Commit Graph

353 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
a863a6569c Drop shell wrapper 2015-10-11 18:03:24 +02:00
Jakob Unterwurzacher
14115b061b Add native daemonization 2015-10-11 18:02:48 +02:00
Jakob Unterwurzacher
39183bea00 Rename sendSig to sendUsr1
This matches waitForUsr1 in daemonize()
2015-10-11 18:01:47 +02:00
Jakob Unterwurzacher
5dc7e44aa2 Move main files to top level dir
This is in preparation of getting rid of the shell wrapper
2015-10-11 17:14:18 +02:00
Jakob Unterwurzacher
6825d0e740 README: Remove dots notice 2015-10-10 18:34:09 +02:00
Jakob Unterwurzacher
a3e66ca154 Shell wrapper: Also search the binary in $GOPATH/bin 2015-10-08 00:02:55 +02:00
Jakob Unterwurzacher
7ac9d6af58 README: Mention that only Linux is tested 2015-10-07 23:50:19 +02:00
Jakob Unterwurzacher
d9b4f96598 Update README 2015-10-07 23:31:28 +02:00
Jakob Unterwurzacher
ed1df49af5 Run go fmt 2015-10-07 22:59:36 +02:00
Jakob Unterwurzacher
c4a66bc30d Add package.bash 2015-10-07 22:14:00 +02:00
Jakob Unterwurzacher
440abcbac6 Add test.bash
...also adapt the cryptfs tests for 256 bit long keys
2015-10-07 22:09:34 +02:00
Jakob Unterwurzacher
2f970e1aa6 Adapt openssl benchmark for 256 bit long keys 2015-10-07 22:05:32 +02:00
Jakob Unterwurzacher
878f64a5d7 Better usage text 2015-10-07 21:59:54 +02:00
Jakob Unterwurzacher
bef73c63b3 Move gocryptfs wrapper into the same folder as the binary 2015-10-07 21:49:38 +02:00
Jakob Unterwurzacher
65ba0739d5 Implement "gocryptfs --passwd" (pasword changing) 2015-10-07 21:26:17 +02:00
Jakob Unterwurzacher
03502861ce Reword help text 2015-10-06 23:28:20 +02:00
Jakob Unterwurzacher
31e14936be Split off SECURITY.md 2015-10-06 23:20:21 +02:00
Jakob Unterwurzacher
8ec16c165d Update README.md 2015-10-06 23:08:04 +02:00
Jakob Unterwurzacher
a3d286069f Use block number as authentication data 2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
45ea8aa546 Add "--masterkey=" parameter for recovery purposes 2015-10-06 21:16:39 +02:00
Jakob Unterwurzacher
5c6df49067 Switch to AES-256
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
39ea272e23 Add "--openssl=false" command line option
Also make main_test try both variants
2015-10-06 20:24:52 +02:00
Jakob Unterwurzacher
c2bd208bbe Rewrite README.md (in progress) 2015-10-06 00:35:29 +02:00
Jakob Unterwurzacher
022a6968ae Implement proper daemonization
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
552c32c5e9 Move main binary to gocryptfs_main
That way the wrapper shell script can be named just "gocryptfs"
2015-10-05 20:32:10 +02:00
Jakob Unterwurzacher
53ecebc71e openssl AEAD wrapper: handle authenticated data 2015-10-04 23:58:22 +02:00
Jakob Unterwurzacher
e6b7353f4e Switch nonce generation to purely random
The old implementation of counting up from a random starting
point had the problem that is allowed an attacker to find out
the write order of the blocks.
2015-10-04 21:36:16 +02:00
Jakob Unterwurzacher
df52aab082 Clean up openssl benchmark 2015-10-04 21:21:32 +02:00
Jakob Unterwurzacher
d1522c7992 tests: simplify names
main_test_tmp -> tmp
	main_benchmark.bash -> benchmark.bash
2015-10-04 20:46:21 +02:00
Jakob Unterwurzacher
aa082c235a Utimens: Use UtimesNano instead of Futimes
Futimes() only takes microsecond resolution while the FUSE call
Utimens() wants nanosecond precision.

This is why UTIME_OMIT did not work - this change fixes the
xfstests generic/258 test failure.

The go library does not provide a FutimesNano() function which is
why I use UtimesNano() on /proc/self/fd/n.
This is what the Go library does in Futimes().
2015-10-04 20:32:15 +02:00
Jakob Unterwurzacher
c7313f36de fallocate: return ENOSYS
The implementation was incomplete, disable fallocate completely for now.
See https://github.com/rfjakob/gocryptfs/issues/1

Fixes xfstests generic/075
2015-10-04 17:14:40 +02:00
Jakob Unterwurzacher
90bd978283 truncate: Fix bug that caused xfstests generic/030 to fail
The bug was caused by using cipherOff where plainOff should
have been used.
Renamed the symbols for less confusion.
2015-10-04 16:04:25 +02:00
Jakob Unterwurzacher
aa6fa7f3cf Truncate: Logging improvements, show number of blocks as float 2015-10-04 15:45:46 +02:00
Jakob Unterwurzacher
b27edba2bb Fix Trucate() bug causing files to be too small
Uncovered by running xfstests generic/014 several times
2015-10-04 15:40:59 +02:00
Jakob Unterwurzacher
089629442d Enable ClientInodes so hard links work
Fixes xfstests generic/002
2015-10-04 14:50:27 +02:00
Jakob Unterwurzacher
89fef80d32 Run go fmt 2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
5bd08abf40 Remove ClueFS frontend
Development has focused on PathFS for some time now and things are
working well.
2015-10-04 14:35:50 +02:00
Jakob Unterwurzacher
c859f0b2dc intraBlock: Rename Offset to Skip
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
Jakob Unterwurzacher
775676ecb8 Utilize file hole passtrough capability in Truncate()
Cuts down the runtime of xfstests generic/014
from 1822 seconds to 36 seconds
2015-10-04 14:21:07 +02:00
Jakob Unterwurzacher
2003ca965d Zero-pad last block if a file hole is created on Write()
Fixes TestFileHoles test
2015-10-04 11:39:35 +02:00
Jakob Unterwurzacher
5229b8f5f5 Add BlockNoPlainOff() and BlockNoCipherOff() + test
Also, fix key, it is now []byte, not [16]byte
2015-10-04 11:03:40 +02:00
Jakob Unterwurzacher
fa88741770 tests: add TestFileHoles
Create a file with holes by writing to offset 0 (block #0) and
offset 4096 (block #1).

This test currently fails.
2015-10-04 10:39:44 +02:00
Jakob Unterwurzacher
40448db909 Fix xfstests generic/030 failure
The actual fix is

	oldSize := f.cfs.PlainSize(uint64(fi.Size()))

the rest is logging improvements
2015-10-04 00:26:20 +02:00
Jakob Unterwurzacher
0802175328 Add daemonization shell script 2015-10-03 19:17:31 +02:00
Jakob Unterwurzacher
79870ab096 debug: log inode number instead of encrypted filename
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
Jakob Unterwurzacher
38bf8a2fcf Implement file hole passtrough
Fixes xfstests generic/010

Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00
Jakob Unterwurzacher
3fef613591 tests: Add append test 2015-09-30 23:42:18 +02:00
Jakob Unterwurzacher
b835f83fd5 Implement Truncate() + Test 2015-09-30 22:36:53 +02:00
Jakob Unterwurzacher
aea8d8d6e7 debug: Log encrypted filename 2015-09-30 20:32:24 +02:00
Jakob Unterwurzacher
061831edf2 DecryptBlocks: Don't shadow err variable 2015-09-30 20:31:41 +02:00