Jakob Unterwurzacher
6c6947126d
cryptocore: zero derived keys
...
Zero the HKDF-derived keys when we don't need them
anymore, and let the variable run of of scope.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 16:07:09 +01:00
Jakob Unterwurzacher
344d7e0a6f
siv_aead: create private key copy and implement wiping
...
Having a private copy relieves the caller from worrying about
whether he can zero his copy. The copy can be cleared by
calling Wipe().
2018-02-18 16:01:46 +01:00
Jakob Unterwurzacher
adf7d75d31
main: changePassword: zero masterkey
...
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.
Also get rid of the password duplicate in
readpassword.Twice.
2018-02-18 15:36:14 +01:00
Jakob Unterwurzacher
3b8f5cbb17
readpassword: convert from string to []byte
...
This will allows us to overwrite the password
with zeros once we are done with it.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 14:26:54 +01:00
Jakob Unterwurzacher
bd78b44389
cryptocore, main: add two comments
...
While reading the code, I had to think about what it
does, so add a comment that explains it.
2018-02-18 12:41:11 +01:00
Jakob Unterwurzacher
0efd220d1e
configfile: overwrite and let keys run out of scope
...
As soon as we don't need them anymore, overwrite
keys with zeros and make sure they run out of scope
so we don't create a risk of inadvertedly using all-zero
keys for encryption.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 12:39:44 +01:00
Jakob Unterwurzacher
72ddbae1e6
stupidgcm: create private copy of the key
...
Relieves the caller from worrying about whether they
can overwrite the key.
2018-02-18 12:35:51 +01:00
Jakob Unterwurzacher
18f6c6106c
main: try to wipe cryptocore's secret keys on unmount
...
Raise the bar for recovering keys from memory.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 11:39:10 +01:00
Jakob Unterwurzacher
719693ec5d
fusefrontend[_reverse]: move crypto init up to caller
...
Both fusefrontend and fusefrontend_reverse were doing
essentially the same thing, move it into main's
initFuseFrontend.
A side-effect is that we have a reference to cryptocore
in main, which will help with wiping the keys on exit
(https://github.com/rfjakob/gocryptfs/issues/211 ).
2018-02-18 11:21:58 +01:00
Jakob Unterwurzacher
eeed4b4bef
stupidgcm: implement key wipe
...
Not bulletproof due to possible GC copies, but
still raises to bar for extracting the key.
https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17 15:14:55 +01:00
Jakob Unterwurzacher
7e0fefe970
stupidgcm: switch to pointer receivers
...
What the key slice does not get copied around
will make it possible to check if the key has been wiped.
2018-02-17 15:02:01 +01:00
Jakob Unterwurzacher
8151222ada
gccgo: skip emulateGetdents on linux
...
The test is known to fail on gccgo
(https://github.com/rfjakob/gocryptfs/issues/201 ), but
getdents emulation is not used on linux, so let's skip
the test and ignore the failure.
2018-02-04 21:14:12 +01:00
Felix Lechner
bf2f9640c4
Fix spelling ( #205 )
2018-02-04 20:38:22 +01:00
Felix Lechner
5b986288cf
Fix assignment error in Unix2syscall by converting Timespec into Nsec ( #203 )
...
$ go.gcc build
# github.com/rfjakob/gocryptfs/internal/syscallcompat
internal/syscallcompat/unix2syscall_linux.go:32:13: error: incompatible types in assignment (cannot use type int64 as type syscall.Timespec_sec_t)
s.Atim.Sec = u.Atim.Sec
^
2018-02-03 13:42:49 +01:00
Jakob Unterwurzacher
9f8d0d8e57
gccgo: replace syscall.NAME_MAX with unix.NAME_MAX
...
For some reason the syscall.NAME_MAX constant does not exist
on gccgo, and it does not hurt us to use unix.NAME_MAX instead.
https://github.com/rfjakob/gocryptfs/issues/201
2018-02-01 23:50:11 +01:00
Jakob Unterwurzacher
26ba8103bf
syscallcompat: switch from syscall.Getdents to unix.Getdents
...
On mips64le, syscall.Getdents() and struct syscall.Dirent do
not fit together, causing our Getdents implementation to
return garbage ( https://github.com/rfjakob/gocryptfs/issues/200
and https://github.com/golang/go/issues/23624 ).
Switch to unix.Getdents which does not have this problem -
the next Go release with the syscall package fixes is too
far away, and will take time to trickle into distros.
2018-01-31 18:59:10 +01:00
Jakob Unterwurzacher
f3838c09d8
syscallcompat: hardcode maxReclen = 280 for all architectures
...
Due to padding between entries, it is 280 even on 32-bit architectures.
See https://github.com/rfjakob/gocryptfs/issues/197 for details.
2018-01-25 22:22:13 +01:00
Jakob Unterwurzacher
b318572312
syscallcompat: fix reversed warning output
...
We used to print somewhat strange messages:
Getdents: corrupt entry #1 : Reclen=276 > 280. Returning EBADR
Reported at https://github.com/rfjakob/gocryptfs/issues/197
2018-01-25 21:42:15 +01:00
Jakob Unterwurzacher
ea51837361
fusefrontend: drop unused haveGetdents warning
...
We don't actually print that warning anymore.
2018-01-25 09:06:06 +01:00
Jakob Unterwurzacher
de878a3346
syscallcompat: explain why we don't use syscall.ParseDirent()
...
syscall.ParseDirent only returns the NAMES, we want
everything.
2018-01-25 08:43:30 +01:00
Jakob Unterwurzacher
a2677bce2a
fusefrontend_reverse: use OpenNofollow in virtualFile.GetAttr
...
Makes it robust against symlink races.
Final piece, closes https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17 21:36:38 +01:00
Jakob Unterwurzacher
959e1fc1e2
fusefrontend_reverse: use OpenNofollow in findLongnameParent
...
Protects findLongnameParent against symlink races.
Also add comments to several functions along the way.
Reported at https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17 20:54:05 +01:00
Jakob Unterwurzacher
8951eb2472
fusefronted: add PlaintextNames special-cases for Create & Rename
...
gocryptfs.longname.XXX files were considered magic in PlaintextNames
mode, which was wrong.
Fix that and add tests.
Fixes https://github.com/rfjakob/gocryptfs/issues/174
2018-01-17 00:25:36 +01:00
Jakob Unterwurzacher
36ffd813cd
Run go fmt
2018-01-16 23:18:53 +01:00
Sebastian Lackner
a85dbcab38
fusefrontend: Use Linkat syscall to implement Link
2017-12-25 15:07:37 +01:00
Sebastian Lackner
a24342f656
fusefrontend: Handle PlaintextNames mode in Link
...
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning.
https://github.com/rfjakob/gocryptfs/issues/174
2017-12-25 15:07:37 +01:00
Sebastian Lackner
631974f9e0
fusefrontend_reverse: Use O_DIRECTORY in OpenDir implementation
...
Also get rid of the defer - it is not really necessary here.
2017-12-11 21:18:20 +01:00
Sebastian Lackner
96dc2ca709
fusefrontend_reverse: Reject access to device nodes in newFile function
...
Steps to reproduce:
* Create a regular reverse mount point
* Create a file "test" in the original directory
* Access the corresponding encrypted directory in the mount point (ls <encrypted dir>)
* Quickly delete the file in the original data - instead create a device node
* Access the file again, it will access the device node and attempt to read from it
Fixes https://github.com/rfjakob/gocryptfs/issues/187
2017-12-11 09:55:16 +01:00
Sebastian Lackner
3af51736f3
fusefrontend_reverse: Use openBackingDir in GetAttr
...
Also fixes 48bd59f38843e5ebd4e4c9f666f1aea1c9990803 - the directory FD should
also be closed in case of an error.
2017-12-07 23:36:11 +01:00
Sebastian Lackner
ad0f110191
fusefrontend_reverse: Use openBackingDir in Readlink
2017-12-07 23:36:11 +01:00
Jakob Unterwurzacher
48bd59f388
fusefrontend_reverse: fix fd leak in GetAttr
...
Fixes https://github.com/rfjakob/gocryptfs/issues/184
2017-12-07 09:01:12 +01:00
Jakob Unterwurzacher
87736eb833
fusefrontend_reverse: secure Access against symlink races (somewhat)
...
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW,
so this is not completely atomic.
Given that the information you get from access is not very
interesting, it seems good enough.
https://github.com/rfjakob/gocryptfs/issues/165
2017-12-07 00:11:35 +01:00
Jakob Unterwurzacher
2ceef01afe
syscallcompat: add Faccessat
...
Add faccessat(2) with a hack for symlink, because the
kernel does not actually looks at the passed flags.
From man 2 faccessat:
C library/kernel differences
The raw faccessat() system call takes only the first three argu‐
ments. The AT_EACCESS and AT_SYMLINK_NOFOLLOW flags are actually
implemented within the glibc wrapper function for faccessat().
2017-12-07 00:05:28 +01:00
Jakob Unterwurzacher
e042eb38fa
fusefrontend_reverse: secure Readlink against symlink races
...
...by using Readlinkat.
Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
2017-12-06 21:13:08 +01:00
Jakob Unterwurzacher
f97494e89b
syscallcompat: add Readlinkat
...
We need readlinkat to implement Readlink
symlink-race-free.
2017-12-06 21:07:24 +01:00
Jakob Unterwurzacher
6beb45e5b7
syscallcompat: add Darwin version of unix2syscall
...
The "Atim" field is called "Atimespec" on Darwin,
same for Mtim and Ctim.
2017-12-06 00:18:38 +01:00
Jakob Unterwurzacher
a3bdc2bf2b
fusefrontend_reverse: secure GetAttr against symlink races
...
...by using the OpenNofollow helper & Fstatat.
Also introduce a helper to convert from unix.Stat_t to
syscall.Stat_t.
Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
2017-12-06 00:06:31 +01:00
Jakob Unterwurzacher
03bf604fc0
syscallcompat: OpenNofollow: use O_DIRECTORY flag
...
...when opening intermedia directories to give us an
extra layer of safety.
From the FreeBSD man page:
This flag can be used to prevent applications with elevated
privileges from opening files which are even unsafe to open with O_RDONLY,
such as device nodes.
2017-12-05 23:31:07 +01:00
Jakob Unterwurzacher
926cb93b50
fusefrontend_reverse: secure OpenDir against symlink races
...
...by using the new OpenNofollow helper.
The benchmark shows a small but acceptable performance loss:
$ ./benchmark-reverse.bash
LS: 2.182
CAT: 18.221
Tracking ticket: https://github.com/rfjakob/gocryptfs/issues/165
2017-12-05 23:14:12 +01:00
Jakob Unterwurzacher
e604ce6dea
syscallcompat: OpenNofollow: fix relPath="" case
...
Sometimes want to open baseDir itself. This case
was broken, fix it.
2017-12-05 23:08:55 +01:00
Jakob Unterwurzacher
70bcf58a9b
syscallcompat: convert Getdents to fd input, add emulation
...
Now that we have Fstatat we can use it in Getdents to
get rid of the path name.
Also, add an emulated version of getdents for MacOS. This allows
to drop the !HaveGetdents special cases from fusefrontend.
Modify the getdents test to test both native getdents and the emulated
version.
2017-12-03 19:33:26 +01:00
Jakob Unterwurzacher
e33593d30d
syscallcompat: add Fstatat + emulation + test
...
Fstatat has recently been added to x/sys/unix. Make
it available for use in gocryptfs.
2017-12-03 19:32:59 +01:00
Jakob Unterwurzacher
441e796e70
fusefrontend_reverse: secure StatFs agains symlink races
...
...by ignoring the path that was passed in.
https://github.com/rfjakob/gocryptfs/issues/165
2017-12-02 21:36:07 +01:00
Jakob Unterwurzacher
316b916358
fusefrontend_reverse: secure Open against symlink races
...
...using the new syscallcompat.OpenNofollow helper.
This change secures Open() against symlink race attacks
as described in https://github.com/rfjakob/gocryptfs/issues/165
2017-12-02 21:07:56 +01:00
Jakob Unterwurzacher
91e042e2ba
syscallcompat: add OpenNofollow helper
...
OpenNofollow = symlink-race-safe Open
Prepares fixing https://github.com/rfjakob/gocryptfs/issues/165
2017-12-02 20:35:44 +01:00
Jakob Unterwurzacher
1d28973611
syscallcompat: move test setup into its own file
...
The infrastructure will also be used by the upcoming
OpenNofollow tests.
2017-12-02 19:57:23 +01:00
Jakob Unterwurzacher
77191c3485
syscallcompat: use Unlinkat and Symlinkat from x/sys/unix
...
I'm unsure why I did not notice this earlier, but the
syscall wrappers provided by x/sys/unix seem to do just
fine.
Drop our own version.
2017-12-02 18:36:18 +01:00
Sebastian Lackner
616a468180
syscallcompat: Improve the Openat and Mknodat syscall emulation
...
This avoids the conversion to an absolute path.
2017-12-01 09:41:52 +01:00
Sebastian Lackner
f30522a0c1
syscallcompat: Fix syscall emulation for absolute paths
...
For absolute paths, the file descriptor should be ignored. In such a case
there is also no need to hold the lock or change the working directory.
2017-12-01 09:41:52 +01:00
Sebastian Lackner
9bcde0c09e
fusefrontend: Improve documentation of mkdirWithIv and WriteDirIV
...
As requested in https://github.com/rfjakob/gocryptfs/pull/179
2017-12-01 09:41:52 +01:00