diff --git a/README.md b/README.md index 58e6fa40..1d12e273 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,30 @@ See [https://www.cryfs.org](https://www.cryfs.org). Install latest release ====================== +Linux +------ + This only works for Ubuntu 17.04 and later, and Debian Stretch and later. You can also use CryFS on older versions of these distributions by following the **Building from source** instructions below. sudo apt install cryfs + +OSX +---- + +CryFS is distributed via Homebrew. Just do + + brew cask install osxfuse + brew install cryfs + +Windows (experimental) +---------------------- + +CryFS has experimental Windows support since the 0.10 release series. To install it, do: + +1. Install [DokanY](https://github.com/dokan-dev/dokany/releases) +2. Install [Microsoft Visual C++ Redistributable for Visual Studio 2017](https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads) +3. Install [CryFS](https://www.cryfs.org/#download) GUI === @@ -72,12 +92,14 @@ You can pass the following variables to the *cmake* command (using *-Dvariablena - **-DCRYFS_UPDATE_CHECKS**=off: Build a CryFS that doesn't check online for updates and security vulnerabilities. Building on Windows (experimental) ---------------- +---------------------------------- Build with Visual Studio 2017 and pass in the following flags to CMake: - -DDOKAN_PATH=[dokan library location, e.g. "C:\Program Files\Dokan\DokanLibrary-1.1.0"] - -DBOOST_ROOT=[path to root of boost installation] + -DDOKAN_PATH=[dokan library location, e.g. "C:\Program Files\Dokan\DokanLibrary-1.1.0"] + -DBOOST_ROOT=[path to root of boost installation] + +If you set these variables correctly in the `CMakeSettings.json` file, you should be able to open the cryfs source folder with Visual Studio 2017. Troubleshooting --------------- @@ -141,7 +163,7 @@ There are additional requirements if you want to create packages. They are: 2. Build $ mkdir cmake && cd cmake - $ cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=off + $ cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_TESTING=off $ make package diff --git a/appveyor.yml b/appveyor.yml index d5fa3de9..22176d39 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -2,7 +2,7 @@ image: #- Visual Studio 2013 #- Visual Studio 2015 - Visual Studio 2017 -- Visual Studio 2017 Preview +#- Visual Studio 2017 Preview platform: - x64 diff --git a/src/cryfs/config/CryConfigLoader.cpp b/src/cryfs/config/CryConfigLoader.cpp index 78e0cc86..79d1f238 100644 --- a/src/cryfs/config/CryConfigLoader.cpp +++ b/src/cryfs/config/CryConfigLoader.cpp @@ -71,7 +71,7 @@ void CryConfigLoader::_checkVersion(const CryConfig &config, bool allowFilesyste } } if (!allowFilesystemUpgrade && gitversion::VersionCompare::isOlderThan(config.Version(), CryConfig::FilesystemFormatVersion)) { - if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). You're running a CryFS version using storage format " + CryConfig::FilesystemFormatVersion + ". It can be migrated, but afterwards couldn't be opened anymore with older versions. Please make a backup of your data before attempting a migration. Do you want to migrate it now?", false)) { + if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). You're running a CryFS version using storage format " + CryConfig::FilesystemFormatVersion + ". It is recommended to create a new filesystem with CryFS 0.10 and copy your files into it. If you don't want to do that, we can also attempt to migrate the existing filesystem, but that can take a long time, you won't be getting some of the performance advantages of the 0.10 release series, and if the migration fails, your data may be lost. If you decide to continue, please make sure you have a backup of your data. Do you want to attempt a migration now?", false)) { throw CryfsException("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). It has to be migrated.", ErrorCode::TooOldFilesystemFormat); } } diff --git a/src/cryfs/filesystem/fsblobstore/FsBlobStore.cpp b/src/cryfs/filesystem/fsblobstore/FsBlobStore.cpp index fad3ead9..de0cc628 100644 --- a/src/cryfs/filesystem/fsblobstore/FsBlobStore.cpp +++ b/src/cryfs/filesystem/fsblobstore/FsBlobStore.cpp @@ -56,7 +56,7 @@ boost::optional> FsBlobStore::load(const blockstore::BlockId dir.AppendChildrenTo(&children); for (const auto &child : children) { auto childEntry = dir.GetChild(child.name); - ASSERT(childEntry != none, "Couldn't load child, although it was returned as a child in the lsit."); + ASSERT(childEntry != none, "Couldn't load child, although it was returned as a child in the list."); auto childBlob = _baseBlobStore->load(childEntry->blockId()); ASSERT(childBlob != none, "Couldn't load child blob"); _migrate(std::move(*childBlob), dir.blockId()); diff --git a/test/cryfs/config/CryConfigLoaderTest.cpp b/test/cryfs/config/CryConfigLoaderTest.cpp index 67ce3c6f..ec0dcf98 100644 --- a/test/cryfs/config/CryConfigLoaderTest.cpp +++ b/test/cryfs/config/CryConfigLoaderTest.cpp @@ -310,7 +310,7 @@ TEST_F(CryConfigLoaderTest, AsksWhenLoadingNewerFilesystem_AnswerNo) { } TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) { - EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), false)).Times(1).WillOnce(Return(true)); + EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to attempt a migration now?"), false)).Times(1).WillOnce(Return(true)); string version = olderVersion(); CreateWithVersion(version, version); @@ -318,14 +318,14 @@ TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) { } TEST_F(CryConfigLoaderTest, DoesNotAskForMigrationWhenCorrectVersion) { - EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), _)).Times(0); + EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to attempt a migration now?"), _)).Times(0); CreateWithVersion(gitversion::VersionString(), CryConfig::FilesystemFormatVersion); EXPECT_NE(boost::none, Load()); } TEST_F(CryConfigLoaderTest, DontMigrateWhenAnsweredNo) { - EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), false)).Times(1).WillOnce(Return(false)); + EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to attempt a migration now?"), false)).Times(1).WillOnce(Return(false)); string version = olderVersion(); CreateWithVersion(version, version); diff --git a/vendor/README b/vendor/README index 771c571b..aadcf953 100644 --- a/vendor/README +++ b/vendor/README @@ -5,3 +5,8 @@ spdlog: https://github.com/gabime/spdlog/tree/v0.16.3/include/spdlog cryptopp: https://github.com/weidai11/cryptopp/tree/CRYPTOPP_8_0_0 - changed: added CMakeLists.txt and cryptopp-config.cmake from https://github.com/noloader/cryptopp-cmake/tree/CRYPTOPP_8_0_0 - changed: commented out line including winapifamily.h in CMakeLists.txt + - cherry-picked commits to get OpenMP for scrypt on Windows: + - https://github.com/weidai11/cryptopp/commit/aa043b38a7930725c31a0cd7016986d1c581c573 + - https://github.com/weidai11/cryptopp/commit/672f5c7f3dad8ae12b2d0ce0940ccb7c8e257bf8 + - https://github.com/weidai11/cryptopp/commit/7e96a283a3192d29aac5b60e5b4ff19248f00d9a + - https://github.com/weidai11/cryptopp/commit/ca32b63038d5f7b13e2e00809cd9184a1efe8c24 diff --git a/vendor/cryptopp/CMakeLists.txt b/vendor/cryptopp/CMakeLists.txt index 9316493a..ef7a3e10 100644 --- a/vendor/cryptopp/CMakeLists.txt +++ b/vendor/cryptopp/CMakeLists.txt @@ -9,76 +9,72 @@ target_compile_definitions(cryptopp PUBLIC $<$:CRYPTOPP_DEBUG>) # add_compile_options($<$:-DCRYPTOPP_DEBUG>) # add to stuff built in subdirectories (like the actual library) if(NOT DISABLE_OPENMP) - if (MSVC) - message(WARNING "MSVC does not support the OpenMP 4.0 standard used by Crypto++. Disabling OpenMP. This can cause degraded performance.") - else() - find_package(OpenMP) + find_package(OpenMP) - if (OPENMP_FOUND OR OPENMP_CXX_FOUND) - message(STATUS "Found libomp without any special flags") - endif() - - # If OpenMP wasn't found, try if we can find it in the default Macports location - if((NOT OPENMP_FOUND) AND (NOT OPENMP_CXX_FOUND) AND EXISTS "/opt/local/lib/libomp/libomp.dylib") # older cmake uses OPENMP_FOUND, newer cmake also sets OPENMP_CXX_FOUND, homebrew installations seem only to get the latter set. - set(OpenMP_CXX_FLAGS "-Xpreprocessor -fopenmp -I/opt/local/include/libomp/") - set(OpenMP_CXX_LIB_NAMES omp) - set(OpenMP_omp_LIBRARY /opt/local/lib/libomp/libomp.dylib) - - find_package(OpenMP) - if (OPENMP_FOUND OR OPENMP_CXX_FOUND) - message(STATUS "Found libomp in macports default location.") - else() - message(FATAL_ERROR "Didn't find libomp. Tried macports default location but also didn't find it.") - endif() - endif() - - # If OpenMP wasn't found, try if we can find it in the default Homebrew location - if((NOT OPENMP_FOUND) AND (NOT OPENMP_CXX_FOUND) AND EXISTS "/usr/local/opt/libomp/lib/libomp.dylib") - set(OpenMP_CXX_FLAGS "-Xpreprocessor -fopenmp -I/usr/local/opt/libomp/include") - set(OpenMP_CXX_LIB_NAMES omp) - set(OpenMP_omp_LIBRARY /usr/local/opt/libomp/lib/libomp.dylib) - - find_package(OpenMP) - if (OPENMP_FOUND OR OPENMP_CXX_FOUND) - message(STATUS "Found libomp in homebrew default location.") - else() - message(FATAL_ERROR "Didn't find libomp. Tried homebrew default location but also didn't find it.") - endif() - endif() - - set(Additional_OpenMP_Libraries_Workaround "") - - # Workaround because older cmake on apple doesn't support FindOpenMP - if((NOT OPENMP_FOUND) AND (NOT OPENMP_CXX_FOUND)) - if((APPLE AND ((CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang") OR (CMAKE_CXX_COMPILER_ID STREQUAL "Clang"))) - AND ((CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "7.0") AND (CMAKE_VERSION VERSION_LESS "3.12.0"))) - message(STATUS "Applying workaround for OSX OpenMP with old cmake that doesn't have FindOpenMP") - set(OpenMP_CXX_FLAGS "-Xclang -fopenmp") - set(Additional_OpenMP_Libraries_Workaround "-lomp") - else() - message(FATAL_ERROR "Did not find OpenMP. Build with -DDISABLE_OPENMP=ON if you want to allow this and are willing to take the performance hit.") - endif() - endif() - - if(NOT TARGET OpenMP::OpenMP_CXX) - # We're on cmake < 3.9, handle behavior of the old FindOpenMP implementation - message(STATUS "Applying workaround for old CMake that doesn't define FindOpenMP using targets") - add_library(OpenMP_TARGET INTERFACE) - add_library(OpenMP::OpenMP_CXX ALIAS OpenMP_TARGET) - target_compile_options(OpenMP_TARGET INTERFACE ${OpenMP_CXX_FLAGS}) # add to all targets depending on this - find_package(Threads REQUIRED) - target_link_libraries(OpenMP_TARGET INTERFACE Threads::Threads) - target_link_libraries(OpenMP_TARGET INTERFACE ${OpenMP_CXX_FLAGS} ${Additional_OpenMP_Libraries_Workaround}) - endif() - - target_link_libraries(cryptopp PUBLIC ${OpenMP_CXX_FLAGS}) # Workaround for Ubuntu 18.04 that otherwise doesn't set -fopenmp for linking - target_link_libraries(cryptopp PUBLIC OpenMP::OpenMP_CXX) - - # also add these flags to the third party Crypto++ build setup that is built in a subdirectory - message(STATUS "OpenMP flags: ${OpenMP_CXX_FLAGS}") - string(REPLACE " " ";" REPLACED_FLAGS ${OpenMP_CXX_FLAGS}) - add_compile_options(${REPLACED_FLAGS}) + if (OPENMP_FOUND OR OPENMP_CXX_FOUND) + message(STATUS "Found libomp without any special flags") endif() + + # If OpenMP wasn't found, try if we can find it in the default Macports location + if((NOT OPENMP_FOUND) AND (NOT OPENMP_CXX_FOUND) AND EXISTS "/opt/local/lib/libomp/libomp.dylib") # older cmake uses OPENMP_FOUND, newer cmake also sets OPENMP_CXX_FOUND, homebrew installations seem only to get the latter set. + set(OpenMP_CXX_FLAGS "-Xpreprocessor -fopenmp -I/opt/local/include/libomp/") + set(OpenMP_CXX_LIB_NAMES omp) + set(OpenMP_omp_LIBRARY /opt/local/lib/libomp/libomp.dylib) + + find_package(OpenMP) + if (OPENMP_FOUND OR OPENMP_CXX_FOUND) + message(STATUS "Found libomp in macports default location.") + else() + message(FATAL_ERROR "Didn't find libomp. Tried macports default location but also didn't find it.") + endif() + endif() + + # If OpenMP wasn't found, try if we can find it in the default Homebrew location + if((NOT OPENMP_FOUND) AND (NOT OPENMP_CXX_FOUND) AND EXISTS "/usr/local/opt/libomp/lib/libomp.dylib") + set(OpenMP_CXX_FLAGS "-Xpreprocessor -fopenmp -I/usr/local/opt/libomp/include") + set(OpenMP_CXX_LIB_NAMES omp) + set(OpenMP_omp_LIBRARY /usr/local/opt/libomp/lib/libomp.dylib) + + find_package(OpenMP) + if (OPENMP_FOUND OR OPENMP_CXX_FOUND) + message(STATUS "Found libomp in homebrew default location.") + else() + message(FATAL_ERROR "Didn't find libomp. Tried homebrew default location but also didn't find it.") + endif() + endif() + + set(Additional_OpenMP_Libraries_Workaround "") + + # Workaround because older cmake on apple doesn't support FindOpenMP + if((NOT OPENMP_FOUND) AND (NOT OPENMP_CXX_FOUND)) + if((APPLE AND ((CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang") OR (CMAKE_CXX_COMPILER_ID STREQUAL "Clang"))) + AND ((CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "7.0") AND (CMAKE_VERSION VERSION_LESS "3.12.0"))) + message(STATUS "Applying workaround for OSX OpenMP with old cmake that doesn't have FindOpenMP") + set(OpenMP_CXX_FLAGS "-Xclang -fopenmp") + set(Additional_OpenMP_Libraries_Workaround "-lomp") + else() + message(FATAL_ERROR "Did not find OpenMP. Build with -DDISABLE_OPENMP=ON if you want to allow this and are willing to take the performance hit.") + endif() + endif() + + if(NOT TARGET OpenMP::OpenMP_CXX) + # We're on cmake < 3.9, handle behavior of the old FindOpenMP implementation + message(STATUS "Applying workaround for old CMake that doesn't define FindOpenMP using targets") + add_library(OpenMP_TARGET INTERFACE) + add_library(OpenMP::OpenMP_CXX ALIAS OpenMP_TARGET) + target_compile_options(OpenMP_TARGET INTERFACE ${OpenMP_CXX_FLAGS}) # add to all targets depending on this + find_package(Threads REQUIRED) + target_link_libraries(OpenMP_TARGET INTERFACE Threads::Threads) + target_link_libraries(OpenMP_TARGET INTERFACE ${OpenMP_CXX_FLAGS} ${Additional_OpenMP_Libraries_Workaround}) + endif() + + target_link_libraries(cryptopp PUBLIC ${OpenMP_CXX_FLAGS}) # Workaround for Ubuntu 18.04 that otherwise doesn't set -fopenmp for linking + target_link_libraries(cryptopp PUBLIC OpenMP::OpenMP_CXX) + + # also add these flags to the third party Crypto++ build setup that is built in a subdirectory + message(STATUS "OpenMP flags: ${OpenMP_CXX_FLAGS}") + string(REPLACE " " ";" REPLACED_FLAGS ${OpenMP_CXX_FLAGS}) + add_compile_options(${REPLACED_FLAGS}) else() message(WARNING "OpenMP is disabled. This can cause degraded performance.") endif() diff --git a/vendor/cryptopp/vendor_cryptopp/cryptest.nmake b/vendor/cryptopp/vendor_cryptopp/cryptest.nmake index e2a5db72..a15fc7b0 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptest.nmake +++ b/vendor/cryptopp/vendor_cryptopp/cryptest.nmake @@ -139,6 +139,7 @@ LDLIBS = # CXXFLAGS = $(CXXFLAGS) /DDEBUG /D_DEBUG /Oi /Oy- /Od /MTd # Release build. Add /OPT:REF to linker CXXFLAGS = $(CXXFLAGS) /DNDEBUG /D_NDEBUG /Oi /Oy /O2 /MT +# Linker flags. LDFLAGS = $(LDFLAGS) /OPT:REF # Attempt to detect when and are available diff --git a/vendor/cryptopp/vendor_cryptopp/salsa.cpp b/vendor/cryptopp/vendor_cryptopp/salsa.cpp index 148d970a..fb2dc03e 100644 --- a/vendor/cryptopp/vendor_cryptopp/salsa.cpp +++ b/vendor/cryptopp/vendor_cryptopp/salsa.cpp @@ -90,9 +90,14 @@ void Salsa20_Core(word32* data, unsigned int rounds) x[15] ^= rotlConstant<18>(x[14]+x[13]); } +#ifdef _MSC_VER + for (size_t i = 0; i < 16; ++i) + data[i] += x[i]; +#else #pragma omp simd for (size_t i = 0; i < 16; ++i) data[i] += x[i]; +#endif } std::string Salsa20_Policy::AlgorithmProvider() const diff --git a/vendor/cryptopp/vendor_cryptopp/scrypt.cpp b/vendor/cryptopp/vendor_cryptopp/scrypt.cpp index 3566c3e1..69f486d1 100644 --- a/vendor/cryptopp/vendor_cryptopp/scrypt.cpp +++ b/vendor/cryptopp/vendor_cryptopp/scrypt.cpp @@ -14,6 +14,8 @@ #include "sha.h" #include +#include + #ifdef _OPENMP # include #endif @@ -53,9 +55,14 @@ static inline void BlockCopy(byte* dest, byte* src, size_t len) static inline void BlockXOR(byte* dest, byte* src, size_t len) { +#ifdef _MSC_VER + for (size_t i = 0; i < len; ++i) + dest[i] ^= src[i]; +#else #pragma omp simd for (size_t i = 0; i < len; ++i) dest[i] ^= src[i]; +#endif } static inline void PBKDF2_SHA256(byte* buf, size_t dkLen, @@ -171,6 +178,16 @@ void Scrypt::ValidateParameters(size_t derivedLen, word64 cost, word64 blockSize } } + // https://github.com/weidai11/cryptopp/issues/787 + CRYPTOPP_ASSERT(parallelization <= std::numeric_limits::max()); + if (parallelization > static_cast(std::numeric_limits::max())) + { + std::ostringstream oss; + oss << " parallelization " << parallelization << " is larger than "; + oss << std::numeric_limits::max(); + throw InvalidArgument("Scrypt: " + oss.str()); + } + CRYPTOPP_ASSERT(IsPowerOf2(cost)); if (IsPowerOf2(cost) == false) throw InvalidArgument("Scrypt: cost must be a power of 2"); @@ -245,10 +262,13 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz // 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) PBKDF2_SHA256(B, B.size(), secret, secretLen, salt, saltLen, 1); + // Visual Studio and OpenMP 2.0 fixup. We must use int, not size_t. + int maxParallel=0; + if (!SafeConvert(parallel, maxParallel)) + maxParallel = std::numeric_limits::max(); + #ifdef _OPENMP - int threads = STDMIN(omp_get_max_threads(), - static_cast(STDMIN(static_cast(parallel), - static_cast(std::numeric_limits::max())))); + int threads = STDMIN(omp_get_max_threads(), maxParallel); #endif // http://stackoverflow.com/q/49604260/608639 @@ -260,7 +280,7 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz // 2: for i = 0 to p - 1 do #pragma omp for - for (size_t i = 0; i < static_cast(parallel); ++i) + for (int i = 0; i < maxParallel; ++i) { // 3: B_i <-- MF(B_i, N) const ptrdiff_t offset = static_cast(blockSize*i*128); diff --git a/vendor/cryptopp/vendor_cryptopp/scrypt.h b/vendor/cryptopp/vendor_cryptopp/scrypt.h index 129c5dc3..8c6f394f 100644 --- a/vendor/cryptopp/vendor_cryptopp/scrypt.h +++ b/vendor/cryptopp/vendor_cryptopp/scrypt.h @@ -76,7 +76,9 @@ public: /// \details The parameter blockSize ("r" in the documents) specifies the block /// size. /// \details The parallelization parameter ("p" in the documents) is a positive - /// integer less than or equal to ((2^32-1) * 32) / (128 * r). + /// integer less than or equal to ((2^32-1) * 32) / (128 * r). Due to Microsoft + /// and its OpenMP 2.0 implementation parallelization is limited to + /// std::numeric_limits::max(). /// \details Scrypt always returns 1 because it only performs 1 iteration. Other /// derivation functions, like PBKDF's, will return more interesting values. /// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For