summaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2016-11-10ctlsock: add initial limited implementationJakob Unterwurzacher
At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths.
2016-11-09nametransform: get rid of leading "./"Jakob Unterwurzacher
Paths in the root directory were encrypted to this: foobar -> ./N9vPc0gXUY4PDSt0-muYXQ==
2016-11-06nametransform: nicer error message on empty gocryptfs.dirivJakob Unterwurzacher
Old: Nov 06 13:34:38 brikett gocryptfs[16228]: ReadDirIVAt: Read failed: EOF Nov 06 13:34:38 brikett gocryptfs[16228]: go-fuse: can't convert error type: EOF New: Nov 06 14:08:43 brikett gocryptfs[17361]: ReadDirIVAt: wanted 16 bytes, got 0. Returning EINVAL.
2016-11-01Add Go 1.4 compatibility layer for raw64Jakob Unterwurzacher
Using raw64 will not work, but at least it will compile.
2016-11-01Add support for unpadded base64 filenames, "-raw64"Jakob Unterwurzacher
Through base64.RawURLEncoding. New command-line parameter "-raw64".
2016-11-01fusefronted: expire dir IV cache after one secondJakob Unterwurzacher
The Back In Time backup tool (https://github.com/bit-team/backintime) wants to write directly into the ciphertext dir. This may cause the cached directory IV to become out-of-date. Having an expiry time limits the inconstency to one second, like attr_timeout does for the kernel getattr cache.
2016-11-01fusefrontend: refactor dirIVCacheJakob Unterwurzacher
Simplify the code a bit.
2016-10-30fusefrontend: drop atime workaroundsJakob Unterwurzacher
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged. Drop the workarounds and re-enable the tests.
2016-10-28fusefronted: more concise corrupt block log messageJakob Unterwurzacher
Calculating the block offset is easy enough, even more now that gocryptfs-xray exists.
2016-10-28fusefrontend: I/O error instead of panic on all-zero nonceJakob Unterwurzacher
Running xfstests generic/075 on tmpfs often triggered a panic for what seems to be a tmpfs bug. Quoting from the email to lkml, http://www.spinics.net/lists/kernel/msg2370127.html : tmpfs seems to be incorrectly returning 0-bytes when reading from a file that is concurrently being truncated.
2016-10-28fusefronted: optimize NFS streaming writes by saving one Stat()Jakob Unterwurzacher
Stat() calls are expensive on NFS as they need a full network round-trip. We detect when a write immediately follows the last one and skip the Stat in this case because the write cannot create a file hole. On my (slow) NAS, this takes the write speed from 24MB/s to 41MB/s.
2016-10-25fusefrontend: move hole padding check out of Write()Jakob Unterwurzacher
The details of the hole handling don't have to be in Write, so move it away.
2016-10-25fusefrontend: rename "createsHole" to clearer "createsCiphertextHole"Jakob Unterwurzacher
...and add comments for what is happening.
2016-10-24Fix misspellingsJakob Unterwurzacher
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-21configfile: add newline at the endJakob Unterwurzacher
For convenience for the user, add a newline at the end. Reported as #51 .
2016-10-19tests: add 1980.tar.gz extract testJakob Unterwurzacher
Test that we get the right timestamp when extracting a tarball. Also simplify the workaround in doTestUtimesNano() and fix the fact that it was running no test at all.
2016-10-19lint fixesJakob Unterwurzacher
2016-10-16fusefrontend: Utimens: one more band-aidJakob Unterwurzacher
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16main: allow password change with -masterkeyJakob Unterwurzacher
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-16readpassword: check extpass return codeJakob Unterwurzacher
...and exit if it is not zero.
2016-10-16fusefrontend: Utimens: ugly band-aid for nil pointer crash in go-fuseJakob Unterwurzacher
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 . Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16fusefrontend: log missing gocryptfs.dirivJakob Unterwurzacher
This can happen during normal operation when the directory has been deleted concurrently. But it can also mean that the gocryptfs.diriv is missing due to an error, so log the event at "info" level.
2016-10-10fusefrontend: Also preserve the owner in MkdirJakob Unterwurzacher
This already worked for files but was missing for dirs.
2016-10-09reverse: add panics against API abuseJakob Unterwurzacher
These should help prevent later programming errors.
2016-10-08reverse: gocryptfs.conf was missing from the directory listingsJakob Unterwurzacher
Fix the test for that and add checks in example_filesystems_test.
2016-10-08reverse: merge config translation check into isTranslatedConfigJakob Unterwurzacher
Also get rid of useless isFiltered function.
2016-10-08reverse: make gocryptfs.conf mapping plaintextnames-awareJakob Unterwurzacher
Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that.
2016-10-07nametransform: better error code on invalid diriv lengthJakob Unterwurzacher
go-fuse translates errors unknown to it into "function not implemented", which is wrong in this case.
2016-10-05reverse: initialize the longname cache only when reverse mode is usedJakob Unterwurzacher
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-04A few more lint fixesJakob Unterwurzacher
2016-10-04lint fixesValient Gough
2016-10-04tests: skip tests with -openssl=false on Go 1.4 and lowerJakob Unterwurzacher
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes a panic in the test.
2016-10-04fusefrontend_reverse cast Stat_t.Dev to uint64 (#44)Romain
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`.
2016-10-04without_openssl: support compiling completely without opensslJakob Unterwurzacher
Build helper script: build-without-openssl.bash
2016-10-04cryptocore: rename "gcm" variable to generic "aeadCipher"Jakob Unterwurzacher
As we now also support AES-SIV the old name is no longer correct.
2016-10-04cryptocore: derive 512-bit key for AES-SIVJakob Unterwurzacher
AES-SIV uses 1/2 of the key for authentication, 1/2 for encryption, so we need a 64-byte key for AES-256. Derive it from the master key by hashing it with SHA-512.
2016-10-03siv_aead: Overhead is always 16Jakob Unterwurzacher
Add a test for that. Also test operations using a 64-byte key.
2016-09-29reverse: use per-purpose nonce generationJakob Unterwurzacher
Also pull all the deterministic nonce code into fusefrontend_reverse to greatly simplify the normal code path.
2016-09-28reverse: move newDirIVFile into virtualfile.goJakob Unterwurzacher
After all, is's a virtual file.
2016-09-26reverse: switch from GCM-SIV to AES-SIVv1.1-beta1Jakob Unterwurzacher
GCM-SIV is not yet finalized, and the reference implemenation is painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26siv_aead: add AES-SIV AEAD wrapperJakob Unterwurzacher
2016-09-25stupidgcm: add GCM-SIV benchmarkJakob Unterwurzacher
On a CPU without AES-NI: $ go test -bench . Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
2016-09-25nametransform: downgrade invalid length warningJakob Unterwurzacher
This happens all the time in reverse mode when somebody stats an encrypted symlink target.
2016-09-25Implement changes proposed by gosimple.Jakob Unterwurzacher
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25tests: enable all go vet checksJakob Unterwurzacher
...and fix reported errors: internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
2016-09-25nametransform: delete unused function DecryptPathDirIVJakob Unterwurzacher
2016-09-25contentenc: rename constant "IVBitLen" to "DefaultIVBits" and clarify commentJakob Unterwurzacher
128-bit IVs are NOT used everywhere.
2016-09-25reverse: add symlink encryption and Readlink supportJakob Unterwurzacher
2016-09-25contentenc: add "ExternalNonce" modeJakob Unterwurzacher
This will be used for strong symlink encryption in reverse mode.
2016-09-25fusefrontend: handle Readlink directlyJakob Unterwurzacher
Calling into go-fuse's loopbackFileSystem does not add any value here.