summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-06-25fusefrontend: implement recursive diriv cachingJakob Unterwurzacher
The new contrib/maxlen.bash showed that we have exponential runtime with respect to directory depth. The new recursive diriv caching is a lot smarter as it caches intermediate lookups. maxlen.bash now completes in a few seconds. xfstests results same as https://github.com/rfjakob/fuse-xfstests/blob/2d158e4c82be85c15269af77498e353f928f4fab/screenlog.0 : Failures: generic/035 generic/062 generic/080 generic/093 generic/099 generic/215 generic/285 generic/319 generic/426 generic/444 generic/467 generic/477 generic/523 Failed 13 of 580 tests benchmark.bash results are identical: $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.BdQ: gocryptfs v2.0.1-17-g6b09bc0; go-fuse v2.1.1-0.20210611132105-24a1dfe6b4f8; 2021-06-25 go1.16.5 linux/amd64 /tmp/benchmark.bash.BdQ.mnt is a mountpoint WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,4821 s, 544 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,266061 s, 985 MB/s UNTAR: 8,280 MD5: 4,564 LS: 1,745 RM: 2,244
2021-06-21nametransform: rename BadNameFlag to BadnameSuffixJakob Unterwurzacher
2021-06-21nametransform: gather badname functions in badname.goJakob Unterwurzacher
2021-06-21nametransform: delete NameTransformer interfaceJakob Unterwurzacher
Useless layer of indirection.
2021-06-21tests: cli: add TestZerokeyJakob Unterwurzacher
TestZerokey verifies that `gocryptfs -zerokey` uses the same options as `gocryptfs -init`.
2021-06-21Improve startup debug outputJakob Unterwurzacher
The startup debug output was very verbose but still missing some effective crypto settings.
2021-06-20nametransform: pass badname patterns via NewJakob Unterwurzacher
This means we can unexport the field.
2021-06-20main: use JSONDump helper for debug outputJakob Unterwurzacher
2021-06-20fido2: hide "FIDO2" in gocryptfs.conf if not usedJakob Unterwurzacher
Result of: $ gocryptfs -init foo $ cat foo/gocryptfs.conf Before: { "Creator": "gocryptfs v2.0.1", "EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==", "ScryptObject": { "Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ], "FIDO2": { "CredentialID": null, "HMACSalt": null } } After: { "Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent", "EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==", "ScryptObject": { "Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ] }
2021-06-20Badname file content accessDerDonut
This proposal is the counterpart of the modifications from the `-badname` parameter. It modifies the plain -> cipher mapping for filenames when using `-badname` parameter. The new function `EncryptAndHashBadName` tries to find a cipher filename for the given plain name with the following steps: 1. If `badname` is disabled or direct mapping is successful: Map directly (default and current behaviour) 2. If a file with badname flag has a valid cipher file, this is returned (=File just ends with the badname flag) 3. If a file with a badname flag exists where only the badname flag was added, this is returned (=File cipher name could not be decrypted by function `DecryptName` and just the badname flag was added) 4. Search for all files which cipher file name extists when cropping more and more characters from the end. If only 1 file is found, return this 5. Return an error otherwise This allows file access in the file browsers but most important it allows that you rename files with undecryptable cipher names in the plain directories. Renaming those files will then generate a proper cipher filename One backdraft: When mounting the cipher dir with -badname parameter, you can never create (or rename to) files whose file name ends with the badname file flag (at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error. I modified the CLI test function to cover additional test cases. Test [Case 7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712) cannot be performed since the cli tests are executed in panic mode. The testing is stopped on error. Since the function`DecryptName` produces internal errors when hitting non-decryptable file names, this test was omitted. This implementation is a proposal where I tried to change the minimum amount of existing code. Another possibility would be instead of creating the new function `EncryptAndHashBadName` to modify the signature of the existing function `EncryptAndHashName(name string, iv []byte)` to `EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the functionality into this function directly. You may allow calling with dirfd=-1 or other invalid values an then performing the current functionality.
2021-06-20MANPAGE: describe -badnameJakob Unterwurzacher
2021-06-20contrib/maxlen.bash: also test dir and path lengthJakob Unterwurzacher
Move the script from tests to contrib as it may now be useful to somebody else. https://github.com/rfjakob/gocryptfs/issues/552
2021-06-19README: Add MacPorts install instructionsMarcel Bochtler
See [1] for the Portfile. [1]: https://github.com/macports/macports-ports/blob/master/fuse/gocryptfs/Portfile.
2021-06-19README: Rename Mac OS X to its latest nameMarcel Bochtler
See: https://www.apple.com/macos.
2021-06-11go.mod: update go-fuseJakob Unterwurzacher
Memory compaction was merged ( https://github.com/hanwen/go-fuse/commit/24a1dfe6b4f8d478275d5cf671d982c4ddd8c904 ) Fixes https://github.com/rfjakob/gocryptfs/issues/569
2021-06-08README: sync compile instructions with gocryptfs-websiteJakob Unterwurzacher
2021-06-08README: recommend build-without-openssl.bashJakob Unterwurzacher
For build.bash, list missing dependencies: gcc, pkg-config Fixes https://github.com/rfjakob/gocryptfs/issues/575
2021-06-07README: update for v2.0.1 releasev2.0.1Jakob Unterwurzacher
2021-06-06crossbuild.bash: skip Apple Silicon build on old Go versionsJakob Unterwurzacher
2021-06-06crossbuild.bash: disable CGOJakob Unterwurzacher
build-without-openssl.bash also disables CGO, so this makes it more real-world-y. But the real reason is that disabling CGO hopefully fixes this travis ci build failure: +GOOS=darwin +GOARCH=arm64 +go build -tags without_openssl /home/travis/.gimme/versions/go1.13.15.linux.amd64/pkg/tool/linux_amd64/link: running gcc failed: exit status 1 /usr/bin/ld: unrecognized option '-pagezero_size' /usr/bin/ld: use the --help option for usage information collect2: error: ld returned 1 exit status The command "./crossbuild.bash" exited with 2.
2021-06-06fusefronted: report plaintext size on symlink creationJakob Unterwurzacher
gocryptfs 2.0 introduced the regression that the size reported at symlink creation was the ciphertext size, which is wrong. Report the plaintext size. Fixes https://github.com/rfjakob/gocryptfs/issues/574
2021-06-05crossbuild.bash: also build for Apple M1Jakob Unterwurzacher
2021-06-05syscallcompat: drop obsolete wrappersJakob Unterwurzacher
These are now available cross-platform in the unix package.
2021-06-05Update README for v2.0v2.0Jakob Unterwurzacher
2021-06-05doc: add benchmark for v2.0, reformat tableJakob Unterwurzacher
2021-06-04Add contrib/atomicrenameJakob Unterwurzacher
$ ./contrib/atomicrename/atomicrename -h atomicrename creates 100 "src" files in the current directory, renames them in random order over a single "dst" file while reading the "dst" file concurrently in a loop. Progress and errors are reported as they occour in addition to a summary printed at the end. cifs and fuse filesystems are known to fail, local filesystems and nfs seem ok. See https://github.com/hanwen/go-fuse/issues/398 for background info.
2021-06-03fido2: quote argument strings in debug outputJakob Unterwurzacher
Tested using gocryptfs -init -debug -fido2 "hello world" cipherdir Output before: callFidoCommand: executing "/usr/bin/fido2-cred" with args [fido2-cred -M -h -v hello world] After: callFidoCommand: executing "/usr/bin/fido2-cred" with args ["fido2-cred" "-M" "-h" "-v" "hello world"] Related: https://github.com/rfjakob/gocryptfs/issues/571
2021-06-02fsck: mark temporary mount read-onlyJakob Unterwurzacher
We don't write during fsck, but somebody else might try to.
2021-06-02fsck: clean up temporary mountpointJakob Unterwurzacher
We used to leave directories like /tmp/gocryptfs.fsck.104431245 behind. Let's clean up after ourselves.
2021-06-02fusefrontend: run acl Setxattr in user contextJakob Unterwurzacher
The result of setting an acl depends on who runs the operation! Fixes fuse-xfstests generic/375 (see https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-05-19)
2021-06-02fusefrontend: catch ReadAt integer overflowJakob Unterwurzacher
Discovered by xfstests generic/564 . Failure was: generic/564 - output mismatch (see /opt/fuse-xfstests/results//generic/564.out.bad) --- tests/generic/564.out 2021-05-08 21:11:05.307395966 +0200 +++ /opt/fuse-xfstests/results//generic/564.out.bad 2021-05-19 19:01:16.912888879 +0200 @@ -31,7 +31,7 @@ source range beyond 8TiB returns 0 destination range beyond 8TiB returns EFBIG -copy_range: File too large +copy_range: Function not implemented
2021-06-02nametransform: check name validity on encryptionJakob Unterwurzacher
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
2021-05-30go.mod: update go-fuse to get acl fixesJakob Unterwurzacher
Done using: go get github.com/hanwen/go-fuse/v2@master go mod tidy
2021-05-30Revert "go.mod: switch to go-fuse acl branch"Jakob Unterwurzacher
Change https://review.gerrithub.io/c/hanwen/go-fuse/+/516154 was merged upstream. This reverts commit 3374afccc46d186c206cdbc218a79d8958b00acf.
2021-05-29tests: TestFileHoleCopy: accept +-4kBJakob Unterwurzacher
Failure looked like this: --- FAIL: TestFileHoleCopy (3.73s) --- FAIL: TestFileHoleCopy/k81 (0.04s) file_holes_test.go:93: size changed: st0.Blocks=88 st2.Blocks=96 file_holes_test.go:147: aborting further subtests $ findholes TestFileHoleCopy.k81.1 0 data 36864 hole 45056 data 50434 hole 50434 eof $ findholes TestFileHoleCopy.k81.2 0 data 36864 hole 45056 data 50434 hole 50434 eof $ filefrag -v TestFileHoleCopy.k81.1 Filesystem type is: ef53 File size of TestFileHoleCopy.k81.1 is 50434 (13 blocks of 4096 bytes) ext: logical_offset: physical_offset: length: expected: flags: 0: 0.. 2: 23702311.. 23702313: 3: 1: 3.. 8: 20389855.. 20389860: 6: 23702314: 2: 11.. 12: 23702314.. 23702315: 2: 20389863: last,eof TestFileHoleCopy.k81.1: 3 extents found $ filefrag -v TestFileHoleCopy.k81.2 Filesystem type is: ef53 File size of TestFileHoleCopy.k81.2 is 50434 (13 blocks of 4096 bytes) ext: logical_offset: physical_offset: length: expected: flags: 0: 0.. 2: 20389861.. 20389863: 3: 1: 3.. 4: 23702316.. 23702317: 2: 20389864: 2: 5.. 6: 20389864.. 20389865: 2: 23702318: 3: 7.. 8: 23702318.. 23702319: 2: 20389866: 4: 11.. 12: 23702320.. 23702321: 2: last,eof TestFileHoleCopy.k81.2: 4 extents found
2021-05-29fusefrontend: list "." and ".." in dir entriesJakob Unterwurzacher
Fixes xfstests generic/401
2021-05-29fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLEJakob Unterwurzacher
In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html
2021-05-29findholes: add --create, --verifyJakob Unterwurzacher
Also, change the logic for the segment walk to not rely on the total size. cp does not use the total size either, and we miss bugs by cheating!
2021-05-26contentenc: add PlainOffToCipherOff helperJakob Unterwurzacher
Will be used for improving Lseek()
2021-05-26contentenc: fix CipherSizeToPlainSize non-monoticityJakob Unterwurzacher
For an illegal cipherSize, pretend we have an additional 1-byte block. See code comment for details.
2021-05-26contentenc: update commentsJakob Unterwurzacher
Also, replace one open-coded calculation with a helper function.
2021-05-26tests: contentenc: add TestSizeToSizeJakob Unterwurzacher
TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize. Fails at the moment due to CipherSizeToPlainSize non-moniticity.
2021-05-26tests: add TestFileHoleCopyJakob Unterwurzacher
Currently fails.
2021-05-26tests: re-enable TestInoReuseEvilJakob Unterwurzacher
Problem in go-fuse has long been fixed.
2021-05-26Add contrib/findholesJakob Unterwurzacher
Utility and libs to find hole/data segments using lseek.
2021-05-26syscallcompat: add GetdentsSpecial()Jakob Unterwurzacher
GetdentsSpecial calls then Getdents syscall, with normal entries and "." / ".." split into two slices.
2021-05-26tests: add TestHaveDotdotJakob Unterwurzacher
As discovered by xfstests generic/401 [1], during the move to the v2 api we seem to have lost the "." and ".." directory entries. [1]: https://github.com/rfjakob/fuse-xfstests/blob/4ef5b032bc283743d0eb58a8a28738766e664899/screenlog.0#L520
2021-05-26stupidgcm: prefer Go stdlib over OpenSSL on Apple M1Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/556
2021-05-22syscallcompat: also refactor MkdiratUser on GOOS=darwinJakob Unterwurzacher
Breakage was: +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl internal/fusefrontend/node_dir_ops.go:45:34: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser internal/fusefrontend/node_dir_ops.go:83:35: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser
2021-05-22syscallcompat: refactor MkdiratUser to take fuse.ContextJakob Unterwurzacher
Let's have MkdiratUser take fuse.Context like everybody else.