From 2c52eca8727df744d093703bbcbd87fc39d57d30 Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Wed, 28 Jun 2017 13:57:55 -0700 Subject: [PATCH] Finalize import paths and documentation This commit changes all the internal import paths from `fscrypt/foo` to `github.com/google/fscrypt/foo` so that it can be built once we release externaly. The documentation in README.md is updated accordingly. Also, the README has a note noting that we do not make any guarantees about project stability before 1.0 (when it ships with Ubuntu). Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280 --- Makefile | 4 +-- README.md | 40 ++++++++++++---------------- actions/callback.go | 6 ++--- actions/config.go | 7 +++-- actions/context.go | 6 ++--- actions/context_test.go | 3 ++- actions/policy.go | 8 +++--- actions/protector.go | 4 +-- actions/protector_test.go | 8 +++--- cmd/fscrypt/commands.go | 6 ++--- cmd/fscrypt/errors.go | 8 +++--- cmd/fscrypt/flags.go | 3 ++- cmd/fscrypt/format.go | 2 +- cmd/fscrypt/keys.go | 8 +++--- cmd/fscrypt/prompt.go | 4 +-- cmd/fscrypt/protector.go | 6 ++--- cmd/fscrypt/setup.go | 2 +- cmd/fscrypt/status.go | 6 ++--- crypto/crypto.go | 4 +-- crypto/crypto_test.go | 50 +++++++++++++++++------------------ crypto/key.go | 5 ++-- crypto/recovery_test.go | 3 ++- filesystem/filesystem.go | 4 +-- filesystem/filesystem_test.go | 44 +++++++++++++++--------------- metadata/checks.go | 2 +- metadata/policy.go | 2 +- metadata/policy_test.go | 7 ++--- pam/login.go | 4 +-- vendor/vendor.json | 14 +++++++++- 29 files changed, 139 insertions(+), 131 deletions(-) diff --git a/Makefile b/Makefile index 09d5558..dc24e67 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ VERSION = 0.1.0 BUILD_TIME = $(shell date) CFLAGS += -O2 -Wall -CMD_DIR = $(NAME)/cmd/$(NAME) +CMD_DIR = github.com/google/$(NAME)/cmd/$(NAME) # The code below lets the caller of the makefile change the build flags for # fscrypt in a familiar manner. For example, to force the program to statically @@ -75,7 +75,7 @@ format: @find . -name "*.h" -o -name "*.c" -not -path "./vendor/*" | xargs clang-format -i -style=Google install: - go install $(CMD_DIR) + go install $(GOFLAGS) $(CMD_DIR) install_all: govendor install $(GOFLAGS) +local diff --git a/README.md b/README.md index 24f603e..615e19d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ fscrypt is a high-level tool [written in Go](https://golang.org) for the management of [Linux filesystem encryption](https://lwn.net/Articles/639427). This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories. -For a small low-level tool that directly manipulates keys and policies, see +For a small low-level tool that directly sets policies, see [fscryptctl](https://github.com/google/fscryptctl). To use fscrypt, you must have a filesystem with encryption enabled and a @@ -36,7 +36,7 @@ filesystem metadata) is encrypted with this single key when using dm-crypt, while fscrypt only encrypts the filenames and file contents in a specified directory. Note that using both dm-crypt and fscrypt simultaneously will give the protections and benefits of both; however, this may cause a decrease in -your performance, as files contents are encrypted twice. +your performance, as file contents are encrypted twice. Once example of a reasonable setup could involve using dm-crypt with a TPM or Secure boot key, while using fscrypt for the contents of a home directory. This @@ -45,7 +45,7 @@ user's personal documents to their passphrase. On the other hand, eCryptfs is another form of filesystem encryption on Linux; it encrypts a filesystem directory with some key or passphrase. eCryptfs sits on -top of an existing filesystem. This make eCryptfs an alternative choice if your +top of an existing filesystem. This makes eCryptfs an alternative choice if your filesystem or kernel does not support native filesystem encryption. Also note that fscrypt does not support or setup either eCryptfs or dm-crypt. @@ -63,7 +63,7 @@ should be read to understand the full architecture of fscrypt. Briefly, fscrypt deals with protectors and policies. Protectors represent some secret or information used to protect the confidentiality of your data. The -three currently supported protectors types are: +three currently supported protector types are: 1. Your login passphrase, through [PAM](http://www.linux-pam.org/Linux-PAM-html/) (see troubleshooting below) 2. A custom passphrase @@ -93,39 +93,25 @@ The following functionality is planned: * `fscrypt backup` - Manages backups of the fscrypt metadata * `fscrypt recovery` - Manages recovery keys for directories * `fscrypt cleanup` - Scans filesystem for unused policies/protectors -* A PAM module to support changing of login passphrase +* A PAM module to support login passphrase changes (see below) See the example usage section below or run `fscrypt COMMAND --help` for more information about each of the commands. ## Building -### Release build instructions - fscrypt is written in Go, so to build the program you will need to [setup Go](https://golang.org/doc/install), [setup your `GOPATH`](https://golang.org/doc/code.html#GOPATH), and clone the repository into the correct location by running: ```shell -go get -u github.com/google/fscrypt +go get github.com/google/fscrypt ``` Alternatively, just copy or checkout the source into `$GOPATH/src/github.com/google/fscrypt` and run: ```shell go build github.com/google/fscrypt ``` - -### Pre-release build instructions - -fscrypt is written in Go, so to build the program you will need to -[setup Go](https://golang.org/doc/install), -[setup your `GOPATH`](https://golang.org/doc/code.html#GOPATH), and clone the -repository into the correct location by running -```shell -git clone REPOSITORY $GOPATH/fscrypt -``` -or by unpacking a source tar file into `$GOPATH/fscrypt`. - You will also want to add `$GOPATH/bin` to your `$PATH`. fscrypt has the following build dependencies: @@ -150,8 +136,8 @@ fscrypt has the following build dependencies: Once this is setup, you can run `make fscrypt` to build the executable in the current directory. See the `Makefile` for instructions on building a static -executable. If a Go project contains C code, the go compiler produces a -dynamically linked binary by default. +executable. The C libraries used by fscrypt will be dynamically linked by +default. ## Running and Installing @@ -167,6 +153,14 @@ Installing it just requires placing it in your path or running `make install`. Change `$GOBIN` to change the install location of fscrypt. By default, fscrypt is installed to `$GOPATH/bin`. +## Note about stability +fscrypt follows [semantic versioning](http://semver.org). As such, all versions +below `1.0.0` should be considered development versions. This means no +guarantees are make about the stability of APIs or formats of config files. As +the on-disk metadata structures use +[Protocol Buffers](https://github.com/google/protobuf), we don't expect to break +backwards compatibility for metadata, but we give no guarantees. + ## Example Usage All these examples assumes we have ext4 filesystems mounted at `/` and @@ -515,7 +509,7 @@ running: fscrypt metadata change-passphrase --protector=MOUNTPOINT:ID ``` -#### I can still see Files/Filenames after running `fscrypt purge MOUNTPOINT` +#### I can still see files or filenames after running `fscrypt purge MOUNTPOINT` You need to unmount `MOUNTPOINT` to clear the necessary caches. See `fscrypt purge --help` for more information diff --git a/actions/callback.go b/actions/callback.go index 2415d8c..f15893d 100644 --- a/actions/callback.go +++ b/actions/callback.go @@ -25,9 +25,9 @@ import ( "github.com/pkg/errors" - "fscrypt/crypto" - "fscrypt/filesystem" - "fscrypt/metadata" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" ) // ProtectorInfo is the information a caller will receive about a Protector diff --git a/actions/config.go b/actions/config.go index 1d81ff9..55010a5 100644 --- a/actions/config.go +++ b/actions/config.go @@ -28,12 +28,11 @@ import ( "time" "github.com/pkg/errors" - "golang.org/x/sys/unix" - "fscrypt/crypto" - "fscrypt/metadata" - "fscrypt/util" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) // LegacyConfig indicates that keys should be inserted into the keyring with the diff --git a/actions/context.go b/actions/context.go index f8d0a3d..8bf0287 100644 --- a/actions/context.go +++ b/actions/context.go @@ -33,9 +33,9 @@ import ( "github.com/pkg/errors" - "fscrypt/crypto" - "fscrypt/filesystem" - "fscrypt/metadata" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" ) // Errors relating to Config files or Config structures. diff --git a/actions/context_test.go b/actions/context_test.go index 79adedf..a92ef34 100644 --- a/actions/context_test.go +++ b/actions/context_test.go @@ -21,12 +21,13 @@ package actions import ( "fmt" - "fscrypt/util" "log" "os" "path/filepath" "testing" "time" + + "github.com/google/fscrypt/util" ) const testTime = 10 * time.Millisecond diff --git a/actions/policy.go b/actions/policy.go index ff61e8b..e755883 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -26,10 +26,10 @@ import ( "github.com/pkg/errors" - "fscrypt/crypto" - "fscrypt/filesystem" - "fscrypt/metadata" - "fscrypt/util" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) // Errors relating to Policies diff --git a/actions/protector.go b/actions/protector.go index 0409b56..5245951 100644 --- a/actions/protector.go +++ b/actions/protector.go @@ -26,8 +26,8 @@ import ( "github.com/pkg/errors" - "fscrypt/crypto" - "fscrypt/metadata" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/metadata" ) // Errors relating to Protectors diff --git a/actions/protector_test.go b/actions/protector_test.go index eacba83..6c81d49 100644 --- a/actions/protector_test.go +++ b/actions/protector_test.go @@ -25,7 +25,7 @@ import ( "github.com/pkg/errors" - . "fscrypt/crypto" + "github.com/google/fscrypt/crypto" ) const testProtectorName = "my favorite protector" @@ -33,11 +33,11 @@ const testProtectorName2 = testProtectorName + "2" var errCallback = errors.New("bad callback") -func goodCallback(info ProtectorInfo, retry bool) (*Key, error) { - return NewFixedLengthKeyFromReader(bytes.NewReader(timingPassphrase), len(timingPassphrase)) +func goodCallback(info ProtectorInfo, retry bool) (*crypto.Key, error) { + return crypto.NewFixedLengthKeyFromReader(bytes.NewReader(timingPassphrase), len(timingPassphrase)) } -func badCallback(info ProtectorInfo, retry bool) (*Key, error) { +func badCallback(info ProtectorInfo, retry bool) (*crypto.Key, error) { return nil, errCallback } diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index cbf62ed..7724138 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -28,9 +28,9 @@ import ( "github.com/pkg/errors" "github.com/urfave/cli" - "fscrypt/actions" - "fscrypt/filesystem" - "fscrypt/metadata" + "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" ) // Setup is a command which can to global or per-filesystem initialization. diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index 272160a..c698673 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -31,10 +31,10 @@ import ( "github.com/pkg/errors" "github.com/urfave/cli" - "fscrypt/actions" - "fscrypt/filesystem" - "fscrypt/metadata" - "fscrypt/util" + "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) // failureExitCode is the value fscrypt will return on failure. diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index da3116f..16412bf 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -24,13 +24,14 @@ package main import ( "flag" "fmt" - "fscrypt/actions" "log" "regexp" "strconv" "time" "github.com/urfave/cli" + + "github.com/google/fscrypt/actions" ) // We define the types boolFlag, durationFlag, and stringFlag here instead of diff --git a/cmd/fscrypt/format.go b/cmd/fscrypt/format.go index 39cc71f..ef009d3 100644 --- a/cmd/fscrypt/format.go +++ b/cmd/fscrypt/format.go @@ -32,7 +32,7 @@ import ( "github.com/urfave/cli" "golang.org/x/crypto/ssh/terminal" - "fscrypt/util" + "github.com/google/fscrypt/util" ) var ( diff --git a/cmd/fscrypt/keys.go b/cmd/fscrypt/keys.go index cecaa5b..820ddec 100644 --- a/cmd/fscrypt/keys.go +++ b/cmd/fscrypt/keys.go @@ -30,10 +30,10 @@ import ( "github.com/pkg/errors" "golang.org/x/crypto/ssh/terminal" - "fscrypt/actions" - "fscrypt/crypto" - "fscrypt/metadata" - "fscrypt/pam" + "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/pam" ) // The file descriptor for standard input diff --git a/cmd/fscrypt/prompt.go b/cmd/fscrypt/prompt.go index 56dcf06..1b02280 100644 --- a/cmd/fscrypt/prompt.go +++ b/cmd/fscrypt/prompt.go @@ -28,8 +28,8 @@ import ( "strconv" "strings" - "fscrypt/actions" - "fscrypt/metadata" + "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/metadata" ) const ( diff --git a/cmd/fscrypt/protector.go b/cmd/fscrypt/protector.go index e77a2e3..f54d3a4 100644 --- a/cmd/fscrypt/protector.go +++ b/cmd/fscrypt/protector.go @@ -23,9 +23,9 @@ package main import ( "log" - "fscrypt/actions" - "fscrypt/filesystem" - "fscrypt/metadata" + "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" ) // createProtector makes a new protector on either ctx.Mount or if the requested diff --git a/cmd/fscrypt/setup.go b/cmd/fscrypt/setup.go index 4f2375c..6433b0c 100644 --- a/cmd/fscrypt/setup.go +++ b/cmd/fscrypt/setup.go @@ -25,7 +25,7 @@ import ( "io" "os" - "fscrypt/actions" + "github.com/google/fscrypt/actions" ) // createGlobalConfig creates (or overwrites) the global config file diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go index 049c370..9a8604d 100644 --- a/cmd/fscrypt/status.go +++ b/cmd/fscrypt/status.go @@ -29,9 +29,9 @@ import ( "github.com/pkg/errors" - "fscrypt/actions" - "fscrypt/filesystem" - "fscrypt/metadata" + "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/metadata" ) // Creates a writer which correctly aligns tabs with the specified header. diff --git a/crypto/crypto.go b/crypto/crypto.go index 967243d..e66b0dd 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -51,8 +51,8 @@ import ( "github.com/pkg/errors" "golang.org/x/crypto/hkdf" - "fscrypt/metadata" - "fscrypt/util" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) // Crypto error values diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index a3a2880..8b63457 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -30,7 +30,7 @@ import ( "os" "testing" - . "fscrypt/metadata" + "github.com/google/fscrypt/metadata" ) // Reader that always returns the same byte @@ -50,12 +50,12 @@ func makeKey(b byte, n int) (*Key, error) { var fakeValidDescriptor = "0123456789abcdef" var fakeInvalidDescriptor = "123456789abcdef" -var fakeSalt = bytes.Repeat([]byte{'a'}, SaltLen) +var fakeSalt = bytes.Repeat([]byte{'a'}, metadata.SaltLen) var fakePassword = []byte("password") -var fakeValidPolicyKey, _ = makeKey(42, PolicyKeyLen) -var fakeInvalidPolicyKey, _ = makeKey(42, PolicyKeyLen-1) -var fakeWrappingKey, _ = makeKey(17, InternalKeyLen) +var fakeValidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen) +var fakeInvalidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen-1) +var fakeWrappingKey, _ = makeKey(17, metadata.InternalKeyLen) // As the passpharase hashing function clears the passphrase, we need to make // a new passphrase key for each test @@ -68,25 +68,25 @@ func fakePassphraseKey() (*Key, error) { // echo "password" | argon2 "aaaaaaaaaaaaaaaa" -id -t -m -p

-l 32 // where costs.Time = , costs.Memory = 2^, and costs.Parallelism =

. type hashTestCase struct { - costs *HashingCosts + costs *metadata.HashingCosts hexHash string } var hashTestCases = []hashTestCase{ { - costs: &HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1}, + costs: &metadata.HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1}, hexHash: "a66f5398e33761bf161fdf1273e99b148f07d88d12d85b7673fddd723f95ec34", }, { - costs: &HashingCosts{Time: 10, Memory: 1 << 10, Parallelism: 1}, + costs: &metadata.HashingCosts{Time: 10, Memory: 1 << 10, Parallelism: 1}, hexHash: "5fa2cb89db1f7413ba1776258b7c8ee8c377d122078d28fe1fd645c353787f50", }, { - costs: &HashingCosts{Time: 1, Memory: 1 << 15, Parallelism: 1}, + costs: &metadata.HashingCosts{Time: 1, Memory: 1 << 15, Parallelism: 1}, hexHash: "f474a213ed14d16ead619568000939b938ddfbd2ac4a82d253afa81b5ebaef84", }, { - costs: &HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 10}, + costs: &metadata.HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 10}, hexHash: "b7c3d7a0be222680b5ea3af3fb1a0b7b02b92cbd7007821dc8b84800c86c7783", }, } @@ -167,7 +167,7 @@ func TestZeroLength(t *testing.T) { // active when the variable changes. func TestEnableDisableMemoryLocking(t *testing.T) { // Mlock on for creation, off for wiping - key, err := NewRandomKey(InternalKeyLen) + key, err := NewRandomKey(metadata.InternalKeyLen) UseMlock = false defer func() { UseMlock = true @@ -186,7 +186,7 @@ func TestEnableDisableMemoryLocking(t *testing.T) { func TestDisableEnableMemoryLocking(t *testing.T) { // Mlock off for creation, on for wiping UseMlock = false - key2, err := NewRandomKey(InternalKeyLen) + key2, err := NewRandomKey(metadata.InternalKeyLen) UseMlock = true if err != nil { @@ -332,7 +332,7 @@ func TestWrapSucceeds(t *testing.T) { if err = lengthCheck("IV", data.IV, aes.BlockSize); err != nil { t.Error(err) } - if err = lengthCheck("Encrypted Key", data.EncryptedKey, PolicyKeyLen); err != nil { + if err = lengthCheck("Encrypted Key", data.EncryptedKey, metadata.PolicyKeyLen); err != nil { t.Error(err) } if err = lengthCheck("HMAC", data.Hmac, sha256.Size); err != nil { @@ -370,11 +370,11 @@ func TestWrapUnwrapEqual(t *testing.T) { // Check that Unwrap(Wrap(x)) == x with random keys func TestRandomWrapUnwrapEqual(t *testing.T) { for i := 0; i < 10; i++ { - wk, err := NewRandomKey(InternalKeyLen) + wk, err := NewRandomKey(metadata.InternalKeyLen) if err != nil { t.Fatal(err) } - sk, err := NewRandomKey(InternalKeyLen) + sk, err := NewRandomKey(metadata.InternalKeyLen) if err != nil { t.Fatal(err) } @@ -388,7 +388,7 @@ func TestRandomWrapUnwrapEqual(t *testing.T) { // Check that Unwrap(Wrap(x)) == x with differing lengths of secret key func TestDifferentLengthSecretKey(t *testing.T) { - wk, err := makeKey(1, InternalKeyLen) + wk, err := makeKey(1, metadata.InternalKeyLen) if err != nil { t.Fatal(err) } @@ -430,7 +430,7 @@ func TestWrapTwiceDistinct(t *testing.T) { } // Attempts to Unwrap data with key after altering tweek, should fail -func testFailWithTweek(key *Key, data *WrappedKeyData, tweek []byte) error { +func testFailWithTweek(key *Key, data *metadata.WrappedKeyData, tweek []byte) error { tweek[0]++ key, err := Unwrap(key, data) if err == nil { @@ -578,8 +578,8 @@ func BenchmarkUnwrapNolock(b *testing.B) { func BenchmarkRandomWrapUnwrap(b *testing.B) { for n := 0; n < b.N; n++ { - wk, _ := NewRandomKey(InternalKeyLen) - sk, _ := NewRandomKey(InternalKeyLen) + wk, _ := NewRandomKey(metadata.InternalKeyLen) + sk, _ := NewRandomKey(metadata.InternalKeyLen) testWrapUnwrapEqual(wk, sk) // Must manually call wipe here, or test will use too much memory. @@ -588,7 +588,7 @@ func BenchmarkRandomWrapUnwrap(b *testing.B) { } } -func benchmarkPassphraseHashing(b *testing.B, costs *HashingCosts) { +func benchmarkPassphraseHashing(b *testing.B, costs *metadata.HashingCosts) { b.StopTimer() pk, err := fakePassphraseKey() @@ -609,25 +609,25 @@ func benchmarkPassphraseHashing(b *testing.B, costs *HashingCosts) { func BenchmarkPassphraseHashing_1MB_1Thread(b *testing.B) { benchmarkPassphraseHashing(b, - &HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1}) + &metadata.HashingCosts{Time: 1, Memory: 1 << 10, Parallelism: 1}) } func BenchmarkPassphraseHashing_1GB_1Thread(b *testing.B) { benchmarkPassphraseHashing(b, - &HashingCosts{Time: 1, Memory: 1 << 20, Parallelism: 1}) + &metadata.HashingCosts{Time: 1, Memory: 1 << 20, Parallelism: 1}) } func BenchmarkPassphraseHashing_128MB_1Thread(b *testing.B) { benchmarkPassphraseHashing(b, - &HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 1}) + &metadata.HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 1}) } func BenchmarkPassphraseHashing_128MB_8Thread(b *testing.B) { benchmarkPassphraseHashing(b, - &HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 8}) + &metadata.HashingCosts{Time: 1, Memory: 1 << 17, Parallelism: 8}) } func BenchmarkPassphraseHashing_128MB_8Pass(b *testing.B) { benchmarkPassphraseHashing(b, - &HashingCosts{Time: 8, Memory: 1 << 17, Parallelism: 1}) + &metadata.HashingCosts{Time: 8, Memory: 1 << 17, Parallelism: 1}) } diff --git a/crypto/key.go b/crypto/key.go index 2394eef..6781c1d 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -31,11 +31,10 @@ import ( "unsafe" "github.com/pkg/errors" - "golang.org/x/sys/unix" - "fscrypt/metadata" - "fscrypt/util" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) const ( diff --git a/crypto/recovery_test.go b/crypto/recovery_test.go index 3e3a50f..4a89e6d 100644 --- a/crypto/recovery_test.go +++ b/crypto/recovery_test.go @@ -23,8 +23,9 @@ package crypto import ( "bytes" "fmt" - "fscrypt/metadata" "testing" + + "github.com/google/fscrypt/metadata" ) const fakeSecretRecoveryCode = "EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJRG-EYTCMJQ=" diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go index 960c06f..a85d24a 100644 --- a/filesystem/filesystem.go +++ b/filesystem/filesystem.go @@ -44,8 +44,8 @@ import ( "github.com/pkg/errors" "golang.org/x/sys/unix" - "fscrypt/metadata" - "fscrypt/util" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) // Filesystem error values diff --git a/filesystem/filesystem_test.go b/filesystem/filesystem_test.go index bcf4f38..16bf82b 100644 --- a/filesystem/filesystem_test.go +++ b/filesystem/filesystem_test.go @@ -27,43 +27,43 @@ import ( "github.com/pkg/errors" - . "fscrypt/crypto" - . "fscrypt/metadata" - . "fscrypt/util" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) var ( - fakeProtectorKey, _ = NewRandomKey(InternalKeyLen) - fakePolicyKey, _ = NewRandomKey(PolicyKeyLen) - wrappedProtectorKey, _ = Wrap(fakeProtectorKey, fakeProtectorKey) - wrappedPolicyKey, _ = Wrap(fakeProtectorKey, fakePolicyKey) + fakeProtectorKey, _ = crypto.NewRandomKey(metadata.InternalKeyLen) + fakePolicyKey, _ = crypto.NewRandomKey(metadata.PolicyKeyLen) + wrappedProtectorKey, _ = crypto.Wrap(fakeProtectorKey, fakeProtectorKey) + wrappedPolicyKey, _ = crypto.Wrap(fakeProtectorKey, fakePolicyKey) ) // Gets the mount corresponding to the integration test path. func getTestMount() (*Mount, error) { - mountpoint, err := TestPath() + mountpoint, err := util.TestPath() if err != nil { return nil, err } mnt, err := GetMount(mountpoint) - return mnt, errors.Wrapf(err, TestEnvVarName) + return mnt, errors.Wrapf(err, util.TestEnvVarName) } -func getFakeProtector() *ProtectorData { - return &ProtectorData{ +func getFakeProtector() *metadata.ProtectorData { + return &metadata.ProtectorData{ ProtectorDescriptor: "fedcba9876543210", Name: "goodProtector", - Source: SourceType_raw_key, + Source: metadata.SourceType_raw_key, WrappedKey: wrappedProtectorKey, } } -func getFakePolicy() *PolicyData { - return &PolicyData{ +func getFakePolicy() *metadata.PolicyData { + return &metadata.PolicyData{ KeyDescriptor: "0123456789abcdef", - Options: DefaultOptions, - WrappedPolicyKeys: []*WrappedPolicyKey{ - &WrappedPolicyKey{ + Options: metadata.DefaultOptions, + WrappedPolicyKeys: []*metadata.WrappedPolicyKey{ + &metadata.WrappedPolicyKey{ ProtectorDescriptor: "fedcba9876543210", WrappedKey: wrappedPolicyKey, }, @@ -124,15 +124,15 @@ func TestAddProtector(t *testing.T) { } // Change the source to bad one, or one that requires hashing costs - protector.Source = SourceType_default + protector.Source = metadata.SourceType_default if mnt.AddProtector(protector) == nil { t.Error("bad source for a descriptor should make metadata invalid") } - protector.Source = SourceType_custom_passphrase + protector.Source = metadata.SourceType_custom_passphrase if mnt.AddProtector(protector) == nil { t.Error("protectors using passphrases should require hashing costs") } - protector.Source = SourceType_raw_key + protector.Source = metadata.SourceType_raw_key // Use a bad wrapped key protector.WrappedKey = wrappedPolicyKey @@ -168,11 +168,11 @@ func TestAddPolicy(t *testing.T) { t.Error("padding not a power of 2 should make metadata invalid") } policy.Options.Padding = 16 - policy.Options.Filenames = EncryptionOptions_default + policy.Options.Filenames = metadata.EncryptionOptions_default if mnt.AddPolicy(policy) == nil { t.Error("encryption mode not set should make metadata invalid") } - policy.Options.Filenames = EncryptionOptions_AES_256_CTS + policy.Options.Filenames = metadata.EncryptionOptions_AES_256_CTS // Use a bad wrapped key policy.WrappedPolicyKeys[0].WrappedKey = wrappedProtectorKey diff --git a/metadata/checks.go b/metadata/checks.go index 074d79e..4fe4531 100644 --- a/metadata/checks.go +++ b/metadata/checks.go @@ -23,7 +23,7 @@ import ( "github.com/golang/protobuf/proto" "github.com/pkg/errors" - "fscrypt/util" + "github.com/google/fscrypt/util" ) var errNotInitialized = errors.New("not initialized") diff --git a/metadata/policy.go b/metadata/policy.go index 259fe04..533d48a 100644 --- a/metadata/policy.go +++ b/metadata/policy.go @@ -30,7 +30,7 @@ import ( "github.com/pkg/errors" "golang.org/x/sys/unix" - "fscrypt/util" + "github.com/google/fscrypt/util" ) // Encryption specific errors diff --git a/metadata/policy_test.go b/metadata/policy_test.go index 58e19d7..cc6b36f 100644 --- a/metadata/policy_test.go +++ b/metadata/policy_test.go @@ -26,7 +26,7 @@ import ( "reflect" "testing" - . "fscrypt/util" + "github.com/google/fscrypt/util" ) const goodDescriptor = "0123456789abcdef" @@ -38,12 +38,13 @@ var goodPolicy = &PolicyData{ // Creates a temporary directory for testing. func createTestDirectory() (directory string, err error) { - baseDirectory, err := TestPath() + baseDirectory, err := util.TestPath() if err != nil { return } if s, err := os.Stat(baseDirectory); err != nil || !s.IsDir() { - return "", fmt.Errorf("%s: %q is not a valid directory", TestEnvVarName, baseDirectory) + return "", fmt.Errorf("%s: %q is not a valid directory", + util.TestEnvVarName, baseDirectory) } directoryPath := filepath.Join(baseDirectory, "test") diff --git a/pam/login.go b/pam/login.go index d80d719..2d79223 100644 --- a/pam/login.go +++ b/pam/login.go @@ -37,8 +37,8 @@ import ( "github.com/pkg/errors" - "fscrypt/crypto" - "fscrypt/util" + "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/util" ) // Global state is needed for the PAM callback, so we guard this function with a diff --git a/vendor/vendor.json b/vendor/vendor.json index b634b0a..69422b7 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -2,6 +2,18 @@ "comment": "", "ignore": "test", "package": [ + { + "path": "fscrypt/crypto", + "revision": "" + }, + { + "path": "fscrypt/metadata", + "revision": "" + }, + { + "path": "fscrypt/util", + "revision": "" + }, { "checksumSHA1": "APDDi2ohrU7OkChQCekD9tSVUhs=", "path": "github.com/golang/protobuf/jsonpb", @@ -45,5 +57,5 @@ "revisionTime": "2017-05-29T13:44:53Z" } ], - "rootPath": "fscrypt" + "rootPath": "github.com/google/fscrypt" } -- 2.39.5