Commit Graph

32 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
416080203b main: accept multiple -passfile options
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.

Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-17 19:31:04 +02:00
Pavol Rusnak
1364b44ae3 remove Trezor support 2019-12-28 19:50:49 +01:00
Jakob Unterwurzacher
b1d09b0f17 Rename isDirEmpty -> isEmptyDir
The function actually answers the question:
"is this an empty dir"?
2019-08-04 14:13:00 +02:00
Jakob Unterwurzacher
fe06e9f456 readpassword: delete CheckTrailingGarbage
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:

https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)

Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.

It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
2019-04-08 20:18:45 +02:00
Jakob Unterwurzacher
cf27037f20 Allow multiple -extpass arguments
To support arguments containing spaces, -extpass can now
be passed multiple times.

https://github.com/rfjakob/gocryptfs/issues/289
2019-03-03 13:25:30 +01:00
Sebastian Lackner
a1ba4b6576 Omit syscall.O_RDONLY flag when passing O_PATH.
When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY,
and O_NOFOLLOW are ignored.
2019-01-03 18:24:05 +01:00
Jakob Unterwurzacher
f6dad8d0fa nametransform: simplify WriteDirIV to WriteDirIVAt
Un-spaghettify the function and let the callers open
the directory.
2019-01-03 15:31:13 +01:00
Jakob Unterwurzacher
295d432175 passfile: directly read file instead of invoking cat
Allows better error handling, gets rid of the call to an
external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 .
2018-12-15 17:09:38 +01:00
Jakob Unterwurzacher
c270b21efc fusefrontend: get rid of os.File* wrapping
Directly use int file descriptors for the dirfd
and get rid of one level of indirection.
2018-09-23 12:17:26 +02:00
Jakob Unterwurzacher
9a15dfa494 trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
91de77943f configfile: reduce function name stutter
configfile.LoadConfFile()   -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create()
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
c6f6e8ec4d trezor: add skeleton for Trezor support
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
2018-07-01 20:56:04 +02:00
Jakob Unterwurzacher
85056def90 main: move and rename checkDir*() helper
To avoid confusion with fsck, rename to isDir*()
and move the functions into init_dir.go.
2018-04-01 12:31:44 +02:00
Jakob Unterwurzacher
5da5e467a6 main: pull regular exits into main function
The replaces the "does not return" comments with
an explicit os.Exit, which is unambigous.
2018-04-01 12:13:32 +02:00
Jakob Unterwurzacher
2cf050d69e main: zero password once we are done with it
Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
2018-02-18 15:22:22 +01:00
Jakob Unterwurzacher
5b5c7a0a5d main: overwrite keys and let them run out of scope
As soon as we don't need them anymore, overwrite
keys with zeros. Make sure they run out of scope
so we don't create a risk of inadvertedly using
all-zero keys for encryption.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 12:42:22 +01:00
Sebastian Lackner
614745ee57 fusefrontend: allow_other: close race between mkdir and chown
Fixes the same problem as described in 72b975867a,
except for directories instead of device nodes.
2017-11-29 13:28:04 +01:00
Sebastian Lackner
f3c777d5ea main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:

* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
  getrandom() syscall would be blocking (Go Bug #19274)

* Kernel versions prior to 3.17 do not support getrandom(), and there
  is no check if the random generator has been properly initialized
  before reading from /dev/urandom

This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
2017-11-21 23:37:06 +01:00
Jakob Unterwurzacher
c44389d942 exitcodes: specific codes for failure to read or write gocryptfs.conf
New codes:
* OpenConf = 23
* WriteConf = 24
2017-05-14 14:30:50 +02:00
Jakob Unterwurzacher
d5adde1eeb exitcodes: pull all exit code definitions into the package
This commit defines all exit codes in one place in the exitcodes
package.

Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.

Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07 22:16:22 +02:00
Jakob Unterwurzacher
decda6d255 configfile: switch on Raw64 by default
As we have dropped Go 1.4 compatibility already, and will add
a new feature flag for gocryptfs v1.3 anyway, this is a good
time to enable Raw64 as well.
2017-03-05 18:13:56 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
2b991c9743 Add support for unpadded base64 filenames, "-raw64"
Through base64.RawURLEncoding.

New command-line parameter "-raw64".
2016-11-01 18:43:22 +01:00
Jakob Unterwurzacher
17df345103 main: init: handle spaces in mount suggestion message
Before:
	You can now mount it using: gocryptfs a x MOUNTPOINT

After:
	You can now mount it using: gocryptfs "a x" MOUNTPOINT

This is still not bulletproof but should handle the common
case of having a space in the directory name. After all,
it's only a suggestion.
2016-10-09 18:27:03 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
35fb6583e6 main: get rid of duplicate "extpass" message
$ gocryptfs -init -extpass "echo test" a
Using password provided via -extpass.   <<< DUPLICATE
Reading password from extpass program
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
2016-09-28 20:47:01 +02:00
Jakob Unterwurzacher
e9bb8b800c reverse: switch from GCM-SIV to AES-SIV
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
2050c7f3b3 reverse: add gcmsiv flag and associated tests 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
5f726aaa9d contentenc: add GCM-SIV support
Also add ReverseDummyNonce nonce generation.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
90f0bdc224 main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
5fb6c5cf58 reverse: enable init functionality 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
72efa5c9b1 main: move initDir into its own file 2016-09-25 16:43:17 +02:00