c6dacd6f91
Add EME filename encryption & enable it by default
2015-12-08 16:17:04 +01:00
ff8c81f95b
go fmt
2015-12-08 13:51:06 +01:00
56888d83dd
fallocate the space needed for the file header beforehand
...
This makes sure writing to a file fails early if the underlying
filesystem does not support fallocate. It also prevents partial header
write due to ENOSPC.
2015-12-06 15:05:52 +01:00
edc289fb75
Fix rename, was broken broken by DirIV introduction
...
As it was, CIPHERDIR was prepended twice, causing every rename
to fail with ENOENT.
2015-12-06 15:00:54 +01:00
ce42a6f23d
Run go fmt
2015-11-29 21:55:20 +01:00
20b058a333
Add single-element cache for DirIV lookup
...
Another 3x performance boost for applications that walk the
directory tree.
Excerpt from performance.txt:
VERSION UNTAR LS RM
v0.4 48 1.5 5
v0.5-rc1 56 7 19
v0.5-rc1-1 54 4.1 9
v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION
2015-11-29 21:41:38 +01:00
1d0a442405
OpenDir performance: Read DirIV once and reuse it for all names
...
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.
Massive improvement for RM and LS (check performance.txt for details)
VERSION UNTAR RM LS
v0.4 48 5 1.5
v0.5-rc1 56 19 7
v0.5-rc1-1 54 9 4.1 <---- THIS VERSION
2015-11-29 20:03:37 +01:00
1fb349e97b
diriv: also support old CBC symlink
2015-11-28 18:39:45 +01:00
01141f8b5e
diriv: fix Symlink() and Readlink()
...
Both were missing adaptions for diriv usage resulting in broken
functionality
2015-11-28 18:39:45 +01:00
3b2143bafc
diriv: fix readdir
...
It decrypted all file names using the root directory iv
2015-11-28 18:39:45 +01:00
fe7355f9ee
diriv: use "DirIV" flag to discern and support mounting old filesystems
2015-11-28 18:38:06 +01:00
a04a92cdab
Run go fmt
2015-11-27 22:20:01 +01:00
bdd9249a52
diriv: Move WriteDirIV() to cryptfs; add locking to Mkdir, Rmdir
2015-11-27 21:48:58 +01:00
decfc1ab79
diriv: Convert filename encryption users to diriv
2015-11-27 00:03:10 +01:00
fe2fcf6c16
diriv: Transactionally delete gocryptfs.diriv in Rmdir
2015-11-25 22:17:42 +01:00
4d466c3412
diriv: Create gocryptfs.diriv in every directory
2015-11-25 20:57:16 +01:00
61aacb5c1b
Run go fmt and go vet
2015-11-14 17:16:17 +01:00
99dfc84992
Add "-q" (quiet) flag
2015-11-09 22:33:42 +01:00
fa3a382aa4
Handle ENOSPC errors better by preallocating the space before writing
...
Prevent the case that we run out of space in the middle of
writing a block - that would leave a corrupt block behind.
2015-11-08 22:36:29 +01:00
050005fd7b
Centralize path filter decision in CryptFS.IsFiltered()
2015-11-03 22:25:29 +01:00
de56fe9e35
Implement PlainTextNames mode
...
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
e31d319c39
Remove code detected by "deadcode"
...
go get github.com/remyoudompheng/go-misc/deadcode
2015-11-01 12:32:10 +01:00
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
a3d286069f
Use block number as authentication data
2015-10-06 22:27:37 +02:00
aa082c235a
Utimens: Use UtimesNano instead of Futimes
...
Futimes() only takes microsecond resolution while the FUSE call
Utimens() wants nanosecond precision.
This is why UTIME_OMIT did not work - this change fixes the
xfstests generic/258 test failure.
The go library does not provide a FutimesNano() function which is
why I use UtimesNano() on /proc/self/fd/n.
This is what the Go library does in Futimes().
2015-10-04 20:32:15 +02:00
c7313f36de
fallocate: return ENOSYS
...
The implementation was incomplete, disable fallocate completely for now.
See https://github.com/rfjakob/gocryptfs/issues/1
Fixes xfstests generic/075
2015-10-04 17:14:40 +02:00
90bd978283
truncate: Fix bug that caused xfstests generic/030 to fail
...
The bug was caused by using cipherOff where plainOff should
have been used.
Renamed the symbols for less confusion.
2015-10-04 16:04:25 +02:00
aa6fa7f3cf
Truncate: Logging improvements, show number of blocks as float
2015-10-04 15:45:46 +02:00
b27edba2bb
Fix Trucate() bug causing files to be too small
...
Uncovered by running xfstests generic/014 several times
2015-10-04 15:40:59 +02:00
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
c859f0b2dc
intraBlock: Rename Offset to Skip
...
"Offset" is unclear whether it is an offset from the start of file
or start of block. "Skip" seems much better.
2015-10-04 14:24:43 +02:00
775676ecb8
Utilize file hole passtrough capability in Truncate()
...
Cuts down the runtime of xfstests generic/014
from 1822 seconds to 36 seconds
2015-10-04 14:21:07 +02:00
2003ca965d
Zero-pad last block if a file hole is created on Write()
...
Fixes TestFileHoles test
2015-10-04 11:39:35 +02:00
40448db909
Fix xfstests generic/030 failure
...
The actual fix is
oldSize := f.cfs.PlainSize(uint64(fi.Size()))
the rest is logging improvements
2015-10-04 00:26:20 +02:00
79870ab096
debug: log inode number instead of encrypted filename
...
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
3fef613591
tests: Add append test
2015-09-30 23:42:18 +02:00
b835f83fd5
Implement Truncate() + Test
2015-09-30 22:36:53 +02:00
aea8d8d6e7
debug: Log encrypted filename
2015-09-30 20:32:24 +02:00
c4ec7a4295
Fix Chown parameter order
2015-09-19 10:46:39 +02:00
67fe4557e5
Fix read benchmark
2015-09-17 22:08:49 +02:00
0af3cfcac0
Fix symlink size reporting
2015-09-16 19:32:37 +02:00
71789ae14f
Don't warn about "gocryptfs.conf" in the ciphertext root dir
2015-09-13 22:09:48 +02:00
6f9e90c414
Encrypt key with scrypt-hashed password
2015-09-13 22:09:38 +02:00
e7ba3c61f1
Fix File.GettAttr() size reporting
...
The too-large reported value broke mmap
(applications saw appended zero bytes)
Also
* Add locking for all fd operations
* Add "--debug" command line switch
2015-09-09 19:32:59 +02:00
80935a0e1b
Explain both frontends in readme
...
Also, re-enable openssl and disable debug messages so testing
gocryptfs is less painful
2015-09-08 23:09:28 +02:00
bfdbbbf8b4
Fix panic on absolute symlink
2015-09-08 22:53:06 +02:00
28cdff5889
tests: add TestCiphertextRange
2015-09-08 22:36:38 +02:00
b13cc9686c
Fix append issue
2015-09-08 22:34:23 +02:00
1ca4fc89aa
More debug logging, improve main_test.go (do not use all-zero content)
2015-09-08 22:03:27 +02:00
Jakob Unterwurzacher