Merge branch 'develop' into feature/library_intermediate
This commit is contained in:
commit
227058a87a
26
README.md
26
README.md
@ -6,11 +6,31 @@ See [https://www.cryfs.org](https://www.cryfs.org).
|
|||||||
Install latest release
|
Install latest release
|
||||||
======================
|
======================
|
||||||
|
|
||||||
|
Linux
|
||||||
|
------
|
||||||
|
|
||||||
This only works for Ubuntu 17.04 and later, and Debian Stretch and later.
|
This only works for Ubuntu 17.04 and later, and Debian Stretch and later.
|
||||||
You can also use CryFS on older versions of these distributions by following the **Building from source** instructions below.
|
You can also use CryFS on older versions of these distributions by following the **Building from source** instructions below.
|
||||||
|
|
||||||
sudo apt install cryfs
|
sudo apt install cryfs
|
||||||
|
|
||||||
|
OSX
|
||||||
|
----
|
||||||
|
|
||||||
|
CryFS is distributed via Homebrew. Just do
|
||||||
|
|
||||||
|
brew cask install osxfuse
|
||||||
|
brew install cryfs
|
||||||
|
|
||||||
|
Windows (experimental)
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
CryFS has experimental Windows support since the 0.10 release series. To install it, do:
|
||||||
|
|
||||||
|
1. Install [DokanY](https://github.com/dokan-dev/dokany/releases)
|
||||||
|
2. Install [Microsoft Visual C++ Redistributable for Visual Studio 2017](https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads)
|
||||||
|
3. Install [CryFS](https://www.cryfs.org/#download)
|
||||||
|
|
||||||
GUI
|
GUI
|
||||||
===
|
===
|
||||||
Theres some GUI applications with CryFS support. You usually have to install the GUI **and** also CryFS itself for it to work.
|
Theres some GUI applications with CryFS support. You usually have to install the GUI **and** also CryFS itself for it to work.
|
||||||
@ -72,13 +92,15 @@ You can pass the following variables to the *cmake* command (using *-Dvariablena
|
|||||||
- **-DCRYFS_UPDATE_CHECKS**=off: Build a CryFS that doesn't check online for updates and security vulnerabilities.
|
- **-DCRYFS_UPDATE_CHECKS**=off: Build a CryFS that doesn't check online for updates and security vulnerabilities.
|
||||||
|
|
||||||
Building on Windows (experimental)
|
Building on Windows (experimental)
|
||||||
---------------
|
----------------------------------
|
||||||
|
|
||||||
Build with Visual Studio 2017 and pass in the following flags to CMake:
|
Build with Visual Studio 2017 and pass in the following flags to CMake:
|
||||||
|
|
||||||
-DDOKAN_PATH=[dokan library location, e.g. "C:\Program Files\Dokan\DokanLibrary-1.1.0"]
|
-DDOKAN_PATH=[dokan library location, e.g. "C:\Program Files\Dokan\DokanLibrary-1.1.0"]
|
||||||
-DBOOST_ROOT=[path to root of boost installation]
|
-DBOOST_ROOT=[path to root of boost installation]
|
||||||
|
|
||||||
|
If you set these variables correctly in the `CMakeSettings.json` file, you should be able to open the cryfs source folder with Visual Studio 2017.
|
||||||
|
|
||||||
Troubleshooting
|
Troubleshooting
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
@ -141,7 +163,7 @@ There are additional requirements if you want to create packages. They are:
|
|||||||
2. Build
|
2. Build
|
||||||
|
|
||||||
$ mkdir cmake && cd cmake
|
$ mkdir cmake && cd cmake
|
||||||
$ cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=off
|
$ cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_TESTING=off
|
||||||
$ make package
|
$ make package
|
||||||
|
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@ image:
|
|||||||
#- Visual Studio 2013
|
#- Visual Studio 2013
|
||||||
#- Visual Studio 2015
|
#- Visual Studio 2015
|
||||||
- Visual Studio 2017
|
- Visual Studio 2017
|
||||||
- Visual Studio 2017 Preview
|
#- Visual Studio 2017 Preview
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
- x64
|
- x64
|
||||||
|
@ -71,7 +71,7 @@ void CryConfigLoader::_checkVersion(const CryConfig &config, bool allowFilesyste
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!allowFilesystemUpgrade && gitversion::VersionCompare::isOlderThan(config.Version(), CryConfig::FilesystemFormatVersion)) {
|
if (!allowFilesystemUpgrade && gitversion::VersionCompare::isOlderThan(config.Version(), CryConfig::FilesystemFormatVersion)) {
|
||||||
if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). You're running a CryFS version using storage format " + CryConfig::FilesystemFormatVersion + ". It can be migrated, but afterwards couldn't be opened anymore with older versions. Please make a backup of your data before attempting a migration. Do you want to migrate it now?", false)) {
|
if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). You're running a CryFS version using storage format " + CryConfig::FilesystemFormatVersion + ". It is recommended to create a new filesystem with CryFS 0.10 and copy your files into it. If you don't want to do that, we can also attempt to migrate the existing filesystem, but that can take a long time, you won't be getting some of the performance advantages of the 0.10 release series, and if the migration fails, your data may be lost. If you decide to continue, please make sure you have a backup of your data. Do you want to attempt a migration now?", false)) {
|
||||||
throw CryfsException("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). It has to be migrated.", ErrorCode::TooOldFilesystemFormat);
|
throw CryfsException("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). It has to be migrated.", ErrorCode::TooOldFilesystemFormat);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -56,7 +56,7 @@ boost::optional<unique_ref<FsBlob>> FsBlobStore::load(const blockstore::BlockId
|
|||||||
dir.AppendChildrenTo(&children);
|
dir.AppendChildrenTo(&children);
|
||||||
for (const auto &child : children) {
|
for (const auto &child : children) {
|
||||||
auto childEntry = dir.GetChild(child.name);
|
auto childEntry = dir.GetChild(child.name);
|
||||||
ASSERT(childEntry != none, "Couldn't load child, although it was returned as a child in the lsit.");
|
ASSERT(childEntry != none, "Couldn't load child, although it was returned as a child in the list.");
|
||||||
auto childBlob = _baseBlobStore->load(childEntry->blockId());
|
auto childBlob = _baseBlobStore->load(childEntry->blockId());
|
||||||
ASSERT(childBlob != none, "Couldn't load child blob");
|
ASSERT(childBlob != none, "Couldn't load child blob");
|
||||||
_migrate(std::move(*childBlob), dir.blockId());
|
_migrate(std::move(*childBlob), dir.blockId());
|
||||||
|
@ -310,7 +310,7 @@ TEST_F(CryConfigLoaderTest, AsksWhenLoadingNewerFilesystem_AnswerNo) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) {
|
TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) {
|
||||||
EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), false)).Times(1).WillOnce(Return(true));
|
EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to attempt a migration now?"), false)).Times(1).WillOnce(Return(true));
|
||||||
|
|
||||||
string version = olderVersion();
|
string version = olderVersion();
|
||||||
CreateWithVersion(version, version);
|
CreateWithVersion(version, version);
|
||||||
@ -318,14 +318,14 @@ TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(CryConfigLoaderTest, DoesNotAskForMigrationWhenCorrectVersion) {
|
TEST_F(CryConfigLoaderTest, DoesNotAskForMigrationWhenCorrectVersion) {
|
||||||
EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), _)).Times(0);
|
EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to attempt a migration now?"), _)).Times(0);
|
||||||
|
|
||||||
CreateWithVersion(gitversion::VersionString(), CryConfig::FilesystemFormatVersion);
|
CreateWithVersion(gitversion::VersionString(), CryConfig::FilesystemFormatVersion);
|
||||||
EXPECT_NE(boost::none, Load());
|
EXPECT_NE(boost::none, Load());
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(CryConfigLoaderTest, DontMigrateWhenAnsweredNo) {
|
TEST_F(CryConfigLoaderTest, DontMigrateWhenAnsweredNo) {
|
||||||
EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), false)).Times(1).WillOnce(Return(false));
|
EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to attempt a migration now?"), false)).Times(1).WillOnce(Return(false));
|
||||||
|
|
||||||
string version = olderVersion();
|
string version = olderVersion();
|
||||||
CreateWithVersion(version, version);
|
CreateWithVersion(version, version);
|
||||||
|
5
vendor/README
vendored
5
vendor/README
vendored
@ -5,3 +5,8 @@ spdlog: https://github.com/gabime/spdlog/tree/v0.16.3/include/spdlog
|
|||||||
cryptopp: https://github.com/weidai11/cryptopp/tree/CRYPTOPP_8_0_0
|
cryptopp: https://github.com/weidai11/cryptopp/tree/CRYPTOPP_8_0_0
|
||||||
- changed: added CMakeLists.txt and cryptopp-config.cmake from https://github.com/noloader/cryptopp-cmake/tree/CRYPTOPP_8_0_0
|
- changed: added CMakeLists.txt and cryptopp-config.cmake from https://github.com/noloader/cryptopp-cmake/tree/CRYPTOPP_8_0_0
|
||||||
- changed: commented out line including winapifamily.h in CMakeLists.txt
|
- changed: commented out line including winapifamily.h in CMakeLists.txt
|
||||||
|
- cherry-picked commits to get OpenMP for scrypt on Windows:
|
||||||
|
- https://github.com/weidai11/cryptopp/commit/aa043b38a7930725c31a0cd7016986d1c581c573
|
||||||
|
- https://github.com/weidai11/cryptopp/commit/672f5c7f3dad8ae12b2d0ce0940ccb7c8e257bf8
|
||||||
|
- https://github.com/weidai11/cryptopp/commit/7e96a283a3192d29aac5b60e5b4ff19248f00d9a
|
||||||
|
- https://github.com/weidai11/cryptopp/commit/ca32b63038d5f7b13e2e00809cd9184a1efe8c24
|
||||||
|
4
vendor/cryptopp/CMakeLists.txt
vendored
4
vendor/cryptopp/CMakeLists.txt
vendored
@ -9,9 +9,6 @@ target_compile_definitions(cryptopp PUBLIC $<$<CONFIG:Debug>:CRYPTOPP_DEBUG>) #
|
|||||||
add_compile_options($<$<CONFIG:Debug>:-DCRYPTOPP_DEBUG>) # add to stuff built in subdirectories (like the actual library)
|
add_compile_options($<$<CONFIG:Debug>:-DCRYPTOPP_DEBUG>) # add to stuff built in subdirectories (like the actual library)
|
||||||
|
|
||||||
if(NOT DISABLE_OPENMP)
|
if(NOT DISABLE_OPENMP)
|
||||||
if (MSVC)
|
|
||||||
message(WARNING "MSVC does not support the OpenMP 4.0 standard used by Crypto++. Disabling OpenMP. This can cause degraded performance.")
|
|
||||||
else()
|
|
||||||
find_package(OpenMP)
|
find_package(OpenMP)
|
||||||
|
|
||||||
if (OPENMP_FOUND OR OPENMP_CXX_FOUND)
|
if (OPENMP_FOUND OR OPENMP_CXX_FOUND)
|
||||||
@ -78,7 +75,6 @@ if(NOT DISABLE_OPENMP)
|
|||||||
message(STATUS "OpenMP flags: ${OpenMP_CXX_FLAGS}")
|
message(STATUS "OpenMP flags: ${OpenMP_CXX_FLAGS}")
|
||||||
string(REPLACE " " ";" REPLACED_FLAGS ${OpenMP_CXX_FLAGS})
|
string(REPLACE " " ";" REPLACED_FLAGS ${OpenMP_CXX_FLAGS})
|
||||||
add_compile_options(${REPLACED_FLAGS})
|
add_compile_options(${REPLACED_FLAGS})
|
||||||
endif()
|
|
||||||
else()
|
else()
|
||||||
message(WARNING "OpenMP is disabled. This can cause degraded performance.")
|
message(WARNING "OpenMP is disabled. This can cause degraded performance.")
|
||||||
endif()
|
endif()
|
||||||
|
@ -139,6 +139,7 @@ LDLIBS =
|
|||||||
# CXXFLAGS = $(CXXFLAGS) /DDEBUG /D_DEBUG /Oi /Oy- /Od /MTd
|
# CXXFLAGS = $(CXXFLAGS) /DDEBUG /D_DEBUG /Oi /Oy- /Od /MTd
|
||||||
# Release build. Add /OPT:REF to linker
|
# Release build. Add /OPT:REF to linker
|
||||||
CXXFLAGS = $(CXXFLAGS) /DNDEBUG /D_NDEBUG /Oi /Oy /O2 /MT
|
CXXFLAGS = $(CXXFLAGS) /DNDEBUG /D_NDEBUG /Oi /Oy /O2 /MT
|
||||||
|
# Linker flags.
|
||||||
LDFLAGS = $(LDFLAGS) /OPT:REF
|
LDFLAGS = $(LDFLAGS) /OPT:REF
|
||||||
|
|
||||||
# Attempt to detect when <sdkddkver.h> and <winapifamily.h> are available
|
# Attempt to detect when <sdkddkver.h> and <winapifamily.h> are available
|
||||||
|
5
vendor/cryptopp/vendor_cryptopp/salsa.cpp
vendored
5
vendor/cryptopp/vendor_cryptopp/salsa.cpp
vendored
@ -90,9 +90,14 @@ void Salsa20_Core(word32* data, unsigned int rounds)
|
|||||||
x[15] ^= rotlConstant<18>(x[14]+x[13]);
|
x[15] ^= rotlConstant<18>(x[14]+x[13]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
for (size_t i = 0; i < 16; ++i)
|
||||||
|
data[i] += x[i];
|
||||||
|
#else
|
||||||
#pragma omp simd
|
#pragma omp simd
|
||||||
for (size_t i = 0; i < 16; ++i)
|
for (size_t i = 0; i < 16; ++i)
|
||||||
data[i] += x[i];
|
data[i] += x[i];
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string Salsa20_Policy::AlgorithmProvider() const
|
std::string Salsa20_Policy::AlgorithmProvider() const
|
||||||
|
28
vendor/cryptopp/vendor_cryptopp/scrypt.cpp
vendored
28
vendor/cryptopp/vendor_cryptopp/scrypt.cpp
vendored
@ -14,6 +14,8 @@
|
|||||||
#include "sha.h"
|
#include "sha.h"
|
||||||
|
|
||||||
#include <sstream>
|
#include <sstream>
|
||||||
|
#include <limits>
|
||||||
|
|
||||||
#ifdef _OPENMP
|
#ifdef _OPENMP
|
||||||
# include <omp.h>
|
# include <omp.h>
|
||||||
#endif
|
#endif
|
||||||
@ -53,9 +55,14 @@ static inline void BlockCopy(byte* dest, byte* src, size_t len)
|
|||||||
|
|
||||||
static inline void BlockXOR(byte* dest, byte* src, size_t len)
|
static inline void BlockXOR(byte* dest, byte* src, size_t len)
|
||||||
{
|
{
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
for (size_t i = 0; i < len; ++i)
|
||||||
|
dest[i] ^= src[i];
|
||||||
|
#else
|
||||||
#pragma omp simd
|
#pragma omp simd
|
||||||
for (size_t i = 0; i < len; ++i)
|
for (size_t i = 0; i < len; ++i)
|
||||||
dest[i] ^= src[i];
|
dest[i] ^= src[i];
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void PBKDF2_SHA256(byte* buf, size_t dkLen,
|
static inline void PBKDF2_SHA256(byte* buf, size_t dkLen,
|
||||||
@ -171,6 +178,16 @@ void Scrypt::ValidateParameters(size_t derivedLen, word64 cost, word64 blockSize
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// https://github.com/weidai11/cryptopp/issues/787
|
||||||
|
CRYPTOPP_ASSERT(parallelization <= std::numeric_limits<int>::max());
|
||||||
|
if (parallelization > static_cast<word64>(std::numeric_limits<int>::max()))
|
||||||
|
{
|
||||||
|
std::ostringstream oss;
|
||||||
|
oss << " parallelization " << parallelization << " is larger than ";
|
||||||
|
oss << std::numeric_limits<int>::max();
|
||||||
|
throw InvalidArgument("Scrypt: " + oss.str());
|
||||||
|
}
|
||||||
|
|
||||||
CRYPTOPP_ASSERT(IsPowerOf2(cost));
|
CRYPTOPP_ASSERT(IsPowerOf2(cost));
|
||||||
if (IsPowerOf2(cost) == false)
|
if (IsPowerOf2(cost) == false)
|
||||||
throw InvalidArgument("Scrypt: cost must be a power of 2");
|
throw InvalidArgument("Scrypt: cost must be a power of 2");
|
||||||
@ -245,10 +262,13 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz
|
|||||||
// 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen)
|
// 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen)
|
||||||
PBKDF2_SHA256(B, B.size(), secret, secretLen, salt, saltLen, 1);
|
PBKDF2_SHA256(B, B.size(), secret, secretLen, salt, saltLen, 1);
|
||||||
|
|
||||||
|
// Visual Studio and OpenMP 2.0 fixup. We must use int, not size_t.
|
||||||
|
int maxParallel=0;
|
||||||
|
if (!SafeConvert(parallel, maxParallel))
|
||||||
|
maxParallel = std::numeric_limits<int>::max();
|
||||||
|
|
||||||
#ifdef _OPENMP
|
#ifdef _OPENMP
|
||||||
int threads = STDMIN(omp_get_max_threads(),
|
int threads = STDMIN(omp_get_max_threads(), maxParallel);
|
||||||
static_cast<int>(STDMIN(static_cast<size_t>(parallel),
|
|
||||||
static_cast<size_t>(std::numeric_limits<int>::max()))));
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// http://stackoverflow.com/q/49604260/608639
|
// http://stackoverflow.com/q/49604260/608639
|
||||||
@ -260,7 +280,7 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz
|
|||||||
|
|
||||||
// 2: for i = 0 to p - 1 do
|
// 2: for i = 0 to p - 1 do
|
||||||
#pragma omp for
|
#pragma omp for
|
||||||
for (size_t i = 0; i < static_cast<size_t>(parallel); ++i)
|
for (int i = 0; i < maxParallel; ++i)
|
||||||
{
|
{
|
||||||
// 3: B_i <-- MF(B_i, N)
|
// 3: B_i <-- MF(B_i, N)
|
||||||
const ptrdiff_t offset = static_cast<ptrdiff_t>(blockSize*i*128);
|
const ptrdiff_t offset = static_cast<ptrdiff_t>(blockSize*i*128);
|
||||||
|
4
vendor/cryptopp/vendor_cryptopp/scrypt.h
vendored
4
vendor/cryptopp/vendor_cryptopp/scrypt.h
vendored
@ -76,7 +76,9 @@ public:
|
|||||||
/// \details The parameter <tt>blockSize</tt> ("r" in the documents) specifies the block
|
/// \details The parameter <tt>blockSize</tt> ("r" in the documents) specifies the block
|
||||||
/// size.
|
/// size.
|
||||||
/// \details The <tt>parallelization</tt> parameter ("p" in the documents) is a positive
|
/// \details The <tt>parallelization</tt> parameter ("p" in the documents) is a positive
|
||||||
/// integer less than or equal to <tt>((2^32-1) * 32) / (128 * r)</tt>.
|
/// integer less than or equal to <tt>((2^32-1) * 32) / (128 * r)</tt>. Due to Microsoft
|
||||||
|
/// and its OpenMP 2.0 implementation <tt>parallelization</tt> is limited to
|
||||||
|
/// <tt>std::numeric_limits<int>::max()</tt>.
|
||||||
/// \details Scrypt always returns 1 because it only performs 1 iteration. Other
|
/// \details Scrypt always returns 1 because it only performs 1 iteration. Other
|
||||||
/// derivation functions, like PBKDF's, will return more interesting values.
|
/// derivation functions, like PBKDF's, will return more interesting values.
|
||||||
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
|
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
|
||||||
|
Loading…
Reference in New Issue
Block a user