aboutsummaryrefslogtreecommitdiff
path: root/internal/cryptocore
AgeCommit message (Collapse)Author
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2017-08-21Fix misspellings reported by goreportcard.comJakob Unterwurzacher
https://goreportcard.com/report/github.com/rfjakob/gocryptfs#misspell
2017-08-16cryptocore: add urandom + randprefetch benchmarksJakob Unterwurzacher
The benchmark that supported the decision for 512-byte prefetching previously lived outside the repo. Let's add it where it belongs so it cannot get lost.
2017-08-11main: purge masterkey from memory as soon as possibleJakob Unterwurzacher
Remove the "Masterkey" field from fusefrontend.Args because it should not be stored longer than neccessary. Instead pass the masterkey as a separate argument to the filesystem initializers. Then overwrite it with zeros immediately so we don't have to wait for garbage collection. Note that the crypto implementation still stores at least a masterkey-derived value, so this change makes it harder, but not impossible, to extract the encryption keys from memory. Suggested at https://github.com/rfjakob/gocryptfs/issues/137
2017-07-14macos: make testing without openssl work properlyJakob Unterwurzacher
On MacOS, building and testing without openssl is much easier. The tests should skip tests that fail because of missing openssl instead of aborting. Fixes https://github.com/rfjakob/gocryptfs/issues/123
2017-06-11cryptocore: prefetch nonces in the backgroundJakob Unterwurzacher
Spawn a worker goroutine that reads the next 512-byte block while the current one is being drained. This should help reduce waiting times when /dev/urandom is very slow (like on Linux 3.16 kernels).
2017-06-09cryptocore: prefetch nonces in 512-byte blocksJakob Unterwurzacher
On my machine, reading 512-byte blocks from /dev/urandom (same via getentropy syscall) is a lot faster in terms of throughput: Blocksize Throughput 16 28.18 MB/s 512 83.75 MB/s For a single-threaded streaming write, this drops the CPU usage of nonceGenerator.Get to almost 1/3: flat flat% sum% cum cum% Before 0 0% 95.08% 0.35s 2.92% github.com/rfjakob/gocryptfs/internal/cryptocore.(*nonceGenerator).Get After 0.01s 0.092% 92.34% 0.13s 1.20% github.com/rfjakob/gocryptfs/internal/cryptocore.(*nonceGenerator).Get This change makes the nonce reading single-threaded, which may hurt massively-parallel writes.
2017-06-07cryptocore: remove lastNonce checkJakob Unterwurzacher
This check would need locking to be multithreading-safe. But as it is in the fastpath, just remove it. rand.Read() already guarantees that the value is random.
2017-05-27cryptocore: improve comments and add tests for hkdfDeriveJakob Unterwurzacher
These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag.
2017-04-29fix golint complaintsJakob Unterwurzacher
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-03-05full stack: implement HKDF supportJakob Unterwurzacher
...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it.
2017-03-05configfile: switch to 128-bit IVs for master key encryptionJakob Unterwurzacher
There is no security reason for doing this, but it will allow to consolidate the code once we drop compatibility with gocryptfs v1.2 (and earlier) filesystems.
2017-03-05Drop Go 1.4 compatability code everywhereJakob Unterwurzacher
Yields a nice reduction in code size.
2017-03-05cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum"Jakob Unterwurzacher
There are two independent backends, one for name encryption, the other one, AEAD, for file content. "BackendTypeEnum" only applies to AEAD (file content), so make that clear in the name.
2017-03-05cryptocore: use eme v1.1 interfaceJakob Unterwurzacher
Version 1.1 of the EME package (github.com/rfjakob/eme) added a more convenient interface. Use it. Note that you have to upgrade your EME package (go get -u)!
2016-12-10Replace all calls to naked panic() with log.Panic()Jakob Unterwurzacher
We want all panics to show up in the syslog.
2016-10-24Fix misspellingsJakob Unterwurzacher
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-09reverse: add panics against API abuseJakob Unterwurzacher
These should help prevent later programming errors.
2016-10-04A few more lint fixesJakob Unterwurzacher
2016-10-04lint fixesValient Gough
2016-10-04tests: skip tests with -openssl=false on Go 1.4 and lowerJakob Unterwurzacher
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes a panic in the test.
2016-10-04cryptocore: rename "gcm" variable to generic "aeadCipher"Jakob Unterwurzacher
As we now also support AES-SIV the old name is no longer correct.
2016-10-04cryptocore: derive 512-bit key for AES-SIVJakob Unterwurzacher
AES-SIV uses 1/2 of the key for authentication, 1/2 for encryption, so we need a 64-byte key for AES-256. Derive it from the master key by hashing it with SHA-512.
2016-09-26reverse: switch from GCM-SIV to AES-SIVv1.1-beta1Jakob Unterwurzacher
GCM-SIV is not yet finalized, and the reference implemenation is painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-25contentenc: add GCM-SIV supportJakob Unterwurzacher
Also add ReverseDummyNonce nonce generation.
2016-09-25cryptocore: add support for GCM-SIVJakob Unterwurzacher
2016-07-31cryptocore: comment why 96-bit IVs are still supportedJakob Unterwurzacher
2016-07-06Add godoc comments to all internal packagesJakob Unterwurzacher
2016-06-15Rename internal "toggledlog" package to "tlog"Jakob Unterwurzacher
tlog is used heavily everywhere and deserves a shorter name. Renamed using sed magic, without any manual rework: find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-05-05stupidgcm: skip tests on Go 1.4 and olderJakob Unterwurzacher
Quoting from the patch: We compare against Go's built-in GCM implementation. Since stupidgcm only supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot run these tests on older Go versions.
2016-05-05cryptocore: support Go 1.4 in testsJakob Unterwurzacher
2016-05-04stupidgcm: completely replace spacemonkeygo/opensslJakob Unterwurzacher
2016-05-04cryptocore: add API testsJakob Unterwurzacher
2016-03-03Fix Go 1.4 build failure caused by a refactoring oversightJakob Unterwurzacher
2016-02-06Run go fmtJakob Unterwurzacher
2016-02-06Major refactoring: Split up "cryptfs" into several internal packagesJakob Unterwurzacher
"git status" for reference: deleted: cryptfs/cryptfs.go deleted: cryptfs/names_core.go modified: integration_tests/cli_test.go modified: integration_tests/helpers.go renamed: cryptfs/config_file.go -> internal/configfile/config_file.go renamed: cryptfs/config_test.go -> internal/configfile/config_test.go renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf renamed: cryptfs/kdf.go -> internal/configfile/kdf.go renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go new file: internal/contentenc/content_api.go renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go new file: internal/cryptocore/crypto_api.go renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go new file: internal/nametransform/name_api.go new file: internal/nametransform/names_core.go renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go new file: internal/nametransform/pad16.go renamed: cryptfs/log.go -> internal/toggledlog/log.go renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go modified: main.go modified: masterkey.go modified: pathfs_frontend/file.go modified: pathfs_frontend/file_holes.go modified: pathfs_frontend/fs.go modified: pathfs_frontend/fs_dir.go modified: pathfs_frontend/names.go modified: test.bash