Commit Graph

322 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
902babdf22 Refactor ciphertext <-> plaintext offset translation functions
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
Jakob Unterwurzacher
14276c9632 Fix missing printf arguments discovered by "go vet" 2015-11-01 11:56:33 +01:00
Jakob Unterwurzacher
76311b60f2 Add file header (on-disk-format change)
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]

Quoting SECURITY.md:

* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
 * This means the position of the blocks is protected as well. The blocks
   can not be reordered or copied between different files without
   causing an decryption error.
2015-11-01 01:38:27 +01:00
Jakob Unterwurzacher
73fa8efdb2 tests: run unit tests before integration tests 2015-11-01 01:36:20 +01:00
Jakob Unterwurzacher
3e013e0d91 tests: introduce verifySize() for detailed error messages 2015-11-01 01:36:20 +01:00
Jakob Unterwurzacher
3f8b22d6ac tests: additionally verify the file size by reading the whole file 2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
b3ea1498cf tests: verify file size in testWriteN 2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
8b7c986bdf tests: Use /tmp/gocryptfs_main_test temporary directory
Using "/tmp" meant that running the test would delete everything
there.
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
3e36851273 TestRmwRace: abort testing on write failures
Continuing the test will just generate useless noise
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
eac1f54213 Activate block number authentication 2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
a5b907b42f Add rmw race test 2015-11-01 01:36:19 +01:00
rfjakob
f87ea8672a README: Add travis badge 2015-10-11 23:57:51 +02:00
Jakob Unterwurzacher
6a25fa6ef9 Add travis config file 2015-10-11 23:55:47 +02:00
rfjakob
9221560359 Fix link in XFSTESTS.md 2015-10-11 23:18:02 +02:00
Jakob Unterwurzacher
253bd33fde Add MIT LICENSE 2015-10-11 23:15:03 +02:00
Jakob Unterwurzacher
6341a26ac8 Update README 2015-10-11 19:45:03 +02:00
Jakob Unterwurzacher
242fcd0736 Run gofmt 2015-10-11 18:51:56 +02:00
Jakob Unterwurzacher
b00fc379c4 Fix helper scripts for new top-level path 2015-10-11 18:40:27 +02:00
Jakob Unterwurzacher
d1d444435c main: check directories for existence early
This prevents that the user enters the password only to get an error
later.
2015-10-11 18:33:28 +02:00
Jakob Unterwurzacher
a863a6569c Drop shell wrapper 2015-10-11 18:03:24 +02:00
Jakob Unterwurzacher
14115b061b Add native daemonization 2015-10-11 18:02:48 +02:00
Jakob Unterwurzacher
39183bea00 Rename sendSig to sendUsr1
This matches waitForUsr1 in daemonize()
2015-10-11 18:01:47 +02:00
Jakob Unterwurzacher
5dc7e44aa2 Move main files to top level dir
This is in preparation of getting rid of the shell wrapper
2015-10-11 17:14:18 +02:00
Jakob Unterwurzacher
6825d0e740 README: Remove dots notice 2015-10-10 18:34:09 +02:00
Jakob Unterwurzacher
a3e66ca154 Shell wrapper: Also search the binary in $GOPATH/bin 2015-10-08 00:02:55 +02:00
Jakob Unterwurzacher
7ac9d6af58 README: Mention that only Linux is tested 2015-10-07 23:50:19 +02:00
Jakob Unterwurzacher
d9b4f96598 Update README 2015-10-07 23:31:28 +02:00
Jakob Unterwurzacher
ed1df49af5 Run go fmt 2015-10-07 22:59:36 +02:00
Jakob Unterwurzacher
c4a66bc30d Add package.bash 2015-10-07 22:14:00 +02:00
Jakob Unterwurzacher
440abcbac6 Add test.bash
...also adapt the cryptfs tests for 256 bit long keys
2015-10-07 22:09:34 +02:00
Jakob Unterwurzacher
2f970e1aa6 Adapt openssl benchmark for 256 bit long keys 2015-10-07 22:05:32 +02:00
Jakob Unterwurzacher
878f64a5d7 Better usage text 2015-10-07 21:59:54 +02:00
Jakob Unterwurzacher
bef73c63b3 Move gocryptfs wrapper into the same folder as the binary 2015-10-07 21:49:38 +02:00
Jakob Unterwurzacher
65ba0739d5 Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00
Jakob Unterwurzacher
03502861ce Reword help text 2015-10-06 23:28:20 +02:00
Jakob Unterwurzacher
31e14936be Split off SECURITY.md 2015-10-06 23:20:21 +02:00
Jakob Unterwurzacher
8ec16c165d Update README.md 2015-10-06 23:08:04 +02:00
Jakob Unterwurzacher
a3d286069f Use block number as authentication data 2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
45ea8aa546 Add "--masterkey=" parameter for recovery purposes 2015-10-06 21:16:39 +02:00
Jakob Unterwurzacher
5c6df49067 Switch to AES-256
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
39ea272e23 Add "--openssl=false" command line option
Also make main_test try both variants
2015-10-06 20:24:52 +02:00
Jakob Unterwurzacher
c2bd208bbe Rewrite README.md (in progress) 2015-10-06 00:35:29 +02:00
Jakob Unterwurzacher
022a6968ae Implement proper daemonization
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
552c32c5e9 Move main binary to gocryptfs_main
That way the wrapper shell script can be named just "gocryptfs"
2015-10-05 20:32:10 +02:00
Jakob Unterwurzacher
53ecebc71e openssl AEAD wrapper: handle authenticated data 2015-10-04 23:58:22 +02:00
Jakob Unterwurzacher
e6b7353f4e Switch nonce generation to purely random
The old implementation of counting up from a random starting
point had the problem that is allowed an attacker to find out
the write order of the blocks.
2015-10-04 21:36:16 +02:00
Jakob Unterwurzacher
df52aab082 Clean up openssl benchmark 2015-10-04 21:21:32 +02:00
Jakob Unterwurzacher
d1522c7992 tests: simplify names
main_test_tmp -> tmp
	main_benchmark.bash -> benchmark.bash
2015-10-04 20:46:21 +02:00
Jakob Unterwurzacher
aa082c235a Utimens: Use UtimesNano instead of Futimes
Futimes() only takes microsecond resolution while the FUSE call
Utimens() wants nanosecond precision.

This is why UTIME_OMIT did not work - this change fixes the
xfstests generic/258 test failure.

The go library does not provide a FutimesNano() function which is
why I use UtimesNano() on /proc/self/fd/n.
This is what the Go library does in Futimes().
2015-10-04 20:32:15 +02:00
Jakob Unterwurzacher
c7313f36de fallocate: return ENOSYS
The implementation was incomplete, disable fallocate completely for now.
See https://github.com/rfjakob/gocryptfs/issues/1

Fixes xfstests generic/075
2015-10-04 17:14:40 +02:00