| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Now the testing functions will skip the integration tests if a testing
filesystem is not specified.
|
|
|
|
|
|
This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.
This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
* filesystem.AllFilesystems() now returns all the filesystems in
sorted order
* certain path methods are now public
O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.
Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0
|
|
This commit changes how we handle InvalidInput and System errors.
Instead of having formatting functions, the now just wrap a string and
should be created with fmt.Sprintf or similar. We also move all of the
error related code into a single place.
Finally, the utils package gets additional functionality with MinInt64
and GetUsername, and the UnderlyingError function gets better logging.
Note that this will break packages that depend on it. For instance,
metadata and crypto currently do not build. This is fixed in a later
commit.
Change-Id: I819e4d1970604456a5b4b6a7c86426f180a6d092
|
|
This commit adds in the concept of recovery codes: human-readable
strings that contain the necessary information to rederive a
cryptographic key. These keys look like:
73PZBXVP-DKJX7SKV-NNTFIC7A-QEGRPZUX-4K5ORRH2-MTKMKP3B-HFCA====
They are input or output directly to a io.Reader or io.Writer
respectively. This prevents the data from passing through unsecured
memory before it gets to its destination. Of course, if the provided
io.Reader or io.Writer is insecure, there is nothing we can do. In most
cases the provided io.Reader or io.Writer will be stdin or stdout. In
some rare cases you might want to pipe the output to another key.
This commit also adds tests and benchmarks for encoding/decoding
recovery codes. It also tests that encoding/decoding will fail in the
correct situations. A benchmark is also added to measure the effect of
locking the keys in memory.
Change-Id: Ifa0bc4c08582789785cf1cdd9a4acfe76c79534f
|
|
This commit adds in the ability to get and set policy data from go using
the GetPolicy and SetPolicy functions. This is done via a patch of the
x/sys/unix package that exposes the filesystem encryption structures.
Note that not all the fields of the PolicyData protocol buffer are
needed to get and set policies. The wrapped_policy_keys are not used and
will be written and read by other components of fscrypt.
To run the policy tests, the environment variable BASE_TEST_DIR must be
set to a directory for testing on a filesystem that supports encryption.
Change-Id: I13b1d983356845f3ffc1945cedf53234218f32e5
|
|
This commit adds in the util package. This package provides
two functions for creating errors. These functions are:
- InvalidInputErrorF - bad input from user or caller
- SystemErrorF - low level failure
It also adds in a small function for converting Go byte slices into C
void pointers. This will be very useful for interoperating with C.
Change-Id: I87ad7946dd5fa26e28927590aff4bcc9fd5ce4f7
|
