summaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2018-07-01fusefrontend: export "File" typeJakob Unterwurzacher
"gocryptfs -fsck" will need access to helper functions, and to get that, it will need to cast a gofuse.File to a fusefrontend.File. Make fusefrontend.File exported to make this work.
2018-07-01fsck: rename "CorruptItems" channel to "MitigatedCorruptions"Jakob Unterwurzacher
Make it clear that this channel is only used to report corruptions that are transparently mitigated and do not return an error to the user.
2018-07-01Only print masterkey once on -initJakob Unterwurzacher
It is no longer printed at all when mounting a filesystem, printing on -init can be disabled with -q. https://github.com/rfjakob/gocryptfs/issues/76
2018-07-01trezor: add sanity checks for decrypted valueJakob Unterwurzacher
Check that the value has changed, is not all-zero and has the right length.
2018-07-01Implemented the support of Trezor devices.Dmitry Yu Okunev
2018-07-01trezor: add TrezorPayloadJakob Unterwurzacher
TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01configfile: reduce function name stutterJakob Unterwurzacher
configfile.LoadConfFile() -> configfile.Load() configfile.CreateConfFile() -> configfile.Create()
2018-07-01trezor: add skeleton for Trezor supportJakob Unterwurzacher
readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key.
2018-06-24configfile: use tlog.ColorYellow instead of hardcoded color codeJakob Unterwurzacher
2018-06-19Fix three golint warningsJakob Unterwurzacher
We are clean again. Warnings were: internal/fusefrontend/fs.go:443:14: should omit type string from declaration of var cTarget; it will be inferred from the right-hand side internal/fusefrontend/xattr.go:26:1: comment on exported method FS.GetXAttr should be of the form "GetXAttr ..." internal/syscallcompat/sys_common.go:9:7: exported const PATH_MAX should have comment or be unexported
2018-06-12xattr: return EOPNOTSUPP instead of ENODATA in GetXattrJakob Unterwurzacher
Reading system.posix_acl_access and system.posix_acl_default should return EOPNOTSUPP to inform user-space that we do not support ACLs. xftestest essientially does chacl -l | grep "Operation not supported" to determine if the filesystem supports ACLs, and used to wrongly believe that gocryptfs does.
2018-06-08darwin does not have PATH_MAXJakob Unterwurzacher
Define our own, with the value from Linux.
2018-05-27xattr: use LGet/LSet etcJakob Unterwurzacher
Support has been merged into the xattr package ( https://github.com/pkg/xattr/pull/29 ), use it.
2018-05-15xattr: return EOPNOTSUPP for unsupported attributesJakob Unterwurzacher
mv is unhappy when we return EPERM when it tries to set system.posix_acl_access: mv: preserving permissions for ‘b/x’: Operation not permitted Now we return EOPNOTSUPP like tmpfs does and mv seems happy.
2018-05-10xattr: optimize storage, store as binary instead of bae64Bolshevik
Values a binary-safe, there is no need to base64-encode them. Old, base64-encoded values are supported transparently on reading. Writing xattr values now always writes them binary.
2018-05-10stupidgcm: return error on too short input instead of panicingJakob Unterwurzacher
This is what Go GCM does as well.
2018-05-07xattr: added passing of a "flags" parameterBolshevik
Pass the "flags" parameter to the lower layer syscall. This makes Apple applications being able to successfully save data.
2018-05-01fusefrontend: xattr: return ENOSYS on unsupported flagsJakob Unterwurzacher
We previously returned EPERM to prevent the kernel from blacklisting our xattr support once we get an unsupported flag, but this causes lots of trouble on MacOS: Cannot save files from GUI apps, see https://github.com/rfjakob/gocryptfs/issues/229 Returning ENOSYS triggers the dotfiles fallback on MacOS and fixes the issue.
2018-04-17Improved xattr handling on non-linux systems (#227)bolshevik
* Fixed xattr filtering for MacOS. "system." and "user." prefixes are only relevant for Linux. * Small cleanup and additional tests.
2018-04-08Fix the easy golint warningsJakob Unterwurzacher
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-04-03fsck: report skipped corrupt filesJakob Unterwurzacher
OpenDir and ListXAttr skip over corrupt entries, readFileID treats files the are too small as empty. This improves usability in the face of corruption, but hides the problem in a log message instead of putting it in the return code. Create a channel to report these corruptions to fsck so it can report them to the user. Also update the manpage and the changelog with the -fsck option. Closes https://github.com/rfjakob/gocryptfs/issues/191
2018-04-02fusefrontend: xattr: return ENODATA for security.* and system.*Jakob Unterwurzacher
"ls -l" queries security.selinux, system.posix_acl_access, system.posix_acl_default and throws error messages if it gets something else than ENODATA.
2018-04-02fsck: test against example_filesystemsJakob Unterwurzacher
2018-04-02fsck: clean up log outputJakob Unterwurzacher
Make sure we get only 1 warning output per problem. Also, add new corruption types to broken_fs_v1.4.
2018-04-02fsck: add initial implementationJakob Unterwurzacher
Most corruption cases except xattr should be covered. With test filesystem. The output is still pretty ugly. xattr support will be added in the next commits.
2018-04-01fusefronted: reject oversized Read and Write requestsJakob Unterwurzacher
This should not happen via FUSE as the kernel caps the size, but with fsck we have the first user that calls Read directly. For symmetry, check it for Write as well.
2018-03-28Switch from private copy to pkg/xattrJakob Unterwurzacher
Now that https://github.com/pkg/xattr/pull/24 has been merged there is no reason to keep our private copy. Switch to the upstream version.
2018-03-25fusefrontend: handle empty xattrs efficientlyJakob Unterwurzacher
We handle empty files by storing an actual empty file on disk. Handle xattrs similarily and encrypt the empty value to the empty value.
2018-03-25fusefrontend: add xattr supportJakob Unterwurzacher
At the moment, only for reverse mode. https://github.com/rfjakob/gocryptfs/issues/217
2018-03-24fusefrontend: create helpers for symlink encryptionJakob Unterwurzacher
These will be reused by the upcoming xattr support.
2018-03-22Add `-masterkey=stdin` functionalityJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/218
2018-03-05macos: tests: fix deleting of scratch dirJakob Unterwurzacher
macos rm does not understand --one-file-system, and it cannot handle unreadable directories.
2018-03-05macos: fix second TestEmulateSymlinkat test failureJakob Unterwurzacher
2018-02-28MacOS: don't test symlinks longer than 1000 bytesJakob Unterwurzacher
The limit is much lower than on Linux. https://github.com/rfjakob/gocryptfs/issues/213
2018-02-28MacOS: fix TestEmulateSymlinkat test failureJakob Unterwurzacher
On MacOS, symlinks don't have their own permissions, so don't check for them.
2018-02-28tlog: stop embedding log.Logger to prevent mistakesJakob Unterwurzacher
A few places have called tlog.Warn.Print, which directly calls into log.Logger due to embedding, losing all features of tlog. Stop embedding log.Logger to make sure the internal functions cannot be called accidentially and fix (several!) instances that did.
2018-02-27ctlsock: don't Warn() on closed socketJakob Unterwurzacher
This Warn() is causing panics in the test suite on MacOS: https://github.com/rfjakob/gocryptfs/issues/213
2018-02-18cryptocore: make AEADTypeEnum values explicitJakob Unterwurzacher
We now print the number in a debug message, so define the numeric values explicitely instead of using iota. This way you don't have to understand how iota works to find out what the number means. Lack of understanding of how iota works is also the reason why the numbers start at 3 (to keep the current behavoir).
2018-02-18cryptocore: zero derived keysJakob Unterwurzacher
Zero the HKDF-derived keys when we don't need them anymore, and let the variable run of of scope. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18siv_aead: create private key copy and implement wipingJakob Unterwurzacher
Having a private copy relieves the caller from worrying about whether he can zero his copy. The copy can be cleared by calling Wipe().
2018-02-18main: changePassword: zero masterkeyJakob Unterwurzacher
Overwrite the masterkey with zeros once we have encrypted it, and let it run out of scope. Also get rid of the password duplicate in readpassword.Twice.
2018-02-18readpassword: convert from string to []byteJakob Unterwurzacher
This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18cryptocore, main: add two commentsJakob Unterwurzacher
While reading the code, I had to think about what it does, so add a comment that explains it.
2018-02-18configfile: overwrite and let keys run out of scopeJakob Unterwurzacher
As soon as we don't need them anymore, overwrite keys with zeros and make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18stupidgcm: create private copy of the keyJakob Unterwurzacher
Relieves the caller from worrying about whether they can overwrite the key.
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18fusefrontend[_reverse]: move crypto init up to callerJakob Unterwurzacher
Both fusefrontend and fusefrontend_reverse were doing essentially the same thing, move it into main's initFuseFrontend. A side-effect is that we have a reference to cryptocore in main, which will help with wiping the keys on exit (https://github.com/rfjakob/gocryptfs/issues/211).
2018-02-17stupidgcm: implement key wipeJakob Unterwurzacher
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: switch to pointer receiversJakob Unterwurzacher
What the key slice does not get copied around will make it possible to check if the key has been wiped.
2018-02-04gccgo: skip emulateGetdents on linuxJakob Unterwurzacher
The test is known to fail on gccgo (https://github.com/rfjakob/gocryptfs/issues/201), but getdents emulation is not used on linux, so let's skip the test and ignore the failure.