2b8cbd9441
Major refactoring: Split up "cryptfs" into several internal packages
...
"git status" for reference:
deleted: cryptfs/cryptfs.go
deleted: cryptfs/names_core.go
modified: integration_tests/cli_test.go
modified: integration_tests/helpers.go
renamed: cryptfs/config_file.go -> internal/configfile/config_file.go
renamed: cryptfs/config_test.go -> internal/configfile/config_test.go
renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed: cryptfs/kdf.go -> internal/configfile/kdf.go
renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file: internal/contentenc/content_api.go
renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file: internal/cryptocore/crypto_api.go
renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file: internal/nametransform/name_api.go
new file: internal/nametransform/names_core.go
renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go
new file: internal/nametransform/pad16.go
renamed: cryptfs/log.go -> internal/toggledlog/log.go
renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified: main.go
modified: masterkey.go
modified: pathfs_frontend/file.go
modified: pathfs_frontend/file_holes.go
modified: pathfs_frontend/fs.go
modified: pathfs_frontend/fs_dir.go
modified: pathfs_frontend/names.go
modified: test.bash
2016-02-06 19:22:35 +01:00
adcfbd79a8
Rename DirIVCacheEnc to just DirIVCache
...
...and unexport dirIVCache
2016-02-06 12:27:55 +01:00
1573efec98
Don't print plain text directory name in "Invalid name" warning
2016-01-31 18:30:39 +01:00
4259c8f7eb
Only warn once for unsupported fallocate(2) and truncate(2)
...
Also, print the inode number in Ftruncate warnings.
2016-01-24 19:43:21 +01:00
17f0eb1339
Convert logging to standard Go log.Logger
...
This is in preparation of logging to syslog.
2016-01-20 20:57:00 +01:00
1caa925868
Increase GCM IV size from 96 to 128 bits
...
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
88826dc51d
diriv: handle directory rename over directory
...
If an empty directory is overwritten we will always get
ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
Handle that case by removing the target directory and trying again.
Fixes issue #10
2015-12-19 13:21:15 +01:00
00a712b4d1
go fmt
...
...and minimal comment changes.
2015-12-13 20:24:13 +01:00
e99e841713
Rmdir: handle creating and removing unreadable directories
...
This patch also splits off Mkdir and Rmdir into its own file.
Fixes issue #8 , thanks to @diseq for the bug report.
2015-12-11 20:02:12 +01:00
ccf6d00728
Add missing PlaintextNames checks in OpenDir, Mkdir, Rmdir, initDir
...
Plaintextnames support has bitrotted during the DirIV additions,
this needs test cases. Will be added in a future patch.
Fixes issue #9 .
2015-12-10 01:12:05 +01:00
c6dacd6f91
Add EME filename encryption & enable it by default
2015-12-08 16:17:04 +01:00
edc289fb75
Fix rename, was broken broken by DirIV introduction
...
As it was, CIPHERDIR was prepended twice, causing every rename
to fail with ENOENT.
2015-12-06 15:00:54 +01:00
ce42a6f23d
Run go fmt
2015-11-29 21:55:20 +01:00
20b058a333
Add single-element cache for DirIV lookup
...
Another 3x performance boost for applications that walk the
directory tree.
Excerpt from performance.txt:
VERSION UNTAR LS RM
v0.4 48 1.5 5
v0.5-rc1 56 7 19
v0.5-rc1-1 54 4.1 9
v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION
2015-11-29 21:41:38 +01:00
1d0a442405
OpenDir performance: Read DirIV once and reuse it for all names
...
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.
Massive improvement for RM and LS (check performance.txt for details)
VERSION UNTAR RM LS
v0.4 48 5 1.5
v0.5-rc1 56 19 7
v0.5-rc1-1 54 9 4.1 <---- THIS VERSION
2015-11-29 20:03:37 +01:00
1fb349e97b
diriv: also support old CBC symlink
2015-11-28 18:39:45 +01:00
01141f8b5e
diriv: fix Symlink() and Readlink()
...
Both were missing adaptions for diriv usage resulting in broken
functionality
2015-11-28 18:39:45 +01:00
3b2143bafc
diriv: fix readdir
...
It decrypted all file names using the root directory iv
2015-11-28 18:39:45 +01:00
fe7355f9ee
diriv: use "DirIV" flag to discern and support mounting old filesystems
2015-11-28 18:38:06 +01:00
a04a92cdab
Run go fmt
2015-11-27 22:20:01 +01:00
bdd9249a52
diriv: Move WriteDirIV() to cryptfs; add locking to Mkdir, Rmdir
2015-11-27 21:48:58 +01:00
decfc1ab79
diriv: Convert filename encryption users to diriv
2015-11-27 00:03:10 +01:00
fe2fcf6c16
diriv: Transactionally delete gocryptfs.diriv in Rmdir
2015-11-25 22:17:42 +01:00
4d466c3412
diriv: Create gocryptfs.diriv in every directory
2015-11-25 20:57:16 +01:00
61aacb5c1b
Run go fmt and go vet
2015-11-14 17:16:17 +01:00
99dfc84992
Add "-q" (quiet) flag
2015-11-09 22:33:42 +01:00
050005fd7b
Centralize path filter decision in CryptFS.IsFiltered()
2015-11-03 22:25:29 +01:00
de56fe9e35
Implement PlainTextNames mode
...
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
c4ec7a4295
Fix Chown parameter order
2015-09-19 10:46:39 +02:00
67fe4557e5
Fix read benchmark
2015-09-17 22:08:49 +02:00
0af3cfcac0
Fix symlink size reporting
2015-09-16 19:32:37 +02:00
71789ae14f
Don't warn about "gocryptfs.conf" in the ciphertext root dir
2015-09-13 22:09:48 +02:00
6f9e90c414
Encrypt key with scrypt-hashed password
2015-09-13 22:09:38 +02:00
e7ba3c61f1
Fix File.GettAttr() size reporting
...
The too-large reported value broke mmap
(applications saw appended zero bytes)
Also
* Add locking for all fd operations
* Add "--debug" command line switch
2015-09-09 19:32:59 +02:00
bfdbbbf8b4
Fix panic on absolute symlink
2015-09-08 22:53:06 +02:00
889ae90081
Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
...
Currently fails main_test.go, will be fixed in part II
2015-09-08 00:55:03 +02:00
Jakob Unterwurzacher