Commit Graph

163 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
adf7d75d31 main: changePassword: zero masterkey
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.

Also get rid of the password duplicate in
readpassword.Twice.
2018-02-18 15:36:14 +01:00
Jakob Unterwurzacher
2cf050d69e main: zero password once we are done with it
Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
2018-02-18 15:22:22 +01:00
Jakob Unterwurzacher
3b8f5cbb17 readpassword: convert from string to []byte
This will allows us to overwrite the password
with zeros once we are done with it.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 14:26:54 +01:00
Jakob Unterwurzacher
14c063428d main: doMount: use a deferred function for wipeKeys
Also drop the unused int return.
2018-02-18 12:55:20 +01:00
Jakob Unterwurzacher
bd78b44389 cryptocore, main: add two comments
While reading the code, I had to think about what it
does, so add a comment that explains it.
2018-02-18 12:41:11 +01:00
Felix Lechner
bf2f9640c4 Fix spelling (#205) 2018-02-04 20:38:22 +01:00
Jakob Unterwurzacher
1b0426bcb2 main: print clear error message if CIPHERDIR is missing
Getting just the help text in response to

	gocryptfs -info -config external.config

is confusing: https://github.com/rfjakob/gocryptfs/issues/157
2017-11-15 20:30:21 +01:00
Jakob Unterwurzacher
830cbb7218 build.bash: make reproduceable builds easier
* Reduce the build time precision from seconds to days
* Allow to specify an arbitrary build date through an
  env variable
2017-09-06 21:41:22 +02:00
Jakob Unterwurzacher
1f39ede4b4 main: save memory profile every 60 seconds
...and move all profiling functionality to its own file, as
the main function is already long enough.

Periodically saving the memory profile allows capturing the used
memory during normal operation, as opposed to on exit, where the
kernel has already issued FORGETs for all inodes.

This functionality has been used to create the memory profile shown
in https://github.com/rfjakob/gocryptfs/issues/132 .
2017-07-30 16:07:00 +02:00
Jakob Unterwurzacher
71978ec88a Add "-trace" flag (record execution trace)
Uses the runtime/trace functionality.

TODO: add to man page.
2017-06-07 22:09:06 +02:00
Jakob Unterwurzacher
22820bcd76 main: reorder force_owner flag parsing
No functional changes, just keeping the profiling-related flags
together.
2017-06-07 22:07:56 +02:00
Jakob Unterwurzacher
53b7c17261 Don't cap GOMAXPROCS at 4.
Before Go 1.5, GOMAXPROCS defaulted to 1, hence it made
sense to unconditionally increase it to 4.

But since Go 1.5, GOMAXPROCS defaults to the number of cores,
so don't keep it from increasing above 4.

Also, update the performance numbers.
2017-06-01 20:55:13 +02:00
Charles Duffy
cf1ded5236 Implement force_owner option to display ownership as a specific user. 2017-06-01 00:26:17 +02:00
Jakob Unterwurzacher
1e598e96fc main: add "-info" option
Pretty-prints the config while stripping out sensitive
(and uninteresting) data

https://github.com/rfjakob/gocryptfs/issues/111
2017-05-30 19:01:32 +02:00
Jakob Unterwurzacher
df2f4b1c40 main: add short help text
We have accumulated so many options over time that they
no longer fit on the screen.

Display only a useful subset of options to the user unless
they pass "-hh".
2017-05-30 17:59:13 +02:00
Jakob Unterwurzacher
c44389d942 exitcodes: specific codes for failure to read or write gocryptfs.conf
New codes:
* OpenConf = 23
* WriteConf = 24
2017-05-14 14:30:50 +02:00
Jakob Unterwurzacher
18f354d84b main: password change: exit with code 12 on wrong password
We used to return code 8, now we return code 12 as documented in
the man page.

Also adds a test.
2017-05-14 13:14:00 +02:00
Jakob Unterwurzacher
d5adde1eeb exitcodes: pull all exit code definitions into the package
This commit defines all exit codes in one place in the exitcodes
package.

Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.

Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07 22:16:22 +02:00
Jakob Unterwurzacher
cd10d0a6e4 main: more specific default values for GitVersion etc
Now looks like this:

  $ ./gocryptfs -version
  gocryptfs [GitVersion not set - please compile using ./build.bash]; go-fuse [GitVersionFuse not set - please compile using ./build.bash]; 0000-00-00 go1.8

Hopefully easier to grep for.
2017-05-06 14:29:34 +02:00
Jakob Unterwurzacher
a48893b653 main: add "-race" to the version string
...if we were compiled with "-race".
2017-05-06 14:26:34 +02:00
Jakob Unterwurzacher
1e03e059fa Implement "gocryptfs -speed"
A crypto benchmark mode like "openssl speed".

Example run:

  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s
2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
1e9d735406 Document "--" to stop option parsing in help text + man page 2017-02-12 12:49:04 +01:00
Jakob Unterwurzacher
39eca53677 main: make sure the ctlsock file is deleted on incorrect password
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
2017-01-26 21:32:08 +01:00
Jakob Unterwurzacher
80c50b9dbc main: give deferred functions a chance to run (fixes -cpuprofile) 2016-11-23 23:49:34 +01:00
Jakob Unterwurzacher
f4c367381e main: fix comments that reference "-f" 2016-11-01 19:04:49 +01:00
Jakob Unterwurzacher
b527e205e2 main: rename "-f" to "-fg"
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
2016-11-01 19:00:45 +01:00
Jakob Unterwurzacher
c487e176bd main: allow password change with -masterkey
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-16 18:17:28 +02:00
Jakob Unterwurzacher
9f0793ab0f main: more useful error message on unknown flag 2016-10-09 20:55:33 +02:00
Jakob Unterwurzacher
9cf3ced0ce main: also accept options at the end via "-o"
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
2016-10-09 20:05:54 +02:00
Jakob Unterwurzacher
495479dc66 main: friendlier error message on wrong number of arguments
Before:
	Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT

After:
	Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg"
	Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
2016-10-09 18:18:14 +02:00
Jakob Unterwurzacher
f054353bd3 reverse: make gocryptfs.conf mapping plaintextnames-aware
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.

Also adds a test for that.
2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
631c538f13 main: split doMount into its own file
Ongoing effort to reduce the size of main().
2016-10-08 18:43:24 +02:00
Jakob Unterwurzacher
89bcc50294 main: check if the config file can opened before prompting for password
This was frustrating:

$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied
2016-10-08 17:19:55 +02:00
Jakob Unterwurzacher
9b1a35174b MANPAGE: note that "-f" implies "-nosyslog"
Also explain why AES-SIV exists.
2016-10-07 23:02:04 +02:00
Jakob Unterwurzacher
14fd5ce598 main: daemonize more thoroughly
As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs.
2016-10-07 22:44:28 +02:00
Jakob Unterwurzacher
45dfc90a2f main: clarify nosyslog code path
Split the block up and add a comment why notifypid is important.
2016-10-07 00:05:46 +02:00
Jakob Unterwurzacher
434ce50db3 main: add "-nonempty" option 2016-10-06 22:41:13 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
56c0b19612 without_openssl: support compiling completely without openssl
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
e9bb8b800c reverse: switch from GCM-SIV to AES-SIV
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
5f4b16c00f Implement changes proposed by gosimple.
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25 19:48:21 +02:00
Jakob Unterwurzacher
2050c7f3b3 reverse: add gcmsiv flag and associated tests 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
d76e7aadb4 reverse: use dynamic inode numbers
...with stable mappings for hard-linked files.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
5f726aaa9d contentenc: add GCM-SIV support
Also add ReverseDummyNonce nonce generation.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
7f87ed78f2 cryptocore: add support for GCM-SIV 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
72efa5c9b1 main: move initDir into its own file 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
9ad49088fa main: add explicit exit after forkChild
Trying to make it more obvious what is happening.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
d9db75ebd2 main: factor out cli arg parsing
The main function has gotten way too big.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
a34b447ad1 reverse: let the kernel enforce read-only mode
... and print a warning that reverse mode is experimental
2016-09-25 16:43:17 +02:00