summaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2016-11-28fusefronted: preserve owner for device nodes and socketsJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28fusefrontend: use Lchown when preserving ownerJakob Unterwurzacher
This prevents (unlikely) symlink race attacks
2016-11-25main, fusefrontend: add "-noprealloc" optionJakob Unterwurzacher
Preallocation is very slow on hdds that run btrfs. Give the user the option to disable it. This greatly speeds up small file operations but reduces the robustness against out-of-space errors. Also add the option to the man page. More info: https://github.com/rfjakob/gocryptfs/issues/63
2016-11-25fusefrontend: coalesce 4kB writesJakob Unterwurzacher
This improves performance on hdds running ext4, and improves streaming write performance on hdds running btrfs. Tar extract slows down on btrfs for some reason. See https://github.com/rfjakob/gocryptfs/issues/63 Benchmarks: encfs v1.9.1 ============ $ ./benchmark.bash -encfs /mnt/hdd-ext4 Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s UNTAR: 20.79 LS: 3.04 RM: 6.62 $ ./benchmark.bash -encfs /mnt/hdd-btrfs Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40 WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s UNTAR: 24.51 LS: 2.73 RM: 5.32 gocryptfs v1.1.1-26-g4a7f8ef ============================ $ ./benchmark.bash /mnt/hdd-ext4 Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s UNTAR: 22.23 LS: 1.47 RM: 4.17 $ ./benchmark.bash /mnt/hdd-btrfs Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8 WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s UNTAR: 69.87 LS: 1.52 RM: 5.33 gocryptfs v1.1.1-32 =================== $ ./benchmark.bash /mnt/hdd-ext4 Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3 WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s UNTAR: 23.46 LS: 1.46 RM: 4.67 $ ./benchmark.bash /mnt/hdd-btrfs/ Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s UNTAR: 116.87 LS: 1.84 RM: 6.34
2016-11-17Fix golint warnings, add helper scriptJakob Unterwurzacher
2016-11-17fusefrontend: get the file ID from the open files tableJakob Unterwurzacher
This fixes the problem that a truncate can reset the file ID without the other open FDs noticing it.
2016-11-17fusefrontend: upgrade wlockMap to use device AND inode numberJakob Unterwurzacher
If there are multiple filesystems backing the gocryptfs filesystems inode numbers are not guaranteed to be unique.
2016-11-10ctlsock: prevent panic on invalid decrypt requestJakob Unterwurzacher
2016-11-10ctlsock: implement EncryptPath for reverse mode, add testsJakob Unterwurzacher
2016-11-10reverse: fix longname decoding bugJakob Unterwurzacher
This could have caused spurious ENOENT errors. That it did not cause these errors all the time is interesting and probably because an earlier readdir would place the entry in the cache. This masks the bug.
2016-11-10Fix golint warningsJakob Unterwurzacher
$ golint ./... | grep -v underscore | grep -v ALL_CAPS internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported
2016-11-10ctlsock: add initial limited implementationJakob Unterwurzacher
At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths.
2016-11-09nametransform: get rid of leading "./"Jakob Unterwurzacher
Paths in the root directory were encrypted to this: foobar -> ./N9vPc0gXUY4PDSt0-muYXQ==
2016-11-06nametransform: nicer error message on empty gocryptfs.dirivJakob Unterwurzacher
Old: Nov 06 13:34:38 brikett gocryptfs[16228]: ReadDirIVAt: Read failed: EOF Nov 06 13:34:38 brikett gocryptfs[16228]: go-fuse: can't convert error type: EOF New: Nov 06 14:08:43 brikett gocryptfs[17361]: ReadDirIVAt: wanted 16 bytes, got 0. Returning EINVAL.
2016-11-01Add Go 1.4 compatibility layer for raw64Jakob Unterwurzacher
Using raw64 will not work, but at least it will compile.
2016-11-01Add support for unpadded base64 filenames, "-raw64"Jakob Unterwurzacher
Through base64.RawURLEncoding. New command-line parameter "-raw64".
2016-11-01fusefronted: expire dir IV cache after one secondJakob Unterwurzacher
The Back In Time backup tool (https://github.com/bit-team/backintime) wants to write directly into the ciphertext dir. This may cause the cached directory IV to become out-of-date. Having an expiry time limits the inconstency to one second, like attr_timeout does for the kernel getattr cache.
2016-11-01fusefrontend: refactor dirIVCacheJakob Unterwurzacher
Simplify the code a bit.
2016-10-30fusefrontend: drop atime workaroundsJakob Unterwurzacher
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged. Drop the workarounds and re-enable the tests.
2016-10-28fusefronted: more concise corrupt block log messageJakob Unterwurzacher
Calculating the block offset is easy enough, even more now that gocryptfs-xray exists.
2016-10-28fusefrontend: I/O error instead of panic on all-zero nonceJakob Unterwurzacher
Running xfstests generic/075 on tmpfs often triggered a panic for what seems to be a tmpfs bug. Quoting from the email to lkml, http://www.spinics.net/lists/kernel/msg2370127.html : tmpfs seems to be incorrectly returning 0-bytes when reading from a file that is concurrently being truncated.
2016-10-28fusefronted: optimize NFS streaming writes by saving one Stat()Jakob Unterwurzacher
Stat() calls are expensive on NFS as they need a full network round-trip. We detect when a write immediately follows the last one and skip the Stat in this case because the write cannot create a file hole. On my (slow) NAS, this takes the write speed from 24MB/s to 41MB/s.
2016-10-25fusefrontend: move hole padding check out of Write()Jakob Unterwurzacher
The details of the hole handling don't have to be in Write, so move it away.
2016-10-25fusefrontend: rename "createsHole" to clearer "createsCiphertextHole"Jakob Unterwurzacher
...and add comments for what is happening.
2016-10-24Fix misspellingsJakob Unterwurzacher
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-21configfile: add newline at the endJakob Unterwurzacher
For convenience for the user, add a newline at the end. Reported as #51 .
2016-10-19tests: add 1980.tar.gz extract testJakob Unterwurzacher
Test that we get the right timestamp when extracting a tarball. Also simplify the workaround in doTestUtimesNano() and fix the fact that it was running no test at all.
2016-10-19lint fixesJakob Unterwurzacher
2016-10-16fusefrontend: Utimens: one more band-aidJakob Unterwurzacher
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16main: allow password change with -masterkeyJakob Unterwurzacher
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-16readpassword: check extpass return codeJakob Unterwurzacher
...and exit if it is not zero.
2016-10-16fusefrontend: Utimens: ugly band-aid for nil pointer crash in go-fuseJakob Unterwurzacher
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 . Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16fusefrontend: log missing gocryptfs.dirivJakob Unterwurzacher
This can happen during normal operation when the directory has been deleted concurrently. But it can also mean that the gocryptfs.diriv is missing due to an error, so log the event at "info" level.
2016-10-10fusefrontend: Also preserve the owner in MkdirJakob Unterwurzacher
This already worked for files but was missing for dirs.
2016-10-09reverse: add panics against API abuseJakob Unterwurzacher
These should help prevent later programming errors.
2016-10-08reverse: gocryptfs.conf was missing from the directory listingsJakob Unterwurzacher
Fix the test for that and add checks in example_filesystems_test.
2016-10-08reverse: merge config translation check into isTranslatedConfigJakob Unterwurzacher
Also get rid of useless isFiltered function.
2016-10-08reverse: make gocryptfs.conf mapping plaintextnames-awareJakob Unterwurzacher
Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that.
2016-10-07nametransform: better error code on invalid diriv lengthJakob Unterwurzacher
go-fuse translates errors unknown to it into "function not implemented", which is wrong in this case.
2016-10-05reverse: initialize the longname cache only when reverse mode is usedJakob Unterwurzacher
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-04A few more lint fixesJakob Unterwurzacher
2016-10-04lint fixesValient Gough
2016-10-04tests: skip tests with -openssl=false on Go 1.4 and lowerJakob Unterwurzacher
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes a panic in the test.
2016-10-04fusefrontend_reverse cast Stat_t.Dev to uint64 (#44)Romain
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`.
2016-10-04without_openssl: support compiling completely without opensslJakob Unterwurzacher
Build helper script: build-without-openssl.bash
2016-10-04cryptocore: rename "gcm" variable to generic "aeadCipher"Jakob Unterwurzacher
As we now also support AES-SIV the old name is no longer correct.
2016-10-04cryptocore: derive 512-bit key for AES-SIVJakob Unterwurzacher
AES-SIV uses 1/2 of the key for authentication, 1/2 for encryption, so we need a 64-byte key for AES-256. Derive it from the master key by hashing it with SHA-512.
2016-10-03siv_aead: Overhead is always 16Jakob Unterwurzacher
Add a test for that. Also test operations using a 64-byte key.
2016-09-29reverse: use per-purpose nonce generationJakob Unterwurzacher
Also pull all the deterministic nonce code into fusefrontend_reverse to greatly simplify the normal code path.
2016-09-28reverse: move newDirIVFile into virtualfile.goJakob Unterwurzacher
After all, is's a virtual file.