hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
530 Commits 2 Branches 0 Tags 6 MiB
3c2c3453ad
Commit Graph

530 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakob Unterwurzacher
8c7e31329d Use NewGCMWithNonceSize only through goGCMWrapper to support Go 1.4 2015-12-19 15:19:31 +01:00
Jakob Unterwurzacher
1caa925868 Increase GCM IV size from 96 to 128 bits 
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
 2015-12-19 15:02:29 +01:00
Jakob Unterwurzacher
88826dc51d diriv: handle directory rename over directory 
If an empty directory is overwritten we will always get
ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
Handle that case by removing the target directory and trying again.

Fixes issue #10
 2015-12-19 13:21:15 +01:00
Jakob Unterwurzacher
00a712b4d1 go fmt 
...and minimal comment changes.
 2015-12-13 20:24:13 +01:00
Jakob Unterwurzacher
8518d6d7bd Handle EINTR returned by Fallocate 
Fallocate can return EINTR (interrupted system call) and does so
quite often when cpu profiling is enabled.
 2015-12-13 17:17:01 +01:00
Jakob Unterwurzacher
b02ad12814 tests: overwrite directory with another directory 
Testcase for issue #10 (currently failing)
 2015-12-11 23:27:38 +01:00
Jakob Unterwurzacher
7758bdc61d tests: add "gocryptfs -init -plaintextnames" cli testcase 2015-12-11 22:21:00 +01:00
Jakob Unterwurzacher
e99e841713 Rmdir: handle creating and removing unreadable directories 
This patch also splits off Mkdir and Rmdir into its own file.

Fixes issue #8, thanks to @diseq for the bug report.
 2015-12-11 20:02:12 +01:00
Jakob Unterwurzacher
78cd97c5e9 Wrap NewGCMWithNonceSize() to enable compilation on Go 1.4 2015-12-10 20:55:09 +01:00
Jakob Unterwurzacher
61ee2271c4 tests: test read-write directory operations on all example filesystems 2015-12-10 20:02:18 +01:00
Jakob Unterwurzacher
29336ba614 tests: add v0.6-plaintextnames example filesystem 2015-12-10 19:50:45 +01:00
Jakob Unterwurzacher
b4b9072cc2 Simplify CreateConfFile: do not allow specification of EMENames 2015-12-10 19:38:02 +01:00
Jakob Unterwurzacher
ccf6d00728 Add missing PlaintextNames checks in OpenDir, Mkdir, Rmdir, initDir 
Plaintextnames support has bitrotted during the DirIV additions,
this needs test cases. Will be added in a future patch.

Fixes issue #9.
 2015-12-10 01:12:05 +01:00
Jakob Unterwurzacher
14deea6c20 travis ci: do not build on go 1.4.3 
Go 1.4.3 seems to be missing cipher.NewGCMWithNonceSize. Error:

cryptfs/openssl_test.go:23: undefined: cipher.NewGCMWithNonceSize
 2015-12-08 17:16:23 +01:00
Jakob Unterwurzacher
ce4a9f9ed6 README: fix typo 2015-12-08 16:44:39 +01:00
Jakob Unterwurzacher
9419e7ae85 Update README + docs for v0.6 release 2015-12-08 16:41:45 +01:00
Jakob Unterwurzacher
e3f35d38b5 tests: add v0.6 example filesystem with EME 2015-12-08 16:17:19 +01:00
Jakob Unterwurzacher
c6dacd6f91 Add EME filename encryption & enable it by default 2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
ff8c81f95b go fmt 2015-12-08 13:51:06 +01:00
Jakob Unterwurzacher
f4ae0304af opensslGCM: preallocate buffer space, improves performance by 11% 
Results of cryptfs/openssl_benchmark.bash :

Before:
  BenchmarkEnc_OpenSSL_4k_AES256_nonce96-2 	   50000	     31802 ns/op	 127.28 MB/s
  BenchmarkEnc_OpenSSL_4k_AES256_nonce128-2	   50000	     32110 ns/op	 126.06 MB/s

After:
  BenchmarkEnc_OpenSSL_4k_AES256_nonce96-2 	   50000	     28612 ns/op	 141.47 MB/s
  BenchmarkEnc_OpenSSL_4k_AES256_nonce128-2	   50000	     28613 ns/op	 141.47 MB/s
 2015-12-08 13:22:57 +01:00
Jakob Unterwurzacher
c6a6641b58 tests: add encryption benchmarks to cryptfs 2015-12-08 13:19:19 +01:00
Jakob Unterwurzacher
21abf57abb Update README 
gocryptfs is no longer developed in gocryptfs because of the inconvenience
that you cannot mount a FUSE filesystem inside a FUSE mount
 2015-12-06 15:13:06 +01:00
Jakob Unterwurzacher
7375d86ada tests: add TestRename 2015-12-06 15:10:23 +01:00
Jakob Unterwurzacher
56888d83dd fallocate the space needed for the file header beforehand 
This makes sure writing to a file fails early if the underlying
filesystem does not support fallocate. It also prevents partial header
write due to ENOSPC.
 2015-12-06 15:05:52 +01:00
Jakob Unterwurzacher
edc289fb75 Fix rename, was broken broken by DirIV introduction 
As it was, CIPHERDIR was prepended twice, causing every rename
to fail with ENOENT.
 2015-12-06 15:00:54 +01:00
Jakob Unterwurzacher
37c67393e6 tests: recreate v0.5 example filesystems with -scryptn=10 
Cuts the mount time in half, from 0.788s to 0.321s.
 2015-12-06 14:41:51 +01:00
Jakob Unterwurzacher
71b94828ed init: create gocryptfs.diriv after creating gocryptfs.conf 
Creating the config file can fail easily, for example if the
password is not entered the same twice. This would leave an
orphaned gocryptfs.diriv behind.
 2015-12-06 14:24:45 +01:00
Jakob Unterwurzacher
fc23aba65b performance.txt: link to linux-3.0.tar.gz 2015-12-04 22:45:16 +01:00
Jakob Unterwurzacher
353d29b502 Update manpage with -diriv and -scryptn 2015-12-04 22:41:14 +01:00
Jakob Unterwurzacher
018d047ab2 Show base64 encoding in filename encryption svg 2015-12-04 22:26:50 +01:00
Jakob Unterwurzacher
a6971ade94 svg: add colored annotations 
Also, show the IV in the master key decryption process
 2015-12-02 09:03:37 +01:00
Jakob Unterwurzacher
026ab56de4 Cut down the text in SECURITY.md, add graphs 2015-12-01 23:06:56 +01:00
Jakob Unterwurzacher
6515c8d42c Add svgs explaining the encryption steps 2015-12-01 22:54:40 +01:00
Jakob Unterwurzacher
2734dc81e5 Make sure MANPAGE-render.bash works when called from outside Documentation 2015-12-01 21:04:58 +01:00
Jakob Unterwurzacher
accf8144ca Move docs to Documentation folder 2015-12-01 18:19:24 +01:00
Jakob Unterwurzacher
cbb18380be Update README and SECURITY documents 2015-11-29 22:36:25 +01:00
Jakob Unterwurzacher
ce42a6f23d Run go fmt 2015-11-29 21:55:20 +01:00
Jakob Unterwurzacher
20b058a333 Add single-element cache for DirIV lookup 
Another 3x performance boost for applications that walk the
directory tree.

Excerpt from performance.txt:

VERSION         UNTAR    LS     RM
v0.4               48     1.5    5
v0.5-rc1           56     7     19
v0.5-rc1-1         54     4.1    9
v0.5-rc1-2         45     1.7	 3.4  <---- THIS VERSION
 2015-11-29 21:41:38 +01:00
Jakob Unterwurzacher
1d0a442405 OpenDir performance: Read DirIV once and reuse it for all names 
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.

Massive improvement for RM and LS (check performance.txt for details)

VERSION         UNTAR   RM   LS
v0.4               48    5    1.5
v0.5-rc1           56   19    7
v0.5-rc1-1         54    9    4.1   <---- THIS VERSION
 2015-11-29 20:03:37 +01:00
Jakob Unterwurzacher
6f764b3867 Handle all operations except mounting without forking a child 
This saves 170ms for each start (why do we take 170ms to start up?)
and cuts down test time by 2 seconds.
 2015-11-29 19:09:12 +01:00
Jakob Unterwurzacher
bb116282b7 Add "-scryptn" option that sets the cost parameter for scrypt 
Use that option to speed up the automated tests by 7 seconds.

Before:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	26.667s
After:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	19.534s
 2015-11-29 18:53:40 +01:00
Jakob Unterwurzacher
71bfa1f0fb tests: add scrypt benchmark 
Times the impact of the parameter "N" to scrypt.

Results on a 2.7GHz Pentium G630:

gocryptfs/cryptfs$ go test -bench=.
PASS
BenchmarkScrypt10-2	     300	   6021435 ns/op ... 6ms
BenchmarkScrypt11-2	     100	  11861460 ns/op
BenchmarkScrypt12-2	     100	  23420822 ns/op
BenchmarkScrypt13-2	      30	  47666518 ns/op
BenchmarkScrypt14-2	      20	  92561590 ns/op ... 92ms
BenchmarkScrypt15-2	      10	 183971593 ns/op
BenchmarkScrypt16-2	       3	 368506365 ns/op
BenchmarkScrypt17-2	       2	 755502608 ns/op ... 755ms
ok  	github.com/rfjakob/gocryptfs/cryptfs	18.772s
 2015-11-29 14:50:02 +01:00
Jakob Unterwurzacher
eb38a36114 tests: add v0.5 example filesystem (with DirIV!) 2015-11-28 20:31:01 +01:00
Jakob Unterwurzacher
8766ab5472 tests: verify that symlinks work 2015-11-28 20:21:06 +01:00
Jakob Unterwurzacher
1fb349e97b diriv: also support old CBC symlink 2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
01141f8b5e diriv: fix Symlink() and Readlink() 
Both were missing adaptions for diriv usage resulting in broken
functionality
 2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
3b2143bafc diriv: fix readdir 
It decrypted all file names using the root directory iv
 2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
fe7355f9ee diriv: use "DirIV" flag to discern and support mounting old filesystems 2015-11-28 18:38:06 +01:00
Jakob Unterwurzacher
b3d96b6a20 main: pass args struct instead of having a huge function call 2015-11-27 22:30:38 +01:00
Jakob Unterwurzacher
a04a92cdab Run go fmt 2015-11-27 22:20:01 +01:00