Age | Commit message (Collapse) | Author |
|
|
|
On a CPU without AES-NI:
$ go test -bench .
Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s
Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s
Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
|
|
|
|
This happens all the time in reverse mode when somebody stats
an encrypted symlink target.
|
|
Also delete the unused "dirIVNameStruct", found by deadcode.
|
|
...and fix reported errors:
internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
|
|
|
|
128-bit IVs are NOT used everywhere.
|
|
|
|
This will be used for strong symlink encryption in reverse mode.
|
|
Calling into go-fuse's loopbackFileSystem does not add
any value here.
|
|
Now also verifies the returned file size.
|
|
|
|
Look at the error code from os.Remove and decide about the
right thing to do.
Gets rid of spurious fusermount error messages.
|
|
|
|
Example output for a file encrypted in reverse mode:
Header: Version: 2, Id: 0b7f5e2574e4afa859a9bb156a2e7772
Block 0: IV: 0b7f5e2574e4afa859a9bb156a2e7773, Tag: bf39279ac6b1ccd852567aaf26ee386b, Len: 4128
Block 1: IV: 0b7f5e2574e4afa859a9bb156a2e7774, Tag: a4f0f9cde7f70a752254aa8fe7718699, Len: 4128
Block 2: IV: 0b7f5e2574e4afa859a9bb156a2e7775, Tag: b467b153016fc1d531818b65ab9e24f6, Len: 4128
Block 3: IV: 0b7f5e2574e4afa859a9bb156a2e7776, Tag: 1fcb7ffd8f1816fbe807df8148718a5c, Len: 4128
Block 4: IV: 0b7f5e2574e4afa859a9bb156a2e7777, Tag: a217e7933ef434c9f03ad931bb5fde9b, Len: 4128
Block 5: IV: 0b7f5e2574e4afa859a9bb156a2e7778, Tag: f3e6240d75cd66371a0b301111d6f1fc, Len: 4128
Block 6: IV: 0b7f5e2574e4afa859a9bb156a2e7779, Tag: bc85d322ebc7761ae5ef114ea3903a56, Len: 4128
Block 7: IV: 0b7f5e2574e4afa859a9bb156a2e777a, Tag: efda01c6b794690f939a12d6d49ac3af, Len: 4128
Block 8: IV: 0b7f5e2574e4afa859a9bb156a2e777b, Tag: b198329d489d1392080f710206932ff0, Len: 2907
|
|
|
|
findLongnameParent has to read the whole directory to find the
right file; add a simple cache to avoid most directory scans.
|
|
This is how this should be done as well in future test scripts.
|
|
The last patch added functionality for generating gocryptfs.longname.*
files, this patch adds support for mapping them back to the full
filenames.
Note that resolving a long name needs a full readdir. A cache
will be implemented later on to improve performance.
|
|
|
|
As ReadDirIV operates on a path anyway, opening the directory
has no clear safety advantage w.r.t. concurrent renames.
If the backing directory is a reverse-mounted gocryptfs filesystem,
each directory open is an OPENDIR, and this causes a full directory
read!
This patch improves the "ls -lR" performance of an
DIR --> gocryptfs-reverse --> gocryptfs
chain by a factor of ~10.
OPENDIR counts for ls -lR:
Before 15570
After 2745
|
|
With the generic fmt.Errorf we trigger a warning from go-fuse:
2016/09/21 21:42:31 can't convert error type: Invalid padding
|
|
...with stable mappings for hard-linked files.
|
|
Also add ReverseDummyNonce nonce generation.
|
|
|
|
|
|
And also don't return the encrypted version of
.gocryptfs.reverse.conf in readdir.
|
|
|
|
|
|
Trying to make it more obvious what is happening.
|
|
The main function has gotten way too big.
|
|
|
|
|
|
Should be derived from the directory name only.
|
|
Also refactor the header generation for nicer code.
|
|
Introduce a unique per-directory diriv that is generated
by hashing the encrypted directory path.
|
|
Also create virtual gocryptfs.diriv entries (no content yet).
|
|
Will be needed by reverse mode.
|
|
|
|
... and print a warning that reverse mode is experimental
|
|
...to prevent confusion with the forward variants.
FS -> reverseFS
file -> reverseFile
Also add an incomplete read implementation.
|
|
Add the reverse variant of DecryptBlocks etc:
* EncryptBlocks
* JointPlaintextRange
* ExplodeCipherRange
|
|
|
|
Previously caused an integer underflow.
|
|
Compiles but does not do much else.
|
|
|
|
Commit af5441dcd9033e81da43ab77887a7b5aac693ab6 has caused a
regression ( https://github.com/rfjakob/gocryptfs/issues/35 )
that is fixed by this commit.
The go-fuse library by now has all the syscall wrappers in
place to correctly handle Utimens, also for symlinks.
Instead of duplicating the effort here just call into go-fuse.
Closes #35
|
|
This currently fails as reported in
https://github.com/rfjakob/gocryptfs/issues/35 .
Also remove the spurious sleep in the test.
|
|
This fixes a build problem on 32-bit hosts:
internal/fusefrontend/file.go:400: cannot use a.Unix() (type int64) as
type int32 in assignment
internal/fusefrontend/file.go:406: cannot use m.Unix() (type int64) as
type int32 in assignment
It also enables full nanosecond timestamps for dates
after 1970.
|