Commit Graph

33 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
72ddbae1e6 stupidgcm: create private copy of the key
Relieves the caller from worrying about whether they
can overwrite the key.
2018-02-18 12:35:51 +01:00
Jakob Unterwurzacher
18f6c6106c main: try to wipe cryptocore's secret keys on unmount
Raise the bar for recovering keys from memory.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 11:39:10 +01:00
Jakob Unterwurzacher
eeed4b4bef stupidgcm: implement key wipe
Not bulletproof due to possible GC copies, but
still raises to bar for extracting the key.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17 15:14:55 +01:00
Jakob Unterwurzacher
7e0fefe970 stupidgcm: switch to pointer receivers
What the key slice does not get copied around
will make it possible to check if the key has been wiped.
2018-02-17 15:02:01 +01:00
Jakob Unterwurzacher
ccf1a84e41 macos: make testing without openssl work properly
On MacOS, building and testing without openssl is much easier.
The tests should skip tests that fail because of missing openssl
instead of aborting.

Fixes https://github.com/rfjakob/gocryptfs/issues/123
2017-07-14 23:22:15 +02:00
Jakob Unterwurzacher
61e964457d stupidgcm: fix openssl 1.1 build failure
Fixed by including the correct header. Should work on older openssl
versions as well.

Error was:
locking.go:21: undefined reference to `CRYPTO_set_locking_callback'
2017-07-14 20:44:07 +02:00
Jakob Unterwurzacher
9f4bd76576 stupidgcm: add test for in-place Open
Adds a test for the optimization introduced in:

	stupidgcm: Open: if "dst" is big enough, use it as the output buffer
2017-07-01 09:56:05 +02:00
Jakob Unterwurzacher
e4b5005bcc stupidgcm: Open: if "dst" is big enough, use it as the output buffer
This means we won't need any allocation for the plaintext.
2017-06-30 23:24:12 +02:00
Jakob Unterwurzacher
0cc6f53496 stupidgcm: use "dst" as the output buffer it is big enough
This saves an allocation of the ciphertext block.
2017-06-29 18:52:33 +02:00
Jakob Unterwurzacher
d5adde1eeb exitcodes: pull all exit code definitions into the package
This commit defines all exit codes in one place in the exitcodes
package.

Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.

Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07 22:16:22 +02:00
Jakob Unterwurzacher
3409ade272 forcedecode: tighten checks
...and fix a few golint issues and print a scary warning message on mount.

Also, force the fs to ro,noexec.
2017-04-24 00:25:02 +02:00
danim7
f1945c4daa Add -forcedecode
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.

Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-04-23 23:11:56 +02:00
Jakob Unterwurzacher
966308eeb7 Drop Go 1.4 compatability code everywhere
Yields a nice reduction in code size.
2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher
a65965783a stupidgcm: drop only external dependecy
This makes it easier to use the package in external projects.

See https://github.com/rfjakob/gocryptfs/issues/79
2017-02-24 09:46:10 +01:00
Jakob Unterwurzacher
43d6aa6677 speed: add benchmark.bash helper 2017-02-24 09:38:50 +01:00
Jakob Unterwurzacher
1e03e059fa Implement "gocryptfs -speed"
A crypto benchmark mode like "openssl speed".

Example run:

  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s
2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
967e7bd125 stupidgcm: Fix without_openssl build failure
Also, always call build-without-openssl.bash from test.bash.

Failure was:

  internal/stupidgcm/without_openssl.go:29: missing return at end of function
2016-12-10 13:15:19 +01:00
Jakob Unterwurzacher
c9f4400e6d Replace all calls to naked panic() with log.Panic()
We want all panics to show up in the syslog.
2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
a4956fa6bf A few more lint fixes 2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
56c0b19612 without_openssl: support compiling completely without openssl
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
e9bb8b800c reverse: switch from GCM-SIV to AES-SIV
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
0e277ba19e stupidgcm: add GCM-SIV benchmark
On a CPU without AES-NI:

$ go test -bench .
Benchmark4kEncStupidGCM-2   	   50000	     24155 ns/op	 169.57 MB/s
Benchmark4kEncGoGCM-2       	   20000	     93965 ns/op	  43.59 MB/s
Benchmark4kEncGCMSIV-2      	     500	   2576193 ns/op	   1.59 MB/s
2016-09-25 20:04:55 +02:00
Jakob Unterwurzacher
5f4b16c00f Implement changes proposed by gosimple.
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25 19:48:21 +02:00
Jakob Unterwurzacher
52655843ab stupidgcm: use __builtin_trap()
[...]/stupidgcm/locking.go:16:2:
  warning: indirection of non-volatile null pointer will
  be deleted, not trap [-Wnull-dereference]
  [...]/stupidgcm/locking.go:16:2:
  note: consider using __builtin_trap() or qualifying
  pointer with 'volatile'

https://github.com/rfjakob/gocryptfs/issues/15
2016-07-04 08:14:24 +02:00
Jakob Unterwurzacher
888e147cd8 stupidgcm: add benchmark.bash wrapper
Add a simple bash wrapper to make it easier to run the GCM
benchmarks.
2016-05-22 15:49:09 +02:00
Jakob Unterwurzacher
cf29ce3762 stupidgcm: set dummy locking callback.
In general, OpenSSL is only threadsafe if you provide a locking function
through CRYPTO_set_locking_callback. However, the GCM operations that
stupidgcm uses never call that function.

To guard against that ever changing, set a dummy locking callback
that crashes the app.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
906172938a stupidgcm: skip tests on Go 1.4 and older
Quoting from the patch:

	We compare against Go's built-in GCM implementation. Since stupidgcm only
	supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot
	run these tests on older Go versions.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
b4d45554f2 Revert "stupidgcm: print openssl error stack before panicing"
This did not help in debugging the openssl <= 1.0.1c issue at all
and makes the code more complex. Keep it simple.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
508a949d9d stupidgcm: reorder calls to support openssl <= 1.0.1c
This fixes the test failures on Travis CI.

Quoting from 07a4ff79d2

	/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
	 * required the tag before any AAD or ciphertext */
2016-05-05 00:08:25 +02:00
Jakob Unterwurzacher
d0945b73d2 stupidgcm: print openssl error stack before panicing 2016-05-04 20:50:13 +02:00
Jakob Unterwurzacher
6c010c3080 stupidgcm: fix copy-paste error in panic message
Also, print the openssl version in Travis CI
2016-05-04 20:15:11 +02:00
Jakob Unterwurzacher
c92190bf07 stupidgcm: add our own thin wrapper around openssl gcm
...complete with tests and benchmark.

This will allow us to get rid of the dependency to spacemonkeygo/openssl
that causes problems on Arch Linux
( https://github.com/rfjakob/gocryptfs/issues/21 )
2016-05-04 19:56:07 +02:00