Age | Commit message (Collapse) | Author |
|
The Back In Time backup tool (https://github.com/bit-team/backintime)
wants to write directly into the ciphertext dir.
This may cause the cached directory IV to become out-of-date.
Having an expiry time limits the inconstency to one second, like
attr_timeout does for the kernel getattr cache.
|
|
Simplify the code a bit.
|
|
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
|
|
Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists.
|
|
Running xfstests generic/075 on tmpfs often triggered a panic
for what seems to be a tmpfs bug.
Quoting from the email to lkml,
http://www.spinics.net/lists/kernel/msg2370127.html :
tmpfs seems to be incorrectly returning 0-bytes when reading from
a file that is concurrently being truncated.
|
|
Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.
On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s.
|
|
The details of the hole handling don't have to be in
Write, so move it away.
|
|
...and add comments for what is happening.
|
|
Close https://github.com/rfjakob/gocryptfs/issues/54
|
|
For convenience for the user, add a newline at the end.
Reported as #51 .
|
|
Test that we get the right timestamp when extracting a tarball.
Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
|
|
|
|
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
|
|
Requested at https://github.com/rfjakob/gocryptfs/issues/28
|
|
...and exit if it is not zero.
|
|
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
|
|
This can happen during normal operation when the directory has
been deleted concurrently. But it can also mean that the
gocryptfs.diriv is missing due to an error, so log the event
at "info" level.
|
|
This already worked for files but was missing for dirs.
|
|
These should help prevent later programming errors.
|
|
Fix the test for that and add checks in example_filesystems_test.
|
|
Also get rid of useless isFiltered function.
|
|
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
|
|
go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case.
|
|
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
|
|
|
|
|
|
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test.
|
|
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`.
|
|
Build helper script: build-without-openssl.bash
|
|
As we now also support AES-SIV the old name is no longer
correct.
|
|
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
|
|
Add a test for that.
Also test operations using a 64-byte key.
|
|
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
|
|
After all, is's a virtual file.
|
|
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
|
|
|
|
On a CPU without AES-NI:
$ go test -bench .
Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s
Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s
Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
|
|
This happens all the time in reverse mode when somebody stats
an encrypted symlink target.
|
|
Also delete the unused "dirIVNameStruct", found by deadcode.
|
|
...and fix reported errors:
internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
|
|
|
|
128-bit IVs are NOT used everywhere.
|
|
|
|
This will be used for strong symlink encryption in reverse mode.
|
|
Calling into go-fuse's loopbackFileSystem does not add
any value here.
|
|
|
|
|
|
findLongnameParent has to read the whole directory to find the
right file; add a simple cache to avoid most directory scans.
|
|
The last patch added functionality for generating gocryptfs.longname.*
files, this patch adds support for mapping them back to the full
filenames.
Note that resolving a long name needs a full readdir. A cache
will be implemented later on to improve performance.
|
|
|