Commit Graph

87 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
31e14936be Split off SECURITY.md 2015-10-06 23:20:21 +02:00
Jakob Unterwurzacher
8ec16c165d Update README.md 2015-10-06 23:08:04 +02:00
Jakob Unterwurzacher
a3d286069f Use block number as authentication data 2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
45ea8aa546 Add "--masterkey=" parameter for recovery purposes 2015-10-06 21:16:39 +02:00
Jakob Unterwurzacher
5c6df49067 Switch to AES-256
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
39ea272e23 Add "--openssl=false" command line option
Also make main_test try both variants
2015-10-06 20:24:52 +02:00
Jakob Unterwurzacher
c2bd208bbe Rewrite README.md (in progress) 2015-10-06 00:35:29 +02:00
Jakob Unterwurzacher
022a6968ae Implement proper daemonization
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
552c32c5e9 Move main binary to gocryptfs_main
That way the wrapper shell script can be named just "gocryptfs"
2015-10-05 20:32:10 +02:00
Jakob Unterwurzacher
53ecebc71e openssl AEAD wrapper: handle authenticated data 2015-10-04 23:58:22 +02:00
Jakob Unterwurzacher
e6b7353f4e Switch nonce generation to purely random
The old implementation of counting up from a random starting
point had the problem that is allowed an attacker to find out
the write order of the blocks.
2015-10-04 21:36:16 +02:00
Jakob Unterwurzacher
df52aab082 Clean up openssl benchmark 2015-10-04 21:21:32 +02:00
Jakob Unterwurzacher
d1522c7992 tests: simplify names
main_test_tmp -> tmp
	main_benchmark.bash -> benchmark.bash
2015-10-04 20:46:21 +02:00
Jakob Unterwurzacher
aa082c235a Utimens: Use UtimesNano instead of Futimes
Futimes() only takes microsecond resolution while the FUSE call
Utimens() wants nanosecond precision.

This is why UTIME_OMIT did not work - this change fixes the
xfstests generic/258 test failure.

The go library does not provide a FutimesNano() function which is
why I use UtimesNano() on /proc/self/fd/n.
This is what the Go library does in Futimes().
2015-10-04 20:32:15 +02:00
Jakob Unterwurzacher
c7313f36de fallocate: return ENOSYS
The implementation was incomplete, disable fallocate completely for now.
See https://github.com/rfjakob/gocryptfs/issues/1

Fixes xfstests generic/075
2015-10-04 17:14:40 +02:00
Jakob Unterwurzacher
90bd978283 truncate: Fix bug that caused xfstests generic/030 to fail
The bug was caused by using cipherOff where plainOff should
have been used.
Renamed the symbols for less confusion.
2015-10-04 16:04:25 +02:00
Jakob Unterwurzacher
aa6fa7f3cf Truncate: Logging improvements, show number of blocks as float 2015-10-04 15:45:46 +02:00
Jakob Unterwurzacher
b27edba2bb Fix Trucate() bug causing files to be too small
Uncovered by running xfstests generic/014 several times
2015-10-04 15:40:59 +02:00
Jakob Unterwurzacher
089629442d Enable ClientInodes so hard links work
Fixes xfstests generic/002
2015-10-04 14:50:27 +02:00
Jakob Unterwurzacher
89fef80d32 Run go fmt 2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
5bd08abf40 Remove ClueFS frontend
Development has focused on PathFS for some time now and things are
working well.
2015-10-04 14:35:50 +02:00
Jakob Unterwurzacher
c859f0b2dc intraBlock: Rename Offset to Skip
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
Jakob Unterwurzacher
775676ecb8 Utilize file hole passtrough capability in Truncate()
Cuts down the runtime of xfstests generic/014
from 1822 seconds to 36 seconds
2015-10-04 14:21:07 +02:00
Jakob Unterwurzacher
2003ca965d Zero-pad last block if a file hole is created on Write()
Fixes TestFileHoles test
2015-10-04 11:39:35 +02:00
Jakob Unterwurzacher
5229b8f5f5 Add BlockNoPlainOff() and BlockNoCipherOff() + test
Also, fix key, it is now []byte, not [16]byte
2015-10-04 11:03:40 +02:00
Jakob Unterwurzacher
fa88741770 tests: add TestFileHoles
Create a file with holes by writing to offset 0 (block #0) and
offset 4096 (block #1).

This test currently fails.
2015-10-04 10:39:44 +02:00
Jakob Unterwurzacher
40448db909 Fix xfstests generic/030 failure
The actual fix is

	oldSize := f.cfs.PlainSize(uint64(fi.Size()))

the rest is logging improvements
2015-10-04 00:26:20 +02:00
Jakob Unterwurzacher
0802175328 Add daemonization shell script 2015-10-03 19:17:31 +02:00
Jakob Unterwurzacher
79870ab096 debug: log inode number instead of encrypted filename
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
Jakob Unterwurzacher
38bf8a2fcf Implement file hole passtrough
Fixes xfstests generic/010

Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00
Jakob Unterwurzacher
3fef613591 tests: Add append test 2015-09-30 23:42:18 +02:00
Jakob Unterwurzacher
b835f83fd5 Implement Truncate() + Test 2015-09-30 22:36:53 +02:00
Jakob Unterwurzacher
aea8d8d6e7 debug: Log encrypted filename 2015-09-30 20:32:24 +02:00
Jakob Unterwurzacher
061831edf2 DecryptBlocks: Don't shadow err variable 2015-09-30 20:31:41 +02:00
Jakob Unterwurzacher
7d666bd87d Set Fileystem and Type values shown in "df -T" and friends
Filesystem is set to CIPHERDIR, Type is set to fuse.gocryptfs
2015-09-19 10:47:16 +02:00
Jakob Unterwurzacher
c4ec7a4295 Fix Chown parameter order 2015-09-19 10:46:39 +02:00
Jakob Unterwurzacher
8fe5ec7381 Add --cpuprofile flag 2015-09-18 22:14:07 +02:00
Jakob Unterwurzacher
e84c1e3741 Make read benchmark smarter when extending file 2015-09-18 20:10:55 +02:00
Jakob Unterwurzacher
67fe4557e5 Fix read benchmark 2015-09-17 22:08:49 +02:00
Jakob Unterwurzacher
338925aef4 Set GOMAXPROCS = 4
Immediate speedup from 70MB/s to 80MB/s on streaming write.
Enables later parallelization.
2015-09-16 19:35:40 +02:00
Jakob Unterwurzacher
0af3cfcac0 Fix symlink size reporting 2015-09-16 19:32:37 +02:00
Jakob Unterwurzacher
3a2610a141 symlink encryption: pass ".." and "." through unchanged
This fixes relative symlinks:

$ tar xf linux-4.2.tar.gz
tar: linux-4.2/tools/testing/selftests/powerpc/vphn/vphn.h: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/vphn/vphn.c: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/stringloops/memcmp_64.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/primitives/word-at-a-time.h: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/primitives/asm/asm-compat.h: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/memcpy_power7.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/memcpy_64.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/copyuser_power7.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/copyuser_64.S: Cannot utime: No such file or directory
tar: linux-4.2/arch/powerpc/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/mips/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/metag/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/arm64/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/arm/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: Exiting with failure status due to previous errors
2015-09-16 18:43:07 +02:00
Jakob Unterwurzacher
3be2dfdf9d Add "--zerokey" option to simplify testing and benchmarking 2015-09-15 23:59:57 +02:00
Jakob Unterwurzacher
69b3d53f21 init: Check if dir is empty part II (done) 2015-09-14 22:56:59 +02:00
Jakob Unterwurzacher
fdc0fef6ee Use MarshalIndent for JSON generation 2015-09-14 00:45:41 +02:00
Jakob Unterwurzacher
eee2c017dc init: Check if dir is empty part I 2015-09-13 23:12:56 +02:00
Jakob Unterwurzacher
d941b67df4 Implement password handling 2015-09-13 23:06:38 +02:00
Jakob Unterwurzacher
71789ae14f Don't warn about "gocryptfs.conf" in the ciphertext root dir 2015-09-13 22:09:48 +02:00
Jakob Unterwurzacher
6f9e90c414 Encrypt key with scrypt-hashed password 2015-09-13 22:09:38 +02:00
Jakob Unterwurzacher
164739b655 Friendlier error message if gocryptfs.conf does not exist 2015-09-13 18:08:15 +02:00