summaryrefslogtreecommitdiff
path: root/internal/configfile/config_file.go
AgeCommit message (Collapse)Author
2021-10-21configfile: add LongNameMax supportJakob Unterwurzacher
Feature flag + numeric paramater https://github.com/rfjakob/gocryptfs/issues/499
2021-09-10cli: drop -forcedecode flagJakob Unterwurzacher
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
2021-08-30Unbreak hyperlinks broken by go mod v2 conversionJakob Unterwurzacher
Commit 69d88505fd7f4cb0d9e4f1918de296342fe05858 go mod: declare module version v2 translated all instances of "github.com/rfjakob/gocryptfs/" to "github.com/rfjakob/gocryptfs/v2/". Unfortunately, this included hyperlinks. Unbreak the hyperlinks like this: find . -name \*.go | xargs sed -i s%https://github.com/rfjakob/gocryptfs/v2/%https://github.com/rfjakob/gocryptfs/v2/%
2021-08-25-devrandom: make flag a no-opJakob Unterwurzacher
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
2021-08-23cryptocore: add NonceSize to AEADTypeEnumJakob Unterwurzacher
Have the information in one centralized place, and access it from main as needed.
2021-08-23configfile: add Validate() function, support FlagXChaCha20Poly1305Jakob Unterwurzacher
We used to do validation using lists of mandatory feature flags. With the introduction of XChaCha20Poly1305, this became too simplistic, as it uses a different IV length, hence disabling GCMIV128. Add a dedicated function, Validate(), with open-coded validation logic. The validation and creation logic also gets XChaCha20Poly1305 support, and gocryptfs -init -xchacha now writes the flag into gocryptfs.conf.
2021-08-23go mod: declare module version v2Jakob Unterwurzacher
Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
2021-08-21configfile: pass struct to Create 2/2Jakob Unterwurzacher
Drop Create and rename Create2 to Create.
2021-08-21configfile: pass struct to Create 1/2Jakob Unterwurzacher
The argument list got too long. Part 1: Replace with Create2
2021-08-20-deterministic-names: accept flag on -initJakob Unterwurzacher
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-06-20fido2: hide "FIDO2" in gocryptfs.conf if not usedJakob Unterwurzacher
Result of: $ gocryptfs -init foo $ cat foo/gocryptfs.conf Before: { "Creator": "gocryptfs v2.0.1", "EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==", "ScryptObject": { "Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ], "FIDO2": { "CredentialID": null, "HMACSalt": null } } After: { "Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent", "EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==", "ScryptObject": { "Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ] }
2020-09-12Add support for FIDO2 tokensPavol Rusnak
2019-12-28remove Trezor supportPavol Rusnak
2019-04-08configfile: fall back to sync() if fsync() failsJakob Unterwurzacher
This can happen on network drives: FRITZ.NAS mounted on MacOS returns "operation not supported": https://github.com/rfjakob/gocryptfs/issues/390
2018-12-27configfile: Explicitly wipe scrypt derived key after decrypting/encrypting ↵Sebastian Lackner
master key. Further raises the bar for recovering keys from memory.
2018-09-08configfile: add LoadAndDecrypt wrapperJakob Unterwurzacher
Callers that do not want to decrypt the masterkey should call plain Load(). https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08configfile: split off masterkey decryptionJakob Unterwurzacher
Preparation for fixing https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08configfile: return specific error on empty inputJakob Unterwurzacher
Report the actual problem instead of a generic "unexpected end of JSON input". https://github.com/rfjakob/gocryptfs/issues/258
2018-07-23configfile: drop superflous PrintfJakob Unterwurzacher
Before: $ gocryptfs -fsck . LoadConfFile: ReadFile: &os.PathError{Op:"open", Path:"/var/tmp/check-gocryptfs/scratchdev/gocryptfs.conf", Err:0xd} Cannot open config file: open /var/tmp/check-gocryptfs/scratchdev/gocryptfs.conf: permission denied After: $ gocryptfs -fsck . Cannot open config file: open /var/tmp/check-gocryptfs/scratchdev/gocryptfs.conf: permission denied
2018-07-01Only print masterkey once on -initJakob Unterwurzacher
It is no longer printed at all when mounting a filesystem, printing on -init can be disabled with -q. https://github.com/rfjakob/gocryptfs/issues/76
2018-07-01trezor: add TrezorPayloadJakob Unterwurzacher
TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01configfile: reduce function name stutterJakob Unterwurzacher
configfile.LoadConfFile() -> configfile.Load() configfile.CreateConfFile() -> configfile.Create()
2018-07-01trezor: add skeleton for Trezor supportJakob Unterwurzacher
readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key.
2018-06-24configfile: use tlog.ColorYellow instead of hardcoded color codeJakob Unterwurzacher
2018-04-02fsck: test against example_filesystemsJakob Unterwurzacher
2018-02-18readpassword: convert from string to []byteJakob Unterwurzacher
This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18configfile: overwrite and let keys run out of scopeJakob Unterwurzacher
As soon as we don't need them anymore, overwrite keys with zeros and make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211
2017-11-21main: Add '-devrandom' commandline optionSebastian Lackner
Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy.
2017-05-14exitcodes: specific codes for failure to read or write gocryptfs.confJakob Unterwurzacher
New codes: * OpenConf = 23 * WriteConf = 24
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-03-07configfile: HKDF feature flag should also be set for "-plaintextnames"Jakob Unterwurzacher
2017-03-07configfile: enable HKDF and Raw64 feature flags by defaultJakob Unterwurzacher
Also adds a test to verify that they are set in new config files.
2017-03-05tests: configfile: fix spurious test failureJakob Unterwurzacher
This test fails because Raw64 has been disabled for now.
2017-03-05configfile: disable Raw64 for nowJakob Unterwurzacher
Raw64 is supported (but was disabled by default) since gocryptfs v1.2. However, the implementation was buggy because it forgot about long names and symlinks. Disable it for now by default and enable it later, together with HKDF.
2017-03-05full stack: implement HKDF supportJakob Unterwurzacher
...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it.
2017-03-05configfile: switch on Raw64 by defaultJakob Unterwurzacher
As we have dropped Go 1.4 compatibility already, and will add a new feature flag for gocryptfs v1.3 anyway, this is a good time to enable Raw64 as well.
2017-03-05configfile: switch to 128-bit IVs for master key encryptionJakob Unterwurzacher
There is no security reason for doing this, but it will allow to consolidate the code once we drop compatibility with gocryptfs v1.2 (and earlier) filesystems.
2017-02-26exitcodes: define code 12 for "password incorrect"Jakob Unterwurzacher
2017-01-26main: make sure the ctlsock file is deleted on incorrect passwordJakob Unterwurzacher
Otherwise the next try to mount ends in "ctlsock: listen unix ctl.sock: bind: address already in use"
2016-11-01Add support for unpadded base64 filenames, "-raw64"Jakob Unterwurzacher
Through base64.RawURLEncoding. New command-line parameter "-raw64".
2016-10-21configfile: add newline at the endJakob Unterwurzacher
For convenience for the user, add a newline at the end. Reported as #51 .
2016-10-16main: allow password change with -masterkeyJakob Unterwurzacher
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-04lint fixesValient Gough
2016-09-29reverse: use per-purpose nonce generationJakob Unterwurzacher
Also pull all the deterministic nonce code into fusefrontend_reverse to greatly simplify the normal code path.
2016-09-26reverse: switch from GCM-SIV to AES-SIVv1.1-beta1Jakob Unterwurzacher
GCM-SIV is not yet finalized, and the reference implemenation is painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-25Implement changes proposed by gosimple.Jakob Unterwurzacher
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25contentenc: add "ExternalNonce" modeJakob Unterwurzacher
This will be used for strong symlink encryption in reverse mode.
2016-09-25reverse: add gcmsiv flag and associated testsJakob Unterwurzacher
2016-09-25contentenc: add GCM-SIV supportJakob Unterwurzacher
Also add ReverseDummyNonce nonce generation.
2016-09-25cryptocore: add support for GCM-SIVJakob Unterwurzacher