hardcoresushi
/
libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
730 Commits 2 Branches 0 Tags 6 MiB
Commit Graph

84 Commits

Author SHA1 Message Date
Jakob Unterwurzacher 874e4fb5e9 cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum" 
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.

"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
 2017-03-05 17:10:57 +01:00
Jakob Unterwurzacher e032539e2c cryptocore: use eme v1.1 interface 
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.

Note that you have to upgrade your EME package (go get -u)!
 2017-03-05 13:58:24 +01:00
Jakob Unterwurzacher b2f3dbb8bd fusefrontend: when chown'ing a directory, also chown its diriv 
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.

Fixes https://github.com/rfjakob/gocryptfs/issues/86
 2017-03-02 19:12:21 +01:00
Jakob Unterwurzacher 1273d7edae ctlsock: better error message for forward mode path decryption 2017-01-29 18:55:52 +01:00
Jakob Unterwurzacher a7c7588deb fusefrontend: fix hard-linking with long name 
This used to incorrectly try to link twice and return EEXIST.
 2017-01-26 20:56:42 +01:00
Jakob Unterwurzacher 55df8acac3 fusefrontend: preserve owner for symlinks 
https://github.com/rfjakob/gocryptfs/issues/64
 2016-11-28 23:15:24 +01:00
Jakob Unterwurzacher e3c5e3f1c8 fusefronted: preserve owner for device nodes and sockets 
https://github.com/rfjakob/gocryptfs/issues/64
 2016-11-28 23:09:47 +01:00
Jakob Unterwurzacher a66440c668 fusefrontend: use Lchown when preserving owner 
This prevents (unlikely) symlink race attacks
 2016-11-28 22:46:04 +01:00
Jakob Unterwurzacher 0f8d3318a3 main, fusefrontend: add "-noprealloc" option 
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.

Also add the option to the man page.

More info: https://github.com/rfjakob/gocryptfs/issues/63
 2016-11-25 09:19:14 +01:00
Jakob Unterwurzacher 024511d9c7 fusefrontend: coalesce 4kB writes 
This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.

See https://github.com/rfjakob/gocryptfs/issues/63

Benchmarks:

encfs v1.9.1
============

$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS:    3.04
RM:    6.62

$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS:    2.73
RM:    5.32

gocryptfs v1.1.1-26-g4a7f8ef
============================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS:    1.47
RM:    4.17

$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS:    1.52
RM:    5.33

gocryptfs v1.1.1-32
===================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS:    1.46
RM:    4.67

$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS:    1.84
RM:    6.34
 2016-11-25 09:03:32 +01:00
Jakob Unterwurzacher 6f475da116 Fix golint warnings, add helper script 2016-11-17 23:40:03 +01:00
Jakob Unterwurzacher 0489d08ae2 fusefrontend: get the file ID from the open files table 
This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it.
 2016-11-17 22:29:45 +01:00
Jakob Unterwurzacher e04dc05012 fusefrontend: upgrade wlockMap to use device AND inode number 
If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique.
 2016-11-17 20:32:19 +01:00
Jakob Unterwurzacher c03fc46a51 ctlsock: implement EncryptPath for reverse mode, add tests 2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher 75ebb28a62 ctlsock: add initial limited implementation 
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
 2016-11-10 00:27:08 +01:00
Jakob Unterwurzacher 2b991c9743 Add support for unpadded base64 filenames, "-raw64" 
Through base64.RawURLEncoding.

New command-line parameter "-raw64".
 2016-11-01 18:43:22 +01:00
Jakob Unterwurzacher c2192cfcad fusefrontend: drop atime workarounds 
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
 2016-10-30 16:29:36 +01:00
Jakob Unterwurzacher 85f1fd0b0f fusefronted: more concise corrupt block log message 
Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists.
 2016-10-28 21:18:36 +02:00
Jakob Unterwurzacher a08d55f42d fusefronted: optimize NFS streaming writes by saving one Stat() 
Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.

On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s.
 2016-10-28 21:17:53 +02:00
Jakob Unterwurzacher d64ccf7cf4 fusefrontend: move hole padding check out of Write() 
The details of the hole handling don't have to be in
Write, so move it away.
 2016-10-25 22:37:45 +02:00
Jakob Unterwurzacher 6538dc15af fusefrontend: rename "createsHole" to clearer "createsCiphertextHole" 
...and add comments for what is happening.
 2016-10-25 21:19:37 +02:00
Jakob Unterwurzacher aeda9721d0 Fix misspellings 
Close https://github.com/rfjakob/gocryptfs/issues/54
 2016-10-24 19:18:13 +02:00
Jakob Unterwurzacher 589748548f tests: add 1980.tar.gz extract test 
Test that we get the right timestamp when extracting a tarball.

Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
 2016-10-19 22:25:54 +02:00
Jakob Unterwurzacher 600ceece35 lint fixes 2016-10-19 01:12:45 +02:00
Jakob Unterwurzacher 891a3b4c8a fusefrontend: Utimens: one more band-aid 
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
 2016-10-16 20:20:00 +02:00
Jakob Unterwurzacher 5144470e3d fusefrontend: Utimens: ugly band-aid for nil pointer crash in go-fuse 
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
 2016-10-16 15:08:05 +02:00
Jakob Unterwurzacher 35219d0022 fusefrontend: log missing gocryptfs.diriv 
This can happen during normal operation when the directory has
been deleted concurrently. But it can also mean that the
gocryptfs.diriv is missing due to an error, so log the event
at "info" level.
 2016-10-16 15:04:59 +02:00
Jakob Unterwurzacher 828f718483 fusefrontend: Also preserve the owner in Mkdir 
This already worked for files but was missing for dirs.
 2016-10-10 08:53:29 +02:00
Jakob Unterwurzacher f054353bd3 reverse: make gocryptfs.conf mapping plaintextnames-aware 
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.

Also adds a test for that.
 2016-10-08 20:57:38 +02:00
Valient Gough b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher a2510efe12 reverse: use per-purpose nonce generation 
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
 2016-09-29 21:56:49 +02:00
Jakob Unterwurzacher 5f4b16c00f Implement changes proposed by gosimple. 
Also delete the unused "dirIVNameStruct", found by deadcode.
 2016-09-25 19:48:21 +02:00
Jakob Unterwurzacher c7b3150afc nametransform: delete unused function DecryptPathDirIV 2016-09-25 18:56:23 +02:00
Jakob Unterwurzacher abd61d968d contentenc: rename constant "IVBitLen" to "DefaultIVBits" and clarify comment 
128-bit IVs are NOT used everywhere.
 2016-09-25 18:40:29 +02:00
Jakob Unterwurzacher 12808138ef contentenc: add "ExternalNonce" mode 
This will be used for strong symlink encryption in reverse mode.
 2016-09-25 17:44:19 +02:00
Jakob Unterwurzacher 32e55261ca fusefrontend: handle Readlink directly 
Calling into go-fuse's loopbackFileSystem does not add
any value here.
 2016-09-25 17:01:39 +02:00
Jakob Unterwurzacher 5f726aaa9d contentenc: add GCM-SIV support 
Also add ReverseDummyNonce nonce generation.
 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher 7f87ed78f2 cryptocore: add support for GCM-SIV 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher fca1b82417 fusefrontend: relay Utimens to go-fuse 
Commit af5441dcd9 has caused a
regression ( https://github.com/rfjakob/gocryptfs/issues/35 )
that is fixed by this commit.

The go-fuse library by now has all the syscall wrappers in
place to correctly handle Utimens, also for symlinks.

Instead of duplicating the effort here just call into go-fuse.

Closes #35
 2016-09-25 16:30:29 +02:00
Jakob Unterwurzacher af5441dcd9 fusefrontend: use NsecToTimespec() for Utimens 
This fixes a build problem on 32-bit hosts:

  internal/fusefrontend/file.go:400: cannot use a.Unix() (type int64) as
  type int32 in assignment
  internal/fusefrontend/file.go:406: cannot use m.Unix() (type int64) as
  type int32 in assignment

It also enables full nanosecond timestamps for dates
after 1970.
 2016-08-09 22:18:46 +02:00
Jakob Unterwurzacher e8a234f658 Add godoc comments to all internal packages 2016-07-06 21:51:25 +02:00
Jakob Unterwurzacher 741bf0726e syscallcompat: OSX: add Mknodat wrapper 
Protip: find naked *at syscalls using:

   git grep "syscall." | grep "at(" | grep -v syscallcompat
 2016-07-03 20:22:22 +02:00
Jakob Unterwurzacher d8524c7369 syscallcompat: OSX: add Unlinkat wrapper 
Also, replace remaining naked syscall.Openat calls.
 2016-07-03 20:17:40 +02:00
Jakob Unterwurzacher 1d7728959c fusefrontend: downgrade Renameat log message to debug 2016-07-03 20:08:09 +02:00
Jakob Unterwurzacher 79851bf6cc syscallcompat: OSX: add Renamat wrapper 
Adds a poor man's renameat implementation for OSX.
 2016-07-03 20:05:32 +02:00
Jakob Unterwurzacher 9b725c15cf syscallcompat: OSX: add Fallocate and Openat wrappers 
...and convert all calls to syscall.{Fallocate,Openat}
to syscallcompat .

Both syscalls are not available on OSX. We emulate Openat and just
return EOPNOTSUPP for Fallocate.
 2016-07-03 19:18:34 +02:00
Jakob Unterwurzacher c9a472c12f syscallcompat: move syscall wrapper to their own package 
We will get more of them as OSX also lacks support for openat.
 2016-07-03 17:51:40 +02:00
Jakob Unterwurzacher e574a6cc1f nametransform: hide detailed padding error behind the debug flag 
unPad16 returns detailed errors including the position of the
incorrect bytes. Kill a possible padding oracle by lumping
everything into a generic error.

The detailed error is only logged if debug is active.
 2016-07-03 15:35:58 +02:00
Jakob Unterwurzacher 54470baa23 fusefrontend: add fallocate support 
Mode=0 (default) and mode=1 (keep size) are supported.
The patch includes test cases and the whole thing passed xfstests.

Fixes https://github.com/rfjakob/gocryptfs/issues/1 .
 2016-07-02 19:52:09 +02:00
Jakob Unterwurzacher 04ad063515 fusefronted: move Truncate() and Allocate() to their own file 
These are large complicated implementations that will share some
code.
 2016-07-02 15:35:06 +02:00