Age | Commit message (Collapse) | Author |
|
|
|
128-bit IVs are NOT used everywhere.
|
|
|
|
This will be used for strong symlink encryption in reverse mode.
|
|
Calling into go-fuse's loopbackFileSystem does not add
any value here.
|
|
|
|
|
|
findLongnameParent has to read the whole directory to find the
right file; add a simple cache to avoid most directory scans.
|
|
The last patch added functionality for generating gocryptfs.longname.*
files, this patch adds support for mapping them back to the full
filenames.
Note that resolving a long name needs a full readdir. A cache
will be implemented later on to improve performance.
|
|
|
|
As ReadDirIV operates on a path anyway, opening the directory
has no clear safety advantage w.r.t. concurrent renames.
If the backing directory is a reverse-mounted gocryptfs filesystem,
each directory open is an OPENDIR, and this causes a full directory
read!
This patch improves the "ls -lR" performance of an
DIR --> gocryptfs-reverse --> gocryptfs
chain by a factor of ~10.
OPENDIR counts for ls -lR:
Before 15570
After 2745
|
|
With the generic fmt.Errorf we trigger a warning from go-fuse:
2016/09/21 21:42:31 can't convert error type: Invalid padding
|
|
...with stable mappings for hard-linked files.
|
|
Also add ReverseDummyNonce nonce generation.
|
|
|
|
And also don't return the encrypted version of
.gocryptfs.reverse.conf in readdir.
|
|
|
|
|
|
Should be derived from the directory name only.
|
|
Also refactor the header generation for nicer code.
|
|
Introduce a unique per-directory diriv that is generated
by hashing the encrypted directory path.
|
|
Also create virtual gocryptfs.diriv entries (no content yet).
|
|
Will be needed by reverse mode.
|
|
|
|
...to prevent confusion with the forward variants.
FS -> reverseFS
file -> reverseFile
Also add an incomplete read implementation.
|
|
Add the reverse variant of DecryptBlocks etc:
* EncryptBlocks
* JointPlaintextRange
* ExplodeCipherRange
|
|
|
|
Previously caused an integer underflow.
|
|
Compiles but does not do much else.
|
|
Commit af5441dcd9033e81da43ab77887a7b5aac693ab6 has caused a
regression ( https://github.com/rfjakob/gocryptfs/issues/35 )
that is fixed by this commit.
The go-fuse library by now has all the syscall wrappers in
place to correctly handle Utimens, also for symlinks.
Instead of duplicating the effort here just call into go-fuse.
Closes #35
|
|
This fixes a build problem on 32-bit hosts:
internal/fusefrontend/file.go:400: cannot use a.Unix() (type int64) as
type int32 in assignment
internal/fusefrontend/file.go:406: cannot use m.Unix() (type int64) as
type int32 in assignment
It also enables full nanosecond timestamps for dates
after 1970.
|
|
|
|
|
|
OSX does not have /proc/cpuinfo, but let's not warn
the user about it.
|
|
[...]/stupidgcm/locking.go:16:2:
warning: indirection of non-volatile null pointer will
be deleted, not trap [-Wnull-dereference]
[...]/stupidgcm/locking.go:16:2:
note: consider using __builtin_trap() or qualifying
pointer with 'volatile'
https://github.com/rfjakob/gocryptfs/issues/15
|
|
Protip: find naked *at syscalls using:
git grep "syscall." | grep "at(" | grep -v syscallcompat
|
|
Also, replace remaining naked syscall.Openat calls.
|
|
|
|
Adds a poor man's renameat implementation for OSX.
|
|
...and convert all calls to syscall.{Fallocate,Openat}
to syscallcompat .
Both syscalls are not available on OSX. We emulate Openat and just
return EOPNOTSUPP for Fallocate.
|
|
We will get more of them as OSX also lacks support for openat.
|
|
unPad16 returns detailed errors including the position of the
incorrect bytes. Kill a possible padding oracle by lumping
everything into a generic error.
The detailed error is only logged if debug is active.
|
|
Mode=0 (default) and mode=1 (keep size) are supported.
The patch includes test cases and the whole thing passed xfstests.
Fixes https://github.com/rfjakob/gocryptfs/issues/1 .
|
|
These are large complicated implementations that will share some
code.
|
|
The name could be misunderstood and actually caused a bug:
doWrite used to always preallocate 4128 instead of the actual
data length.
|
|
We were growing the file block-by-block which was pretty
inefficient. We now coalesce all the grows into a single
Ftruncate. Also simplifies the code!
Simplistic benchmark: Before:
$ time truncate -s 1000M foo
real 0m0.568s
After:
$ time truncate -s 1000M foo
real 0m0.205s
|
|
|
|
XFS returns a different error code if you try to overwrite
a non-empty directory with a directory:
XFS: mv: cannot move ‘foo’ to ‘bar/foo’: File exists
ext4: mv: cannot move 'foo' to 'bar/foo': Directory not empty
So have EEXIST trigger the Rmdir logic as well.
Fixes issue #20
Link: https://github.com/rfjakob/gocryptfs/issues/20
|
|
Drop the date and add the "go-fuse: " prefix so you can see
where the message is coming from.
Before:
Jun 27 09:03:15 brikett gocryptfs[4150]: 2016/06/27 09:03:15 Unimplemented opcode INTERRUPT
After:
Jun 27 09:10:58 brikett gocryptfs[4961]: go-fuse: Unimplemented opcode INTERRUPT
|
|
The "!fs.args.DirIV" special case was removed by b17f0465c7
but that, by accident, also removed the handling for
PlaintextNames.
Re-add it as an explicit PlaintextNames special case.
Also adds support for removing directories that miss their
gocryptfs.diriv file for some reason.
|