b732881518
configfile: switch to 128-bit IVs for master key encryption
...
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
2017-03-05 18:03:03 +01:00
a8d154765a
README: fix "compatibility" typo
2017-03-05 17:45:59 +01:00
966308eeb7
Drop Go 1.4 compatability code everywhere
...
Yields a nice reduction in code size.
2017-03-05 17:44:14 +01:00
e646163442
README: drop Go 1.4 compatability for gocryptfs v1.3
...
Also drop Go 1.4 from Travis CI and update other Go
versions to latest point release.
2017-03-05 17:43:23 +01:00
874e4fb5e9
cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum"
...
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.
"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
2017-03-05 17:10:57 +01:00
e032539e2c
cryptocore: use eme v1.1 interface
...
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.
Note that you have to upgrade your EME package (go get -u)!
2017-03-05 13:58:24 +01:00
b2f154a9a9
tests: stop calling t.Fatal from example_test_helpers
...
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
2017-03-05 13:39:25 +01:00
6465fa42a6
test.bash: execute build-without-openssl.bash instead of sourcing it
...
Sourcing the script breaks the "cd $(dirname $0)" logic in
build-without-openssl.bash.
2017-03-05 13:32:28 +01:00
6cc0aebd71
configfile: define HKDF flag
2017-03-05 12:08:12 +01:00
b2f3dbb8bd
fusefrontend: when chown'ing a directory, also chown its diriv
...
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.
Fixes https://github.com/rfjakob/gocryptfs/issues/86
2017-03-02 19:12:21 +01:00
b765cc526d
main: get rid of third open paniclog fd
...
We have it saved in Stderr and Stdout anyway, let's free this fd
number.
2017-03-02 19:12:21 +01:00
c304626a47
CLI_ABI: smaller markdown subheadings
...
The old ones were rendered by github almost as big as the parent headings.
2017-03-01 23:31:03 +01:00
954aa169cc
Update README.md ( #85 )
...
Correcting year in changelog (1.2.1)
2017-02-28 13:59:33 +01:00
8f51325116
README: update changelog for 1.2.1 release
2017-02-26 21:34:49 +01:00
d2c0fae4f6
tests: somewhat support testing without openssl
...
You will still get lots of test error, but at least the tests
will run.
2017-02-26 19:53:29 +01:00
98ecf1f074
MANPAGE: document "-speed"
2017-02-26 19:34:23 +01:00
f2920f71e8
MANPAGE: document error code 12
2017-02-26 19:30:28 +01:00
427c6c1719
exitcodes: define code 12 for "password incorrect"
2017-02-26 19:25:23 +01:00
57612a278b
configfile: rename "kdf.go" -> "scrypt.go"
...
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.
renamed: internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed: internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
2017-02-25 18:51:17 +01:00
a65965783a
stupidgcm: drop only external dependecy
...
This makes it easier to use the package in external projects.
See https://github.com/rfjakob/gocryptfs/issues/79
2017-02-24 09:46:10 +01:00
43d6aa6677
speed: add benchmark.bash helper
2017-02-24 09:38:50 +01:00
be19b91a52
README: fix typo and simplify MANPAGE text
2017-02-23 00:14:20 +01:00
477071d673
speed: fix build for Go 1.4 and lower
...
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:
internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
2017-02-23 00:04:51 +01:00
1e03e059fa
Implement "gocryptfs -speed"
...
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
2017-02-22 23:56:34 +01:00
b056776a01
tests: adapt dir overwrite test for Go 1.8
...
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
2017-02-20 21:27:37 +01:00
cb2d1fbcf8
Travis CI: also test with Go 1.8
...
(Currently failing the tests!)
2017-02-20 21:27:26 +01:00
e406eb22ba
Get rid of remaining $GOPATH dependencies
2017-02-20 21:26:42 +01:00
166c62fd21
build.bash: use $(go env GOPATH)
2017-02-20 21:26:18 +01:00
1139c27c36
build.bash: deduplicate build call
2017-02-19 20:27:29 +01:00
10361a907a
build.bash: GOPATH may be unset since Go v1.8. Handle it.
2017-02-19 20:14:46 +01:00
7fbe69bfa6
tests.bash: OSX compat: use "flock -n" and skip openssl build
...
Mac OS X flock does not support "--nonblock", but does support "-n":
https://github.com/discoteq/flock/blob/master/man/flock.1.ronn
Skip the openssl build because it requires
1) openssl
2) fixing the import paths in gocryptfs
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-280464400
2017-02-17 19:43:16 +01:00
07b4b9d60b
Travis: set clone depth to 100
...
Otherwise the build fails once you have more than 50 commits
since the last tag.
You'd get:
$ ./build.bash
fatal: No names found, cannot describe anything.
2017-02-16 21:24:33 +01:00
62e7eb7d04
tests: reverse: check Access() call
2017-02-16 21:20:29 +01:00
45c1ea499e
fusefrontend_reverse: handle .name files in Access()
...
These were currently passed to decryptPath() were it caused
a warning.
2017-02-16 21:16:42 +01:00
55d0523dbe
tests: configfile: add missing newlines in verbose output
2017-02-16 19:45:20 +01:00
0b19e637c9
tests: OSX compat: wrap Stat_t atime extract
...
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:39:56 +01:00
8bbc1038fe
syscallcompat: OSX compat: fix variable warnings
...
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:23:17 +01:00
b66d663ff8
tests: OSX compat: use "mount" command instead of /proc/mounts
...
Mac OS X does not have /proc.
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:13:03 +01:00
e5bee6a6aa
tests: OSX compat: use OSX-style "stat -f"
...
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:10:36 +01:00
9f6841373d
benchmarks: OSX compat: replace /usr/bin/time with bash builtin
...
On OSX, /usr/bin/time does not support "-f".
Reported in https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217 .
2017-02-16 19:01:24 +01:00
ca5c06ef4e
tests: get rid of syscall.PathMax
...
Does not exist on OSX
Reported in https://github.com/rfjakob/gocryptfs/issues/15
2017-02-16 18:47:04 +01:00
e6075ddf2e
README: also link to cppcryptfs
2017-02-16 18:37:12 +01:00
f5bb7a37be
README: mention graphical interfaces
2017-02-16 18:36:16 +01:00
bef27305bc
main: don't attempt lazy unmount on MacOSX
2017-02-15 23:20:41 +01:00
6ac9dcaae0
tests: use fuse-unmount.bash
...
...instead of having separate compatability logic.
2017-02-15 23:13:33 +01:00
ce2e610428
OSX compat: replace fusermount calls with fuse-unmount.bash
...
Mac OS X does not have fusermount and uses umount instead.
The fuse-unmount.bash calls the appropriate command.
2017-02-15 23:02:01 +01:00
6be7808992
Add Mac OS X fusermount replacement script
2017-02-14 21:38:28 +01:00
3784901fce
readpassword: limit password length to 1000 bytes
...
This used to hang at 100% CPU:
cat /dev/zero | gocryptfs -init a
...and would ultimately send the box into out-of-memory.
The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.
Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-13 09:13:22 +01:00
54caaf4b98
Add CLI ABI documentation
...
Closes https://github.com/rfjakob/gocryptfs/issues/77
2017-02-12 19:20:21 +01:00
8adfbf2dc3
Check for trailing garbage after the password
...
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher