Jakob Unterwurzacher
2b8cbd9441
Major refactoring: Split up "cryptfs" into several internal packages
...
"git status" for reference:
deleted: cryptfs/cryptfs.go
deleted: cryptfs/names_core.go
modified: integration_tests/cli_test.go
modified: integration_tests/helpers.go
renamed: cryptfs/config_file.go -> internal/configfile/config_file.go
renamed: cryptfs/config_test.go -> internal/configfile/config_test.go
renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed: cryptfs/kdf.go -> internal/configfile/kdf.go
renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file: internal/contentenc/content_api.go
renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file: internal/cryptocore/crypto_api.go
renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file: internal/nametransform/name_api.go
new file: internal/nametransform/names_core.go
renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go
new file: internal/nametransform/pad16.go
renamed: cryptfs/log.go -> internal/toggledlog/log.go
renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified: main.go
modified: masterkey.go
modified: pathfs_frontend/file.go
modified: pathfs_frontend/file_holes.go
modified: pathfs_frontend/fs.go
modified: pathfs_frontend/fs_dir.go
modified: pathfs_frontend/names.go
modified: test.bash
2016-02-06 19:22:35 +01:00
Jakob Unterwurzacher
adcfbd79a8
Rename DirIVCacheEnc to just DirIVCache
...
...and unexport dirIVCache
2016-02-06 12:27:55 +01:00
Jakob Unterwurzacher
1573efec98
Don't print plain text directory name in "Invalid name" warning
2016-01-31 18:30:39 +01:00
Jakob Unterwurzacher
4259c8f7eb
Only warn once for unsupported fallocate(2) and truncate(2)
...
Also, print the inode number in Ftruncate warnings.
2016-01-24 19:43:21 +01:00
Jakob Unterwurzacher
17f0eb1339
Convert logging to standard Go log.Logger
...
This is in preparation of logging to syslog.
2016-01-20 20:57:00 +01:00
Jakob Unterwurzacher
1caa925868
Increase GCM IV size from 96 to 128 bits
...
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
Jakob Unterwurzacher
88826dc51d
diriv: handle directory rename over directory
...
If an empty directory is overwritten we will always get
ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
Handle that case by removing the target directory and trying again.
Fixes issue #10
2015-12-19 13:21:15 +01:00
Jakob Unterwurzacher
00a712b4d1
go fmt
...
...and minimal comment changes.
2015-12-13 20:24:13 +01:00
Jakob Unterwurzacher
e99e841713
Rmdir: handle creating and removing unreadable directories
...
This patch also splits off Mkdir and Rmdir into its own file.
Fixes issue #8 , thanks to @diseq for the bug report.
2015-12-11 20:02:12 +01:00
Jakob Unterwurzacher
ccf6d00728
Add missing PlaintextNames checks in OpenDir, Mkdir, Rmdir, initDir
...
Plaintextnames support has bitrotted during the DirIV additions,
this needs test cases. Will be added in a future patch.
Fixes issue #9 .
2015-12-10 01:12:05 +01:00
Jakob Unterwurzacher
c6dacd6f91
Add EME filename encryption & enable it by default
2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
edc289fb75
Fix rename, was broken broken by DirIV introduction
...
As it was, CIPHERDIR was prepended twice, causing every rename
to fail with ENOENT.
2015-12-06 15:00:54 +01:00
Jakob Unterwurzacher
ce42a6f23d
Run go fmt
2015-11-29 21:55:20 +01:00
Jakob Unterwurzacher
20b058a333
Add single-element cache for DirIV lookup
...
Another 3x performance boost for applications that walk the
directory tree.
Excerpt from performance.txt:
VERSION UNTAR LS RM
v0.4 48 1.5 5
v0.5-rc1 56 7 19
v0.5-rc1-1 54 4.1 9
v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION
2015-11-29 21:41:38 +01:00
Jakob Unterwurzacher
1d0a442405
OpenDir performance: Read DirIV once and reuse it for all names
...
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.
Massive improvement for RM and LS (check performance.txt for details)
VERSION UNTAR RM LS
v0.4 48 5 1.5
v0.5-rc1 56 19 7
v0.5-rc1-1 54 9 4.1 <---- THIS VERSION
2015-11-29 20:03:37 +01:00
Jakob Unterwurzacher
1fb349e97b
diriv: also support old CBC symlink
2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
01141f8b5e
diriv: fix Symlink() and Readlink()
...
Both were missing adaptions for diriv usage resulting in broken
functionality
2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
3b2143bafc
diriv: fix readdir
...
It decrypted all file names using the root directory iv
2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
fe7355f9ee
diriv: use "DirIV" flag to discern and support mounting old filesystems
2015-11-28 18:38:06 +01:00
Jakob Unterwurzacher
a04a92cdab
Run go fmt
2015-11-27 22:20:01 +01:00
Jakob Unterwurzacher
bdd9249a52
diriv: Move WriteDirIV() to cryptfs; add locking to Mkdir, Rmdir
2015-11-27 21:48:58 +01:00
Jakob Unterwurzacher
decfc1ab79
diriv: Convert filename encryption users to diriv
2015-11-27 00:03:10 +01:00
Jakob Unterwurzacher
fe2fcf6c16
diriv: Transactionally delete gocryptfs.diriv in Rmdir
2015-11-25 22:17:42 +01:00
Jakob Unterwurzacher
4d466c3412
diriv: Create gocryptfs.diriv in every directory
2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
61aacb5c1b
Run go fmt and go vet
2015-11-14 17:16:17 +01:00
Jakob Unterwurzacher
99dfc84992
Add "-q" (quiet) flag
2015-11-09 22:33:42 +01:00
Jakob Unterwurzacher
050005fd7b
Centralize path filter decision in CryptFS.IsFiltered()
2015-11-03 22:25:29 +01:00
Jakob Unterwurzacher
de56fe9e35
Implement PlainTextNames mode
...
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
Jakob Unterwurzacher
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
Jakob Unterwurzacher
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
Jakob Unterwurzacher
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
c4ec7a4295
Fix Chown parameter order
2015-09-19 10:46:39 +02:00
Jakob Unterwurzacher
67fe4557e5
Fix read benchmark
2015-09-17 22:08:49 +02:00
Jakob Unterwurzacher
0af3cfcac0
Fix symlink size reporting
2015-09-16 19:32:37 +02:00
Jakob Unterwurzacher
71789ae14f
Don't warn about "gocryptfs.conf" in the ciphertext root dir
2015-09-13 22:09:48 +02:00
Jakob Unterwurzacher
6f9e90c414
Encrypt key with scrypt-hashed password
2015-09-13 22:09:38 +02:00
Jakob Unterwurzacher
e7ba3c61f1
Fix File.GettAttr() size reporting
...
The too-large reported value broke mmap
(applications saw appended zero bytes)
Also
* Add locking for all fd operations
* Add "--debug" command line switch
2015-09-09 19:32:59 +02:00
Jakob Unterwurzacher
bfdbbbf8b4
Fix panic on absolute symlink
2015-09-08 22:53:06 +02:00
Jakob Unterwurzacher
889ae90081
Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
...
Currently fails main_test.go, will be fixed in part II
2015-09-08 00:55:03 +02:00