Age | Commit message (Collapse) | Author |
|
The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
|
|
Now that stupidgcm supports xchacha, make it available
on mount.
|
|
New() -> NewAES256GCM()
Also add missing NewChacha20poly1305
constructor in without_openssl.go.
|
|
$ ./gocryptfs -speed
gocryptfs v2.1-56-gdb1466f-dirty.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-02 go1.17 linux/amd64
AES-GCM-256-OpenSSL 529.53 MB/s
AES-GCM-256-Go 833.85 MB/s (selected in auto mode)
AES-SIV-512-Go 155.27 MB/s
XChaCha20-Poly1305-Go 715.33 MB/s (use via -xchacha flag)
XChaCha20-Poly1305-OpenSSL 468.94 MB/s
https://github.com/rfjakob/gocryptfs/issues/452
|
|
Have the information in one centralized place,
and access it from main as needed.
|
|
Mount flag only at the moment, not saved to gocryptfs.conf.
https://github.com/rfjakob/gocryptfs/issues/452
|
|
Our git version is v2+ for some time now, but go.mod
still declared v1. Hopefully making both match makes
https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work.
All the import paths have been fixed like this:
find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
|
|
The IVLen var seems be a net loss in clarity. Drop it.
Also add comments and normalize error messages.
|
|
The startup debug output was very verbose but still missing some
effective crypto settings.
|
|
A few places have called tlog.Warn.Print, which directly
calls into log.Logger due to embedding, losing all features
of tlog.
Stop embedding log.Logger to make sure the internal functions
cannot be called accidentially and fix (several!) instances
that did.
|
|
We now print the number in a debug message, so define
the numeric values explicitely instead of using iota.
This way you don't have to understand how iota works
to find out what the number means. Lack of understanding
of how iota works is also the reason why the numbers
start at 3 (to keep the current behavoir).
|
|
Zero the HKDF-derived keys when we don't need them
anymore, and let the variable run of of scope.
https://github.com/rfjakob/gocryptfs/issues/211
|
|
While reading the code, I had to think about what it
does, so add a comment that explains it.
|
|
Relieves the caller from worrying about whether they
can overwrite the key.
|
|
Raise the bar for recovering keys from memory.
https://github.com/rfjakob/gocryptfs/issues/211
|
|
https://goreportcard.com/report/github.com/rfjakob/gocryptfs#misspell
|
|
Remove the "Masterkey" field from fusefrontend.Args because it
should not be stored longer than neccessary. Instead pass the
masterkey as a separate argument to the filesystem initializers.
Then overwrite it with zeros immediately so we don't have
to wait for garbage collection.
Note that the crypto implementation still stores at least a
masterkey-derived value, so this change makes it harder, but not
impossible, to extract the encryption keys from memory.
Suggested at https://github.com/rfjakob/gocryptfs/issues/137
|
|
These should make it easier to re-implement the key derivation
that was enabled with the "HKDF" feature flag.
|
|
|
|
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 .
|
|
...but keep it disabled by default for new filesystems.
We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
|
|
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
|
|
Yields a nice reduction in code size.
|
|
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.
"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
|
|
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.
Note that you have to upgrade your EME package (go get -u)!
|
|
We want all panics to show up in the syslog.
|
|
These should help prevent later programming errors.
|
|
|
|
As we now also support AES-SIV the old name is no longer
correct.
|
|
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
|
|
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
|
|
Also add ReverseDummyNonce nonce generation.
|
|
|
|
|
|
|
|
|
|
|