Age | Commit message (Collapse) | Author |
|
The expected allocated sizes are verified for tmpfs and ext4.
btrfs gives different results, but that's not an error.
Also, simplify test_helpers.Du and several code paths.
Fixes #43.
|
|
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`.
|
|
Additionally, output 0 instead of 7 on permission errors.
|
|
Build helper script: build-without-openssl.bash
|
|
As we now also support AES-SIV the old name is no longer
correct.
|
|
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
|
|
Add a test for that.
Also test operations using a 64-byte key.
|
|
|
|
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
|
|
After all, is's a virtual file.
|
|
$ gocryptfs -init -extpass "echo test" a
Using password provided via -extpass. <<< DUPLICATE
Reading password from extpass program
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
|
|
As stated in file-format.md.
|
|
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
|
|
|
|
On a CPU without AES-NI:
$ go test -bench .
Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s
Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s
Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
|
|
|
|
This happens all the time in reverse mode when somebody stats
an encrypted symlink target.
|
|
Also delete the unused "dirIVNameStruct", found by deadcode.
|
|
...and fix reported errors:
internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
|
|
|
|
128-bit IVs are NOT used everywhere.
|
|
|
|
This will be used for strong symlink encryption in reverse mode.
|
|
Calling into go-fuse's loopbackFileSystem does not add
any value here.
|
|
Now also verifies the returned file size.
|
|
|
|
Look at the error code from os.Remove and decide about the
right thing to do.
Gets rid of spurious fusermount error messages.
|
|
|
|
Example output for a file encrypted in reverse mode:
Header: Version: 2, Id: 0b7f5e2574e4afa859a9bb156a2e7772
Block 0: IV: 0b7f5e2574e4afa859a9bb156a2e7773, Tag: bf39279ac6b1ccd852567aaf26ee386b, Len: 4128
Block 1: IV: 0b7f5e2574e4afa859a9bb156a2e7774, Tag: a4f0f9cde7f70a752254aa8fe7718699, Len: 4128
Block 2: IV: 0b7f5e2574e4afa859a9bb156a2e7775, Tag: b467b153016fc1d531818b65ab9e24f6, Len: 4128
Block 3: IV: 0b7f5e2574e4afa859a9bb156a2e7776, Tag: 1fcb7ffd8f1816fbe807df8148718a5c, Len: 4128
Block 4: IV: 0b7f5e2574e4afa859a9bb156a2e7777, Tag: a217e7933ef434c9f03ad931bb5fde9b, Len: 4128
Block 5: IV: 0b7f5e2574e4afa859a9bb156a2e7778, Tag: f3e6240d75cd66371a0b301111d6f1fc, Len: 4128
Block 6: IV: 0b7f5e2574e4afa859a9bb156a2e7779, Tag: bc85d322ebc7761ae5ef114ea3903a56, Len: 4128
Block 7: IV: 0b7f5e2574e4afa859a9bb156a2e777a, Tag: efda01c6b794690f939a12d6d49ac3af, Len: 4128
Block 8: IV: 0b7f5e2574e4afa859a9bb156a2e777b, Tag: b198329d489d1392080f710206932ff0, Len: 2907
|
|
|
|
findLongnameParent has to read the whole directory to find the
right file; add a simple cache to avoid most directory scans.
|
|
This is how this should be done as well in future test scripts.
|
|
The last patch added functionality for generating gocryptfs.longname.*
files, this patch adds support for mapping them back to the full
filenames.
Note that resolving a long name needs a full readdir. A cache
will be implemented later on to improve performance.
|
|
|
|
As ReadDirIV operates on a path anyway, opening the directory
has no clear safety advantage w.r.t. concurrent renames.
If the backing directory is a reverse-mounted gocryptfs filesystem,
each directory open is an OPENDIR, and this causes a full directory
read!
This patch improves the "ls -lR" performance of an
DIR --> gocryptfs-reverse --> gocryptfs
chain by a factor of ~10.
OPENDIR counts for ls -lR:
Before 15570
After 2745
|
|
With the generic fmt.Errorf we trigger a warning from go-fuse:
2016/09/21 21:42:31 can't convert error type: Invalid padding
|
|
...with stable mappings for hard-linked files.
|
|
Also add ReverseDummyNonce nonce generation.
|
|
|
|
|
|
And also don't return the encrypted version of
.gocryptfs.reverse.conf in readdir.
|
|
|
|
|
|
Trying to make it more obvious what is happening.
|
|
The main function has gotten way too big.
|
|
|
|
|
|
Should be derived from the directory name only.
|
|
Also refactor the header generation for nicer code.
|
|
Introduce a unique per-directory diriv that is generated
by hashing the encrypted directory path.
|