2b8cbd9441
Major refactoring: Split up "cryptfs" into several internal packages
...
"git status" for reference:
deleted: cryptfs/cryptfs.go
deleted: cryptfs/names_core.go
modified: integration_tests/cli_test.go
modified: integration_tests/helpers.go
renamed: cryptfs/config_file.go -> internal/configfile/config_file.go
renamed: cryptfs/config_test.go -> internal/configfile/config_test.go
renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed: cryptfs/kdf.go -> internal/configfile/kdf.go
renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file: internal/contentenc/content_api.go
renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file: internal/cryptocore/crypto_api.go
renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file: internal/nametransform/name_api.go
new file: internal/nametransform/names_core.go
renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go
new file: internal/nametransform/pad16.go
renamed: cryptfs/log.go -> internal/toggledlog/log.go
renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified: main.go
modified: masterkey.go
modified: pathfs_frontend/file.go
modified: pathfs_frontend/file_holes.go
modified: pathfs_frontend/fs.go
modified: pathfs_frontend/fs_dir.go
modified: pathfs_frontend/names.go
modified: test.bash
2016-02-06 19:22:35 +01:00
adcfbd79a8
Rename DirIVCacheEnc to just DirIVCache
...
...and unexport dirIVCache
2016-02-06 12:27:55 +01:00
1573efec98
Don't print plain text directory name in "Invalid name" warning
2016-01-31 18:30:39 +01:00
6454db68d9
Add new "-wpanic" option and enable it for the automated tests
2016-01-31 18:09:39 +01:00
4c9e249e3a
Convert fdLock to an RWMutex and protect the whole transaction
...
...against concurrent closes.
The testcase
(set -e; while true; do truncate -s $RANDOM b; done) &
(set -e; while true; do truncate -s $RANDOM b; done) &
uncovered lots of unnecessary RMW failures that were the result
of concurrent closes.
With this patch, the only remaining error is "Truncate on forgotten file"
that is probably caused by a problem in the go-fuse lib
( https://github.com/hanwen/go-fuse/issues/95 )
2016-01-25 00:51:28 +01:00
4259c8f7eb
Only warn once for unsupported fallocate(2) and truncate(2)
...
Also, print the inode number in Ftruncate warnings.
2016-01-24 19:43:21 +01:00
2f32114bd3
Add per-inode write mutex
...
At the moment, FUSE writes to a single file are serialized by the kernel.
However, it is unclear if this is guaranteed behaviour or may change
in the future.
This patch adds our own per-inode write lock to rule out races regardless
of kernel behavoir.
2016-01-24 13:08:08 +01:00
17f0eb1339
Convert logging to standard Go log.Logger
...
This is in preparation of logging to syslog.
2016-01-20 20:57:00 +01:00
236970adee
OSX: Fix build failure caused by syntax errors
2016-01-09 13:04:48 +01:00
f93729f20d
Disable fallocate on OSX (not available and causes a build failure)
2016-01-07 21:39:41 +01:00
1caa925868
Increase GCM IV size from 96 to 128 bits
...
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
88826dc51d
diriv: handle directory rename over directory
...
If an empty directory is overwritten we will always get
ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
Handle that case by removing the target directory and trying again.
Fixes issue #10
2015-12-19 13:21:15 +01:00
00a712b4d1
go fmt
...
...and minimal comment changes.
2015-12-13 20:24:13 +01:00
8518d6d7bd
Handle EINTR returned by Fallocate
...
Fallocate can return EINTR (interrupted system call) and does so
quite often when cpu profiling is enabled.
2015-12-13 17:17:01 +01:00
e99e841713
Rmdir: handle creating and removing unreadable directories
...
This patch also splits off Mkdir and Rmdir into its own file.
Fixes issue #8 , thanks to @diseq for the bug report.
2015-12-11 20:02:12 +01:00
ccf6d00728
Add missing PlaintextNames checks in OpenDir, Mkdir, Rmdir, initDir
...
Plaintextnames support has bitrotted during the DirIV additions,
this needs test cases. Will be added in a future patch.
Fixes issue #9 .
2015-12-10 01:12:05 +01:00
c6dacd6f91
Add EME filename encryption & enable it by default
2015-12-08 16:17:04 +01:00
ff8c81f95b
go fmt
2015-12-08 13:51:06 +01:00
56888d83dd
fallocate the space needed for the file header beforehand
...
This makes sure writing to a file fails early if the underlying
filesystem does not support fallocate. It also prevents partial header
write due to ENOSPC.
2015-12-06 15:05:52 +01:00
edc289fb75
Fix rename, was broken broken by DirIV introduction
...
As it was, CIPHERDIR was prepended twice, causing every rename
to fail with ENOENT.
2015-12-06 15:00:54 +01:00
ce42a6f23d
Run go fmt
2015-11-29 21:55:20 +01:00
20b058a333
Add single-element cache for DirIV lookup
...
Another 3x performance boost for applications that walk the
directory tree.
Excerpt from performance.txt:
VERSION UNTAR LS RM
v0.4 48 1.5 5
v0.5-rc1 56 7 19
v0.5-rc1-1 54 4.1 9
v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION
2015-11-29 21:41:38 +01:00
1d0a442405
OpenDir performance: Read DirIV once and reuse it for all names
...
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.
Massive improvement for RM and LS (check performance.txt for details)
VERSION UNTAR RM LS
v0.4 48 5 1.5
v0.5-rc1 56 19 7
v0.5-rc1-1 54 9 4.1 <---- THIS VERSION
2015-11-29 20:03:37 +01:00
1fb349e97b
diriv: also support old CBC symlink
2015-11-28 18:39:45 +01:00
01141f8b5e
diriv: fix Symlink() and Readlink()
...
Both were missing adaptions for diriv usage resulting in broken
functionality
2015-11-28 18:39:45 +01:00
3b2143bafc
diriv: fix readdir
...
It decrypted all file names using the root directory iv
2015-11-28 18:39:45 +01:00
fe7355f9ee
diriv: use "DirIV" flag to discern and support mounting old filesystems
2015-11-28 18:38:06 +01:00
a04a92cdab
Run go fmt
2015-11-27 22:20:01 +01:00
bdd9249a52
diriv: Move WriteDirIV() to cryptfs; add locking to Mkdir, Rmdir
2015-11-27 21:48:58 +01:00
decfc1ab79
diriv: Convert filename encryption users to diriv
2015-11-27 00:03:10 +01:00
fe2fcf6c16
diriv: Transactionally delete gocryptfs.diriv in Rmdir
2015-11-25 22:17:42 +01:00
4d466c3412
diriv: Create gocryptfs.diriv in every directory
2015-11-25 20:57:16 +01:00
61aacb5c1b
Run go fmt and go vet
2015-11-14 17:16:17 +01:00
99dfc84992
Add "-q" (quiet) flag
2015-11-09 22:33:42 +01:00
fa3a382aa4
Handle ENOSPC errors better by preallocating the space before writing
...
Prevent the case that we run out of space in the middle of
writing a block - that would leave a corrupt block behind.
2015-11-08 22:36:29 +01:00
050005fd7b
Centralize path filter decision in CryptFS.IsFiltered()
2015-11-03 22:25:29 +01:00
de56fe9e35
Implement PlainTextNames mode
...
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
e31d319c39
Remove code detected by "deadcode"
...
go get github.com/remyoudompheng/go-misc/deadcode
2015-11-01 12:32:10 +01:00
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
a3d286069f
Use block number as authentication data
2015-10-06 22:27:37 +02:00
aa082c235a
Utimens: Use UtimesNano instead of Futimes
...
Futimes() only takes microsecond resolution while the FUSE call
Utimens() wants nanosecond precision.
This is why UTIME_OMIT did not work - this change fixes the
xfstests generic/258 test failure.
The go library does not provide a FutimesNano() function which is
why I use UtimesNano() on /proc/self/fd/n.
This is what the Go library does in Futimes().
2015-10-04 20:32:15 +02:00
c7313f36de
fallocate: return ENOSYS
...
The implementation was incomplete, disable fallocate completely for now.
See https://github.com/rfjakob/gocryptfs/issues/1
Fixes xfstests generic/075
2015-10-04 17:14:40 +02:00
90bd978283
truncate: Fix bug that caused xfstests generic/030 to fail
...
The bug was caused by using cipherOff where plainOff should
have been used.
Renamed the symbols for less confusion.
2015-10-04 16:04:25 +02:00
aa6fa7f3cf
Truncate: Logging improvements, show number of blocks as float
2015-10-04 15:45:46 +02:00
b27edba2bb
Fix Trucate() bug causing files to be too small
...
Uncovered by running xfstests generic/014 several times
2015-10-04 15:40:59 +02:00
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
c859f0b2dc
intraBlock: Rename Offset to Skip
...
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
775676ecb8
Utilize file hole passtrough capability in Truncate()
...
Cuts down the runtime of xfstests generic/014
from 1822 seconds to 36 seconds
2015-10-04 14:21:07 +02:00
2003ca965d
Zero-pad last block if a file hole is created on Write()
...
Fixes TestFileHoles test
2015-10-04 11:39:35 +02:00
Jakob Unterwurzacher