aboutsummaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2021-06-26fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscallJakob Unterwurzacher
openBackingDir will be removed. Also, remove leftover debug printfs.
2021-06-26fusefrontend: convert openBackingDir tests to prepareAtSyscallJakob Unterwurzacher
openBackingDir will be removed.
2021-06-25fusefrontend: implement recursive diriv cachingJakob Unterwurzacher
The new contrib/maxlen.bash showed that we have exponential runtime with respect to directory depth. The new recursive diriv caching is a lot smarter as it caches intermediate lookups. maxlen.bash now completes in a few seconds. xfstests results same as https://github.com/rfjakob/fuse-xfstests/blob/2d158e4c82be85c15269af77498e353f928f4fab/screenlog.0 : Failures: generic/035 generic/062 generic/080 generic/093 generic/099 generic/215 generic/285 generic/319 generic/426 generic/444 generic/467 generic/477 generic/523 Failed 13 of 580 tests benchmark.bash results are identical: $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.BdQ: gocryptfs v2.0.1-17-g6b09bc0; go-fuse v2.1.1-0.20210611132105-24a1dfe6b4f8; 2021-06-25 go1.16.5 linux/amd64 /tmp/benchmark.bash.BdQ.mnt is a mountpoint WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,4821 s, 544 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,266061 s, 985 MB/s UNTAR: 8,280 MD5: 4,564 LS: 1,745 RM: 2,244
2021-06-21nametransform: rename BadNameFlag to BadnameSuffixJakob Unterwurzacher
2021-06-21nametransform: gather badname functions in badname.goJakob Unterwurzacher
2021-06-21nametransform: delete NameTransformer interfaceJakob Unterwurzacher
Useless layer of indirection.
2021-06-21Improve startup debug outputJakob Unterwurzacher
The startup debug output was very verbose but still missing some effective crypto settings.
2021-06-20nametransform: pass badname patterns via NewJakob Unterwurzacher
This means we can unexport the field.
2021-06-20fido2: hide "FIDO2" in gocryptfs.conf if not usedJakob Unterwurzacher
Result of: $ gocryptfs -init foo $ cat foo/gocryptfs.conf Before: { "Creator": "gocryptfs v2.0.1", "EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==", "ScryptObject": { "Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ], "FIDO2": { "CredentialID": null, "HMACSalt": null } } After: { "Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent", "EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==", "ScryptObject": { "Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ] }
2021-06-20Badname file content accessDerDonut
This proposal is the counterpart of the modifications from the `-badname` parameter. It modifies the plain -> cipher mapping for filenames when using `-badname` parameter. The new function `EncryptAndHashBadName` tries to find a cipher filename for the given plain name with the following steps: 1. If `badname` is disabled or direct mapping is successful: Map directly (default and current behaviour) 2. If a file with badname flag has a valid cipher file, this is returned (=File just ends with the badname flag) 3. If a file with a badname flag exists where only the badname flag was added, this is returned (=File cipher name could not be decrypted by function `DecryptName` and just the badname flag was added) 4. Search for all files which cipher file name extists when cropping more and more characters from the end. If only 1 file is found, return this 5. Return an error otherwise This allows file access in the file browsers but most important it allows that you rename files with undecryptable cipher names in the plain directories. Renaming those files will then generate a proper cipher filename One backdraft: When mounting the cipher dir with -badname parameter, you can never create (or rename to) files whose file name ends with the badname file flag (at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error. I modified the CLI test function to cover additional test cases. Test [Case 7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712) cannot be performed since the cli tests are executed in panic mode. The testing is stopped on error. Since the function`DecryptName` produces internal errors when hitting non-decryptable file names, this test was omitted. This implementation is a proposal where I tried to change the minimum amount of existing code. Another possibility would be instead of creating the new function `EncryptAndHashBadName` to modify the signature of the existing function `EncryptAndHashName(name string, iv []byte)` to `EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the functionality into this function directly. You may allow calling with dirfd=-1 or other invalid values an then performing the current functionality.
2021-06-06fusefronted: report plaintext size on symlink creationJakob Unterwurzacher
gocryptfs 2.0 introduced the regression that the size reported at symlink creation was the ciphertext size, which is wrong. Report the plaintext size. Fixes https://github.com/rfjakob/gocryptfs/issues/574
2021-06-05syscallcompat: drop obsolete wrappersJakob Unterwurzacher
These are now available cross-platform in the unix package.
2021-06-03fido2: quote argument strings in debug outputJakob Unterwurzacher
Tested using gocryptfs -init -debug -fido2 "hello world" cipherdir Output before: callFidoCommand: executing "/usr/bin/fido2-cred" with args [fido2-cred -M -h -v hello world] After: callFidoCommand: executing "/usr/bin/fido2-cred" with args ["fido2-cred" "-M" "-h" "-v" "hello world"] Related: https://github.com/rfjakob/gocryptfs/issues/571
2021-06-02fusefrontend: run acl Setxattr in user contextJakob Unterwurzacher
The result of setting an acl depends on who runs the operation! Fixes fuse-xfstests generic/375 (see https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-05-19)
2021-06-02fusefrontend: catch ReadAt integer overflowJakob Unterwurzacher
Discovered by xfstests generic/564 . Failure was: generic/564 - output mismatch (see /opt/fuse-xfstests/results//generic/564.out.bad) --- tests/generic/564.out 2021-05-08 21:11:05.307395966 +0200 +++ /opt/fuse-xfstests/results//generic/564.out.bad 2021-05-19 19:01:16.912888879 +0200 @@ -31,7 +31,7 @@ source range beyond 8TiB returns 0 destination range beyond 8TiB returns EFBIG -copy_range: File too large +copy_range: Function not implemented
2021-06-02nametransform: check name validity on encryptionJakob Unterwurzacher
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
2021-05-29fusefrontend: list "." and ".." in dir entriesJakob Unterwurzacher
Fixes xfstests generic/401
2021-05-29fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLEJakob Unterwurzacher
In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html
2021-05-26contentenc: add PlainOffToCipherOff helperJakob Unterwurzacher
Will be used for improving Lseek()
2021-05-26contentenc: fix CipherSizeToPlainSize non-monoticityJakob Unterwurzacher
For an illegal cipherSize, pretend we have an additional 1-byte block. See code comment for details.
2021-05-26contentenc: update commentsJakob Unterwurzacher
Also, replace one open-coded calculation with a helper function.
2021-05-26tests: contentenc: add TestSizeToSizeJakob Unterwurzacher
TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize. Fails at the moment due to CipherSizeToPlainSize non-moniticity.
2021-05-26syscallcompat: add GetdentsSpecial()Jakob Unterwurzacher
GetdentsSpecial calls then Getdents syscall, with normal entries and "." / ".." split into two slices.
2021-05-26stupidgcm: prefer Go stdlib over OpenSSL on Apple M1Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/556
2021-05-22syscallcompat: also refactor MkdiratUser on GOOS=darwinJakob Unterwurzacher
Breakage was: +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl internal/fusefrontend/node_dir_ops.go:45:34: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser internal/fusefrontend/node_dir_ops.go:83:35: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser
2021-05-22syscallcompat: refactor MkdiratUser to take fuse.ContextJakob Unterwurzacher
Let's have MkdiratUser take fuse.Context like everybody else.
2021-05-22syscallcompat: deduplicate OpenatUser/MknodatUser/SymlinkatUser/MkdiratUserJakob Unterwurzacher
Turns out the whole euid switching logic can be shared when wrapping the syscall in a closure.
2021-05-18fsck: redirect go-fuse noise to syslogJakob Unterwurzacher
2021-05-18-speed: note that XChaCha20 is not selectableJakob Unterwurzacher
This is unclear to users, as seen on https://github.com/rfjakob/gocryptfs/issues/452#issuecomment-828836651
2021-05-15fusefrontend: fix RENAME_NOREPLACE darwin build failureJakob Unterwurzacher
Error was: internal/fusefrontend/node.go:371:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch previous case at internal/fusefrontend/node.go:368:7 Rewrite using "if"s instead.
2021-05-08fusefrontend: avoid duplicate const definitionJakob Unterwurzacher
RENAME_NOREPLACE is already defined in syscallcompat.
2021-05-08fusefrontend: reject broken RENAME_EXCHANGE and RENAME_WHITEOUTJakob Unterwurzacher
Discovered by xfstests generic/013: or implementation for RENAME_EXCHANGE and RENAME_WHITEOUT is incomplete. Reject the flags so that the caller retries with regular rename.
2021-04-07fusefrontend: make dirCache work for "node itself"Jakob Unterwurzacher
"node itself" can be converted to node + child by ascending one level. Performance gains are spectacular, as will be seen in the next commit.
2021-04-05fusefrontend: print dirCache stats after unmountJakob Unterwurzacher
2021-04-04fs: more idiomatic dirCache struct namingJakob Unterwurzacher
2021-04-03fs: add initial dirfd cachingJakob Unterwurzacher
dirfd caching was temporarily removed when moving to the v2api. Add it back to gain back some lost speed.
2021-04-03tests: fusefronted: fix TestOpenBackingDirJakob Unterwurzacher
This test only worked accidentially, and would break once dirfd caching is added. fs.Mkdir(..., "dir1/dir2", ...) is illegal (child name cannot contain slashes).
2021-04-03fusefronted: replace last rn.openBackingDir() callsJakob Unterwurzacher
Use the n.prepareAtSyscall() wrapper instead. Prepares for adding caching into n.prepareAtSyscall().
2021-03-21fusefronted: move Create() and Open() to new fileJakob Unterwurzacher
And deduplicate the code a little.
2021-03-21fusefrontend: -sharedstorage: fix TestRmwRace failureJakob Unterwurzacher
The Open() and Create() paths used different inode numbers, which broke openfiletable locking against concurred readers.
2021-03-14syscallcompat: getdents: link to #483Jakob Unterwurzacher
Give a user receiving the Getdents warning some background info.
2021-03-07v2api: -sharestorage: disable hard link tracking & add testsJakob Unterwurzacher
Hard link tracking was not correctly disabled since the migration to the go-fuse v2 api. Add a test to ensure it stays off. Fixes https://github.com/rfjakob/gocryptfs/issues/525
2021-02-07fusefrontend: do not encrypt ACLsJakob Unterwurzacher
Pass through system.posix_acl_access and system.posix_acl_default unencrypted to fix "cp -a" problems. "cp -a" uses "setxattr" even to set normal permissions, see https://www.spinics.net/lists/linux-nfs/msg63986.html . Fixes https://github.com/rfjakob/gocryptfs/issues/543
2021-02-06syscallcompat: MknodatUser: work around changed syscall.Setgroups semanticsJakob Unterwurzacher
Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c , https://go-review.googlesource.com/c/go/+/210639 ) syscall.{Setgroups,Setregid,Setreuid} affects all threads, which is exactly what we not want. We now use unix.{Setgroups,Setregid,Setreuid} instead. Workarounds https://github.com/golang/go/issues/1435 .
2021-01-10nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files ↵Jakob Unterwurzacher
world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539
2021-01-10nametransform: move permission constants to perms.goJakob Unterwurzacher
Prep for https://github.com/rfjakob/gocryptfs/issues/539
2020-12-20main: add "-kernel_cache" flaggmd20
This option is similar to fuse(8) kernel_cache Verified using vmtouch. Without -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011159 seconds Files: 1 Directories: 0 Resident Pages: 0/2560 0/10M 0% Elapsed: 0.000993 seconds With -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011564 seconds Files: 1 Directories: 0 Resident Pages: 2560/2560 10M/10M 100% Elapsed: 0.000369 seconds
2020-11-10fusefrontend_reverse: fix GETATTR panicJakob Unterwurzacher
We don't implement Getattr(), so don't try to call it. Reported at https://github.com/rfjakob/gocryptfs/issues/519#issuecomment-718790790 : 15:22:53.414101 rx 3344: READ n2565 {Fh 7 [42143744 +131072) L 0 RDONLY,0x8000} 15:22:53.414274 rx 3342: READ n2565 {Fh 7 [42012672 +131072) L 0 RDONLY,0x8000} 15:22:53.414787 rx 3346: READ n2565 {Fh 7 [42274816 +131072) L 0 RDONLY,0x8000} 15:22:53.414806 tx 3336: OK, 131072b data "\xcb\xd3<\"!-\xa7\xc4"... 15:22:53.414874 rx 3348: GETATTR n1446 {Fh 0} panic: interface conversion: *fusefrontend_reverse.File is not fs.FileGetattrer: missing method Getattr goroutine 451 [running]: github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse.(*Node).Getattr(0xc00034c880, 0x5620579784c0, 0xc000593e60, 0x562057939800, 0xc000218050, 0xc0000fc108, 0x0) github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse/node.go:69 +0x273 github.com/hanwen/go-fuse/v2/fs.(*rawBridge).getattr(0xc00011e000, 0x5620579784c0, 0xc000593e60, 0xc00034c880, 0x562057939800, 0xc000218050, 0xc0000fc108, 0xbfded1ef58ba7b13) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fs/bridge.go:500 +0x2d4 github.com/hanwen/go-fuse/v2/fs.(*rawBridge).GetAttr(0xc00011e000, 0xc0000e0000, 0xc0000fc198, 0xc0000fc108, 0x0) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fs/bridge.go:488 +0x11c github.com/hanwen/go-fuse/v2/fuse.doGetAttr(0xc000120000, 0xc0000fc000) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/opcode.go:287 +0x6f github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0xc000120000, 0xc0000fc000, 0xc000000000) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:472 +0x2c1 github.com/hanwen/go-fuse/v2/fuse.(*Server).loop(0xc000120000, 0xc000288001) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:445 +0x18c created by github.com/hanwen/go-fuse/v2/fuse.(*Server).readRequest github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:312 +0x419
2020-10-19Drop two more generated filesJakob Unterwurzacher
These were committed by mistake.
2020-10-19Drop generated filesJakob Unterwurzacher
These were committed by mistake.