| Age | Commit message (Collapse) | Author | 
|---|
|  | Future tests will need more info about the running test case. | 
|  | And add AES-SIV | 
|  | For example, we cannot mount "/home/user/.cipher" at "/home/user"
because the mount will hide ".cipher" also for us.
Doing it anyway used to cause a nasty hang. | 
|  | Ongoing effort to reduce the size of main(). | 
|  | This was frustrating:
$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied | 
|  | Also explain why AES-SIV exists. | 
|  | As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs. | 
|  | go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case. | 
|  | Split the block up and add a comment why notifypid is important. | 
|  |  | 
|  | Gets rid of the idling longnameCacheCleaner thread in "normal" mode. | 
|  |  | 
|  |  | 
|  | "vet" is not availably by default on Go 1.4. | 
|  | Does not support testing.M, which means we cannot run the
test suite, which means we cannot claim to support it at
all. | 
|  | Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test. | 
|  |  | 
|  | This file does not exist on all systems, causing spurious
test failures.
See #40, #43 | 
|  | The expected allocated sizes are verified for tmpfs and ext4.
btrfs gives different results, but that's not an error.
Also, simplify test_helpers.Du and several code paths.
Fixes #43. | 
|  | The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`. | 
|  | Additionally, output 0 instead of 7 on permission errors. | 
|  | Build helper script: build-without-openssl.bash | 
|  | As we now also support AES-SIV the old name is no longer
correct. | 
|  | AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512. | 
|  | Add a test for that.
Also test operations using a 64-byte key. | 
|  |  | 
|  | Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path. | 
|  | After all, is's a virtual file. | 
|  | $ gocryptfs -init -extpass "echo test" a
Using password provided via -extpass.   <<< DUPLICATE
Reading password from extpass program
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT | 
|  | As stated in file-format.md. | 
|  | GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV. | 
|  |  | 
|  | On a CPU without AES-NI:
$ go test -bench .
Benchmark4kEncStupidGCM-2   	   50000	     24155 ns/op	 169.57 MB/s
Benchmark4kEncGoGCM-2       	   20000	     93965 ns/op	  43.59 MB/s
Benchmark4kEncGCMSIV-2      	     500	   2576193 ns/op	   1.59 MB/s | 
|  |  | 
|  | This happens all the time in reverse mode when somebody stats
an encrypted symlink target. | 
|  | Also delete the unused "dirIVNameStruct", found by deadcode. | 
|  | ...and fix reported errors:
internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields | 
|  |  | 
|  | 128-bit IVs are NOT used everywhere. | 
|  |  | 
|  | This will be used for strong symlink encryption in reverse mode. | 
|  | Calling into go-fuse's loopbackFileSystem does not add
any value here. | 
|  | Now also verifies the returned file size. | 
|  |  | 
|  | Look at the error code from os.Remove and decide about the
right thing to do.
Gets rid of spurious fusermount error messages. | 
|  |  | 
|  | Example output for a file encrypted in reverse mode:
Header: Version: 2, Id: 0b7f5e2574e4afa859a9bb156a2e7772
Block  0: IV: 0b7f5e2574e4afa859a9bb156a2e7773, Tag: bf39279ac6b1ccd852567aaf26ee386b, Len: 4128
Block  1: IV: 0b7f5e2574e4afa859a9bb156a2e7774, Tag: a4f0f9cde7f70a752254aa8fe7718699, Len: 4128
Block  2: IV: 0b7f5e2574e4afa859a9bb156a2e7775, Tag: b467b153016fc1d531818b65ab9e24f6, Len: 4128
Block  3: IV: 0b7f5e2574e4afa859a9bb156a2e7776, Tag: 1fcb7ffd8f1816fbe807df8148718a5c, Len: 4128
Block  4: IV: 0b7f5e2574e4afa859a9bb156a2e7777, Tag: a217e7933ef434c9f03ad931bb5fde9b, Len: 4128
Block  5: IV: 0b7f5e2574e4afa859a9bb156a2e7778, Tag: f3e6240d75cd66371a0b301111d6f1fc, Len: 4128
Block  6: IV: 0b7f5e2574e4afa859a9bb156a2e7779, Tag: bc85d322ebc7761ae5ef114ea3903a56, Len: 4128
Block  7: IV: 0b7f5e2574e4afa859a9bb156a2e777a, Tag: efda01c6b794690f939a12d6d49ac3af, Len: 4128
Block  8: IV: 0b7f5e2574e4afa859a9bb156a2e777b, Tag: b198329d489d1392080f710206932ff0, Len: 2907 | 
|  |  | 
|  | findLongnameParent has to read the whole directory to find the
right file; add a simple cache to avoid most directory scans. | 
|  | This is how this should be done as well in future test scripts. |