Jakob Unterwurzacher
3f490d4d86
Bake version string into binary, add "--version" switch
...
Example:
./gocryptfs -version
gocryptfs v0.2-20-gabcef9e-dirty; on-disk format 1
Note that you MUST compile using "./build.bash" for this to work.
2015-11-01 14:04:29 +01:00
Jakob Unterwurzacher
af923d2d16
Automatically lazy-unmount when we get SIGINT or SIGTERM
...
This hides the dangling "Transport endpoint is not connected"
mountpoint for everyone but processes that have file open inside
the mountpoint.
2015-11-01 13:28:58 +01:00
Jakob Unterwurzacher
e31d319c39
Remove code detected by "deadcode"
...
go get github.com/remyoudompheng/go-misc/deadcode
2015-11-01 12:32:10 +01:00
Jakob Unterwurzacher
0a4aa4b427
README: Describe storage overhead
2015-11-01 12:14:59 +01:00
Jakob Unterwurzacher
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
Jakob Unterwurzacher
14276c9632
Fix missing printf arguments discovered by "go vet"
2015-11-01 11:56:33 +01:00
Jakob Unterwurzacher
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
Jakob Unterwurzacher
73fa8efdb2
tests: run unit tests before integration tests
2015-11-01 01:36:20 +01:00
Jakob Unterwurzacher
3e013e0d91
tests: introduce verifySize() for detailed error messages
2015-11-01 01:36:20 +01:00
Jakob Unterwurzacher
3f8b22d6ac
tests: additionally verify the file size by reading the whole file
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
b3ea1498cf
tests: verify file size in testWriteN
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
8b7c986bdf
tests: Use /tmp/gocryptfs_main_test temporary directory
...
Using "/tmp" meant that running the test would delete everything
there.
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
3e36851273
TestRmwRace: abort testing on write failures
...
Continuing the test will just generate useless noise
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
eac1f54213
Activate block number authentication
2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
a5b907b42f
Add rmw race test
2015-11-01 01:36:19 +01:00
rfjakob
f87ea8672a
README: Add travis badge
2015-10-11 23:57:51 +02:00
Jakob Unterwurzacher
6a25fa6ef9
Add travis config file
2015-10-11 23:55:47 +02:00
rfjakob
9221560359
Fix link in XFSTESTS.md
2015-10-11 23:18:02 +02:00
Jakob Unterwurzacher
253bd33fde
Add MIT LICENSE
2015-10-11 23:15:03 +02:00
Jakob Unterwurzacher
6341a26ac8
Update README
2015-10-11 19:45:03 +02:00
Jakob Unterwurzacher
242fcd0736
Run gofmt
2015-10-11 18:51:56 +02:00
Jakob Unterwurzacher
b00fc379c4
Fix helper scripts for new top-level path
2015-10-11 18:40:27 +02:00
Jakob Unterwurzacher
d1d444435c
main: check directories for existence early
...
This prevents that the user enters the password only to get an error
later.
2015-10-11 18:33:28 +02:00
Jakob Unterwurzacher
a863a6569c
Drop shell wrapper
2015-10-11 18:03:24 +02:00
Jakob Unterwurzacher
14115b061b
Add native daemonization
2015-10-11 18:02:48 +02:00
Jakob Unterwurzacher
39183bea00
Rename sendSig to sendUsr1
...
This matches waitForUsr1 in daemonize()
2015-10-11 18:01:47 +02:00
Jakob Unterwurzacher
5dc7e44aa2
Move main files to top level dir
...
This is in preparation of getting rid of the shell wrapper
2015-10-11 17:14:18 +02:00
Jakob Unterwurzacher
6825d0e740
README: Remove dots notice
2015-10-10 18:34:09 +02:00
Jakob Unterwurzacher
a3e66ca154
Shell wrapper: Also search the binary in $GOPATH/bin
2015-10-08 00:02:55 +02:00
Jakob Unterwurzacher
7ac9d6af58
README: Mention that only Linux is tested
2015-10-07 23:50:19 +02:00
Jakob Unterwurzacher
d9b4f96598
Update README
2015-10-07 23:31:28 +02:00
Jakob Unterwurzacher
ed1df49af5
Run go fmt
2015-10-07 22:59:36 +02:00
Jakob Unterwurzacher
c4a66bc30d
Add package.bash
2015-10-07 22:14:00 +02:00
Jakob Unterwurzacher
440abcbac6
Add test.bash
...
...also adapt the cryptfs tests for 256 bit long keys
2015-10-07 22:09:34 +02:00
Jakob Unterwurzacher
2f970e1aa6
Adapt openssl benchmark for 256 bit long keys
2015-10-07 22:05:32 +02:00
Jakob Unterwurzacher
878f64a5d7
Better usage text
2015-10-07 21:59:54 +02:00
Jakob Unterwurzacher
bef73c63b3
Move gocryptfs wrapper into the same folder as the binary
2015-10-07 21:49:38 +02:00
Jakob Unterwurzacher
65ba0739d5
Implement "gocryptfs --passwd" (pasword changing)
2015-10-07 21:26:17 +02:00
Jakob Unterwurzacher
03502861ce
Reword help text
2015-10-06 23:28:20 +02:00
Jakob Unterwurzacher
31e14936be
Split off SECURITY.md
2015-10-06 23:20:21 +02:00
Jakob Unterwurzacher
8ec16c165d
Update README.md
2015-10-06 23:08:04 +02:00
Jakob Unterwurzacher
a3d286069f
Use block number as authentication data
2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
45ea8aa546
Add "--masterkey=" parameter for recovery purposes
2015-10-06 21:16:39 +02:00
Jakob Unterwurzacher
5c6df49067
Switch to AES-256
...
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
39ea272e23
Add "--openssl=false" command line option
...
Also make main_test try both variants
2015-10-06 20:24:52 +02:00
Jakob Unterwurzacher
c2bd208bbe
Rewrite README.md (in progress)
2015-10-06 00:35:29 +02:00
Jakob Unterwurzacher
022a6968ae
Implement proper daemonization
...
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
552c32c5e9
Move main binary to gocryptfs_main
...
That way the wrapper shell script can be named just "gocryptfs"
2015-10-05 20:32:10 +02:00
Jakob Unterwurzacher
53ecebc71e
openssl AEAD wrapper: handle authenticated data
2015-10-04 23:58:22 +02:00
Jakob Unterwurzacher
e6b7353f4e
Switch nonce generation to purely random
...
The old implementation of counting up from a random starting
point had the problem that is allowed an attacker to find out
the write order of the blocks.
2015-10-04 21:36:16 +02:00