hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
1,224 Commits 2 Branches 0 Tags 6 MiB
1ed08c7384
Commit Graph

19 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
a276321dea stupidgcm: return error on too short input instead of panicing 
This is what Go GCM does as well.
 2018-05-10 23:00:02 +02:00
Jakob Unterwurzacher
bcc8378a2c Fix the easy golint warnings 
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
 2018-04-08 20:26:25 +02:00
Jakob Unterwurzacher
72ddbae1e6 stupidgcm: create private copy of the key 
Relieves the caller from worrying about whether they
can overwrite the key.
 2018-02-18 12:35:51 +01:00
Jakob Unterwurzacher
18f6c6106c main: try to wipe cryptocore's secret keys on unmount 
Raise the bar for recovering keys from memory.

https://github.com/rfjakob/gocryptfs/issues/211
 2018-02-18 11:39:10 +01:00
Jakob Unterwurzacher
eeed4b4bef stupidgcm: implement key wipe 
Not bulletproof due to possible GC copies, but
still raises to bar for extracting the key.

https://github.com/rfjakob/gocryptfs/issues/211
 2018-02-17 15:14:55 +01:00
Jakob Unterwurzacher
7e0fefe970 stupidgcm: switch to pointer receivers 
What the key slice does not get copied around
will make it possible to check if the key has been wiped.
 2018-02-17 15:02:01 +01:00
Jakob Unterwurzacher
e4b5005bcc stupidgcm: Open: if "dst" is big enough, use it as the output buffer 
This means we won't need any allocation for the plaintext.
 2017-06-30 23:24:12 +02:00
Jakob Unterwurzacher
0cc6f53496 stupidgcm: use "dst" as the output buffer it is big enough 
This saves an allocation of the ciphertext block.
 2017-06-29 18:52:33 +02:00
Jakob Unterwurzacher
3409ade272 forcedecode: tighten checks 
...and fix a few golint issues and print a scary warning message on mount.

Also, force the fs to ro,noexec.
 2017-04-24 00:25:02 +02:00
danim7
f1945c4daa Add -forcedecode 
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.

Closes https://github.com/rfjakob/gocryptfs/pull/102 .
 2017-04-23 23:11:56 +02:00
Jakob Unterwurzacher
c9f4400e6d Replace all calls to naked panic() with log.Panic() 
We want all panics to show up in the syslog.
 2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
a4956fa6bf A few more lint fixes 2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
56c0b19612 without_openssl: support compiling completely without openssl 
Build helper script: build-without-openssl.bash
 2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
b4d45554f2 Revert "stupidgcm: print openssl error stack before panicing" 
This did not help in debugging the openssl <= 1.0.1c issue at all
and makes the code more complex. Keep it simple.
 2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
508a949d9d stupidgcm: reorder calls to support openssl <= 1.0.1c 
This fixes the test failures on Travis CI.

Quoting from 07a4ff79d2

	/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
	 * required the tag before any AAD or ciphertext */
 2016-05-05 00:08:25 +02:00
Jakob Unterwurzacher
d0945b73d2 stupidgcm: print openssl error stack before panicing 2016-05-04 20:50:13 +02:00
Jakob Unterwurzacher
6c010c3080 stupidgcm: fix copy-paste error in panic message 
Also, print the openssl version in Travis CI
 2016-05-04 20:15:11 +02:00
Jakob Unterwurzacher
c92190bf07 stupidgcm: add our own thin wrapper around openssl gcm 
...complete with tests and benchmark.

This will allow us to get rid of the dependency to spacemonkeygo/openssl
that causes problems on Arch Linux
( https://github.com/rfjakob/gocryptfs/issues/21 )
 2016-05-04 19:56:07 +02:00