hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
838 Commits 2 Branches 0 Tags 6 MiB
a24faa3ba5
Commit Graph

268 Commits

Author SHA1 Message Date
M. Vefa Bicakci
d48ccb3dda Report correct symbolic link dentry sizes 
Prior to this commit, gocryptfs's reverse mode did not report correct
directory entry sizes for symbolic links, where the dentry size needs to
be the same as the length of a string containing the target path.

This commit corrects this issue and adds a test case to verify the
correctness of the implementation.

This issue was discovered during the use of a strict file copying program
on a reverse-mounted gocryptfs file system.
 2017-03-07 20:46:58 +01:00
Jakob Unterwurzacher
6e9b6e17c3 tests: configfile: fix spurious test failure II 
internal/configfile/config_test.go:67: c declared and not used
 2017-03-05 23:24:47 +01:00
Jakob Unterwurzacher
b878306d2a tests: configfile: fix spurious test failure 
This test fails because Raw64 has been disabled for now.
 2017-03-05 23:15:50 +01:00
Jakob Unterwurzacher
a8fd8a2516 configfile: disable Raw64 for now 
Raw64 is supported (but was disabled by default) since gocryptfs
v1.2. However, the implementation was buggy because it forgot
about long names and symlinks.

Disable it for now by default and enable it later, together
with HKDF.
 2017-03-05 23:04:54 +01:00
Jakob Unterwurzacher
445b5019e3 nametransform: fix Raw64 not affecting symlink targets 
The symlink functions incorrectly hardcoded the padded
base64 variant.
 2017-03-05 22:59:25 +01:00
Jakob Unterwurzacher
5b54577d2e nametransform: fix Raw64 not affecting longnames 
HashLongName() incorrectly hardcoded the call to base64.URLEncoding.
 2017-03-05 22:25:41 +01:00
Jakob Unterwurzacher
d0bc7970f7 full stack: implement HKDF support 
...but keep it disabled by default for new filesystems.

We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
 2017-03-05 21:59:55 +01:00
Jakob Unterwurzacher
4fadcbaf68 configfile: reject the "HKDF" flag for now 
This will be re-enabled once it is implemented.
 2017-03-05 18:16:49 +01:00
Jakob Unterwurzacher
decda6d255 configfile: switch on Raw64 by default 
As we have dropped Go 1.4 compatibility already, and will add
a new feature flag for gocryptfs v1.3 anyway, this is a good
time to enable Raw64 as well.
 2017-03-05 18:13:56 +01:00
Jakob Unterwurzacher
b732881518 configfile: switch to 128-bit IVs for master key encryption 
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
 2017-03-05 18:03:03 +01:00
Jakob Unterwurzacher
966308eeb7 Drop Go 1.4 compatability code everywhere 
Yields a nice reduction in code size.
 2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher
874e4fb5e9 cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum" 
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.

"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
 2017-03-05 17:10:57 +01:00
Jakob Unterwurzacher
e032539e2c cryptocore: use eme v1.1 interface 
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.

Note that you have to upgrade your EME package (go get -u)!
 2017-03-05 13:58:24 +01:00
Jakob Unterwurzacher
6cc0aebd71 configfile: define HKDF flag 2017-03-05 12:08:12 +01:00
Jakob Unterwurzacher
b2f3dbb8bd fusefrontend: when chown'ing a directory, also chown its diriv 
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.

Fixes https://github.com/rfjakob/gocryptfs/issues/86
 2017-03-02 19:12:21 +01:00
Jakob Unterwurzacher
427c6c1719 exitcodes: define code 12 for "password incorrect" 2017-02-26 19:25:23 +01:00
Jakob Unterwurzacher
57612a278b configfile: rename "kdf.go" -> "scrypt.go" 
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.

renamed:    internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed:    internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
 2017-02-25 18:51:17 +01:00
Jakob Unterwurzacher
a65965783a stupidgcm: drop only external dependecy 
This makes it easier to use the package in external projects.

See https://github.com/rfjakob/gocryptfs/issues/79
 2017-02-24 09:46:10 +01:00
Jakob Unterwurzacher
43d6aa6677 speed: add benchmark.bash helper 2017-02-24 09:38:50 +01:00
Jakob Unterwurzacher
477071d673 speed: fix build for Go 1.4 and lower 
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:

  internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
 2017-02-23 00:04:51 +01:00
Jakob Unterwurzacher
1e03e059fa Implement "gocryptfs -speed" 
A crypto benchmark mode like "openssl speed".

Example run:

  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s
 2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
62e7eb7d04 tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher
45c1ea499e fusefrontend_reverse: handle .name files in Access() 
These were currently passed to decryptPath() were it caused
a warning.
 2017-02-16 21:16:42 +01:00
Jakob Unterwurzacher
55d0523dbe tests: configfile: add missing newlines in verbose output 2017-02-16 19:45:20 +01:00
Jakob Unterwurzacher
8bbc1038fe syscallcompat: OSX compat: fix variable warnings 
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
 2017-02-16 19:23:17 +01:00
Jakob Unterwurzacher
3784901fce readpassword: limit password length to 1000 bytes 
This used to hang at 100% CPU:

    cat /dev/zero | gocryptfs -init a

...and would ultimately send the box into out-of-memory.

The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.

Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
 2017-02-13 09:13:22 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password 
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
 2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
2dd90ac19c readpassword: improve comment on readPasswordStdin 2017-02-12 13:55:30 +01:00
Jakob Unterwurzacher
0f40afc832 ctlsock: handle non-canonical empty paths 
We have to check if the input path is empty AFTER canonicalizing it,
too!
 2017-02-05 18:17:30 +01:00
Jakob Unterwurzacher
8bcae63a5a ctlsock: sanitize: handle multiple leading slashes 2017-02-05 18:05:35 +01:00
Jakob Unterwurzacher
2bdd0ec802 golint comment fix 
internal/ctlsock/ctlsock_serve.go:73:1: comment on exported const
ReadBufSize should be of the form "ReadBufSize ..."
 2017-01-29 19:01:16 +01:00
Jakob Unterwurzacher
1273d7edae ctlsock: better error message for forward mode path decryption 2017-01-29 18:55:52 +01:00
Jakob Unterwurzacher
53fe6f5690 ctlsock: abort message processing on JSON error 
The code was missing a "continue" in that branch.

Also improve the error messages a bit.
 2017-01-29 18:25:46 +01:00
Jakob Unterwurzacher
532ef15417 ctlsock: interpret paths that point above CWD as "" 
Paths that start with ".." were previously accepted as-is.
 2017-01-29 15:24:47 +01:00
Jakob Unterwurzacher
6166dad05c readpassword: support spaces in "-passfile" filename 
...and while we are at it, also filenames starting with "-".
 2017-01-29 00:34:12 +01:00
Jakob Unterwurzacher
39eca53677 main: make sure the ctlsock file is deleted on incorrect password 
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
 2017-01-26 21:32:08 +01:00
Jakob Unterwurzacher
a7c7588deb fusefrontend: fix hard-linking with long name 
This used to incorrectly try to link twice and return EEXIST.
 2017-01-26 20:56:42 +01:00
Jakob Unterwurzacher
de87a256ab tlog: better comment for the terminal colors 2017-01-26 20:01:45 +01:00
Jakob Unterwurzacher
fe1705c55b reverse: add single-entry path cache 
Speeds up the "ls -lR" benchmark from 2.6 seconds to 2.0.
 2017-01-03 18:14:01 +01:00
Jakob Unterwurzacher
ef089c9f80 reverse: factor out rDecryptName 
This prepares the code for the introduction of a path cache.
 2017-01-03 17:46:11 +01:00
Jakob Unterwurzacher
8be54bf3f8 prefer_openssl: default to Go GCM on OSX 2016-12-10 21:04:17 +01:00
Jakob Unterwurzacher
12374be9c5 ctlsock: abort the connection if the request is too big 
Reading partial JSON would cause a mess. Just kill the connection.

Also, stop using syscall.PathMax that is not defined on Darwin
( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
 2016-12-10 20:43:08 +01:00
Jakob Unterwurzacher
8945f4db95 ctlsock: add a note about Accept() throwing errors on Close() 2016-12-10 15:01:00 +01:00
Jakob Unterwurzacher
6af725ff09 ctlsock: exit early if socket cannot be created; delete on exit 
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
 2016-12-10 14:54:06 +01:00
Jakob Unterwurzacher
967e7bd125 stupidgcm: Fix without_openssl build failure 
Also, always call build-without-openssl.bash from test.bash.

Failure was:

  internal/stupidgcm/without_openssl.go:29: missing return at end of function
 2016-12-10 13:15:19 +01:00
Jakob Unterwurzacher
2758c75cae ctlsock: sanitize paths before passing them to the backend 
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.

Fixes https://github.com/rfjakob/gocryptfs/issues/66
 2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher
c9f4400e6d Replace all calls to naked panic() with log.Panic() 
We want all panics to show up in the syslog.
 2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
55df8acac3 fusefrontend: preserve owner for symlinks 
https://github.com/rfjakob/gocryptfs/issues/64
 2016-11-28 23:15:24 +01:00
Jakob Unterwurzacher
e3c5e3f1c8 fusefronted: preserve owner for device nodes and sockets 
https://github.com/rfjakob/gocryptfs/issues/64
 2016-11-28 23:09:47 +01:00
Jakob Unterwurzacher
a66440c668 fusefrontend: use Lchown when preserving owner 
This prevents (unlikely) symlink race attacks
 2016-11-28 22:46:04 +01:00
Jakob Unterwurzacher
0f8d3318a3 main, fusefrontend: add "-noprealloc" option 
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.

Also add the option to the man page.

More info: https://github.com/rfjakob/gocryptfs/issues/63
 2016-11-25 09:19:14 +01:00
Jakob Unterwurzacher
024511d9c7 fusefrontend: coalesce 4kB writes 
This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.

See https://github.com/rfjakob/gocryptfs/issues/63

Benchmarks:

encfs v1.9.1
============

$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS:    3.04
RM:    6.62

$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS:    2.73
RM:    5.32

gocryptfs v1.1.1-26-g4a7f8ef
============================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS:    1.47
RM:    4.17

$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS:    1.52
RM:    5.33

gocryptfs v1.1.1-32
===================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS:    1.46
RM:    4.67

$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS:    1.84
RM:    6.34
 2016-11-25 09:03:32 +01:00
Jakob Unterwurzacher
6f475da116 Fix golint warnings, add helper script 2016-11-17 23:40:03 +01:00
Jakob Unterwurzacher
0489d08ae2 fusefrontend: get the file ID from the open files table 
This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it.
 2016-11-17 22:29:45 +01:00
Jakob Unterwurzacher
e04dc05012 fusefrontend: upgrade wlockMap to use device AND inode number 
If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique.
 2016-11-17 20:32:19 +01:00
Jakob Unterwurzacher
d8fb28a1c3 ctlsock: prevent panic on invalid decrypt request 2016-11-10 23:51:47 +01:00
Jakob Unterwurzacher
c03fc46a51 ctlsock: implement EncryptPath for reverse mode, add tests 2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher
d3764b7753 reverse: fix longname decoding bug 
This could have caused spurious ENOENT errors.

That it did not cause these errors all the time is interesting
and probably because an earlier readdir would place the entry
in the cache. This masks the bug.
 2016-11-10 23:30:30 +01:00
Jakob Unterwurzacher
e7f57695a6 Fix golint warnings 
$ golint ./... | grep -v underscore | grep -v ALL_CAPS
internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use
internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported
 2016-11-10 00:38:01 +01:00
Jakob Unterwurzacher
75ebb28a62 ctlsock: add initial limited implementation 
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
 2016-11-10 00:27:08 +01:00
Jakob Unterwurzacher
df28fc5a11 nametransform: get rid of leading "./" 
Paths in the root directory were encrypted to this:

    foobar -> ./N9vPc0gXUY4PDSt0-muYXQ==
 2016-11-09 23:41:47 +01:00
Jakob Unterwurzacher
df1e3a10c4 nametransform: nicer error message on empty gocryptfs.diriv 
Old:

	Nov 06 13:34:38 brikett gocryptfs[16228]: ReadDirIVAt: Read failed: EOF
	Nov 06 13:34:38 brikett gocryptfs[16228]: go-fuse: can't convert error type: EOF

New:

	Nov 06 14:08:43 brikett gocryptfs[17361]: ReadDirIVAt: wanted 16 bytes, got 0. Returning EINVAL.
 2016-11-06 14:09:34 +01:00
Jakob Unterwurzacher
d15122d3d6 Add Go 1.4 compatibility layer for raw64 
Using raw64 will not work, but at least it will compile.
 2016-11-01 19:25:59 +01:00
Jakob Unterwurzacher
2b991c9743 Add support for unpadded base64 filenames, "-raw64" 
Through base64.RawURLEncoding.

New command-line parameter "-raw64".
 2016-11-01 18:43:22 +01:00
Jakob Unterwurzacher
944eaf2fb5 fusefronted: expire dir IV cache after one second 
The Back In Time backup tool (https://github.com/bit-team/backintime)
wants to write directly into the ciphertext dir.
This may cause the cached directory IV to become out-of-date.
Having an expiry time limits the inconstency to one second, like
attr_timeout does for the kernel getattr cache.
 2016-11-01 10:57:39 +01:00
Jakob Unterwurzacher
a9c7565b80 fusefrontend: refactor dirIVCache 
Simplify the code a bit.
 2016-11-01 10:34:41 +01:00
Jakob Unterwurzacher
c2192cfcad fusefrontend: drop atime workarounds 
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
 2016-10-30 16:29:36 +01:00
Jakob Unterwurzacher
85f1fd0b0f fusefronted: more concise corrupt block log message 
Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists.
 2016-10-28 21:18:36 +02:00
Jakob Unterwurzacher
012152f3d1 fusefrontend: I/O error instead of panic on all-zero nonce 
Running xfstests generic/075 on tmpfs often triggered a panic
for what seems to be a tmpfs bug.

Quoting from the email to lkml,
http://www.spinics.net/lists/kernel/msg2370127.html :

	tmpfs seems to be incorrectly returning 0-bytes when reading from
	a file that is concurrently being truncated.
 2016-10-28 21:18:36 +02:00
Jakob Unterwurzacher
a08d55f42d fusefronted: optimize NFS streaming writes by saving one Stat() 
Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.

On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s.
 2016-10-28 21:17:53 +02:00
Jakob Unterwurzacher
d64ccf7cf4 fusefrontend: move hole padding check out of Write() 
The details of the hole handling don't have to be in
Write, so move it away.
 2016-10-25 22:37:45 +02:00
Jakob Unterwurzacher
6538dc15af fusefrontend: rename "createsHole" to clearer "createsCiphertextHole" 
...and add comments for what is happening.
 2016-10-25 21:19:37 +02:00
Jakob Unterwurzacher
aeda9721d0 Fix misspellings 
Close https://github.com/rfjakob/gocryptfs/issues/54
 2016-10-24 19:18:13 +02:00
Jakob Unterwurzacher
a74a7e7f54 configfile: add newline at the end 
For convenience for the user, add a newline at the end.
Reported as #51 .
 2016-10-21 08:43:39 +02:00
Jakob Unterwurzacher
589748548f tests: add 1980.tar.gz extract test 
Test that we get the right timestamp when extracting a tarball.

Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
 2016-10-19 22:25:54 +02:00
Jakob Unterwurzacher
600ceece35 lint fixes 2016-10-19 01:12:45 +02:00
Jakob Unterwurzacher
891a3b4c8a fusefrontend: Utimens: one more band-aid 
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
 2016-10-16 20:20:00 +02:00
Jakob Unterwurzacher
c487e176bd main: allow password change with -masterkey 
Requested at https://github.com/rfjakob/gocryptfs/issues/28
 2016-10-16 18:17:28 +02:00
Jakob Unterwurzacher
b2d33028a6 readpassword: check extpass return code 
...and exit if it is not zero.
 2016-10-16 16:44:27 +02:00
Jakob Unterwurzacher
5144470e3d fusefrontend: Utimens: ugly band-aid for nil pointer crash in go-fuse 
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
 2016-10-16 15:08:05 +02:00
Jakob Unterwurzacher
35219d0022 fusefrontend: log missing gocryptfs.diriv 
This can happen during normal operation when the directory has
been deleted concurrently. But it can also mean that the
gocryptfs.diriv is missing due to an error, so log the event
at "info" level.
 2016-10-16 15:04:59 +02:00
Jakob Unterwurzacher
828f718483 fusefrontend: Also preserve the owner in Mkdir 
This already worked for files but was missing for dirs.
 2016-10-10 08:53:29 +02:00
Jakob Unterwurzacher
d3b78fea95 reverse: add panics against API abuse 
These should help prevent later programming errors.
 2016-10-09 17:05:12 +02:00
Jakob Unterwurzacher
d25fcc6a4b reverse: gocryptfs.conf was missing from the directory listings 
Fix the test for that and add checks in example_filesystems_test.
 2016-10-08 22:25:08 +02:00
Jakob Unterwurzacher
e47577834b reverse: merge config translation check into isTranslatedConfig 
Also get rid of useless isFiltered function.
 2016-10-08 21:14:16 +02:00
Jakob Unterwurzacher
f054353bd3 reverse: make gocryptfs.conf mapping plaintextnames-aware 
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.

Also adds a test for that.
 2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
53257f4ee5 nametransform: better error code on invalid diriv length 
go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case.
 2016-10-07 22:40:30 +02:00
Jakob Unterwurzacher
ff48dc1aab reverse: initialize the longname cache only when reverse mode is used 
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
 2016-10-05 22:22:28 +02:00
Jakob Unterwurzacher
a4956fa6bf A few more lint fixes 2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
db5782028a tests: skip tests with -openssl=false on Go 1.4 and lower 
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test.
 2016-10-04 22:34:12 +02:00
Romain
db72a4489d fusefrontend_reverse cast Stat_t.Dev to uint64 (#44) 
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`.
 2016-10-04 15:03:47 +02:00
Jakob Unterwurzacher
56c0b19612 without_openssl: support compiling completely without openssl 
Build helper script: build-without-openssl.bash
 2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
a00402cc47 cryptocore: rename "gcm" variable to generic "aeadCipher" 
As we now also support AES-SIV the old name is no longer
correct.
 2016-10-04 00:17:09 +02:00
Jakob Unterwurzacher
bb52937834 cryptocore: derive 512-bit key for AES-SIV 
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
 2016-10-04 00:16:56 +02:00
Jakob Unterwurzacher
46018785b4 siv_aead: Overhead is always 16 
Add a test for that.

Also test operations using a 64-byte key.
 2016-10-03 23:58:19 +02:00
Jakob Unterwurzacher
a2510efe12 reverse: use per-purpose nonce generation 
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
 2016-09-29 21:56:49 +02:00
Jakob Unterwurzacher
bce96b5095 reverse: move newDirIVFile into virtualfile.go 
After all, is's a virtual file.
 2016-09-28 23:30:13 +02:00
Jakob Unterwurzacher
e9bb8b800c reverse: switch from GCM-SIV to AES-SIV 
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
 2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
d9fc652df0 siv_aead: add AES-SIV AEAD wrapper 2016-09-26 23:06:40 +02:00