hardcoresushi
/
libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
730 Commits 2 Branches 0 Tags 6 MiB
Commit Graph

209 Commits

Author SHA1 Message Date
Jakob Unterwurzacher b732881518 configfile: switch to 128-bit IVs for master key encryption 
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
 2017-03-05 18:03:03 +01:00
Jakob Unterwurzacher 966308eeb7 Drop Go 1.4 compatability code everywhere 
Yields a nice reduction in code size.
 2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher 874e4fb5e9 cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum" 
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.

"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
 2017-03-05 17:10:57 +01:00
Jakob Unterwurzacher e032539e2c cryptocore: use eme v1.1 interface 
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.

Note that you have to upgrade your EME package (go get -u)!
 2017-03-05 13:58:24 +01:00
Jakob Unterwurzacher 6cc0aebd71 configfile: define HKDF flag 2017-03-05 12:08:12 +01:00
Jakob Unterwurzacher b2f3dbb8bd fusefrontend: when chown'ing a directory, also chown its diriv 
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.

Fixes https://github.com/rfjakob/gocryptfs/issues/86
 2017-03-02 19:12:21 +01:00
Jakob Unterwurzacher 427c6c1719 exitcodes: define code 12 for "password incorrect" 2017-02-26 19:25:23 +01:00
Jakob Unterwurzacher 57612a278b configfile: rename "kdf.go" -> "scrypt.go" 
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.

renamed:    internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed:    internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
 2017-02-25 18:51:17 +01:00
Jakob Unterwurzacher a65965783a stupidgcm: drop only external dependecy 
This makes it easier to use the package in external projects.

See https://github.com/rfjakob/gocryptfs/issues/79
 2017-02-24 09:46:10 +01:00
Jakob Unterwurzacher 43d6aa6677 speed: add benchmark.bash helper 2017-02-24 09:38:50 +01:00
Jakob Unterwurzacher 477071d673 speed: fix build for Go 1.4 and lower 
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:

  internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
 2017-02-23 00:04:51 +01:00
Jakob Unterwurzacher 1e03e059fa Implement "gocryptfs -speed" 
A crypto benchmark mode like "openssl speed".

Example run:

  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s
 2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher 62e7eb7d04 tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher 45c1ea499e fusefrontend_reverse: handle .name files in Access() 
These were currently passed to decryptPath() were it caused
a warning.
 2017-02-16 21:16:42 +01:00
Jakob Unterwurzacher 55d0523dbe tests: configfile: add missing newlines in verbose output 2017-02-16 19:45:20 +01:00
Jakob Unterwurzacher 8bbc1038fe syscallcompat: OSX compat: fix variable warnings 
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
 2017-02-16 19:23:17 +01:00
Jakob Unterwurzacher 3784901fce readpassword: limit password length to 1000 bytes 
This used to hang at 100% CPU:

    cat /dev/zero | gocryptfs -init a

...and would ultimately send the box into out-of-memory.

The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.

Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
 2017-02-13 09:13:22 +01:00
Jakob Unterwurzacher 8adfbf2dc3 Check for trailing garbage after the password 
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
 2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher 2dd90ac19c readpassword: improve comment on readPasswordStdin 2017-02-12 13:55:30 +01:00
Jakob Unterwurzacher 0f40afc832 ctlsock: handle non-canonical empty paths 
We have to check if the input path is empty AFTER canonicalizing it,
too!
 2017-02-05 18:17:30 +01:00
Jakob Unterwurzacher 8bcae63a5a ctlsock: sanitize: handle multiple leading slashes 2017-02-05 18:05:35 +01:00
Jakob Unterwurzacher 2bdd0ec802 golint comment fix 
internal/ctlsock/ctlsock_serve.go:73:1: comment on exported const
ReadBufSize should be of the form "ReadBufSize ..."
 2017-01-29 19:01:16 +01:00
Jakob Unterwurzacher 1273d7edae ctlsock: better error message for forward mode path decryption 2017-01-29 18:55:52 +01:00
Jakob Unterwurzacher 53fe6f5690 ctlsock: abort message processing on JSON error 
The code was missing a "continue" in that branch.

Also improve the error messages a bit.
 2017-01-29 18:25:46 +01:00
Jakob Unterwurzacher 532ef15417 ctlsock: interpret paths that point above CWD as "" 
Paths that start with ".." were previously accepted as-is.
 2017-01-29 15:24:47 +01:00
Jakob Unterwurzacher 6166dad05c readpassword: support spaces in "-passfile" filename 
...and while we are at it, also filenames starting with "-".
 2017-01-29 00:34:12 +01:00
Jakob Unterwurzacher 39eca53677 main: make sure the ctlsock file is deleted on incorrect password 
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
 2017-01-26 21:32:08 +01:00
Jakob Unterwurzacher a7c7588deb fusefrontend: fix hard-linking with long name 
This used to incorrectly try to link twice and return EEXIST.
 2017-01-26 20:56:42 +01:00
Jakob Unterwurzacher de87a256ab tlog: better comment for the terminal colors 2017-01-26 20:01:45 +01:00
Jakob Unterwurzacher fe1705c55b reverse: add single-entry path cache 
Speeds up the "ls -lR" benchmark from 2.6 seconds to 2.0.
 2017-01-03 18:14:01 +01:00
Jakob Unterwurzacher ef089c9f80 reverse: factor out rDecryptName 
This prepares the code for the introduction of a path cache.
 2017-01-03 17:46:11 +01:00
Jakob Unterwurzacher 8be54bf3f8 prefer_openssl: default to Go GCM on OSX 2016-12-10 21:04:17 +01:00
Jakob Unterwurzacher 12374be9c5 ctlsock: abort the connection if the request is too big 
Reading partial JSON would cause a mess. Just kill the connection.

Also, stop using syscall.PathMax that is not defined on Darwin
( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
 2016-12-10 20:43:08 +01:00
Jakob Unterwurzacher 8945f4db95 ctlsock: add a note about Accept() throwing errors on Close() 2016-12-10 15:01:00 +01:00
Jakob Unterwurzacher 6af725ff09 ctlsock: exit early if socket cannot be created; delete on exit 
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
 2016-12-10 14:54:06 +01:00
Jakob Unterwurzacher 967e7bd125 stupidgcm: Fix without_openssl build failure 
Also, always call build-without-openssl.bash from test.bash.

Failure was:

  internal/stupidgcm/without_openssl.go:29: missing return at end of function
 2016-12-10 13:15:19 +01:00
Jakob Unterwurzacher 2758c75cae ctlsock: sanitize paths before passing them to the backend 
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.

Fixes https://github.com/rfjakob/gocryptfs/issues/66
 2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher c9f4400e6d Replace all calls to naked panic() with log.Panic() 
We want all panics to show up in the syslog.
 2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher 55df8acac3 fusefrontend: preserve owner for symlinks 
https://github.com/rfjakob/gocryptfs/issues/64
 2016-11-28 23:15:24 +01:00
Jakob Unterwurzacher e3c5e3f1c8 fusefronted: preserve owner for device nodes and sockets 
https://github.com/rfjakob/gocryptfs/issues/64
 2016-11-28 23:09:47 +01:00
Jakob Unterwurzacher a66440c668 fusefrontend: use Lchown when preserving owner 
This prevents (unlikely) symlink race attacks
 2016-11-28 22:46:04 +01:00
Jakob Unterwurzacher 0f8d3318a3 main, fusefrontend: add "-noprealloc" option 
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.

Also add the option to the man page.

More info: https://github.com/rfjakob/gocryptfs/issues/63
 2016-11-25 09:19:14 +01:00
Jakob Unterwurzacher 024511d9c7 fusefrontend: coalesce 4kB writes 
This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.

See https://github.com/rfjakob/gocryptfs/issues/63

Benchmarks:

encfs v1.9.1
============

$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS:    3.04
RM:    6.62

$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS:    2.73
RM:    5.32

gocryptfs v1.1.1-26-g4a7f8ef
============================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS:    1.47
RM:    4.17

$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS:    1.52
RM:    5.33

gocryptfs v1.1.1-32
===================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS:    1.46
RM:    4.67

$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS:    1.84
RM:    6.34
 2016-11-25 09:03:32 +01:00
Jakob Unterwurzacher 6f475da116 Fix golint warnings, add helper script 2016-11-17 23:40:03 +01:00
Jakob Unterwurzacher 0489d08ae2 fusefrontend: get the file ID from the open files table 
This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it.
 2016-11-17 22:29:45 +01:00
Jakob Unterwurzacher e04dc05012 fusefrontend: upgrade wlockMap to use device AND inode number 
If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique.
 2016-11-17 20:32:19 +01:00
Jakob Unterwurzacher d8fb28a1c3 ctlsock: prevent panic on invalid decrypt request 2016-11-10 23:51:47 +01:00
Jakob Unterwurzacher c03fc46a51 ctlsock: implement EncryptPath for reverse mode, add tests 2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher d3764b7753 reverse: fix longname decoding bug 
This could have caused spurious ENOENT errors.

That it did not cause these errors all the time is interesting
and probably because an earlier readdir would place the entry
in the cache. This masks the bug.
 2016-11-10 23:30:30 +01:00
Jakob Unterwurzacher e7f57695a6 Fix golint warnings 
$ golint ./... | grep -v underscore | grep -v ALL_CAPS
internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use
internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported
 2016-11-10 00:38:01 +01:00