Commit Graph

1989 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
91d3b30c1c doc: file-format.md: describe XChaCha20-Poly1305
Different nonce size.
2021-08-26 08:43:41 +02:00
Jakob Unterwurzacher
7b25ff39c8 fsstress-gocryptfs: fuse-xfstests now lives in /opt
fuse-xfstests should be installed to /opt now to make
the terminal output independent of the user name
(as done in https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-06-02 )
2021-08-26 07:46:28 +02:00
Jakob Unterwurzacher
61ef6b00a6 -devrandom: make flag a no-op
Commit f3c777d5ea added the `-devrandom` option:

    commit f3c777d5ea
    Author: @slackner
    Date:   Sun Nov 19 13:30:04 2017 +0100

    main: Add '-devrandom' commandline option

    Allows to use /dev/random for generating the master key instead of the
    default Go implementation. When the kernel random generator has been
    properly initialized both are considered equally secure, however:

    * Versions of Go prior to 1.9 just fall back to /dev/urandom if the
      getrandom() syscall would be blocking (Go Bug #19274)

    * Kernel versions prior to 3.17 do not support getrandom(), and there
      is no check if the random generator has been properly initialized
      before reading from /dev/urandom

    This is especially useful for embedded hardware with low-entroy. Please
    note that generation of the master key might block indefinitely if the
    kernel cannot harvest enough entropy.

We now require Go v1.13 and Kernel versions should have also moved on.
Make the flag a no-op.

https://github.com/rfjakob/gocryptfs/issues/596
2021-08-25 12:39:17 +02:00
Jakob Unterwurzacher
b3d26b7264 go mod: update go-fuse
We want /dev/fd/N support:

  74a933d6e8
  "fuse: support special /dev/fd/N mountpoint"

Fixes https://github.com/rfjakob/gocryptfs/issues/590
2021-08-25 12:17:26 +02:00
Jakob Unterwurzacher
a4ed1aab00 README: add -xchacha to changelog
https://github.com/rfjakob/gocryptfs/issues/452
2021-08-24 14:06:01 +02:00
Jakob Unterwurzacher
24bb28a517 MANPAGE: add -xchacha 2021-08-24 14:05:52 +02:00
Jakob Unterwurzacher
5f1094b164 -speed: note that -xchacha is selectable 2021-08-24 14:02:12 +02:00
Jakob Unterwurzacher
ab7308639b tests/example_filesystems: add v2.2-xchacha-deterministic-names
Combines both new flags.
2021-08-24 13:53:50 +02:00
Jakob Unterwurzacher
d70875aaa9 tests/example_filesystems: add deterministic-names and xchacha 2021-08-24 13:50:07 +02:00
Jakob Unterwurzacher
62ed081c5e benchmark.bash: add -xchacha support 2021-08-24 13:30:09 +02:00
Jakob Unterwurzacher
abaa12992c xray: add xchacha support
Also use the new cryptocore algo names.
2021-08-23 22:19:30 +02:00
Jakob Unterwurzacher
20ca63cdbc contentenc: remove unused NonceMode constants
Looks like these are part of an abandoned plan.
2021-08-23 22:14:20 +02:00
Jakob Unterwurzacher
dfb7fae52a speed: use algo names from cryptocore 2021-08-23 22:13:49 +02:00
Jakob Unterwurzacher
806334eacf cryptocore: add NonceSize to AEADTypeEnum
Have the information in one centralized place,
and access it from main as needed.
2021-08-23 22:10:23 +02:00
Jakob Unterwurzacher
b12ad292d4 tests/cli: add -xchacha tests 2021-08-23 16:17:04 +02:00
Jakob Unterwurzacher
2fb1d52746 tests/matrix: add -xchacha test 2021-08-23 16:00:41 +02:00
Jakob Unterwurzacher
97d8340bd8 configfile: add Validate() function, support FlagXChaCha20Poly1305
We used to do validation using lists of mandatory feature flags.

With the introduction of XChaCha20Poly1305, this became too
simplistic, as it uses a different IV length, hence disabling
GCMIV128.

Add a dedicated function, Validate(), with open-coded validation
logic.

The validation and creation logic also gets XChaCha20Poly1305
support, and gocryptfs -init -xchacha now writes the flag into
gocryptfs.conf.
2021-08-23 16:00:41 +02:00
Jakob Unterwurzacher
4764a9bde0 Add partial XChaCha20-Poly1305 support (mount flag only)
Mount flag only at the moment, not saved to gocryptfs.conf.

https://github.com/rfjakob/gocryptfs/issues/452
2021-08-23 16:00:41 +02:00
Jakob Unterwurzacher
b02812f8b3 test/cli: actually run TestZerokey
As the filename did not end in _test.go, TestZerokey
was not actually run. Fix that.
	renamed:    tests/cli/zerokey.go -> tests/cli/zerokey_test.go
2021-08-23 15:17:04 +02:00
Jakob Unterwurzacher
69d88505fd go mod: declare module version v2
Our git version is v2+ for some time now, but go.mod
still declared v1. Hopefully making both match makes
https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work.

All the import paths have been fixed like this:

  find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
2021-08-23 15:05:15 +02:00
Jakob Unterwurzacher
c9abfc8f06 ensurefds012: package comment should preceded package statement
This makes the comment visible to godoc.
2021-08-23 11:04:22 +02:00
Jakob Unterwurzacher
b603169d2c configfile: pass struct to Create 2/2
Drop Create and rename Create2 to Create.
2021-08-21 14:04:04 +02:00
Jakob Unterwurzacher
4b93525249 configfile: pass struct to Create 1/2
The argument list got too long.

Part 1: Replace with Create2
2021-08-21 14:01:58 +02:00
Jakob Unterwurzacher
2da0e13b1d cryptocore: drop IVLen helper var
The IVLen var seems be a net loss in clarity. Drop it.

Also add comments and normalize error messages.
2021-08-21 10:55:20 +02:00
Jakob Unterwurzacher
f6be765ef6 README: Update changelog with -deterministic-names
Fixes https://github.com/rfjakob/gocryptfs/issues/151
Fixes https://github.com/rfjakob/gocryptfs/issues/402
Fixes https://github.com/rfjakob/gocryptfs/pull/592

Partial-fix https://github.com/rfjakob/gocryptfs/issues/108
2021-08-20 17:16:23 +02:00
Jakob Unterwurzacher
fbccb16043 -deterministic-names: implement for reverse mode, too 2021-08-20 17:06:18 +02:00
Jakob Unterwurzacher
14bf80301b MANPAGE: move nosyslog to MOUNT OPTIONS section
It was in INIT OPTIONS by mistake.
2021-08-20 16:01:53 +02:00
Jakob Unterwurzacher
2a9dea2973 -deterministic-names: accept flag on -init
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-20 15:57:40 +02:00
Jakob Unterwurzacher
195d9d18a9 Implement -deterministic-names: extended -zerodiriv
-deterministc-names uses all-zero dirivs but does not write
them to disk anymore.
2021-08-20 10:58:42 +02:00
Jose M Perez
8f94083a21 Flag -zerodiriv to create all diriv as all zero byte files 2021-08-19 18:05:54 +02:00
Jakob Unterwurzacher
02c91d73ce syscallcompat: use early return in asUser() 2021-08-19 09:01:58 +02:00
Jakob Unterwurzacher
be2bd4eec7 golangci-lint: fix issues found by "unused" and "deadcode"
Except xattrSupported, this is a false positive.

$ golangci-lint run --disable-all --enable unused --enable deadcode
gocryptfs-xray/xray_main.go:24:5: `GitVersionFuse` is unused (deadcode)
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
    ^
tests/symlink_race/main.go:47:6: `chmodLoop` is unused (deadcode)
func chmodLoop() {
     ^
internal/readpassword/extpass_test.go:11:5: `testPw` is unused (deadcode)
var testPw = []byte("test")
    ^
tests/reverse/xattr_test.go:13:6: func `xattrSupported` is unused (unused)
func xattrSupported(path string) bool {
     ^
internal/fusefrontend_reverse/rpath.go:20:22: func `(*RootNode).abs` is unused (unused)
func (rfs *RootNode) abs(relPath string, err error) (string, error) {
                     ^
tests/matrix/matrix_test.go:310:6: `sContains` is unused (deadcode)
func sContains(haystack []string, needle string) bool {
2021-08-19 08:34:49 +02:00
Jakob Unterwurzacher
d8b8232c3c test_helpers: actually use global testParentDir variable
Typo inside doInit.
2021-08-19 08:34:49 +02:00
Jakob Unterwurzacher
f3d927e590 fsck: sort files alphabetically again
This makes fsck runs deterministic again.

Sorting (commit quoted below) got lost while
moving to go-fuse v2 api.

commit e6caf56ea4
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date:   Mon Apr 2 16:56:29 2018 +0200

    fsck: sort files alphabetically

    This makes fsck runs deterministic.
2021-08-19 08:34:49 +02:00
Jakob Unterwurzacher
8ee595dd48 Fix issues found by "go vet"
Issues were:

 # github.com/rfjakob/gocryptfs/contrib/findholes/holes
 contrib/findholes/holes/holes.go:136:2: unreachable code
 # github.com/rfjakob/gocryptfs/tests/root_test_test
 tests/root_test/root_test.go:139:2: unreachable code

Also make sure we actually run "go vet" against the whole
codebase.
2021-08-19 08:34:49 +02:00
Jakob Unterwurzacher
c86981342b golangci-lint: fix issues found by gosimple
Everything except the

	if err2.Err == syscall.EOPNOTSUPP

case. Gets too confusing when collapsed into a single line.

Issues were:

$ golangci-lint run --disable-all --enable gosimple
mount.go:473:2: S1008: should use 'return strings.HasPrefix(v, "fusermount version")' instead of 'if strings.HasPrefix(v, "fusermount version") { return true }; return false' (gosimple)
	if strings.HasPrefix(v, "fusermount version") {
	^
cli_args.go:258:5: S1002: should omit comparison to bool constant, can be simplified to `args.forcedecode` (gosimple)
	if args.forcedecode == true {
	   ^
cli_args.go:263:6: S1002: should omit comparison to bool constant, can be simplified to `args.aessiv` (gosimple)
		if args.aessiv == true {
		   ^
cli_args.go:267:6: S1002: should omit comparison to bool constant, can be simplified to `args.reverse` (gosimple)
		if args.reverse == true {
		   ^
internal/stupidgcm/stupidgcm.go:227:6: S1002: should omit comparison to bool constant, can be simplified to `g.forceDecode` (gosimple)
		if g.forceDecode == true {
		   ^
gocryptfs-xray/xray_tests/xray_test.go:23:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple)
	if bytes.Compare(out, expected) != 0 {
	   ^
gocryptfs-xray/xray_tests/xray_test.go:40:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple)
	if bytes.Compare(out, expected) != 0 {
	   ^
gocryptfs-xray/paths_ctlsock.go:34:20: S1002: should omit comparison to bool constant, can be simplified to `!eof` (gosimple)
	for eof := false; eof == false; line++ {
	                  ^
tests/reverse/xattr_test.go:19:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple)
	if err2.Err == syscall.EOPNOTSUPP {
	^
internal/fusefrontend/node.go:459:45: S1002: should omit comparison to bool constant, can be simplified to `!nameFileAlreadyThere` (gosimple)
		if nametransform.IsLongContent(cName2) && nameFileAlreadyThere == false {
		                                          ^
tests/xattr/xattr_integration_test.go:221:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple)
	if err2.Err == syscall.EOPNOTSUPP {
	^
tests/test_helpers/helpers.go:338:19: S1002: should omit comparison to bool constant, can be simplified to `open` (gosimple)
	if err != nil && open == true {
	                 ^
tests/matrix/concurrency_test.go:121:7: S1004: should use !bytes.Equal(buf, content) instead (gosimple)
			if bytes.Compare(buf, content) != 0 {
			   ^
2021-08-19 08:34:44 +02:00
Jakob Unterwurzacher
2a25c3a8fd tlog: switch from golang.org/x/crypto/ssh/terminal to golang.org/x/term
$ golangci-lint run

internal/tlog/log.go:13:2: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck)
	"golang.org/x/crypto/ssh/terminal"
2021-08-19 07:38:56 +02:00
Jakob Unterwurzacher
9c268fbe88 README: update for v2.1 release 2021-08-18 17:48:38 +02:00
Jakob Unterwurzacher
b2abb0484f Drop workarounds for Go 1.11 and Go 1.12 2021-08-18 17:48:38 +02:00
Jakob Unterwurzacher
a5f88e86d1 github ci: drop Go 1.11
Contemporary x/sys/unix does not compile anymore with Go 1.11:

https://github.com/rfjakob/gocryptfs/runs/3362218517?check_suite_focus=true

+ GOOS=darwin
+ GOARCH=amd64
+ go build -tags without_openssl -o /dev/null
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/fcntl_darwin.go:11:9: undefined: fcntl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/fcntl_darwin.go:16:12: undefined: fcntl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/fcntl_darwin.go:22:12: undefined: fcntl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/ioctl.go:21:9: undefined: ioctl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/ioctl.go:30:9: undefined: ioctl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/ioctl.go:39:9: undefined: ioctl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/ioctl.go:49:9: undefined: ioctl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/ioctl.go:61:9: undefined: ioctl
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/syscall_bsd.go:646:10: undefined: mmap
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/syscall_bsd.go:647:10: undefined: munmap
Error: ../../../go/pkg/mod/golang.org/x/sys@v0.0.0-20210817190340-bfb29a6856f2/unix/ioctl.go:61:9: too many errors
note: module requires Go 1.17make: *** [Makefile:44: ci] Error 2
Error: Process completed with exit code 2.
2021-08-18 17:30:01 +02:00
Jakob Unterwurzacher
a7fa91764a Update dependencies
Using

  go get -u
  go mod tidy
2021-08-18 17:30:01 +02:00
Jakob Unterwurzacher
bc72e58fac README: update changelog 2021-08-18 16:08:14 +02:00
Jakob Unterwurzacher
64793fedf4 Fix issues found by ineffassign
gocryptfs$ ineffassign ./...

/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/configfile/config_file.go:243:2: ineffectual assignment to scryptHash
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/configfile/config_file.go:272:2: ineffectual assignment to scryptHash
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:285:3: ineffectual assignment to fileID
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/node.go:367:3: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/node_open_create.go:68:2: ineffectual assignment to fd
/home/jakob/go/src/github.com/rfjakob/gocryptfs/mount.go:308:2: ineffectual assignment to masterkey
/home/jakob/go/src/github.com/rfjakob/gocryptfs/gocryptfs-xray/xray_main.go:156:13: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/prepare_syscall_test.go:65:16: ineffectual assignment to errno
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/syscallcompat/open_nofollow_test.go:34:2: ineffectual assignment to fd
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/acl_test.go:111:6: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/acl_test.go:181:2: ineffectual assignment to sz
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/acl_test.go:198:2: ineffectual assignment to sz
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/main_test.go:365:8: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/xattr/xattr_fd_test.go:30:6: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/xattr/xattr_fd_test.go:66:6: ineffectual assignment to err
2021-08-18 15:48:01 +02:00
Jakob Unterwurzacher
dc52e32151 MANPAGE: add "exclude all but" example
Fixes https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 11:39:01 +02:00
Jakob Unterwurzacher
0bc9784508 reverse: fix "exclude all but" case
With test.

Fixes https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 11:38:56 +02:00
Jakob Unterwurzacher
3df1c62430 tests/reverse/TestExcludeTestFs: test trailing slash 2021-08-18 11:04:56 +02:00
Jakob Unterwurzacher
884398eec3 tests/reverse/TestExcludeTestFs: improve comments & code style
No functional changes.
2021-08-18 11:04:40 +02:00
Jakob Unterwurzacher
022c169c39 MANPAGE: -ew: make gitignore syntax more prominent
https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 10:37:53 +02:00
Jakob Unterwurzacher
b8ddc49ede tests/cli/TestBadname: make sure case 5 is never decodable
Sometimes, by chance, case 5 resulted in valid decrypted data:

--- FAIL: TestBadname (0.08s)
    cli_test.go:885: Case 5 failed: "J7Rbo1BvfXojpBEr0Qrt_invalid_file GOCRYPTFS_BAD_NAME" in ["file GOCRYPTFS_BAD_NAME,\x9e$O\xc3j\x8c\xd0\x06\x01#\f%k\x02\xcanvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file,file_invalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME"]

Add percent signs so base64 decoding always fails.

Fixes https://github.com/rfjakob/gocryptfs/runs/3347883728
2021-08-17 15:17:36 +02:00
Jakob Unterwurzacher
8d5b4c5177 github actions ci: test different Go versions 2021-08-17 09:08:26 +02:00