Commit Graph

74 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
c6dacd6f91 Add EME filename encryption & enable it by default 2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
f4ae0304af opensslGCM: preallocate buffer space, improves performance by 11%
Results of cryptfs/openssl_benchmark.bash :

Before:
  BenchmarkEnc_OpenSSL_4k_AES256_nonce96-2 	   50000	     31802 ns/op	 127.28 MB/s
  BenchmarkEnc_OpenSSL_4k_AES256_nonce128-2	   50000	     32110 ns/op	 126.06 MB/s

After:
  BenchmarkEnc_OpenSSL_4k_AES256_nonce96-2 	   50000	     28612 ns/op	 141.47 MB/s
  BenchmarkEnc_OpenSSL_4k_AES256_nonce128-2	   50000	     28613 ns/op	 141.47 MB/s
2015-12-08 13:22:57 +01:00
Jakob Unterwurzacher
c6a6641b58 tests: add encryption benchmarks to cryptfs 2015-12-08 13:19:19 +01:00
Jakob Unterwurzacher
56888d83dd fallocate the space needed for the file header beforehand
This makes sure writing to a file fails early if the underlying
filesystem does not support fallocate. It also prevents partial header
write due to ENOSPC.
2015-12-06 15:05:52 +01:00
Jakob Unterwurzacher
71b94828ed init: create gocryptfs.diriv after creating gocryptfs.conf
Creating the config file can fail easily, for example if the
password is not entered the same twice. This would leave an
orphaned gocryptfs.diriv behind.
2015-12-06 14:24:45 +01:00
Jakob Unterwurzacher
ce42a6f23d Run go fmt 2015-11-29 21:55:20 +01:00
Jakob Unterwurzacher
20b058a333 Add single-element cache for DirIV lookup
Another 3x performance boost for applications that walk the
directory tree.

Excerpt from performance.txt:

VERSION         UNTAR    LS     RM
v0.4               48     1.5    5
v0.5-rc1           56     7     19
v0.5-rc1-1         54     4.1    9
v0.5-rc1-2         45     1.7	 3.4  <---- THIS VERSION
2015-11-29 21:41:38 +01:00
Jakob Unterwurzacher
1d0a442405 OpenDir performance: Read DirIV once and reuse it for all names
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.

Massive improvement for RM and LS (check performance.txt for details)

VERSION         UNTAR   RM   LS
v0.4               48    5    1.5
v0.5-rc1           56   19    7
v0.5-rc1-1         54    9    4.1   <---- THIS VERSION
2015-11-29 20:03:37 +01:00
Jakob Unterwurzacher
bb116282b7 Add "-scryptn" option that sets the cost parameter for scrypt
Use that option to speed up the automated tests by 7 seconds.

Before:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	26.667s
After:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	19.534s
2015-11-29 18:53:40 +01:00
Jakob Unterwurzacher
71bfa1f0fb tests: add scrypt benchmark
Times the impact of the parameter "N" to scrypt.

Results on a 2.7GHz Pentium G630:

gocryptfs/cryptfs$ go test -bench=.
PASS
BenchmarkScrypt10-2	     300	   6021435 ns/op ... 6ms
BenchmarkScrypt11-2	     100	  11861460 ns/op
BenchmarkScrypt12-2	     100	  23420822 ns/op
BenchmarkScrypt13-2	      30	  47666518 ns/op
BenchmarkScrypt14-2	      20	  92561590 ns/op ... 92ms
BenchmarkScrypt15-2	      10	 183971593 ns/op
BenchmarkScrypt16-2	       3	 368506365 ns/op
BenchmarkScrypt17-2	       2	 755502608 ns/op ... 755ms
ok  	github.com/rfjakob/gocryptfs/cryptfs	18.772s
2015-11-29 14:50:02 +01:00
Jakob Unterwurzacher
3b2143bafc diriv: fix readdir
It decrypted all file names using the root directory iv
2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
fe7355f9ee diriv: use "DirIV" flag to discern and support mounting old filesystems 2015-11-28 18:38:06 +01:00
Jakob Unterwurzacher
a04a92cdab Run go fmt 2015-11-27 22:20:01 +01:00
Jakob Unterwurzacher
6acd772cf9 diriv: Define "DirIV" feature flag
(unused so far)
2015-11-27 22:18:36 +01:00
Jakob Unterwurzacher
bdd9249a52 diriv: Move WriteDirIV() to cryptfs; add locking to Mkdir, Rmdir 2015-11-27 21:48:58 +01:00
Jakob Unterwurzacher
decfc1ab79 diriv: Convert filename encryption users to diriv 2015-11-27 00:03:10 +01:00
Jakob Unterwurzacher
4d466c3412 diriv: Create gocryptfs.diriv in every directory 2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
d8bf6e7836 Tighten file permissions on gocryptfs.conf
This file should only be readable by the owner and never be written to.
2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
296bdf3af2 CipherSizeToPlainSize: Handle illegal states
A file never gets a cipherSize <= HEADER_LEN in normal operation.
However, this can happen if header write it interrupted or the
underlying filesystem does not support fallocate.

Noticed while trying to store a CIPHERDIR in another gocryptfs mount
(gocryptfs does not support fallocate)
2015-11-15 14:15:21 +01:00
Jakob Unterwurzacher
d95fc2333a Add "-extpass" cli option and associated tests 2015-11-15 13:42:04 +01:00
Jakob Unterwurzacher
61aacb5c1b Run go fmt and go vet 2015-11-14 17:16:17 +01:00
Jakob Unterwurzacher
99dfc84992 Add "-q" (quiet) flag 2015-11-09 22:33:42 +01:00
Jakob Unterwurzacher
050005fd7b Centralize path filter decision in CryptFS.IsFiltered() 2015-11-03 22:25:29 +01:00
Jakob Unterwurzacher
988e0a047c tests: add config file and feature flags tests 2015-11-03 21:09:58 +01:00
Jakob Unterwurzacher
3e367b29b0 config: Introduce ext4-style feature flags
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
2015-11-03 21:05:47 +01:00
Jakob Unterwurzacher
28b3af12d1 Fix tests broken by PlaintextNames addition 2015-11-03 18:19:19 +01:00
Jakob Unterwurzacher
1ec0fa388d Update USAGE.txt
Also run go fmt
2015-11-03 00:06:04 +01:00
Jakob Unterwurzacher
de56fe9e35 Implement PlainTextNames mode
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
Jakob Unterwurzacher
66db3ad086 Bump on-disk version to 2 2015-11-02 23:10:11 +01:00
Jakob Unterwurzacher
0ec17c3939 Add "--plaintextnames" option
Also, gather all the command line arguments into an anonymous struct
"args".
2015-11-02 23:09:51 +01:00
Jakob Unterwurzacher
902babdf22 Refactor ciphertext <-> plaintext offset translation functions
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
Jakob Unterwurzacher
76311b60f2 Add file header (on-disk-format change)
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]

Quoting SECURITY.md:

* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
 * This means the position of the blocks is protected as well. The blocks
   can not be reordered or copied between different files without
   causing an decryption error.
2015-11-01 01:38:27 +01:00
Jakob Unterwurzacher
eac1f54213 Activate block number authentication 2015-11-01 01:36:19 +01:00
Jakob Unterwurzacher
d1d444435c main: check directories for existence early
This prevents that the user enters the password only to get an error
later.
2015-10-11 18:33:28 +02:00
Jakob Unterwurzacher
ed1df49af5 Run go fmt 2015-10-07 22:59:36 +02:00
Jakob Unterwurzacher
440abcbac6 Add test.bash
...also adapt the cryptfs tests for 256 bit long keys
2015-10-07 22:09:34 +02:00
Jakob Unterwurzacher
65ba0739d5 Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00
Jakob Unterwurzacher
a3d286069f Use block number as authentication data 2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
5c6df49067 Switch to AES-256
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
022a6968ae Implement proper daemonization
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
53ecebc71e openssl AEAD wrapper: handle authenticated data 2015-10-04 23:58:22 +02:00
Jakob Unterwurzacher
e6b7353f4e Switch nonce generation to purely random
The old implementation of counting up from a random starting
point had the problem that is allowed an attacker to find out
the write order of the blocks.
2015-10-04 21:36:16 +02:00
Jakob Unterwurzacher
89fef80d32 Run go fmt 2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
c859f0b2dc intraBlock: Rename Offset to Skip
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
Jakob Unterwurzacher
5229b8f5f5 Add BlockNoPlainOff() and BlockNoCipherOff() + test
Also, fix key, it is now []byte, not [16]byte
2015-10-04 11:03:40 +02:00
Jakob Unterwurzacher
40448db909 Fix xfstests generic/030 failure
The actual fix is

	oldSize := f.cfs.PlainSize(uint64(fi.Size()))

the rest is logging improvements
2015-10-04 00:26:20 +02:00
Jakob Unterwurzacher
79870ab096 debug: log inode number instead of encrypted filename
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
Jakob Unterwurzacher
38bf8a2fcf Implement file hole passtrough
Fixes xfstests generic/010

Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00
Jakob Unterwurzacher
b835f83fd5 Implement Truncate() + Test 2015-09-30 22:36:53 +02:00
Jakob Unterwurzacher
061831edf2 DecryptBlocks: Don't shadow err variable 2015-09-30 20:31:41 +02:00