aboutsummaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2021-07-29fusefrontend: implement fsync on directoriesJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/587
2021-07-29fido2: actually drop `-v` flagJakob Unterwurzacher
Commit 2a9d70d48f4cc715a6864849cdec91ab08b6fd03 only dropped the flag on mount but not on `-init`. Also drop it on `-init`. Fixes https://github.com/rfjakob/gocryptfs/issues/571 (part II)
2021-06-27fido2: drop `-v` option (PIN request)Jakob Unterwurzacher
We used to pass `-v` on `gocryptfs -init` but not for mount, which seems strange by itself, but more importantly, `-v` does not work on Yubikeys. Drop `-v`. Fixes https://github.com/rfjakob/gocryptfs/issues/571
2021-06-27fido2: pretty-print fidoCommand in debug outputJakob Unterwurzacher
Related: https://github.com/rfjakob/gocryptfs/issues/571
2021-06-26fusefrontend: delete openBackingDirJakob Unterwurzacher
2021-06-26fusefrontend: convert last callers from openBackingDir to prepareAtSyscallJakob Unterwurzacher
2021-06-26fusefrontend: ctlsock: get rid of unneccessary wrapper functionJakob Unterwurzacher
2021-06-26fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscallJakob Unterwurzacher
openBackingDir will be removed. Also, remove leftover debug printfs.
2021-06-26fusefrontend: convert openBackingDir tests to prepareAtSyscallJakob Unterwurzacher
openBackingDir will be removed.
2021-06-25fusefrontend: implement recursive diriv cachingJakob Unterwurzacher
The new contrib/maxlen.bash showed that we have exponential runtime with respect to directory depth. The new recursive diriv caching is a lot smarter as it caches intermediate lookups. maxlen.bash now completes in a few seconds. xfstests results same as https://github.com/rfjakob/fuse-xfstests/blob/2d158e4c82be85c15269af77498e353f928f4fab/screenlog.0 : Failures: generic/035 generic/062 generic/080 generic/093 generic/099 generic/215 generic/285 generic/319 generic/426 generic/444 generic/467 generic/477 generic/523 Failed 13 of 580 tests benchmark.bash results are identical: $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.BdQ: gocryptfs v2.0.1-17-g6b09bc0; go-fuse v2.1.1-0.20210611132105-24a1dfe6b4f8; 2021-06-25 go1.16.5 linux/amd64 /tmp/benchmark.bash.BdQ.mnt is a mountpoint WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,4821 s, 544 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,266061 s, 985 MB/s UNTAR: 8,280 MD5: 4,564 LS: 1,745 RM: 2,244
2021-06-21nametransform: rename BadNameFlag to BadnameSuffixJakob Unterwurzacher
2021-06-21nametransform: gather badname functions in badname.goJakob Unterwurzacher
2021-06-21nametransform: delete NameTransformer interfaceJakob Unterwurzacher
Useless layer of indirection.
2021-06-21Improve startup debug outputJakob Unterwurzacher
The startup debug output was very verbose but still missing some effective crypto settings.
2021-06-20nametransform: pass badname patterns via NewJakob Unterwurzacher
This means we can unexport the field.
2021-06-20fido2: hide "FIDO2" in gocryptfs.conf if not usedJakob Unterwurzacher
Result of: $ gocryptfs -init foo $ cat foo/gocryptfs.conf Before: { "Creator": "gocryptfs v2.0.1", "EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==", "ScryptObject": { "Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ], "FIDO2": { "CredentialID": null, "HMACSalt": null } } After: { "Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent", "EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==", "ScryptObject": { "Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ] }
2021-06-20Badname file content accessDerDonut
This proposal is the counterpart of the modifications from the `-badname` parameter. It modifies the plain -> cipher mapping for filenames when using `-badname` parameter. The new function `EncryptAndHashBadName` tries to find a cipher filename for the given plain name with the following steps: 1. If `badname` is disabled or direct mapping is successful: Map directly (default and current behaviour) 2. If a file with badname flag has a valid cipher file, this is returned (=File just ends with the badname flag) 3. If a file with a badname flag exists where only the badname flag was added, this is returned (=File cipher name could not be decrypted by function `DecryptName` and just the badname flag was added) 4. Search for all files which cipher file name extists when cropping more and more characters from the end. If only 1 file is found, return this 5. Return an error otherwise This allows file access in the file browsers but most important it allows that you rename files with undecryptable cipher names in the plain directories. Renaming those files will then generate a proper cipher filename One backdraft: When mounting the cipher dir with -badname parameter, you can never create (or rename to) files whose file name ends with the badname file flag (at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error. I modified the CLI test function to cover additional test cases. Test [Case 7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712) cannot be performed since the cli tests are executed in panic mode. The testing is stopped on error. Since the function`DecryptName` produces internal errors when hitting non-decryptable file names, this test was omitted. This implementation is a proposal where I tried to change the minimum amount of existing code. Another possibility would be instead of creating the new function `EncryptAndHashBadName` to modify the signature of the existing function `EncryptAndHashName(name string, iv []byte)` to `EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the functionality into this function directly. You may allow calling with dirfd=-1 or other invalid values an then performing the current functionality.
2021-06-06fusefronted: report plaintext size on symlink creationJakob Unterwurzacher
gocryptfs 2.0 introduced the regression that the size reported at symlink creation was the ciphertext size, which is wrong. Report the plaintext size. Fixes https://github.com/rfjakob/gocryptfs/issues/574
2021-06-05syscallcompat: drop obsolete wrappersJakob Unterwurzacher
These are now available cross-platform in the unix package.
2021-06-03fido2: quote argument strings in debug outputJakob Unterwurzacher
Tested using gocryptfs -init -debug -fido2 "hello world" cipherdir Output before: callFidoCommand: executing "/usr/bin/fido2-cred" with args [fido2-cred -M -h -v hello world] After: callFidoCommand: executing "/usr/bin/fido2-cred" with args ["fido2-cred" "-M" "-h" "-v" "hello world"] Related: https://github.com/rfjakob/gocryptfs/issues/571
2021-06-02fusefrontend: run acl Setxattr in user contextJakob Unterwurzacher
The result of setting an acl depends on who runs the operation! Fixes fuse-xfstests generic/375 (see https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-05-19)
2021-06-02fusefrontend: catch ReadAt integer overflowJakob Unterwurzacher
Discovered by xfstests generic/564 . Failure was: generic/564 - output mismatch (see /opt/fuse-xfstests/results//generic/564.out.bad) --- tests/generic/564.out 2021-05-08 21:11:05.307395966 +0200 +++ /opt/fuse-xfstests/results//generic/564.out.bad 2021-05-19 19:01:16.912888879 +0200 @@ -31,7 +31,7 @@ source range beyond 8TiB returns 0 destination range beyond 8TiB returns EFBIG -copy_range: File too large +copy_range: Function not implemented
2021-06-02nametransform: check name validity on encryptionJakob Unterwurzacher
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
2021-05-29fusefrontend: list "." and ".." in dir entriesJakob Unterwurzacher
Fixes xfstests generic/401
2021-05-29fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLEJakob Unterwurzacher
In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html
2021-05-26contentenc: add PlainOffToCipherOff helperJakob Unterwurzacher
Will be used for improving Lseek()
2021-05-26contentenc: fix CipherSizeToPlainSize non-monoticityJakob Unterwurzacher
For an illegal cipherSize, pretend we have an additional 1-byte block. See code comment for details.
2021-05-26contentenc: update commentsJakob Unterwurzacher
Also, replace one open-coded calculation with a helper function.
2021-05-26tests: contentenc: add TestSizeToSizeJakob Unterwurzacher
TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize. Fails at the moment due to CipherSizeToPlainSize non-moniticity.
2021-05-26syscallcompat: add GetdentsSpecial()Jakob Unterwurzacher
GetdentsSpecial calls then Getdents syscall, with normal entries and "." / ".." split into two slices.
2021-05-26stupidgcm: prefer Go stdlib over OpenSSL on Apple M1Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/556
2021-05-22syscallcompat: also refactor MkdiratUser on GOOS=darwinJakob Unterwurzacher
Breakage was: +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl internal/fusefrontend/node_dir_ops.go:45:34: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser internal/fusefrontend/node_dir_ops.go:83:35: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser
2021-05-22syscallcompat: refactor MkdiratUser to take fuse.ContextJakob Unterwurzacher
Let's have MkdiratUser take fuse.Context like everybody else.
2021-05-22syscallcompat: deduplicate OpenatUser/MknodatUser/SymlinkatUser/MkdiratUserJakob Unterwurzacher
Turns out the whole euid switching logic can be shared when wrapping the syscall in a closure.
2021-05-18fsck: redirect go-fuse noise to syslogJakob Unterwurzacher
2021-05-18-speed: note that XChaCha20 is not selectableJakob Unterwurzacher
This is unclear to users, as seen on https://github.com/rfjakob/gocryptfs/issues/452#issuecomment-828836651
2021-05-15fusefrontend: fix RENAME_NOREPLACE darwin build failureJakob Unterwurzacher
Error was: internal/fusefrontend/node.go:371:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch previous case at internal/fusefrontend/node.go:368:7 Rewrite using "if"s instead.
2021-05-08fusefrontend: avoid duplicate const definitionJakob Unterwurzacher
RENAME_NOREPLACE is already defined in syscallcompat.
2021-05-08fusefrontend: reject broken RENAME_EXCHANGE and RENAME_WHITEOUTJakob Unterwurzacher
Discovered by xfstests generic/013: or implementation for RENAME_EXCHANGE and RENAME_WHITEOUT is incomplete. Reject the flags so that the caller retries with regular rename.
2021-04-07fusefrontend: make dirCache work for "node itself"Jakob Unterwurzacher
"node itself" can be converted to node + child by ascending one level. Performance gains are spectacular, as will be seen in the next commit.
2021-04-05fusefrontend: print dirCache stats after unmountJakob Unterwurzacher
2021-04-04fs: more idiomatic dirCache struct namingJakob Unterwurzacher
2021-04-03fs: add initial dirfd cachingJakob Unterwurzacher
dirfd caching was temporarily removed when moving to the v2api. Add it back to gain back some lost speed.
2021-04-03tests: fusefronted: fix TestOpenBackingDirJakob Unterwurzacher
This test only worked accidentially, and would break once dirfd caching is added. fs.Mkdir(..., "dir1/dir2", ...) is illegal (child name cannot contain slashes).
2021-04-03fusefronted: replace last rn.openBackingDir() callsJakob Unterwurzacher
Use the n.prepareAtSyscall() wrapper instead. Prepares for adding caching into n.prepareAtSyscall().
2021-03-21fusefronted: move Create() and Open() to new fileJakob Unterwurzacher
And deduplicate the code a little.
2021-03-21fusefrontend: -sharedstorage: fix TestRmwRace failureJakob Unterwurzacher
The Open() and Create() paths used different inode numbers, which broke openfiletable locking against concurred readers.
2021-03-14syscallcompat: getdents: link to #483Jakob Unterwurzacher
Give a user receiving the Getdents warning some background info.
2021-03-07v2api: -sharestorage: disable hard link tracking & add testsJakob Unterwurzacher
Hard link tracking was not correctly disabled since the migration to the go-fuse v2 api. Add a test to ensure it stays off. Fixes https://github.com/rfjakob/gocryptfs/issues/525
2021-02-07fusefrontend: do not encrypt ACLsJakob Unterwurzacher
Pass through system.posix_acl_access and system.posix_acl_default unencrypted to fix "cp -a" problems. "cp -a" uses "setxattr" even to set normal permissions, see https://www.spinics.net/lists/linux-nfs/msg63986.html . Fixes https://github.com/rfjakob/gocryptfs/issues/543