summaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2020-06-06Added auto decryption of invalid file namesDerDonut
Changed invalid file decoding and decryption. Function DecryptName now shortens the filename until the filename is decodable and decryptable. Will work with valid **and** invalid Base64URL delimiter (valid delimiter [0-9a-zA-z_\\-]. If the filename is not decryptable at all, it returns the original cipher name with flag suffix Changed cli tests to generate decryptable and undecryptable file names with correct encrypted content. Replacing #474, extends #393
2020-05-24Revert "fusefrontend: don't always clear the dircache in Rename"Jakob Unterwurzacher
As noticed by @slackner in https://github.com/rfjakob/gocryptfs/commit/cb8872577d66ff0fc38bcd70493be06bc0f34ffa#commitcomment-39405233 , this is not safe. This reverts commit cb8872577d66ff0fc38bcd70493be06bc0f34ffa.
2020-05-24syscallcompat: warn when Getdents truncates dataJakob Unterwurzacher
On CIFS mounts, unix.Getdents can return sudden ENOENT in the middle of data. This will not be reported as an error by user space tools, so return EIO instead. Also log it as a warning. https://github.com/rfjakob/gocryptfs/issues/483
2020-05-24fusefrontend: don't always clear the dircache in RenameJakob Unterwurzacher
When filename encryption is on, we do know when we overwrite a directory, and can clear only in this case. sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 1.74 7.80 rsync 6.19 11.63
2020-05-24fusefrontend: don't clear dircache on MkdirJakob Unterwurzacher
Mkdir can not cause existing entries in the cache to go stale. So don't clear it. Benchmark results: sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 1.65 8.74 rsync 6.09 17.54
2020-05-23syscallcompat: getdents: retry on EINTRJakob Unterwurzacher
Fixes: https://github.com/rfjakob/gocryptfs/issues/483 Related: https://github.com/golang/go/issues/38836
2020-05-17dircache: increase cache size & lifetimeJakob Unterwurzacher
Looking at the dircache debug output, we see that a "git status" workload has a very bad cache hit rate because the entries expire or get evicted before they can be reused. Increase both cache size and lifetime for a 4x speedup: Before: 75s After: 17s https://github.com/rfjakob/gocryptfs/issues/410
2020-05-17dircache: improve debug messagesJakob Unterwurzacher
Before: Lookup "errno.html/1/2/3/4/5": miss Store: "errno.html/1/2/3/4/5" fd=26 iv=21be6e083d60dcabfe7368264d5082b7 Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7 Lookup "errno.html/1": hit 25 932a464c299b3430c5e55c924f98ac4d Lookup "errno.html/1/2": hit 25 7d53348b1692d537f017bf86b3cf5feb Lookup "errno.html/1/2/3": hit 25 2aef1c9d1ab2b55b163215053fefe703 Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6 Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6 Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7 After: Lookup "earlyoom/.git/refs" hit fd=10 dup=17 iv=6ae2cecd269a25e8d946aff6afe9b8b8 Lookup "earlyoom/.git/refs/remotes" hit fd=19 dup=17 iv=f04c2d2a5bcc33ebdeaca664859c980d Lookup "earlyoom/.git/refs/remotes/origin" miss Store "earlyoom/.git/refs/remotes/origin" fd=17 iv=834a64a1697c9f5705455ba6dbed22b5 Lookup "earlyoom" hit fd=7 dup=25 iv=2303a892d6e2357c483574a8070b7679 Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00 Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00 Lookup "earlyoom/.git/refs" hit fd=10 dup=25 iv=6ae2cecd269a25e8d946aff6afe9b8b8 Lookup "earlyoom/.git/refs/heads" hit fd=13 dup=25 iv=f9245e7c066b9adc768a1a666da9fbc8
2020-05-17main: accept multiple -passfile optionsJakob Unterwurzacher
Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-17Update go-fuse import path to github.com/hanwen/go-fuse/v2Jakob Unterwurzacher
We need https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3 to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 : 2019/10/30 17:14:16 Unknown opcode 2016 panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38] This patch is only in the v2.x.x branch. Upgrade to v2, as the old API is also supported there. Running git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2 to check for forgotten references comes back clean.
2020-05-10Fix spelling mistakes found by misspellJakob Unterwurzacher
https://github.com/client9/misspell
2020-05-09ctlsock: create exported ctlsock client libraryJakob Unterwurzacher
The former interal ctlsock server package is renamed to ctlsocksrv.
2020-05-03inomap: fix TestSpill bit checkJakob Unterwurzacher
Wrong bit operator was used.
2020-05-03inomap: fix spillBit not set on 2nd hitJakob Unterwurzacher
Also add a test for this. Thanks @slackner for the comment.
2020-05-03inomap: remove leftover debug outputJakob Unterwurzacher
This was committed by accident.
2020-05-03fusefrontend_reverse: use inomap for inode number translationJakob Unterwurzacher
Gets rid of static inode number value limitations. Fixes https://github.com/rfjakob/gocryptfs/issues/457
2020-04-19inomap: comment constantsJakob Unterwurzacher
2020-04-19inomap: rework logic to efficiently support flagsJakob Unterwurzacher
Adding flags allows to use inomap in reverse mode, replacing the clunky inoBaseDirIV/inoBaseNameFile logic that causes problems with high underlying inode numbers ( https://github.com/rfjakob/gocryptfs/issues/457 ) Microbenchmarks (values below) show that the "SingleDev" case is now much slower due to an extra map lookup, but this has no visible effects in ./test.bash results, so there was no time spent optimizing the case further. $ go test -bench=. goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/internal/inomap BenchmarkTranslateSingleDev-4 18757510 61.5 ns/op BenchmarkTranslateManyDevs-4 18061515 64.5 ns/op PASS ok github.com/rfjakob/gocryptfs/internal/inomap 2.467s
2020-04-19inomap: add benchmarkJakob Unterwurzacher
$ go test -bench=. goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/internal/inomap BenchmarkTranslateSingleDev-4 202479382 5.88 ns/op BenchmarkTranslateManyDevs-4 16095795 71.9 ns/op PASS ok github.com/rfjakob/gocryptfs/internal/inomap 3.039s
2020-04-18nametransform: update comment & simplify testsJakob Unterwurzacher
The comment still mentioned CBC, which has been removed a long time ago. The test definition can be rewritten using slice literals, saving sume stuttering.
2020-04-13Prefer Go stdlib aes-gcm on arm64 with aes instructionsJakob Unterwurzacher
We used to prefer openssl in this situation, which used to make sense, but now Go gained an optimized assembly implementation for aes-gcm on arm64 with aes instructions: root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64 AES-GCM-256-OpenSSL 212.30 MB/s (selected in auto mode) AES-GCM-256-Go 452.30 MB/s AES-SIV-512-Go 100.25 MB/s XChaCha20-Poly1305-Go 137.35 MB/s https://github.com/rfjakob/gocryptfs/issues/452
2020-04-13inomap: split into separate packageJakob Unterwurzacher
inomap will also be used by fusefrontend_reverse in the future. Split if off openfiletable to make it independent.
2020-04-13speed: add XChaCha20-Poly1305-GoJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/452
2020-02-29speed: add code commentsJakob Unterwurzacher
2020-02-29fusefrontend: drop xattr user namespace restrictionJakob Unterwurzacher
We used to restrict setting xattrs to the "user." namespace. I don't see a real reason for this anymore, and it causes trouble for users who are using acls. Tests will be added in the next commit. https://github.com/rfjakob/gocryptfs/issues/453
2020-02-28Show undecryptable filenames if they match supplied globorcas
Resolves https://github.com/rfjakob/gocryptfs/issues/393
2020-02-15contentenc: encryptBlocksParallel: explain why last part runs in new goroutineJakob Unterwurzacher
The result is counter-intuitive, so explain it here.
2020-02-15merge prefer_openssl package into stupidgcmJakob Unterwurzacher
Now that I have discovered golang.org/x/sys/cpu and that Go versions below 1.6 are uncommon, there was not much useful code left in prefer_openssl. Merge the remains into stupidgcm.
2020-02-15contentenc: move parallel encryption into encryptBlocksParallelJakob Unterwurzacher
Make the logic self-contained in the new helper function.
2019-12-28remove Trezor supportPavol Rusnak
2019-11-16fs: add uint64 cast to fix Darwin buildJakob Unterwurzacher
Error from Travis CI was: +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl # github.com/rfjakob/gocryptfs/internal/fusefrontend internal/fusefrontend/fs.go:88:45: cannot use st.Dev (type int32) as type uint64 in argument to openfiletable.NewInumMap Add uint64 to fix it.
2019-11-16fusefrontend: use inummapJakob Unterwurzacher
translate inode numbers on different devices to fix collisions. Fixes https://github.com/rfjakob/gocryptfs/issues/435
2019-11-16openfiletable: add inummapJakob Unterwurzacher
Generates unique inode numbers for files on different devices. https://github.com/rfjakob/gocryptfs/issues/435
2019-11-03fusefrontend: warn about missing dirivJakob Unterwurzacher
The comment is outdated, at this point, we should really not get any errors from ReadDirIVAt. The change is best seen when running the fsck tests. Before: fsck: error opening dir "missing_diriv": 2=no such file or directory After: OpenDir "K2m0E6qzIfoLkVZJanoUiQ": could not read gocryptfs.diriv: no such file or directory fsck: error opening dir "missing_diriv": 5=input/output error See https://github.com/rfjakob/gocryptfs/issues/403 , where the extra info would have been helpful.
2019-11-03fusefrontend: don't return EIO on directory with corrupt file namesJakob Unterwurzacher
This was meant as a way to inform the user that something is very wrong, however, users are hitting the condition on MacOS due to ".DS_Store" files, and also on NFS due to ".nfsXXX" files. Drop the whole thing as it seems to cause more pain than gain. Fixes https://github.com/rfjakob/gocryptfs/issues/431
2019-10-06fusefrontend: unregister from openfiletable before closing the fdJakob Unterwurzacher
Closing the fd means the inode number may be reused immediately by a new file, so we have to get the old fileID out of the table beforehand! Hopefully fixes https://github.com/rfjakob/gocryptfs/issues/363
2019-10-06fusefrontend: print file hexdump on header errorJakob Unterwurzacher
This should help debugging https://github.com/rfjakob/gocryptfs/issues/363 , but does no harm in normal operation as it only prints ciphertext to the log.
2019-10-06contentenc: add explicit test for all-zero headerJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/363
2019-09-08serialize_reads: drop superflous "continue"Jakob Unterwurzacher
Found while debugging https://github.com/rfjakob/gocryptfs/pull/413
2019-09-08Fix -idle unmounting despite activityJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/421
2019-05-19Fix unix2syscall_darwin.go build failureJakob Unterwurzacher
Error was +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl # github.com/rfjakob/gocryptfs/internal/syscallcompat internal/syscallcompat/unix2syscall_darwin.go:22:32: u.Atimespec undefined (type unix.Stat_t has no field or method Atimespec) internal/syscallcompat/unix2syscall_darwin.go:23:32: u.Mtimespec undefined (type unix.Stat_t has no field or method Mtimespec) internal/syscallcompat/unix2syscall_darwin.go:24:32: u.Ctimespec undefined (type unix.Stat_t has no field or method Ctimespec) caused by https://github.com/golang/sys/commit/87c872767d25fb96dfe96c794fd028b38a08440b#diff-4913a9178621eadcdf191db17915fbcb
2019-05-01syscallcompat: fetch supplementary groups for OpenatUser & friendsSebastian Lackner
Handled the same way in GlusterFS, disorderfs, libfuse. Fixes https://github.com/rfjakob/gocryptfs/issues/394
2019-05-01tests: split testParentDir by UIDJakob Unterwurzacher
When we run tests as root, they will leave root-owned files in testParentDir, which causes trouble when we run tests as a normal user later on. Split by UID.
2019-04-09fusefrontend: get rid of last hardcoded "gocryptfs.diriv" instancesJakob Unterwurzacher
Makes it easier to change the name (as some people want to): https://github.com/rfjakob/gocryptfs/issues/37
2019-04-08readpassword: delete CheckTrailingGarbageJakob Unterwurzacher
CheckTrailingGarbage was called even when "-passfile" was used, which is stupid, and causes false positives: https://github.com/rfjakob/gocryptfs/issues/391 (false error "Received trailing garbage after the password" when using -passfile in .bash_profile) Instead of trying to improve the logic to handle that case and make everything even more complicated, delete the function. It is unclear if actually helps in some cases, and it definitely harms as shown by the above bug report.
2019-04-08configfile: fall back to sync() if fsync() failsJakob Unterwurzacher
This can happen on network drives: FRITZ.NAS mounted on MacOS returns "operation not supported": https://github.com/rfjakob/gocryptfs/issues/390
2019-03-30forward mode: create gocryptfs.diriv files with 0440 permissionsJakob Unterwurzacher
Makes it easier to share an encrypted folder via a network drive. https://github.com/rfjakob/gocryptfs/issues/387
2019-03-26reverse: don't show gocryptfs.conf if a custom config path was passedJakob Unterwurzacher
GetAttr checks for this, but OpenDir did not. https://github.com/rfjakob/gocryptfs/issues/385
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2019-03-03Allow multiple -extpass argumentsJakob Unterwurzacher
To support arguments containing spaces, -extpass can now be passed multiple times. https://github.com/rfjakob/gocryptfs/issues/289