d15122d3d6
Add Go 1.4 compatibility layer for raw64
...
Using raw64 will not work, but at least it will compile.
2016-11-01 19:25:59 +01:00
2b991c9743
Add support for unpadded base64 filenames, "-raw64"
...
Through base64.RawURLEncoding.
New command-line parameter "-raw64".
2016-11-01 18:43:22 +01:00
944eaf2fb5
fusefronted: expire dir IV cache after one second
...
The Back In Time backup tool (https://github.com/bit-team/backintime )
wants to write directly into the ciphertext dir.
This may cause the cached directory IV to become out-of-date.
Having an expiry time limits the inconstency to one second, like
attr_timeout does for the kernel getattr cache.
2016-11-01 10:57:39 +01:00
a9c7565b80
fusefrontend: refactor dirIVCache
...
Simplify the code a bit.
2016-11-01 10:34:41 +01:00
c2192cfcad
fusefrontend: drop atime workarounds
...
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
2016-10-30 16:29:36 +01:00
85f1fd0b0f
fusefronted: more concise corrupt block log message
...
Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists.
2016-10-28 21:18:36 +02:00
012152f3d1
fusefrontend: I/O error instead of panic on all-zero nonce
...
Running xfstests generic/075 on tmpfs often triggered a panic
for what seems to be a tmpfs bug.
Quoting from the email to lkml,
http://www.spinics.net/lists/kernel/msg2370127.html :
tmpfs seems to be incorrectly returning 0-bytes when reading from
a file that is concurrently being truncated.
2016-10-28 21:18:36 +02:00
a08d55f42d
fusefronted: optimize NFS streaming writes by saving one Stat()
...
Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.
On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s.
2016-10-28 21:17:53 +02:00
d64ccf7cf4
fusefrontend: move hole padding check out of Write()
...
The details of the hole handling don't have to be in
Write, so move it away.
2016-10-25 22:37:45 +02:00
6538dc15af
fusefrontend: rename "createsHole" to clearer "createsCiphertextHole"
...
...and add comments for what is happening.
2016-10-25 21:19:37 +02:00
aeda9721d0
Fix misspellings
...
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-24 19:18:13 +02:00
a74a7e7f54
configfile: add newline at the end
...
For convenience for the user, add a newline at the end.
Reported as #51 .
2016-10-21 08:43:39 +02:00
589748548f
tests: add 1980.tar.gz extract test
...
Test that we get the right timestamp when extracting a tarball.
Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
2016-10-19 22:25:54 +02:00
600ceece35
lint fixes
2016-10-19 01:12:45 +02:00
891a3b4c8a
fusefrontend: Utimens: one more band-aid
...
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16 20:20:00 +02:00
c487e176bd
main: allow password change with -masterkey
...
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-16 18:17:28 +02:00
b2d33028a6
readpassword: check extpass return code
...
...and exit if it is not zero.
2016-10-16 16:44:27 +02:00
5144470e3d
fusefrontend: Utimens: ugly band-aid for nil pointer crash in go-fuse
...
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16 15:08:05 +02:00
35219d0022
fusefrontend: log missing gocryptfs.diriv
...
This can happen during normal operation when the directory has
been deleted concurrently. But it can also mean that the
gocryptfs.diriv is missing due to an error, so log the event
at "info" level.
2016-10-16 15:04:59 +02:00
828f718483
fusefrontend: Also preserve the owner in Mkdir
...
This already worked for files but was missing for dirs.
2016-10-10 08:53:29 +02:00
d3b78fea95
reverse: add panics against API abuse
...
These should help prevent later programming errors.
2016-10-09 17:05:12 +02:00
d25fcc6a4b
reverse: gocryptfs.conf was missing from the directory listings
...
Fix the test for that and add checks in example_filesystems_test.
2016-10-08 22:25:08 +02:00
e47577834b
reverse: merge config translation check into isTranslatedConfig
...
Also get rid of useless isFiltered function.
2016-10-08 21:14:16 +02:00
f054353bd3
reverse: make gocryptfs.conf mapping plaintextnames-aware
...
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
2016-10-08 20:57:38 +02:00
53257f4ee5
nametransform: better error code on invalid diriv length
...
go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case.
2016-10-07 22:40:30 +02:00
ff48dc1aab
reverse: initialize the longname cache only when reverse mode is used
...
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-05 22:22:28 +02:00
a4956fa6bf
A few more lint fixes
2016-10-04 23:30:05 +02:00
b764917cd5
lint fixes
2016-10-04 23:18:33 +02:00
db5782028a
tests: skip tests with -openssl=false on Go 1.4 and lower
...
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test.
2016-10-04 22:34:12 +02:00
db72a4489d
fusefrontend_reverse cast Stat_t.Dev to uint64 ( #44 )
...
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t ) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go ) it's an `int32`.
2016-10-04 15:03:47 +02:00
56c0b19612
without_openssl: support compiling completely without openssl
...
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
a00402cc47
cryptocore: rename "gcm" variable to generic "aeadCipher"
...
As we now also support AES-SIV the old name is no longer
correct.
2016-10-04 00:17:09 +02:00
bb52937834
cryptocore: derive 512-bit key for AES-SIV
...
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
2016-10-04 00:16:56 +02:00
46018785b4
siv_aead: Overhead is always 16
...
Add a test for that.
Also test operations using a 64-byte key.
2016-10-03 23:58:19 +02:00
a2510efe12
reverse: use per-purpose nonce generation
...
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
2016-09-29 21:56:49 +02:00
bce96b5095
reverse: move newDirIVFile into virtualfile.go
...
After all, is's a virtual file.
2016-09-28 23:30:13 +02:00
e9bb8b800c
reverse: switch from GCM-SIV to AES-SIV
...
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
d9fc652df0
siv_aead: add AES-SIV AEAD wrapper
2016-09-26 23:06:40 +02:00
0e277ba19e
stupidgcm: add GCM-SIV benchmark
...
On a CPU without AES-NI:
$ go test -bench .
Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s
Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s
Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
2016-09-25 20:04:55 +02:00
28838a489d
nametransform: downgrade invalid length warning
...
This happens all the time in reverse mode when somebody stats
an encrypted symlink target.
2016-09-25 19:50:16 +02:00
5f4b16c00f
Implement changes proposed by gosimple.
...
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25 19:48:21 +02:00
166ba74a05
tests: enable all go vet checks
...
...and fix reported errors:
internal/fusefrontend_reverse/rfile.go:40: github.com/rfjakob/gocryptfs/internal/contentenc.FileHeader composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:249: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
internal/fusefrontend_reverse/rfs.go:264: github.com/hanwen/go-fuse/fuse.DirEntry composite literal uses unkeyed fields
2016-09-25 19:02:12 +02:00
c7b3150afc
nametransform: delete unused function DecryptPathDirIV
2016-09-25 18:56:23 +02:00
abd61d968d
contentenc: rename constant "IVBitLen" to "DefaultIVBits" and clarify comment
...
128-bit IVs are NOT used everywhere.
2016-09-25 18:40:29 +02:00
b883dd10a6
reverse: add symlink encryption and Readlink support
2016-09-25 18:01:24 +02:00
12808138ef
contentenc: add "ExternalNonce" mode
...
This will be used for strong symlink encryption in reverse mode.
2016-09-25 17:44:19 +02:00
32e55261ca
fusefrontend: handle Readlink directly
...
Calling into go-fuse's loopbackFileSystem does not add
any value here.
2016-09-25 17:01:39 +02:00
2050c7f3b3
reverse: add gcmsiv flag and associated tests
2016-09-25 16:43:17 +02:00
7bbf6ad6ea
reverse: derive file ID and block IVs from file paths
2016-09-25 16:43:17 +02:00
52a6f4f71e
reverse: add longnameParentCache
...
findLongnameParent has to read the whole directory to find the
right file; add a simple cache to avoid most directory scans.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher