1caa925868
Increase GCM IV size from 96 to 128 bits
...
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
00a712b4d1
go fmt
...
...and minimal comment changes.
2015-12-13 20:24:13 +01:00
3e367b29b0
config: Introduce ext4-style feature flags
...
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
2015-11-03 21:05:47 +01:00
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
eac1f54213
Activate block number authentication
2015-11-01 01:36:19 +01:00
ed1df49af5
Run go fmt
2015-10-07 22:59:36 +02:00
a3d286069f
Use block number as authentication data
2015-10-06 22:27:37 +02:00
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
c859f0b2dc
intraBlock: Rename Offset to Skip
...
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
5229b8f5f5
Add BlockNoPlainOff() and BlockNoCipherOff() + test
...
Also, fix key, it is now []byte, not [16]byte
2015-10-04 11:03:40 +02:00
40448db909
Fix xfstests generic/030 failure
...
The actual fix is
oldSize := f.cfs.PlainSize(uint64(fi.Size()))
the rest is logging improvements
2015-10-04 00:26:20 +02:00
79870ab096
debug: log inode number instead of encrypted filename
...
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
38bf8a2fcf
Implement file hole passtrough
...
Fixes xfstests generic/010
Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00
b835f83fd5
Implement Truncate() + Test
2015-09-30 22:36:53 +02:00
061831edf2
DecryptBlocks: Don't shadow err variable
2015-09-30 20:31:41 +02:00
0af3cfcac0
Fix symlink size reporting
2015-09-16 19:32:37 +02:00
28cdff5889
tests: add TestCiphertextRange
2015-09-08 22:36:38 +02:00
889ae90081
Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
...
Currently fails main_test.go, will be fixed in part II
2015-09-08 00:55:03 +02:00
58d1e24b7c
Add OpenSSL support for file content encryption/decryption
...
This brings streaming read performance from 30MB/s to 81MB/s
(similar improvement for writes)
2015-09-06 10:42:34 +02:00
448e88490b
Bundle up blocks for bigger reads from the backing filesystem
2015-09-06 09:47:01 +02:00
d0524ded99
Use Debug object instead of fmt
2015-09-05 20:36:26 +02:00
11fb037e7e
Cleanup and rename files
2015-09-05 20:30:20 +02:00
Jakob Unterwurzacher