Commit Graph

926 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
874e4fb5e9 cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum"
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.

"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
2017-03-05 17:10:57 +01:00
Jakob Unterwurzacher
e032539e2c cryptocore: use eme v1.1 interface
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.

Note that you have to upgrade your EME package (go get -u)!
2017-03-05 13:58:24 +01:00
Jakob Unterwurzacher
b2f154a9a9 tests: stop calling t.Fatal from example_test_helpers
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
2017-03-05 13:39:25 +01:00
Jakob Unterwurzacher
6465fa42a6 test.bash: execute build-without-openssl.bash instead of sourcing it
Sourcing the script breaks the "cd $(dirname $0)" logic in
build-without-openssl.bash.
2017-03-05 13:32:28 +01:00
Jakob Unterwurzacher
6cc0aebd71 configfile: define HKDF flag 2017-03-05 12:08:12 +01:00
Jakob Unterwurzacher
b2f3dbb8bd fusefrontend: when chown'ing a directory, also chown its diriv
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.

Fixes https://github.com/rfjakob/gocryptfs/issues/86
2017-03-02 19:12:21 +01:00
Jakob Unterwurzacher
b765cc526d main: get rid of third open paniclog fd
We have it saved in Stderr and Stdout anyway, let's free this fd
number.
2017-03-02 19:12:21 +01:00
rfjakob
c304626a47 CLI_ABI: smaller markdown subheadings
The old ones were rendered by github almost as big as the parent headings.
2017-03-01 23:31:03 +01:00
Peter Reschenhofer
954aa169cc Update README.md (#85)
Correcting year in changelog (1.2.1)
2017-02-28 13:59:33 +01:00
Jakob Unterwurzacher
8f51325116 README: update changelog for 1.2.1 release 2017-02-26 21:34:49 +01:00
Jakob Unterwurzacher
d2c0fae4f6 tests: somewhat support testing without openssl
You will still get lots of test error, but at least the tests
will run.
2017-02-26 19:53:29 +01:00
Jakob Unterwurzacher
98ecf1f074 MANPAGE: document "-speed" 2017-02-26 19:34:23 +01:00
Jakob Unterwurzacher
f2920f71e8 MANPAGE: document error code 12 2017-02-26 19:30:28 +01:00
Jakob Unterwurzacher
427c6c1719 exitcodes: define code 12 for "password incorrect" 2017-02-26 19:25:23 +01:00
Jakob Unterwurzacher
57612a278b configfile: rename "kdf.go" -> "scrypt.go"
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.

renamed:    internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed:    internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
2017-02-25 18:51:17 +01:00
Jakob Unterwurzacher
a65965783a stupidgcm: drop only external dependecy
This makes it easier to use the package in external projects.

See https://github.com/rfjakob/gocryptfs/issues/79
2017-02-24 09:46:10 +01:00
Jakob Unterwurzacher
43d6aa6677 speed: add benchmark.bash helper 2017-02-24 09:38:50 +01:00
Jakob Unterwurzacher
be19b91a52 README: fix typo and simplify MANPAGE text 2017-02-23 00:14:20 +01:00
Jakob Unterwurzacher
477071d673 speed: fix build for Go 1.4 and lower
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:

  internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
2017-02-23 00:04:51 +01:00
Jakob Unterwurzacher
1e03e059fa Implement "gocryptfs -speed"
A crypto benchmark mode like "openssl speed".

Example run:

  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s
2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
b056776a01 tests: adapt dir overwrite test for Go 1.8
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
2017-02-20 21:27:37 +01:00
Jakob Unterwurzacher
cb2d1fbcf8 Travis CI: also test with Go 1.8
(Currently failing the tests!)
2017-02-20 21:27:26 +01:00
Jakob Unterwurzacher
e406eb22ba Get rid of remaining $GOPATH dependencies 2017-02-20 21:26:42 +01:00
Jakob Unterwurzacher
166c62fd21 build.bash: use $(go env GOPATH) 2017-02-20 21:26:18 +01:00
Jakob Unterwurzacher
1139c27c36 build.bash: deduplicate build call 2017-02-19 20:27:29 +01:00
Jakob Unterwurzacher
10361a907a build.bash: GOPATH may be unset since Go v1.8. Handle it. 2017-02-19 20:14:46 +01:00
Jakob Unterwurzacher
7fbe69bfa6 tests.bash: OSX compat: use "flock -n" and skip openssl build
Mac OS X flock does not support "--nonblock", but does support "-n":
https://github.com/discoteq/flock/blob/master/man/flock.1.ronn

Skip the openssl build because it requires
1) openssl
2) fixing the import paths in gocryptfs

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-280464400
2017-02-17 19:43:16 +01:00
Jakob Unterwurzacher
07b4b9d60b Travis: set clone depth to 100
Otherwise the build fails once you have more than 50 commits
since the last tag.

You'd get:

$ ./build.bash
fatal: No names found, cannot describe anything.
2017-02-16 21:24:33 +01:00
Jakob Unterwurzacher
62e7eb7d04 tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher
45c1ea499e fusefrontend_reverse: handle .name files in Access()
These were currently passed to decryptPath() were it caused
a warning.
2017-02-16 21:16:42 +01:00
Jakob Unterwurzacher
55d0523dbe tests: configfile: add missing newlines in verbose output 2017-02-16 19:45:20 +01:00
Jakob Unterwurzacher
0b19e637c9 tests: OSX compat: wrap Stat_t atime extract
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:39:56 +01:00
Jakob Unterwurzacher
8bbc1038fe syscallcompat: OSX compat: fix variable warnings
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:23:17 +01:00
Jakob Unterwurzacher
b66d663ff8 tests: OSX compat: use "mount" command instead of /proc/mounts
Mac OS X does not have /proc.

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:13:03 +01:00
Jakob Unterwurzacher
e5bee6a6aa tests: OSX compat: use OSX-style "stat -f"
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:10:36 +01:00
Jakob Unterwurzacher
9f6841373d benchmarks: OSX compat: replace /usr/bin/time with bash builtin
On OSX, /usr/bin/time does not support "-f".

Reported in https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217 .
2017-02-16 19:01:24 +01:00
Jakob Unterwurzacher
ca5c06ef4e tests: get rid of syscall.PathMax
Does not exist on OSX

Reported in https://github.com/rfjakob/gocryptfs/issues/15
2017-02-16 18:47:04 +01:00
Jakob Unterwurzacher
e6075ddf2e README: also link to cppcryptfs 2017-02-16 18:37:12 +01:00
Jakob Unterwurzacher
f5bb7a37be README: mention graphical interfaces 2017-02-16 18:36:16 +01:00
Jakob Unterwurzacher
bef27305bc main: don't attempt lazy unmount on MacOSX 2017-02-15 23:20:41 +01:00
Jakob Unterwurzacher
6ac9dcaae0 tests: use fuse-unmount.bash
...instead of having separate compatability logic.
2017-02-15 23:13:33 +01:00
Jakob Unterwurzacher
ce2e610428 OSX compat: replace fusermount calls with fuse-unmount.bash
Mac OS X does not have fusermount and uses umount instead.
The fuse-unmount.bash calls the appropriate command.
2017-02-15 23:02:01 +01:00
Jakob Unterwurzacher
6be7808992 Add Mac OS X fusermount replacement script 2017-02-14 21:38:28 +01:00
Jakob Unterwurzacher
3784901fce readpassword: limit password length to 1000 bytes
This used to hang at 100% CPU:

    cat /dev/zero | gocryptfs -init a

...and would ultimately send the box into out-of-memory.

The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.

Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-13 09:13:22 +01:00
Jakob Unterwurzacher
54caaf4b98 Add CLI ABI documentation
Closes https://github.com/rfjakob/gocryptfs/issues/77
2017-02-12 19:20:21 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
2dd90ac19c readpassword: improve comment on readPasswordStdin 2017-02-12 13:55:30 +01:00
Jakob Unterwurzacher
1e9d735406 Document "--" to stop option parsing in help text + man page 2017-02-12 12:49:04 +01:00
Jakob Unterwurzacher
dc2dc9f88c main: suggest "-q" to suppress master key message
If the user has already saved the master key and is not
aware of "-q" the master key needlessly ends up in the terminal
buffer.

Closes https://github.com/rfjakob/gocryptfs/issues/76
2017-02-12 12:23:16 +01:00
Jakob Unterwurzacher
357307cbcf tests: ctlsock: check warning for non-canonical paths 2017-02-12 12:22:25 +01:00