Age | Commit message (Collapse) | Author |
|
This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now.
|
|
Also adds a test to verify that they are set in new config
files.
|
|
TestMain() runs all tests twice, once with plaintextnames=true and once
with false. Several tests mount their own filesystem and ignore the
plaintextnames variable. It makes no sense to run them twice, so
skip execution when plaintextnames is set.
|
|
Prior to this commit, gocryptfs's reverse mode did not report correct
directory entry sizes for symbolic links, where the dentry size needs to
be the same as the length of a string containing the target path.
This commit corrects this issue and adds a test case to verify the
correctness of the implementation.
This issue was discovered during the use of a strict file copying program
on a reverse-mounted gocryptfs file system.
|
|
internal/configfile/config_test.go:67: c declared and not used
|
|
This test fails because Raw64 has been disabled for now.
|
|
This filesystem has both HKDF and Raw64 enabled.
|
|
Raw64 is supported (but was disabled by default) since gocryptfs
v1.2. However, the implementation was buggy because it forgot
about long names and symlinks.
Disable it for now by default and enable it later, together
with HKDF.
|
|
The symlink functions incorrectly hardcoded the padded
base64 variant.
|
|
HashLongName() incorrectly hardcoded the call to base64.URLEncoding.
|
|
...but keep it disabled by default for new filesystems.
We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
|
|
This will be re-enabled once it is implemented.
|
|
As we have dropped Go 1.4 compatibility already, and will add
a new feature flag for gocryptfs v1.3 anyway, this is a good
time to enable Raw64 as well.
|
|
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
|
|
|
|
Yields a nice reduction in code size.
|
|
Also drop Go 1.4 from Travis CI and update other Go
versions to latest point release.
|
|
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.
"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
|
|
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.
Note that you have to upgrade your EME package (go get -u)!
|
|
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
|
|
Sourcing the script breaks the "cd $(dirname $0)" logic in
build-without-openssl.bash.
|
|
|
|
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.
Fixes https://github.com/rfjakob/gocryptfs/issues/86
|
|
We have it saved in Stderr and Stdout anyway, let's free this fd
number.
|
|
The old ones were rendered by github almost as big as the parent headings.
|
|
Correcting year in changelog (1.2.1)
|
|
|
|
You will still get lots of test error, but at least the tests
will run.
|
|
|
|
|
|
|
|
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.
renamed: internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed: internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
|
|
This makes it easier to use the package in external projects.
See https://github.com/rfjakob/gocryptfs/issues/79
|
|
|
|
|
|
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:
internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
|
|
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
|
|
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
|
|
(Currently failing the tests!)
|
|
|
|
|
|
|
|
|
|
Mac OS X flock does not support "--nonblock", but does support "-n":
https://github.com/discoteq/flock/blob/master/man/flock.1.ronn
Skip the openssl build because it requires
1) openssl
2) fixing the import paths in gocryptfs
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-280464400
|
|
Otherwise the build fails once you have more than 50 commits
since the last tag.
You'd get:
$ ./build.bash
fatal: No names found, cannot describe anything.
|
|
|
|
These were currently passed to decryptPath() were it caused
a warning.
|
|
|
|
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
|
|
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
|