Commit Graph

982 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
4fadcbaf68 configfile: reject the "HKDF" flag for now
This will be re-enabled once it is implemented.
2017-03-05 18:16:49 +01:00
Jakob Unterwurzacher
decda6d255 configfile: switch on Raw64 by default
As we have dropped Go 1.4 compatibility already, and will add
a new feature flag for gocryptfs v1.3 anyway, this is a good
time to enable Raw64 as well.
2017-03-05 18:13:56 +01:00
Jakob Unterwurzacher
b732881518 configfile: switch to 128-bit IVs for master key encryption
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
2017-03-05 18:03:03 +01:00
Jakob Unterwurzacher
a8d154765a README: fix "compatibility" typo 2017-03-05 17:45:59 +01:00
Jakob Unterwurzacher
966308eeb7 Drop Go 1.4 compatability code everywhere
Yields a nice reduction in code size.
2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher
e646163442 README: drop Go 1.4 compatability for gocryptfs v1.3
Also drop Go 1.4 from Travis CI and update other Go
versions to latest point release.
2017-03-05 17:43:23 +01:00
Jakob Unterwurzacher
874e4fb5e9 cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum"
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.

"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
2017-03-05 17:10:57 +01:00
Jakob Unterwurzacher
e032539e2c cryptocore: use eme v1.1 interface
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.

Note that you have to upgrade your EME package (go get -u)!
2017-03-05 13:58:24 +01:00
Jakob Unterwurzacher
b2f154a9a9 tests: stop calling t.Fatal from example_test_helpers
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
2017-03-05 13:39:25 +01:00
Jakob Unterwurzacher
6465fa42a6 test.bash: execute build-without-openssl.bash instead of sourcing it
Sourcing the script breaks the "cd $(dirname $0)" logic in
build-without-openssl.bash.
2017-03-05 13:32:28 +01:00
Jakob Unterwurzacher
6cc0aebd71 configfile: define HKDF flag 2017-03-05 12:08:12 +01:00
Jakob Unterwurzacher
b2f3dbb8bd fusefrontend: when chown'ing a directory, also chown its diriv
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.

Fixes https://github.com/rfjakob/gocryptfs/issues/86
2017-03-02 19:12:21 +01:00
Jakob Unterwurzacher
b765cc526d main: get rid of third open paniclog fd
We have it saved in Stderr and Stdout anyway, let's free this fd
number.
2017-03-02 19:12:21 +01:00
rfjakob
c304626a47 CLI_ABI: smaller markdown subheadings
The old ones were rendered by github almost as big as the parent headings.
2017-03-01 23:31:03 +01:00
Peter Reschenhofer
954aa169cc Update README.md (#85)
Correcting year in changelog (1.2.1)
2017-02-28 13:59:33 +01:00
Jakob Unterwurzacher
8f51325116 README: update changelog for 1.2.1 release 2017-02-26 21:34:49 +01:00
Jakob Unterwurzacher
d2c0fae4f6 tests: somewhat support testing without openssl
You will still get lots of test error, but at least the tests
will run.
2017-02-26 19:53:29 +01:00
Jakob Unterwurzacher
98ecf1f074 MANPAGE: document "-speed" 2017-02-26 19:34:23 +01:00
Jakob Unterwurzacher
f2920f71e8 MANPAGE: document error code 12 2017-02-26 19:30:28 +01:00
Jakob Unterwurzacher
427c6c1719 exitcodes: define code 12 for "password incorrect" 2017-02-26 19:25:23 +01:00
Jakob Unterwurzacher
57612a278b configfile: rename "kdf.go" -> "scrypt.go"
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.

renamed:    internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed:    internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
2017-02-25 18:51:17 +01:00
Jakob Unterwurzacher
a65965783a stupidgcm: drop only external dependecy
This makes it easier to use the package in external projects.

See https://github.com/rfjakob/gocryptfs/issues/79
2017-02-24 09:46:10 +01:00
Jakob Unterwurzacher
43d6aa6677 speed: add benchmark.bash helper 2017-02-24 09:38:50 +01:00
Jakob Unterwurzacher
be19b91a52 README: fix typo and simplify MANPAGE text 2017-02-23 00:14:20 +01:00
Jakob Unterwurzacher
477071d673 speed: fix build for Go 1.4 and lower
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:

  internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
2017-02-23 00:04:51 +01:00
Jakob Unterwurzacher
1e03e059fa Implement "gocryptfs -speed"
A crypto benchmark mode like "openssl speed".

Example run:

  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s
2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
b056776a01 tests: adapt dir overwrite test for Go 1.8
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
2017-02-20 21:27:37 +01:00
Jakob Unterwurzacher
cb2d1fbcf8 Travis CI: also test with Go 1.8
(Currently failing the tests!)
2017-02-20 21:27:26 +01:00
Jakob Unterwurzacher
e406eb22ba Get rid of remaining $GOPATH dependencies 2017-02-20 21:26:42 +01:00
Jakob Unterwurzacher
166c62fd21 build.bash: use $(go env GOPATH) 2017-02-20 21:26:18 +01:00
Jakob Unterwurzacher
1139c27c36 build.bash: deduplicate build call 2017-02-19 20:27:29 +01:00
Jakob Unterwurzacher
10361a907a build.bash: GOPATH may be unset since Go v1.8. Handle it. 2017-02-19 20:14:46 +01:00
Jakob Unterwurzacher
7fbe69bfa6 tests.bash: OSX compat: use "flock -n" and skip openssl build
Mac OS X flock does not support "--nonblock", but does support "-n":
https://github.com/discoteq/flock/blob/master/man/flock.1.ronn

Skip the openssl build because it requires
1) openssl
2) fixing the import paths in gocryptfs

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-280464400
2017-02-17 19:43:16 +01:00
Jakob Unterwurzacher
07b4b9d60b Travis: set clone depth to 100
Otherwise the build fails once you have more than 50 commits
since the last tag.

You'd get:

$ ./build.bash
fatal: No names found, cannot describe anything.
2017-02-16 21:24:33 +01:00
Jakob Unterwurzacher
62e7eb7d04 tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher
45c1ea499e fusefrontend_reverse: handle .name files in Access()
These were currently passed to decryptPath() were it caused
a warning.
2017-02-16 21:16:42 +01:00
Jakob Unterwurzacher
55d0523dbe tests: configfile: add missing newlines in verbose output 2017-02-16 19:45:20 +01:00
Jakob Unterwurzacher
0b19e637c9 tests: OSX compat: wrap Stat_t atime extract
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:39:56 +01:00
Jakob Unterwurzacher
8bbc1038fe syscallcompat: OSX compat: fix variable warnings
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:23:17 +01:00
Jakob Unterwurzacher
b66d663ff8 tests: OSX compat: use "mount" command instead of /proc/mounts
Mac OS X does not have /proc.

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:13:03 +01:00
Jakob Unterwurzacher
e5bee6a6aa tests: OSX compat: use OSX-style "stat -f"
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:10:36 +01:00
Jakob Unterwurzacher
9f6841373d benchmarks: OSX compat: replace /usr/bin/time with bash builtin
On OSX, /usr/bin/time does not support "-f".

Reported in https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217 .
2017-02-16 19:01:24 +01:00
Jakob Unterwurzacher
ca5c06ef4e tests: get rid of syscall.PathMax
Does not exist on OSX

Reported in https://github.com/rfjakob/gocryptfs/issues/15
2017-02-16 18:47:04 +01:00
Jakob Unterwurzacher
e6075ddf2e README: also link to cppcryptfs 2017-02-16 18:37:12 +01:00
Jakob Unterwurzacher
f5bb7a37be README: mention graphical interfaces 2017-02-16 18:36:16 +01:00
Jakob Unterwurzacher
bef27305bc main: don't attempt lazy unmount on MacOSX 2017-02-15 23:20:41 +01:00
Jakob Unterwurzacher
6ac9dcaae0 tests: use fuse-unmount.bash
...instead of having separate compatability logic.
2017-02-15 23:13:33 +01:00
Jakob Unterwurzacher
ce2e610428 OSX compat: replace fusermount calls with fuse-unmount.bash
Mac OS X does not have fusermount and uses umount instead.
The fuse-unmount.bash calls the appropriate command.
2017-02-15 23:02:01 +01:00
Jakob Unterwurzacher
6be7808992 Add Mac OS X fusermount replacement script 2017-02-14 21:38:28 +01:00
Jakob Unterwurzacher
3784901fce readpassword: limit password length to 1000 bytes
This used to hang at 100% CPU:

    cat /dev/zero | gocryptfs -init a

...and would ultimately send the box into out-of-memory.

The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.

Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-13 09:13:22 +01:00