Commit Graph

56 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
296bdf3af2 CipherSizeToPlainSize: Handle illegal states
A file never gets a cipherSize <= HEADER_LEN in normal operation.
However, this can happen if header write it interrupted or the
underlying filesystem does not support fallocate.

Noticed while trying to store a CIPHERDIR in another gocryptfs mount
(gocryptfs does not support fallocate)
2015-11-15 14:15:21 +01:00
Jakob Unterwurzacher
d95fc2333a Add "-extpass" cli option and associated tests 2015-11-15 13:42:04 +01:00
Jakob Unterwurzacher
61aacb5c1b Run go fmt and go vet 2015-11-14 17:16:17 +01:00
Jakob Unterwurzacher
99dfc84992 Add "-q" (quiet) flag 2015-11-09 22:33:42 +01:00
Jakob Unterwurzacher
050005fd7b Centralize path filter decision in CryptFS.IsFiltered() 2015-11-03 22:25:29 +01:00
Jakob Unterwurzacher
988e0a047c tests: add config file and feature flags tests 2015-11-03 21:09:58 +01:00
Jakob Unterwurzacher
3e367b29b0 config: Introduce ext4-style feature flags
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
2015-11-03 21:05:47 +01:00
Jakob Unterwurzacher
28b3af12d1 Fix tests broken by PlaintextNames addition 2015-11-03 18:19:19 +01:00
Jakob Unterwurzacher
1ec0fa388d Update USAGE.txt
Also run go fmt
2015-11-03 00:06:04 +01:00
Jakob Unterwurzacher
de56fe9e35 Implement PlainTextNames mode
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
Jakob Unterwurzacher
66db3ad086 Bump on-disk version to 2 2015-11-02 23:10:11 +01:00
Jakob Unterwurzacher
0ec17c3939 Add "--plaintextnames" option
Also, gather all the command line arguments into an anonymous struct
"args".
2015-11-02 23:09:51 +01:00
Jakob Unterwurzacher
902babdf22 Refactor ciphertext <-> plaintext offset translation functions
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
Jakob Unterwurzacher
76311b60f2 Add file header (on-disk-format change)
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]

Quoting SECURITY.md:

* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
 * This means the position of the blocks is protected as well. The blocks
   can not be reordered or copied between different files without
   causing an decryption error.
2015-11-01 01:38:27 +01:00
Jakob Unterwurzacher
eac1f54213 Activate block number authentication 2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
d1d444435c main: check directories for existence early
This prevents that the user enters the password only to get an error
later.
2015-10-11 18:33:28 +02:00
Jakob Unterwurzacher
ed1df49af5 Run go fmt 2015-10-07 22:59:36 +02:00
Jakob Unterwurzacher
440abcbac6 Add test.bash
...also adapt the cryptfs tests for 256 bit long keys
2015-10-07 22:09:34 +02:00
Jakob Unterwurzacher
65ba0739d5 Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00
Jakob Unterwurzacher
a3d286069f Use block number as authentication data 2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
5c6df49067 Switch to AES-256
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
022a6968ae Implement proper daemonization
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
53ecebc71e openssl AEAD wrapper: handle authenticated data 2015-10-04 23:58:22 +02:00
Jakob Unterwurzacher
e6b7353f4e Switch nonce generation to purely random
The old implementation of counting up from a random starting
point had the problem that is allowed an attacker to find out
the write order of the blocks.
2015-10-04 21:36:16 +02:00
Jakob Unterwurzacher
89fef80d32 Run go fmt 2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
c859f0b2dc intraBlock: Rename Offset to Skip
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
Jakob Unterwurzacher
5229b8f5f5 Add BlockNoPlainOff() and BlockNoCipherOff() + test
Also, fix key, it is now []byte, not [16]byte
2015-10-04 11:03:40 +02:00
Jakob Unterwurzacher
40448db909 Fix xfstests generic/030 failure
The actual fix is

	oldSize := f.cfs.PlainSize(uint64(fi.Size()))

the rest is logging improvements
2015-10-04 00:26:20 +02:00
Jakob Unterwurzacher
79870ab096 debug: log inode number instead of encrypted filename
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
Jakob Unterwurzacher
38bf8a2fcf Implement file hole passtrough
Fixes xfstests generic/010

Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00
Jakob Unterwurzacher
b835f83fd5 Implement Truncate() + Test 2015-09-30 22:36:53 +02:00
Jakob Unterwurzacher
061831edf2 DecryptBlocks: Don't shadow err variable 2015-09-30 20:31:41 +02:00
Jakob Unterwurzacher
0af3cfcac0 Fix symlink size reporting 2015-09-16 19:32:37 +02:00
Jakob Unterwurzacher
3a2610a141 symlink encryption: pass ".." and "." through unchanged
This fixes relative symlinks:

$ tar xf linux-4.2.tar.gz
tar: linux-4.2/tools/testing/selftests/powerpc/vphn/vphn.h: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/vphn/vphn.c: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/stringloops/memcmp_64.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/primitives/word-at-a-time.h: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/primitives/asm/asm-compat.h: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/memcpy_power7.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/memcpy_64.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/copyuser_power7.S: Cannot utime: No such file or directory
tar: linux-4.2/tools/testing/selftests/powerpc/copyloops/copyuser_64.S: Cannot utime: No such file or directory
tar: linux-4.2/arch/powerpc/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/mips/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/metag/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/arm64/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: linux-4.2/arch/arm/boot/dts/include/dt-bindings: Cannot utime: No such file or directory
tar: Exiting with failure status due to previous errors
2015-09-16 18:43:07 +02:00
Jakob Unterwurzacher
fdc0fef6ee Use MarshalIndent for JSON generation 2015-09-14 00:45:41 +02:00
Jakob Unterwurzacher
6f9e90c414 Encrypt key with scrypt-hashed password 2015-09-13 22:09:38 +02:00
Jakob Unterwurzacher
4acaeb668e Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00
Jakob Unterwurzacher
e7ba3c61f1 Fix File.GettAttr() size reporting
The too-large reported value broke mmap
(applications saw appended zero bytes)

Also
* Add locking for all fd operations
* Add "--debug" command line switch
2015-09-09 19:32:59 +02:00
Jakob Unterwurzacher
80935a0e1b Explain both frontends in readme
Also, re-enable openssl and disable debug messages so testing
gocryptfs is less painful
2015-09-08 23:09:28 +02:00
Jakob Unterwurzacher
bfdbbbf8b4 Fix panic on absolute symlink 2015-09-08 22:53:06 +02:00
Jakob Unterwurzacher
28cdff5889 tests: add TestCiphertextRange 2015-09-08 22:36:38 +02:00
Jakob Unterwurzacher
1ca4fc89aa More debug logging, improve main_test.go (do not use all-zero content) 2015-09-08 22:03:27 +02:00
Jakob Unterwurzacher
caaad7c8d7 Add pathfs frontend, part II
Fix issues in read and write paths.
Now passes selftest.
2015-09-08 21:35:06 +02:00
Jakob Unterwurzacher
889ae90081 Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
Currently fails main_test.go, will be fixed in part II
2015-09-08 00:55:03 +02:00
Jakob Unterwurzacher
b65882985d Add tests for name encryption and byte range splitting 2015-09-07 21:25:05 +02:00
Jakob Unterwurzacher
58d1e24b7c Add OpenSSL support for file content encryption/decryption
This brings streaming read performance from 30MB/s to 81MB/s
(similar improvement for writes)
2015-09-06 10:42:34 +02:00
Jakob Unterwurzacher
448e88490b Bundle up blocks for bigger reads from the backing filesystem 2015-09-06 09:47:01 +02:00
Jakob Unterwurzacher
d0524ded99 Use Debug object instead of fmt 2015-09-05 20:36:26 +02:00
Jakob Unterwurzacher
11fb037e7e Cleanup and rename files 2015-09-05 20:30:20 +02:00
Jakob Unterwurzacher
7e564f928f Fix size reporting 2015-09-05 20:11:20 +02:00