aboutsummaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
10 daysfusefrontend: sharedstorage: lock truncate agains concurrent accessLockSharedStorage_rebase1Jakob Unterwurzacher
Prevent reads and writes concurrent with the truncate operation. It's racy on tmpfs and ext4 ( https://lore.kernel.org/all/18e9fa0f-ec31-9107-459c-ae1694503f87@gmail.com/t/ ) as evident by TestOpenTruncate test failures: === RUN TestOpenTruncate cluster_test.go:209: POSIX compliance issue: non-exlusive create failed with err=file exists doRead 16384215: corrupt block #0: cipher: message authentication failed ino16384215 fh8: RMW read failed: errno=5 cluster_test.go:214: iteration 1: WriteAt: write /tmp/gocryptfs-test-parent-1026/1358464214/TestOpenTruncate.1788296708.mnt2/foo: input/output error --- FAIL: TestOpenTruncate (0.06s) FAIL exit status 1 FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 7.880s Relates-to: https://github.com/rfjakob/gocryptfs/issues/56
2024-12-13fusefrontend: sharedstorage: add warnings for lock failureJakob Unterwurzacher
Complain loudly when the underlying storage does not support byte-range locks. https://github.com/rfjakob/gocryptfs/issues/754
2024-12-13fusefrontend: sharedstorage: retry read-path on EIO errorJakob Unterwurzacher
With -sharedstorage, when we get a decryption error, we lock the byte range and try again. This makes concurrent R/W safe agains torn writes. https://github.com/rfjakob/gocryptfs/issues/754
2024-12-13fusefrontend: sharedstorage: add file content byte-range locksJakob Unterwurzacher
As we must write complete ciphertext blocks (except at EOF), non-overlapping plaintext writes can overlap in the ciphertext. And because overlapping writes can turn the data into data soup (see TestPoCTornWrite) we serialize them using fcntl locking.
2024-12-13fusefrontend: sharedstorage: keep file header on truncateJakob Unterwurzacher
With -sharedstorage, we keep the on-disk file header. Other mounts may have the file ID cached so we cannot mess with it. This makes TestOpenTruncate pass.
2024-12-04fusefrontend: sharedstorage: use byte-range lock on file header creationJakob Unterwurzacher
Multiple host writing to the same empty file at the same time could have overwritten each other's newly created file header, leading to data corruption. Fix the race by placing a byte-range lock on the file when creating the file header.
2024-12-04passfile: drop byte counter from trailing garbage warningJakob Unterwurzacher
We don't know the exact value as we only read 2kiB. Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
2024-11-11Report inode number for the root nodeJakob Unterwurzacher
Now that https://github.com/hanwen/go-fuse/issues/399 has landed we can report an inode number for the root node. Fixes https://github.com/rfjakob/gocryptfs/issues/580
2024-11-11reverse: fix import sorting in root_node.goJakob Unterwurzacher
2024-09-03ctlsock: delete colliding orphaned socket fileJakob Unterwurzacher
Detect and delete an orphaned socket file that collides with the ctlsock we want to create. Fixes https://github.com/rfjakob/gocryptfs/issues/776
2024-09-02ctlsocksrv: move Listen() call hereJakob Unterwurzacher
Prep for solving https://github.com/rfjakob/gocryptfs/issues/776
2024-08-23reverse: fix force_ownerJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/809
2024-08-23readpassword: show where stdin is connectedJakob Unterwurzacher
Should make debugging situations like https://github.com/rfjakob/gocryptfs/issues/852 Empty stdin in mkinitcpio hook easier. Examples: $ echo -n "" | ./gocryptfs -init a Choose a password for protecting your files. Reading Password from stdin (connected to "pipe:[749878]") Got empty Password from stdin $ ./gocryptfs -init a < /dev/null Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/null") Got empty Password from stdin $ ./gocryptfs -init a < /dev/zero Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/zero") fatal: maximum password length of 2048 bytes exceeded $ ./gocryptfs -init a < /dev/full Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/full") fatal: maximum password length of 2048 bytes exceeded $ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/urandom") Your master key is: 4e45a317-595d8a2d-46493a30-97de86ef- 540c7364-f0acc297-dd6f2592-7d9a5c97 If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once. The gocryptfs filesystem has been created successfully. You can now mount it using: gocryptfs a MOUNTPOINT
2024-06-06stupidgcm: detect AES-GCM acceleration like crypto/tlsJakob Unterwurzacher
Instead of just looking for AES, also look for PCLMULQDQ, like crypto/tls does. Fixes: https://github.com/rfjakob/gocryptfs/issues/822
2024-05-17syscallcompat: Openat: always set O_CLOEXECJakob Unterwurzacher
Let's not leak fds to logger. Before: $ lsof -p $(pgrep logger) COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME logger 146410 jakob cwd DIR 253,0 4096 2 / logger 146410 jakob rtd DIR 253,0 4096 2 / logger 146410 jakob txt REG 253,0 41560 6293858 /usr/bin/logger logger 146410 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive logger 146410 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1 logger 146410 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6 logger 146410 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6 logger 146410 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4 logger 146410 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69 logger 146410 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6 logger 146410 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0 logger 146410 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2 logger 146410 jakob 0r FIFO 0,14 0t0 607727 pipe logger 146410 jakob 1w CHR 1,3 0t0 4 /dev/null logger 146410 jakob 2w CHR 1,3 0t0 4 /dev/null logger 146410 jakob 3u unix 0x0000000046d9c96b 0t0 607729 type=DGRAM (CONNECTED) logger 146410 jakob 10u DIR 0,33 80 7758 /tmp/tmp.lbUiEw9P6W/a After: $ lsof -p $(pgrep logger) COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME logger 147982 jakob cwd DIR 253,0 4096 2 / logger 147982 jakob rtd DIR 253,0 4096 2 / logger 147982 jakob txt REG 253,0 41560 6293858 /usr/bin/logger logger 147982 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive logger 147982 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1 logger 147982 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6 logger 147982 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6 logger 147982 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4 logger 147982 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69 logger 147982 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6 logger 147982 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0 logger 147982 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2 logger 147982 jakob 0r FIFO 0,14 0t0 609636 pipe logger 147982 jakob 1w CHR 1,3 0t0 4 /dev/null logger 147982 jakob 2w CHR 1,3 0t0 4 /dev/null logger 147982 jakob 3u unix 0x00000000bc46d033 0t0 610344 type=DGRAM (CONNECTED) Fixes https://github.com/rfjakob/gocryptfs/issues/846
2024-05-12Remove accidentially-committed generation_num packageJakob Unterwurzacher
This package is a failed experiment and should not have been committed. Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343
2024-05-05reverse: use incrementing inode number for gocryptfs.longname.*.name filesJakob Unterwurzacher
ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side, now we also want the .name files to NOT appear hardlinked when just looking at the inode number. Relates-to: https://github.com/rfjakob/gocryptfs/issues/802
2024-05-05inomap: export NextSpillIno()Jakob Unterwurzacher
This will be used in reverse mode. Switch to atomic increment to avoid a "nextSpillInoUnlocked" helper.
2024-05-05inomap: incorporate spillBit into the spillNext start valueJakob Unterwurzacher
This avoids the manual "| spillBit" logic.
2024-05-01reverse: use unique generation number for all nodesJakob Unterwurzacher
We used to present gocryptfs.longname.*.name files for hardlinked files as hardlinked to the kernel (same Node ID) which is wrong. Fix this by using a unique generation number for all nodes, which also fixes possible issues with inode reuse. Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did for forward mode with -sharedstorage. Fixes https://github.com/rfjakob/gocryptfs/issues/802
2024-04-19Add option to set FIDO2 verificatoin optioninvis-z
Add an option to specify user verification options for `fido2-assert -t` Options will be saved to config file Provide same functionality to #705 with simpler implementation Resolve #702
2024-03-13init_dir: use masterkey argPablo Mazzini
2024-03-09fusefrontend: fix excessive file fragmentation on BTRFSAlex Shumsky
2024-01-23go.mod: update all depsJakob Unterwurzacher
2023-09-15gocryptfs -speed: call testing.Init() to not panicJakob Unterwurzacher
Looks like I should have been calling testing.Init() all along. From https://pkg.go.dev/testing#Init : > Init is only needed when calling functions such as > Benchmark without using "go test". Panic only affected without_openssl builds and looks like this: $ ./gocryptfs -speed gocryptfs v2.4.0-2-g8b1c4b0-dirty without_openssl; go-fuse v2.3.0; 2023-09-15 go1.21.1 linux/amd64 cpu: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz; with AES acceleration AES-GCM-256-OpenSSL panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5a5d20] goroutine 7 [running]: testing.(*common).decorate(0x40d625?, {0xc00001c150, 0x2a}, 0x830601?) testing/testing.go:772 +0xa0 [...] Fixes: https://github.com/rfjakob/gocryptfs/issues/789 Relates-to: https://github.com/golang/go/issues/62666
2023-09-15nametransform: reject non-canonical base64Jakob Unterwurzacher
The test added in the earlier commit passes with this change.
2023-05-17fusefrontend: implement our own Access()Jakob Unterwurzacher
Not having Access() means go-fuse emulates it by looking at Getattr(). This works fine most of the time, but breaks down on sshfs, where sshfs-benchmark.bash shows this: gocryptfs/tests$ ./sshfs-benchmark.bash nuetzlich.net working directory: /tmp/sshfs-benchmark.bash.JQC sshfs mounted: nuetzlich.net:/tmp -> sshfs.mnt gocryptfs mounted: sshfs.mnt/sshfs-benchmark.bash.Wrz/gocryptfs.crypt -> gocryptfs.mnt sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 3.98 6.80 rsync 7.71 10.84 rm -R 4.30rm: descend into write-protected directory 'gocryptfs.mnt/git1'? The go-fuse emulation gets it wrong here because sshfs reports permissions but does not enforce them. Implement it ourselves properly.
2023-03-29fusefrontent: report correct size on hard link creationJakob Unterwurzacher
And add a test for it. Fixes https://github.com/rfjakob/gocryptfs/issues/724
2023-03-08speed: GoGCM: start at block size 16Jakob Unterwurzacher
BenchmarkGoGCMBlockSize/16-4 5499200 219.7 ns/op 72.83 MB/s BenchmarkGoGCMBlockSize/32-4 4497284 266.2 ns/op 120.22 MB/s BenchmarkGoGCMBlockSize/64-4 3296336 363.4 ns/op 176.10 MB/s BenchmarkGoGCMBlockSize/128-4 4204794 285.5 ns/op 448.36 MB/s BenchmarkGoGCMBlockSize/256-4 2928472 409.7 ns/op 624.83 MB/s BenchmarkGoGCMBlockSize/512-4 1825164 658.0 ns/op 778.09 MB/s BenchmarkGoGCMBlockSize/1024-4 1000000 1151 ns/op 889.98 MB/s BenchmarkGoGCMBlockSize/2048-4 560275 2135 ns/op 959.47 MB/s BenchmarkGoGCMBlockSize/4096-4 291906 4099 ns/op 999.28 MB/s BenchmarkGoGCMBlockSize/8192-4 148916 8033 ns/op 1019.83 MB/s BenchmarkGoGCMBlockSize/16384-4 75337 15911 ns/op 1029.75 MB/s BenchmarkGoGCMBlockSize/32768-4 37912 31651 ns/op 1035.30 MB/s BenchmarkGoGCMBlockSize/65536-4 19000 64287 ns/op 1019.43 MB/s BenchmarkGoGCMBlockSize/131072-4 9225 127636 ns/op 1026.92 MB/s BenchmarkGoGCMBlockSize/262144-4 4752 252300 ns/op 1039.02 MB/s BenchmarkGoGCMBlockSize/524288-4 2377 504612 ns/op 1038.99 MB/s BenchmarkGoGCMBlockSize/1048576-4 1183 1011637 ns/op 1036.51 MB/s
2023-03-08speed: add per-blocksize GoGCM benchmarksJakob Unterwurzacher
Only visible when you run "go test -bench" like this: $ cd gocryptfs/internal/speed $ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/speed cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkStupidGCM-4 202352 5937 ns/op 689.96 MB/s BenchmarkStupidGCMDecrypt-4 206023 5782 ns/op 708.38 MB/s BenchmarkGoGCM-4 291878 4098 ns/op 999.45 MB/s BenchmarkGoGCMBlockSize/1024-4 1000000 1151 ns/op 889.88 MB/s BenchmarkGoGCMBlockSize/2048-4 561182 2134 ns/op 959.60 MB/s BenchmarkGoGCMBlockSize/4096-4 292057 4101 ns/op 998.87 MB/s BenchmarkGoGCMBlockSize/8192-4 149216 8031 ns/op 1020.09 MB/s BenchmarkGoGCMBlockSize/16384-4 75361 15917 ns/op 1029.34 MB/s BenchmarkGoGCMBlockSize/32768-4 37916 31649 ns/op 1035.35 MB/s BenchmarkGoGCMBlockSize/65536-4 19005 63117 ns/op 1038.33 MB/s BenchmarkGoGCMBlockSize/131072-4 9498 126166 ns/op 1038.89 MB/s BenchmarkGoGCMBlockSize/262144-4 4755 252149 ns/op 1039.64 MB/s BenchmarkGoGCMBlockSize/524288-4 2377 504108 ns/op 1040.03 MB/s BenchmarkGoGCMBlockSize/1048576-4 1188 1008675 ns/op 1039.56 MB/s BenchmarkGoGCMDecrypt-4 294664 4059 ns/op 1009.02 MB/s BenchmarkAESSIV-4 46498 25432 ns/op 161.05 MB/s BenchmarkAESSIVDecrypt-4 46908 25509 ns/op 160.57 MB/s BenchmarkXchacha-4 244473 4894 ns/op 836.97 MB/s BenchmarkXchachaDecrypt-4 249710 4798 ns/op 853.75 MB/s BenchmarkStupidXchacha-4 166988 7101 ns/op 576.79 MB/s BenchmarkStupidXchachaDecrypt-4 163093 7240 ns/op 565.72 MB/s BenchmarkStupidChacha-4 184172 6527 ns/op 627.58 MB/s BenchmarkStupidChachaDecrypt-4 179796 6659 ns/op 615.11 MB/s PASS ok github.com/rfjakob/gocryptfs/v2/internal/speed 30.068s
2023-02-21fusefrontend: unbreak isConsecutiveWrite streaming write optimizationJakob Unterwurzacher
Commit 6196a5b5 got the logic inverted, hence we never set the last position markers. Fixes https://github.com/rfjakob/gocryptfs/issues/712
2023-02-21fusefrontend: doWrite: report readFileID errors as I/O errorJakob Unterwurzacher
It used to be reported as "function not implemented", accompanied with this log output: go-fuse: can't convert error type: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000 Now we report EIO and log this: doWrite 1372183: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
2023-02-21contentenc: simplify testRange tablesJakob Unterwurzacher
Get rid of this eyesore.
2023-01-08MANPAGE: scryptn: list how much memory is neededJakob Unterwurzacher
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ , and add benchmarks to double-check the numbers. They match.
2022-12-29make formatJakob Unterwurzacher
Run "make format" using go version go1.19.4 linux/amd64
2022-12-21go.mod: fix jacobsa/crypto build on riscv64Christian Stewart
Replace dependency jacobsa/crypto with a fork with support for riscv64. Issue: https://github.com/rfjakob/gocryptfs/issues/666 Upstream PR: https://github.com/jacobsa/crypto/issues/13 Unaddressed on jacobsa/crypto: https://github.com/jacobsa/crypto/pull/14#issuecomment-1182744229 Signed-off-by: Christian Stewart <christian@paral.in>
2022-08-28Replace remaining golang.org/x/crypto/ssh/terminal ref with golang.org/x/termJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/681 Fixes 2a25c3a8fda1f0918fd76687561b1a9c615298b9
2022-08-28make formatJakob Unterwurzacher
2022-08-28Add comment to pass Codacy Static Code AnalysisNekoGirlSAIKOU
2022-08-28Fix invalid -longnamemax for reverse modeNekoGirlSAIKOU
2022-08-15fix minor unreachable code caused by t.FatalAbirdcfly
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
2022-06-26Fix typosYuta Hayashibe
2022-04-02Fix reverse gocryptfs.conf access on macOSVal
Unlike the FUSE implementation on Linux, macFUSE doesn't cache the file attributes from the `LOOKUP` call, so it calls `GETATTR` prior to accessing a file. In the case of the `VirtualConfNode` (reverse config file passthrough), this resulted in the default `GETATTR` implementation returning an empty result, ultimately resulting in a "permission denied" error. 14:44:14.095207 rx 3: GETATTR n2 14:44:14.095229 tx 3: OK, {tA=1s {M0100000 SZ=0 L=0 0:0 0 0:8954996 A 0.000000 M 0.000000 C 0.000000}} 14:44:14.099943 rx 4: ACCESS n2 {u=501 g=20 r} 14:44:14.099990 tx 4: 13=permission denied By impementing `Getattr` (from `fs.NodeGetattrer`) on `VirtualConfNode` this solves the issue.
2022-01-27root_test: add TestOverlay ; syscallcompat: add QuirkNoUserXattrJakob Unterwurzacher
2022-01-22fusefrontend: fix "duplicate case" darwin build failureJakob Unterwurzacher
$ ./crossbuild.bash [...] + GOOS=darwin + GOARCH=amd64 + build + go build -tags without_openssl -o /dev/null internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch previous case at internal/fusefrontend/node.go:397:7 internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_EXCHANGE (value 0) in switch previous case at internal/fusefrontend/node.go:397:7 internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_WHITEOUT (value 0) in switch previous case at internal/fusefrontend/node.go:397:7 internal/fusefrontend/node.go:399:38: duplicate case syscallcompat.RENAME_NOREPLACE | syscallcompat.RENAME_WHITEOUT (value 0) in switch previous case at internal/fusefrontend/node.go:397:7
2022-01-22fusefrontend: support RENAME_WHITEOUT, RENAME_EXCHANGEJakob Unterwurzacher
Both new internal test and xfstests generic/013 are happy. https://github.com/rfjakob/gocryptfs/issues/641
2022-01-10fusefrontend: fix -force_owner not affecting MKNODJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/629
2022-01-03readpassword: bubble up errors instead of exiting the processJakob Unterwurzacher
This allows cleanups to happen in the caller, like removing the control socket. Fixes https://github.com/rfjakob/gocryptfs/issues/634
2021-12-19nametransform: fix oversight in commentJakob Unterwurzacher
2021-12-19fusefrontend: allow slashes in xattr namesJakob Unterwurzacher
xattr names have fewer restrictions than file names, relax the validation. Fixes https://github.com/rfjakob/gocryptfs/issues/627