Jakob Unterwurzacher
e9bb8b800c
reverse: switch from GCM-SIV to AES-SIV
...
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
5f4b16c00f
Implement changes proposed by gosimple.
...
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25 19:48:21 +02:00
Jakob Unterwurzacher
2050c7f3b3
reverse: add gcmsiv flag and associated tests
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
d76e7aadb4
reverse: use dynamic inode numbers
...
...with stable mappings for hard-linked files.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
5f726aaa9d
contentenc: add GCM-SIV support
...
Also add ReverseDummyNonce nonce generation.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
7f87ed78f2
cryptocore: add support for GCM-SIV
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
72efa5c9b1
main: move initDir into its own file
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
9ad49088fa
main: add explicit exit after forkChild
...
Trying to make it more obvious what is happening.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
d9db75ebd2
main: factor out cli arg parsing
...
The main function has gotten way too big.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
a34b447ad1
reverse: let the kernel enforce read-only mode
...
... and print a warning that reverse mode is experimental
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
1d4c6288f2
main: initial support for reverse mode
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
0d5d6fc99b
main: bake build date into version string
...
$ gocryptfs -version
gocryptfs v0.12-36-ge021b9d-dirty; go-fuse a4c968c; 2016-07-03 go1.6.2
2016-07-03 16:50:52 +02:00
Jakob Unterwurzacher
e021b9d00c
main: yellow text for masterkey and zerokey warnings
...
Also, mention that the shell may save the command line into the
history and reduce "ps -auxwww" to "ps ax" (that's all you need).
2016-07-03 15:37:47 +02:00
Jakob Unterwurzacher
547ddf4264
tlog: switch default logger to syslog
...
...unless "-nosyslog" is passed.
All gocryptfs messages already go to syslog, but the messages
that the go-fuse lib emits were still printed to stdout.
Fixes issue #13 ( https://github.com/rfjakob/gocryptfs/issues/13 )
2016-06-26 23:30:22 +02:00
Jakob Unterwurzacher
15b88756ad
main: add "-o" option to enable "suid" and "dev"
...
Device files and suid binaries are often not needed when running
gocryptfs as root. As they are potentially dangerous, let the
user enable them explicitely via the new "-o" option instead of
always enabling them when running as root.
2016-06-26 23:03:18 +02:00
Jakob Unterwurzacher
0115588680
main, fusefrontend: enable suid functionality
...
FUSE filesystems are mounted with "nosuid" by default. If we run as root,
we can use device files by passing the opposite mount option, "suid".
Also we have to use syscall.Chmod instead of os.Chmod because the
portability translation layer "syscallMode" messes up the sgid
and suid bits.
Fixes 70% of the failures in xfstests generic/193. The remaining are
related to truncate, but we err on the safe side:
$ diff -u tests/generic/193.out /home/jakob/src/fuse-xfstests/results//generic/193.out.bad
[...]
check that suid/sgid bits are cleared after successful truncate...
with no exec perm
before: -rwSr-Sr--
-after: -rw-r-Sr--
+after: -rw-r--r--
2016-06-26 20:13:21 +02:00
Jakob Unterwurzacher
fb5e7023ee
main: enable device files when running as root
...
FUSE filesystems are mounted with "nodev" by default. If we run as root,
we can use device files by passing the opposite mount option, "dev".
Fixes xfstests generic/184.
2016-06-26 19:23:33 +02:00
Jakob Unterwurzacher
23cc0657f4
fusefronted: preserve owner if running as root
...
If allow_other is set and we run as root, try to give newly created files to
the right user.
2016-06-26 19:18:13 +02:00
Jakob Unterwurzacher
b558901e66
Drop deprecated "-gcmiv128" option
...
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.
Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
3d59a72ba9
Drop deprecated "-emenames" option
...
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
b17f0465c7
Drop deprecated "-diriv" option
...
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
f0b4d2354d
Refuse mounting of v0.6 and older filesystems
2016-06-19 20:01:04 +02:00
Jakob Unterwurzacher
1dcafb99ff
main: drop "on-disk format" from -version output, add Go version
...
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.
Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
2016-06-19 19:33:15 +02:00
Jakob Unterwurzacher
cc2a75b050
Mount v0.6 and older filesystems as read-only
...
This is part of the phase-out of very old filesystems.
See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for
more info.
2016-06-16 23:23:09 +02:00
Jakob Unterwurzacher
82d87ff8ed
Add "-ro" (read-only) flag
...
From the man page:
**-ro**
: Mount the filesystem read-only
Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
6c3f97399a
Rename internal "toggledlog" package to "tlog"
...
tlog is used heavily everywhere and deserves a shorter name.
Renamed using sed magic, without any manual rework:
find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-06-15 23:30:44 +02:00
Jakob Unterwurzacher
09e88f31d1
toggledlog: assume command of color handling
...
We want to use colored error messages also outside of main,
so let's handle it in the logging package.
The fatal logger now automatically prints red.
2016-06-15 23:17:51 +02:00
Jakob Unterwurzacher
c89455063c
readpassword: create internal package for password reading
...
* Supports stdin
* Add tests for extpass and stdin
As per user request at https://github.com/rfjakob/gocryptfs/issues/30
2016-06-15 22:44:24 +02:00
Jakob Unterwurzacher
393e531afd
Fix warnings reported by Go 1.6 "go tool vet -shadow=true"
...
Warnings were:
main.go:234: declaration of err shadows declaration at main.go:163:
internal/fusefrontend/file.go:401: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
internal/fusefrontend/file.go:419: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
internal/fusefrontend/fs_dir.go:140: declaration of err shadows declaration at internal/fusefrontend/fs_dir.go:97:
2016-06-14 22:46:23 +02:00
Jakob Unterwurzacher
0c80cca674
toggledlog: convert remaing naked fmt.Print*
...
Several fatal errors were just printed to stdout, which
meant they were invisible when running the test suite.
Fix this by introducing toggledlog.Fatal and convert as
follows:
Fatal errors -> toggledlog.Fatal
Warnings -> toggledlog.Warn
Password prompts -> fmt.Fprintf
2016-06-05 14:32:07 +02:00
Jakob Unterwurzacher
ca54b665e3
main: print actual error from LoadConfFile()
...
It may not have been a "Wrong password" after all.
Also, push down disabling the warning so LoadConfFile() can
warn about things that matter.
2016-06-05 13:44:22 +02:00
Jakob Unterwurzacher
b97268c948
configfile: bake the "Creator" gocryptfs version into the file
...
This field is added for the convenience of users and
may help them to identify which gocryptfs version
they need to mount a filesystem.
The same information is essentially contained in FeatureFlags,
but this is more difficult to decode for humans.
It is completely ignored programmatically (also by older gocryptfs
versions).
2016-06-05 11:40:13 +02:00
Jakob Unterwurzacher
281bb8daf0
main: don't tell the user to choose a password when -extpass is used
...
Instead, print this:
Using password provided via -extpass.
2016-06-04 15:24:42 +02:00
Jakob Unterwurzacher
2e2ee0a038
main: print relative path in the init success message
...
... but only if the relative path does not start with "..".
Makes the message easier to grasp. Example:
$ gocryptfs -init -scryptn=10 v0.9
[...]
The filesystem has been created successfully.
Before:
You can now mount it using: gocryptfs /home/jakob/src/github.com/rfjakob/gocryptfs/integration_tests/example_filesystems/v0.9 MOUNTPOINT
After:
You can now mount it using: gocryptfs v0.9 MOUNTPOINT
2016-06-04 15:04:57 +02:00
Jakob Unterwurzacher
80b027f830
nametransform, main: better error messages
2016-06-01 20:07:43 +02:00
Jakob Unterwurzacher
e7f78135b3
Add "-allow_other" command-line option
...
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
2016-05-18 19:30:05 +02:00
Jakob Unterwurzacher
49b597f07c
prefer_openssl: autodetect whether to use OpenSSL or Go GCM
...
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.
The "-openssl" option now defaults to "auto".
"gocryptfs -debug -version" displays the result of the autodetection.
See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
2016-05-12 00:42:42 +02:00
Jakob Unterwurzacher
36c1039228
build.bash: bake the go-fuse commit hash into the binaries
2016-04-10 23:16:09 +02:00
Jakob Unterwurzacher
bd5405189e
Fix "go tool vet -shadow=true" warnings
...
Among those one real bug.
2016-04-10 21:31:15 +02:00
Jakob Unterwurzacher
3a4922b5d7
Add tests for long name creation and renaming (currently failing, obviously)
2016-02-07 10:55:13 +01:00
Jakob Unterwurzacher
e111e20649
longnames part I: Create and OpenDir work with long filenames > 176 bytes
...
Todo: Rename, Unlink, Rmdir, Mknod, Mkdir
2016-02-06 22:54:14 +01:00
Jakob Unterwurzacher
c74772bc8d
Run go fmt
2016-02-06 20:23:36 +01:00
Jakob Unterwurzacher
9078a77850
Move pathfs_frontend to internal/fusefrontend
...
"git status" for reference:
renamed: pathfs_frontend/args.go -> internal/fusefrontend/args.go
renamed: pathfs_frontend/compat_darwin.go -> internal/fusefrontend/compat_darwin.go
renamed: pathfs_frontend/compat_linux.go -> internal/fusefrontend/compat_linux.go
renamed: pathfs_frontend/file.go -> internal/fusefrontend/file.go
renamed: pathfs_frontend/file_holes.go -> internal/fusefrontend/file_holes.go
renamed: pathfs_frontend/fs.go -> internal/fusefrontend/fs.go
renamed: pathfs_frontend/fs_dir.go -> internal/fusefrontend/fs_dir.go
renamed: pathfs_frontend/names.go -> internal/fusefrontend/names.go
renamed: pathfs_frontend/write_lock.go -> internal/fusefrontend/write_lock.go
modified: main.go
2016-02-06 19:27:59 +01:00
Jakob Unterwurzacher
2b8cbd9441
Major refactoring: Split up "cryptfs" into several internal packages
...
"git status" for reference:
deleted: cryptfs/cryptfs.go
deleted: cryptfs/names_core.go
modified: integration_tests/cli_test.go
modified: integration_tests/helpers.go
renamed: cryptfs/config_file.go -> internal/configfile/config_file.go
renamed: cryptfs/config_test.go -> internal/configfile/config_test.go
renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed: cryptfs/kdf.go -> internal/configfile/kdf.go
renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file: internal/contentenc/content_api.go
renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file: internal/cryptocore/crypto_api.go
renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file: internal/nametransform/name_api.go
new file: internal/nametransform/names_core.go
renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go
new file: internal/nametransform/pad16.go
renamed: cryptfs/log.go -> internal/toggledlog/log.go
renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified: main.go
modified: masterkey.go
modified: pathfs_frontend/file.go
modified: pathfs_frontend/file_holes.go
modified: pathfs_frontend/fs.go
modified: pathfs_frontend/fs_dir.go
modified: pathfs_frontend/names.go
modified: test.bash
2016-02-06 19:22:35 +01:00
Jakob Unterwurzacher
6454db68d9
Add new "-wpanic" option and enable it for the automated tests
2016-01-31 18:09:39 +01:00
Jakob Unterwurzacher
9ecb489c66
Allow "-d" as an alis for "-debug", and "-quiet" as an alias for "-q"
2016-01-24 18:20:04 +01:00
Jakob Unterwurzacher
523e430685
Add "-nosyslog" options
...
Also, actually redirect Warn and Debug as well.
2016-01-24 18:10:18 +01:00
Jakob Unterwurzacher
1030522fe6
Suppress password prompt when using -extpass
...
Also, add color to the error messages.
2016-01-23 20:18:39 +01:00
Jakob Unterwurzacher
2e419e635f
Remove last SetOutput from generic code
2016-01-22 21:49:56 +01:00
Jakob Unterwurzacher
cec2da3e33
Add "-memprofile" option
2016-01-21 23:55:37 +01:00