summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-01Refactor ciphertext <-> plaintext offset translation functionsJakob Unterwurzacher
Move all the intelligence into the new file address_translation.go. That the calculations were spread out too much became apparent when adding the file header. This should make the code much easier to modify in the future.
2015-11-01Fix missing printf arguments discovered by "go vet"Jakob Unterwurzacher
2015-11-01Add file header (on-disk-format change)Jakob Unterwurzacher
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random *file id* * Each block uses the file id and its block number as GCM *authentication data* * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error.
2015-11-01tests: run unit tests before integration testsJakob Unterwurzacher
2015-11-01tests: introduce verifySize() for detailed error messagesJakob Unterwurzacher
2015-11-01tests: additionally verify the file size by reading the whole fileJakob Unterwurzacher
2015-11-01tests: verify file size in testWriteNJakob Unterwurzacher
2015-11-01tests: Use /tmp/gocryptfs_main_test temporary directoryJakob Unterwurzacher
Using "/tmp" meant that running the test would delete everything there.
2015-11-01TestRmwRace: abort testing on write failuresJakob Unterwurzacher
Continuing the test will just generate useless noise
2015-11-01Activate block number authenticationJakob Unterwurzacher
2015-11-01Add rmw race testJakob Unterwurzacher
2015-10-11README: Add travis badgerfjakob
2015-10-11Add travis config fileJakob Unterwurzacher
2015-10-11Fix link in XFSTESTS.mdrfjakob
2015-10-11Add MIT LICENSEJakob Unterwurzacher
2015-10-11Update READMEJakob Unterwurzacher
2015-10-11Run gofmtv0.2Jakob Unterwurzacher
2015-10-11Fix helper scripts for new top-level pathJakob Unterwurzacher
2015-10-11main: check directories for existence earlyJakob Unterwurzacher
This prevents that the user enters the password only to get an error later.
2015-10-11Drop shell wrapperJakob Unterwurzacher
2015-10-11Add native daemonizationJakob Unterwurzacher
2015-10-11Rename sendSig to sendUsr1Jakob Unterwurzacher
This matches waitForUsr1 in daemonize()
2015-10-11Move main files to top level dirJakob Unterwurzacher
This is in preparation of getting rid of the shell wrapper
2015-10-10README: Remove dots noticeJakob Unterwurzacher
2015-10-08Shell wrapper: Also search the binary in $GOPATH/binJakob Unterwurzacher
2015-10-07README: Mention that only Linux is testedJakob Unterwurzacher
2015-10-07Update READMEJakob Unterwurzacher
2015-10-07Run go fmtJakob Unterwurzacher
2015-10-07Add package.bashJakob Unterwurzacher
2015-10-07Add test.bashv0.1Jakob Unterwurzacher
...also adapt the cryptfs tests for 256 bit long keys
2015-10-07Adapt openssl benchmark for 256 bit long keysJakob Unterwurzacher
2015-10-07Better usage textJakob Unterwurzacher
2015-10-07Move gocryptfs wrapper into the same folder as the binaryJakob Unterwurzacher
2015-10-07Implement "gocryptfs --passwd" (pasword changing)Jakob Unterwurzacher
2015-10-06Reword help textJakob Unterwurzacher
2015-10-06Split off SECURITY.mdJakob Unterwurzacher
2015-10-06Update README.mdJakob Unterwurzacher
2015-10-06Use block number as authentication dataJakob Unterwurzacher
2015-10-06Add "--masterkey=" parameter for recovery purposesJakob Unterwurzacher
2015-10-06Switch to AES-256Jakob Unterwurzacher
AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe.
2015-10-06Add "--openssl=false" command line optionJakob Unterwurzacher
Also make main_test try both variants
2015-10-06Rewrite README.md (in progress)Jakob Unterwurzacher
2015-10-06Implement proper daemonizationJakob Unterwurzacher
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-05Move main binary to gocryptfs_mainJakob Unterwurzacher
That way the wrapper shell script can be named just "gocryptfs"
2015-10-04openssl AEAD wrapper: handle authenticated dataJakob Unterwurzacher
2015-10-04Switch nonce generation to purely randomJakob Unterwurzacher
The old implementation of counting up from a random starting point had the problem that is allowed an attacker to find out the write order of the blocks.
2015-10-04Clean up openssl benchmarkJakob Unterwurzacher
2015-10-04tests: simplify namesJakob Unterwurzacher
main_test_tmp -> tmp main_benchmark.bash -> benchmark.bash
2015-10-04Utimens: Use UtimesNano instead of FutimesJakob Unterwurzacher
Futimes() only takes microsecond resolution while the FUSE call Utimens() wants nanosecond precision. This is why UTIME_OMIT did not work - this change fixes the xfstests generic/258 test failure. The go library does not provide a FutimesNano() function which is why I use UtimesNano() on /proc/self/fd/n. This is what the Go library does in Futimes().
2015-10-04fallocate: return ENOSYSJakob Unterwurzacher
The implementation was incomplete, disable fallocate completely for now. See https://github.com/rfjakob/gocryptfs/issues/1 Fixes xfstests generic/075