Jakob Unterwurzacher
adf7d75d31
main: changePassword: zero masterkey
...
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.
Also get rid of the password duplicate in
readpassword.Twice.
2018-02-18 15:36:14 +01:00
Jakob Unterwurzacher
2cf050d69e
main: zero password once we are done with it
...
Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
2018-02-18 15:22:22 +01:00
Jakob Unterwurzacher
3b8f5cbb17
readpassword: convert from string to []byte
...
This will allows us to overwrite the password
with zeros once we are done with it.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 14:26:54 +01:00
Jakob Unterwurzacher
14c063428d
main: doMount: use a deferred function for wipeKeys
...
Also drop the unused int return.
2018-02-18 12:55:20 +01:00
Jakob Unterwurzacher
bd78b44389
cryptocore, main: add two comments
...
While reading the code, I had to think about what it
does, so add a comment that explains it.
2018-02-18 12:41:11 +01:00
Felix Lechner
bf2f9640c4
Fix spelling ( #205 )
2018-02-04 20:38:22 +01:00
Jakob Unterwurzacher
1b0426bcb2
main: print clear error message if CIPHERDIR is missing
...
Getting just the help text in response to
gocryptfs -info -config external.config
is confusing: https://github.com/rfjakob/gocryptfs/issues/157
2017-11-15 20:30:21 +01:00
Jakob Unterwurzacher
830cbb7218
build.bash: make reproduceable builds easier
...
* Reduce the build time precision from seconds to days
* Allow to specify an arbitrary build date through an
env variable
2017-09-06 21:41:22 +02:00
Jakob Unterwurzacher
1f39ede4b4
main: save memory profile every 60 seconds
...
...and move all profiling functionality to its own file, as
the main function is already long enough.
Periodically saving the memory profile allows capturing the used
memory during normal operation, as opposed to on exit, where the
kernel has already issued FORGETs for all inodes.
This functionality has been used to create the memory profile shown
in https://github.com/rfjakob/gocryptfs/issues/132 .
2017-07-30 16:07:00 +02:00
Jakob Unterwurzacher
71978ec88a
Add "-trace" flag (record execution trace)
...
Uses the runtime/trace functionality.
TODO: add to man page.
2017-06-07 22:09:06 +02:00
Jakob Unterwurzacher
22820bcd76
main: reorder force_owner flag parsing
...
No functional changes, just keeping the profiling-related flags
together.
2017-06-07 22:07:56 +02:00
Jakob Unterwurzacher
53b7c17261
Don't cap GOMAXPROCS at 4.
...
Before Go 1.5, GOMAXPROCS defaulted to 1, hence it made
sense to unconditionally increase it to 4.
But since Go 1.5, GOMAXPROCS defaults to the number of cores,
so don't keep it from increasing above 4.
Also, update the performance numbers.
2017-06-01 20:55:13 +02:00
Charles Duffy
cf1ded5236
Implement force_owner option to display ownership as a specific user.
2017-06-01 00:26:17 +02:00
Jakob Unterwurzacher
1e598e96fc
main: add "-info" option
...
Pretty-prints the config while stripping out sensitive
(and uninteresting) data
https://github.com/rfjakob/gocryptfs/issues/111
2017-05-30 19:01:32 +02:00
Jakob Unterwurzacher
df2f4b1c40
main: add short help text
...
We have accumulated so many options over time that they
no longer fit on the screen.
Display only a useful subset of options to the user unless
they pass "-hh".
2017-05-30 17:59:13 +02:00
Jakob Unterwurzacher
c44389d942
exitcodes: specific codes for failure to read or write gocryptfs.conf
...
New codes:
* OpenConf = 23
* WriteConf = 24
2017-05-14 14:30:50 +02:00
Jakob Unterwurzacher
18f354d84b
main: password change: exit with code 12 on wrong password
...
We used to return code 8, now we return code 12 as documented in
the man page.
Also adds a test.
2017-05-14 13:14:00 +02:00
Jakob Unterwurzacher
d5adde1eeb
exitcodes: pull all exit code definitions into the package
...
This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07 22:16:22 +02:00
Jakob Unterwurzacher
cd10d0a6e4
main: more specific default values for GitVersion etc
...
Now looks like this:
$ ./gocryptfs -version
gocryptfs [GitVersion not set - please compile using ./build.bash]; go-fuse [GitVersionFuse not set - please compile using ./build.bash]; 0000-00-00 go1.8
Hopefully easier to grep for.
2017-05-06 14:29:34 +02:00
Jakob Unterwurzacher
a48893b653
main: add "-race" to the version string
...
...if we were compiled with "-race".
2017-05-06 14:26:34 +02:00
Jakob Unterwurzacher
1e03e059fa
Implement "gocryptfs -speed"
...
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
8adfbf2dc3
Check for trailing garbage after the password
...
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
1e9d735406
Document "--" to stop option parsing in help text + man page
2017-02-12 12:49:04 +01:00
Jakob Unterwurzacher
39eca53677
main: make sure the ctlsock file is deleted on incorrect password
...
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
2017-01-26 21:32:08 +01:00
Jakob Unterwurzacher
80c50b9dbc
main: give deferred functions a chance to run (fixes -cpuprofile)
2016-11-23 23:49:34 +01:00
Jakob Unterwurzacher
f4c367381e
main: fix comments that reference "-f"
2016-11-01 19:04:49 +01:00
Jakob Unterwurzacher
b527e205e2
main: rename "-f" to "-fg"
...
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
2016-11-01 19:00:45 +01:00
Jakob Unterwurzacher
c487e176bd
main: allow password change with -masterkey
...
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-16 18:17:28 +02:00
Jakob Unterwurzacher
9f0793ab0f
main: more useful error message on unknown flag
2016-10-09 20:55:33 +02:00
Jakob Unterwurzacher
9cf3ced0ce
main: also accept options at the end via "-o"
...
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
2016-10-09 20:05:54 +02:00
Jakob Unterwurzacher
495479dc66
main: friendlier error message on wrong number of arguments
...
Before:
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
After:
Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg"
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
2016-10-09 18:18:14 +02:00
Jakob Unterwurzacher
f054353bd3
reverse: make gocryptfs.conf mapping plaintextnames-aware
...
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
631c538f13
main: split doMount into its own file
...
Ongoing effort to reduce the size of main().
2016-10-08 18:43:24 +02:00
Jakob Unterwurzacher
89bcc50294
main: check if the config file can opened before prompting for password
...
This was frustrating:
$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied
2016-10-08 17:19:55 +02:00
Jakob Unterwurzacher
9b1a35174b
MANPAGE: note that "-f" implies "-nosyslog"
...
Also explain why AES-SIV exists.
2016-10-07 23:02:04 +02:00
Jakob Unterwurzacher
14fd5ce598
main: daemonize more thoroughly
...
As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs.
2016-10-07 22:44:28 +02:00
Jakob Unterwurzacher
45dfc90a2f
main: clarify nosyslog code path
...
Split the block up and add a comment why notifypid is important.
2016-10-07 00:05:46 +02:00
Jakob Unterwurzacher
434ce50db3
main: add "-nonempty" option
2016-10-06 22:41:13 +02:00
Valient Gough
b764917cd5
lint fixes
2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
56c0b19612
without_openssl: support compiling completely without openssl
...
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
e9bb8b800c
reverse: switch from GCM-SIV to AES-SIV
...
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
5f4b16c00f
Implement changes proposed by gosimple.
...
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25 19:48:21 +02:00
Jakob Unterwurzacher
2050c7f3b3
reverse: add gcmsiv flag and associated tests
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
d76e7aadb4
reverse: use dynamic inode numbers
...
...with stable mappings for hard-linked files.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
5f726aaa9d
contentenc: add GCM-SIV support
...
Also add ReverseDummyNonce nonce generation.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
7f87ed78f2
cryptocore: add support for GCM-SIV
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
72efa5c9b1
main: move initDir into its own file
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
9ad49088fa
main: add explicit exit after forkChild
...
Trying to make it more obvious what is happening.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
d9db75ebd2
main: factor out cli arg parsing
...
The main function has gotten way too big.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
a34b447ad1
reverse: let the kernel enforce read-only mode
...
... and print a warning that reverse mode is experimental
2016-09-25 16:43:17 +02:00