Jakob Unterwurzacher
2362e67a9e
cli: add "-hkdf" option
...
This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
9f17a78b4a
configfile: enable HKDF and Raw64 feature flags by default
...
Also adds a test to verify that they are set in new config
files.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
a80d798c2d
tests: reverse: don't run tests that ignore "-plaintextnames" twice
...
TestMain() runs all tests twice, once with plaintextnames=true and once
with false. Several tests mount their own filesystem and ignore the
plaintextnames variable. It makes no sense to run them twice, so
skip execution when plaintextnames is set.
2017-03-07 20:53:58 +01:00
M. Vefa Bicakci
d48ccb3dda
Report correct symbolic link dentry sizes
...
Prior to this commit, gocryptfs's reverse mode did not report correct
directory entry sizes for symbolic links, where the dentry size needs to
be the same as the length of a string containing the target path.
This commit corrects this issue and adds a test case to verify the
correctness of the implementation.
This issue was discovered during the use of a strict file copying program
on a reverse-mounted gocryptfs file system.
2017-03-07 20:46:58 +01:00
Jakob Unterwurzacher
6e9b6e17c3
tests: configfile: fix spurious test failure II
...
internal/configfile/config_test.go:67: c declared and not used
2017-03-05 23:24:47 +01:00
Jakob Unterwurzacher
b878306d2a
tests: configfile: fix spurious test failure
...
This test fails because Raw64 has been disabled for now.
2017-03-05 23:15:50 +01:00
Jakob Unterwurzacher
b7538fc026
tests: add v1.3 example filesystem
...
This filesystem has both HKDF and Raw64 enabled.
2017-03-05 23:07:52 +01:00
Jakob Unterwurzacher
a8fd8a2516
configfile: disable Raw64 for now
...
Raw64 is supported (but was disabled by default) since gocryptfs
v1.2. However, the implementation was buggy because it forgot
about long names and symlinks.
Disable it for now by default and enable it later, together
with HKDF.
2017-03-05 23:04:54 +01:00
Jakob Unterwurzacher
445b5019e3
nametransform: fix Raw64 not affecting symlink targets
...
The symlink functions incorrectly hardcoded the padded
base64 variant.
2017-03-05 22:59:25 +01:00
Jakob Unterwurzacher
5b54577d2e
nametransform: fix Raw64 not affecting longnames
...
HashLongName() incorrectly hardcoded the call to base64.URLEncoding.
2017-03-05 22:25:41 +01:00
Jakob Unterwurzacher
d0bc7970f7
full stack: implement HKDF support
...
...but keep it disabled by default for new filesystems.
We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
2017-03-05 21:59:55 +01:00
Jakob Unterwurzacher
4fadcbaf68
configfile: reject the "HKDF" flag for now
...
This will be re-enabled once it is implemented.
2017-03-05 18:16:49 +01:00
Jakob Unterwurzacher
decda6d255
configfile: switch on Raw64 by default
...
As we have dropped Go 1.4 compatibility already, and will add
a new feature flag for gocryptfs v1.3 anyway, this is a good
time to enable Raw64 as well.
2017-03-05 18:13:56 +01:00
Jakob Unterwurzacher
b732881518
configfile: switch to 128-bit IVs for master key encryption
...
There is no security reason for doing this, but it will allow
to consolidate the code once we drop compatibility with gocryptfs v1.2
(and earlier) filesystems.
2017-03-05 18:03:03 +01:00
Jakob Unterwurzacher
a8d154765a
README: fix "compatibility" typo
2017-03-05 17:45:59 +01:00
Jakob Unterwurzacher
966308eeb7
Drop Go 1.4 compatability code everywhere
...
Yields a nice reduction in code size.
2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher
e646163442
README: drop Go 1.4 compatability for gocryptfs v1.3
...
Also drop Go 1.4 from Travis CI and update other Go
versions to latest point release.
2017-03-05 17:43:23 +01:00
Jakob Unterwurzacher
874e4fb5e9
cryptocore: rename "BackendTypeEnum" -> "AEADTypeEnum"
...
There are two independent backends, one for name encryption,
the other one, AEAD, for file content.
"BackendTypeEnum" only applies to AEAD (file content), so make that
clear in the name.
2017-03-05 17:10:57 +01:00
Jakob Unterwurzacher
e032539e2c
cryptocore: use eme v1.1 interface
...
Version 1.1 of the EME package (github.com/rfjakob/eme) added
a more convenient interface. Use it.
Note that you have to upgrade your EME package (go get -u)!
2017-03-05 13:58:24 +01:00
Jakob Unterwurzacher
b2f154a9a9
tests: stop calling t.Fatal from example_test_helpers
...
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
2017-03-05 13:39:25 +01:00
Jakob Unterwurzacher
6465fa42a6
test.bash: execute build-without-openssl.bash instead of sourcing it
...
Sourcing the script breaks the "cd $(dirname $0)" logic in
build-without-openssl.bash.
2017-03-05 13:32:28 +01:00
Jakob Unterwurzacher
6cc0aebd71
configfile: define HKDF flag
2017-03-05 12:08:12 +01:00
Jakob Unterwurzacher
b2f3dbb8bd
fusefrontend: when chown'ing a directory, also chown its diriv
...
When filename encryption is active, every directory contains
a "gocryptfs.diriv" file. This file should also change the owner.
Fixes https://github.com/rfjakob/gocryptfs/issues/86
2017-03-02 19:12:21 +01:00
Jakob Unterwurzacher
b765cc526d
main: get rid of third open paniclog fd
...
We have it saved in Stderr and Stdout anyway, let's free this fd
number.
2017-03-02 19:12:21 +01:00
rfjakob
c304626a47
CLI_ABI: smaller markdown subheadings
...
The old ones were rendered by github almost as big as the parent headings.
2017-03-01 23:31:03 +01:00
Peter Reschenhofer
954aa169cc
Update README.md ( #85 )
...
Correcting year in changelog (1.2.1)
2017-02-28 13:59:33 +01:00
Jakob Unterwurzacher
8f51325116
README: update changelog for 1.2.1 release
2017-02-26 21:34:49 +01:00
Jakob Unterwurzacher
d2c0fae4f6
tests: somewhat support testing without openssl
...
You will still get lots of test error, but at least the tests
will run.
2017-02-26 19:53:29 +01:00
Jakob Unterwurzacher
98ecf1f074
MANPAGE: document "-speed"
2017-02-26 19:34:23 +01:00
Jakob Unterwurzacher
f2920f71e8
MANPAGE: document error code 12
2017-02-26 19:30:28 +01:00
Jakob Unterwurzacher
427c6c1719
exitcodes: define code 12 for "password incorrect"
2017-02-26 19:25:23 +01:00
Jakob Unterwurzacher
57612a278b
configfile: rename "kdf.go" -> "scrypt.go"
...
This really only handles scrypt and no other key-derivation functions.
Renaming the files prevents confusion once we introduce HKDF.
renamed: internal/configfile/kdf.go -> internal/configfile/scrypt.go
renamed: internal/configfile/kdf_test.go -> internal/configfile/scrypt_test.go
2017-02-25 18:51:17 +01:00
Jakob Unterwurzacher
a65965783a
stupidgcm: drop only external dependecy
...
This makes it easier to use the package in external projects.
See https://github.com/rfjakob/gocryptfs/issues/79
2017-02-24 09:46:10 +01:00
Jakob Unterwurzacher
43d6aa6677
speed: add benchmark.bash helper
2017-02-24 09:38:50 +01:00
Jakob Unterwurzacher
be19b91a52
README: fix typo and simplify MANPAGE text
2017-02-23 00:14:20 +01:00
Jakob Unterwurzacher
477071d673
speed: fix build for Go 1.4 and lower
...
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:
internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
2017-02-23 00:04:51 +01:00
Jakob Unterwurzacher
1e03e059fa
Implement "gocryptfs -speed"
...
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
2017-02-22 23:56:34 +01:00
Jakob Unterwurzacher
b056776a01
tests: adapt dir overwrite test for Go 1.8
...
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
2017-02-20 21:27:37 +01:00
Jakob Unterwurzacher
cb2d1fbcf8
Travis CI: also test with Go 1.8
...
(Currently failing the tests!)
2017-02-20 21:27:26 +01:00
Jakob Unterwurzacher
e406eb22ba
Get rid of remaining $GOPATH dependencies
2017-02-20 21:26:42 +01:00
Jakob Unterwurzacher
166c62fd21
build.bash: use $(go env GOPATH)
2017-02-20 21:26:18 +01:00
Jakob Unterwurzacher
1139c27c36
build.bash: deduplicate build call
2017-02-19 20:27:29 +01:00
Jakob Unterwurzacher
10361a907a
build.bash: GOPATH may be unset since Go v1.8. Handle it.
2017-02-19 20:14:46 +01:00
Jakob Unterwurzacher
7fbe69bfa6
tests.bash: OSX compat: use "flock -n" and skip openssl build
...
Mac OS X flock does not support "--nonblock", but does support "-n":
https://github.com/discoteq/flock/blob/master/man/flock.1.ronn
Skip the openssl build because it requires
1) openssl
2) fixing the import paths in gocryptfs
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-280464400
2017-02-17 19:43:16 +01:00
Jakob Unterwurzacher
07b4b9d60b
Travis: set clone depth to 100
...
Otherwise the build fails once you have more than 50 commits
since the last tag.
You'd get:
$ ./build.bash
fatal: No names found, cannot describe anything.
2017-02-16 21:24:33 +01:00
Jakob Unterwurzacher
62e7eb7d04
tests: reverse: check Access() call
2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher
45c1ea499e
fusefrontend_reverse: handle .name files in Access()
...
These were currently passed to decryptPath() were it caused
a warning.
2017-02-16 21:16:42 +01:00
Jakob Unterwurzacher
55d0523dbe
tests: configfile: add missing newlines in verbose output
2017-02-16 19:45:20 +01:00
Jakob Unterwurzacher
0b19e637c9
tests: OSX compat: wrap Stat_t atime extract
...
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:39:56 +01:00
Jakob Unterwurzacher
8bbc1038fe
syscallcompat: OSX compat: fix variable warnings
...
As suggested by
https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:23:17 +01:00