: return EINVAL on invalid paddingJakob Unterwurzacher
With the generic fmt.Errorf we trigger a warning from go-fuse: 2016/09/21 21:42:31 can't convert error type: Invalid padding