Jakob Unterwurzacher
a985096b50
contrib: pam_mount: check if something is already mounted on DST
...
pam_mount is supposed to check that as well, but it seems to get confused
by the "command#path" syntax used for FUSE. Let's do it here.
2016-10-09 00:32:49 +02:00
Jakob Unterwurzacher
e220b24c5a
tests: add test for "mountpoint shadows cipherdir" logic
2016-10-09 00:03:39 +02:00
Jakob Unterwurzacher
dc4fdd8f44
main: fix shadow detection logic
...
This fired incorrectly:
Mountpoint "/home/testuser" would shadow cipherdir "/home/testuser.cipher", this is not supported
2016-10-08 23:50:19 +02:00
Jakob Unterwurzacher
12f8ba85c2
LICENSE: add full name
2016-10-08 23:41:22 +02:00
Jakob Unterwurzacher
22f96bfce6
contrib: pam_mount: add instructions for whole-home-dir encryption
2016-10-08 22:30:19 +02:00
Jakob Unterwurzacher
610a242ec6
contrib: pam_mount: add documentation and wrapper
...
See ticket #34
2016-10-08 22:30:13 +02:00
Jakob Unterwurzacher
d25fcc6a4b
reverse: gocryptfs.conf was missing from the directory listings
...
Fix the test for that and add checks in example_filesystems_test.
2016-10-08 22:25:08 +02:00
Jakob Unterwurzacher
8efef4b3d6
tests: unmount leftover filesystems before starting the tests
...
A panic during the tests can leave mounted filesystems behind.
2016-10-08 21:59:21 +02:00
Jakob Unterwurzacher
79e3e28671
tests: add v1.1-reverse-plaintextnames example filesystem
2016-10-08 21:49:21 +02:00
Jakob Unterwurzacher
eb51a1ed20
tests: add v1.1-reverse example filesystem
2016-10-08 21:45:11 +02:00
Jakob Unterwurzacher
3c2c3453ad
tests: add v1.1-aessiv example filesystem
...
Also move the example content into "content".
2016-10-08 21:45:01 +02:00
Jakob Unterwurzacher
e47577834b
reverse: merge config translation check into isTranslatedConfig
...
Also get rid of useless isFiltered function.
2016-10-08 21:14:16 +02:00
Jakob Unterwurzacher
f054353bd3
reverse: make gocryptfs.conf mapping plaintextnames-aware
...
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
dde4a66454
tests: pass "-nosyslog"
...
We want to see panics and warnings on the console
2016-10-08 19:36:26 +02:00
Jakob Unterwurzacher
8c89e2da0c
tests: invert ResetTmpDir argument
...
As reverse also does not want a diriv file, the "plaintextNames"
argument became a misnomer.
2016-10-08 19:22:59 +02:00
Jakob Unterwurzacher
29c8ca85d8
tests: matrix: have the testcase struct as a global variable
...
Future tests will need more info about the running test case.
2016-10-08 19:18:56 +02:00
Jakob Unterwurzacher
084cd597ab
tests: matrix: convert to table-based style
...
And add AES-SIV
2016-10-08 19:16:05 +02:00
Jakob Unterwurzacher
04cdc695f0
main: error out when the mount shadows the cipherdir
...
For example, we cannot mount "/home/user/.cipher" at "/home/user"
because the mount will hide ".cipher" also for us.
Doing it anyway used to cause a nasty hang.
2016-10-08 18:43:31 +02:00
Jakob Unterwurzacher
631c538f13
main: split doMount into its own file
...
Ongoing effort to reduce the size of main().
2016-10-08 18:43:24 +02:00
Jakob Unterwurzacher
89bcc50294
main: check if the config file can opened before prompting for password
...
This was frustrating:
$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied
2016-10-08 17:19:55 +02:00
Jakob Unterwurzacher
9b1a35174b
MANPAGE: note that "-f" implies "-nosyslog"
...
Also explain why AES-SIV exists.
2016-10-07 23:02:04 +02:00
Jakob Unterwurzacher
14fd5ce598
main: daemonize more thoroughly
...
As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs.
2016-10-07 22:44:28 +02:00
Jakob Unterwurzacher
53257f4ee5
nametransform: better error code on invalid diriv length
...
go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case.
2016-10-07 22:40:30 +02:00
Jakob Unterwurzacher
45dfc90a2f
main: clarify nosyslog code path
...
Split the block up and add a comment why notifypid is important.
2016-10-07 00:05:46 +02:00
Jakob Unterwurzacher
434ce50db3
main: add "-nonempty" option
2016-10-06 22:41:13 +02:00
Jakob Unterwurzacher
ff48dc1aab
reverse: initialize the longname cache only when reverse mode is used
...
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-05 22:22:28 +02:00
Jakob Unterwurzacher
a4956fa6bf
A few more lint fixes
2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5
lint fixes
2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
31a8f8b839
tests: skip "go tool vet" if the command is not available
...
"vet" is not availably by default on Go 1.4.
2016-10-04 22:42:30 +02:00
Jakob Unterwurzacher
49c73f84f5
tests: drop Go 1.3.3 from Travis testing
...
Does not support testing.M, which means we cannot run the
test suite, which means we cannot claim to support it at
all.
2016-10-04 22:34:13 +02:00
Jakob Unterwurzacher
db5782028a
tests: skip tests with -openssl=false on Go 1.4 and lower
...
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test.
2016-10-04 22:34:12 +02:00
Jakob Unterwurzacher
b80d01056f
tests: enable FUSE tests on Travis CI
2016-10-04 22:34:07 +02:00
Jakob Unterwurzacher
67a959eebf
tests: symlink to "/" instead of "/etc/motd"
...
This file does not exist on all systems, causing spurious
test failures.
See #40 , #43
2016-10-04 22:01:47 +02:00
Jakob Unterwurzacher
95db38912b
tests: fallocate: skip some disk usage checks on btrfs
...
The expected allocated sizes are verified for tmpfs and ext4.
btrfs gives different results, but that's not an error.
Also, simplify test_helpers.Du and several code paths.
Fixes #43 .
2016-10-04 21:57:13 +02:00
Romain
db72a4489d
fusefrontend_reverse cast Stat_t.Dev to uint64 ( #44 )
...
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t ) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go ) it's an `int32`.
2016-10-04 15:03:47 +02:00
Jakob Unterwurzacher
b068ffbff9
maxlen.bash: result was 1 too high
...
Additionally, output 0 instead of 7 on permission errors.
2016-10-04 10:26:22 +02:00
Jakob Unterwurzacher
56c0b19612
without_openssl: support compiling completely without openssl
...
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
a00402cc47
cryptocore: rename "gcm" variable to generic "aeadCipher"
...
As we now also support AES-SIV the old name is no longer
correct.
2016-10-04 00:17:09 +02:00
Jakob Unterwurzacher
bb52937834
cryptocore: derive 512-bit key for AES-SIV
...
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
2016-10-04 00:16:56 +02:00
Jakob Unterwurzacher
46018785b4
siv_aead: Overhead is always 16
...
Add a test for that.
Also test operations using a 64-byte key.
2016-10-03 23:58:19 +02:00
Jakob Unterwurzacher
b7be386e46
xray: print block offsets
2016-09-29 22:13:26 +02:00
Jakob Unterwurzacher
a2510efe12
reverse: use per-purpose nonce generation
...
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
2016-09-29 21:56:49 +02:00
Jakob Unterwurzacher
bce96b5095
reverse: move newDirIVFile into virtualfile.go
...
After all, is's a virtual file.
2016-09-28 23:30:13 +02:00
Jakob Unterwurzacher
35fb6583e6
main: get rid of duplicate "extpass" message
...
$ gocryptfs -init -extpass "echo test" a
Using password provided via -extpass. <<< DUPLICATE
Reading password from extpass program
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
2016-09-28 20:47:01 +02:00
Jakob Unterwurzacher
4b934f1a72
README: storage overhead is 32 bytes
...
As stated in file-format.md.
2016-09-26 23:46:37 +02:00
Jakob Unterwurzacher
e9bb8b800c
reverse: switch from GCM-SIV to AES-SIV
...
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
d9fc652df0
siv_aead: add AES-SIV AEAD wrapper
2016-09-26 23:06:40 +02:00
Jakob Unterwurzacher
0e277ba19e
stupidgcm: add GCM-SIV benchmark
...
On a CPU without AES-NI:
$ go test -bench .
Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s
Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s
Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
2016-09-25 20:04:55 +02:00
Jakob Unterwurzacher
32e35adcad
tests: add reverse linux tarball test
2016-09-25 20:04:03 +02:00
Jakob Unterwurzacher
28838a489d
nametransform: downgrade invalid length warning
...
This happens all the time in reverse mode when somebody stats
an encrypted symlink target.
2016-09-25 19:50:16 +02:00