Compare commits

...

20 Commits

Author SHA1 Message Date
Jakob Unterwurzacher b370325ccf speed: GoGCM: start at block size 16
BenchmarkGoGCMBlockSize/16-4      	 5499200	       219.7 ns/op	  72.83 MB/s
BenchmarkGoGCMBlockSize/32-4      	 4497284	       266.2 ns/op	 120.22 MB/s
BenchmarkGoGCMBlockSize/64-4      	 3296336	       363.4 ns/op	 176.10 MB/s
BenchmarkGoGCMBlockSize/128-4     	 4204794	       285.5 ns/op	 448.36 MB/s
BenchmarkGoGCMBlockSize/256-4     	 2928472	       409.7 ns/op	 624.83 MB/s
BenchmarkGoGCMBlockSize/512-4     	 1825164	       658.0 ns/op	 778.09 MB/s
BenchmarkGoGCMBlockSize/1024-4    	 1000000	      1151 ns/op	 889.98 MB/s
BenchmarkGoGCMBlockSize/2048-4    	  560275	      2135 ns/op	 959.47 MB/s
BenchmarkGoGCMBlockSize/4096-4    	  291906	      4099 ns/op	 999.28 MB/s
BenchmarkGoGCMBlockSize/8192-4    	  148916	      8033 ns/op	1019.83 MB/s
BenchmarkGoGCMBlockSize/16384-4   	   75337	     15911 ns/op	1029.75 MB/s
BenchmarkGoGCMBlockSize/32768-4   	   37912	     31651 ns/op	1035.30 MB/s
BenchmarkGoGCMBlockSize/65536-4   	   19000	     64287 ns/op	1019.43 MB/s
BenchmarkGoGCMBlockSize/131072-4  	    9225	    127636 ns/op	1026.92 MB/s
BenchmarkGoGCMBlockSize/262144-4  	    4752	    252300 ns/op	1039.02 MB/s
BenchmarkGoGCMBlockSize/524288-4  	    2377	    504612 ns/op	1038.99 MB/s
BenchmarkGoGCMBlockSize/1048576-4 	    1183	   1011637 ns/op	1036.51 MB/s
2023-03-08 17:04:07 +01:00
Jakob Unterwurzacher d74cf7c723 speed: add per-blocksize GoGCM benchmarks
Only visible when you run "go test -bench" like this:

$ cd gocryptfs/internal/speed
$ go test -bench .

goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/speed
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkStupidGCM-4              	  202352	      5937 ns/op	 689.96 MB/s
BenchmarkStupidGCMDecrypt-4       	  206023	      5782 ns/op	 708.38 MB/s
BenchmarkGoGCM-4                  	  291878	      4098 ns/op	 999.45 MB/s
BenchmarkGoGCMBlockSize/1024-4    	 1000000	      1151 ns/op	 889.88 MB/s
BenchmarkGoGCMBlockSize/2048-4    	  561182	      2134 ns/op	 959.60 MB/s
BenchmarkGoGCMBlockSize/4096-4    	  292057	      4101 ns/op	 998.87 MB/s
BenchmarkGoGCMBlockSize/8192-4    	  149216	      8031 ns/op	1020.09 MB/s
BenchmarkGoGCMBlockSize/16384-4   	   75361	     15917 ns/op	1029.34 MB/s
BenchmarkGoGCMBlockSize/32768-4   	   37916	     31649 ns/op	1035.35 MB/s
BenchmarkGoGCMBlockSize/65536-4   	   19005	     63117 ns/op	1038.33 MB/s
BenchmarkGoGCMBlockSize/131072-4  	    9498	    126166 ns/op	1038.89 MB/s
BenchmarkGoGCMBlockSize/262144-4  	    4755	    252149 ns/op	1039.64 MB/s
BenchmarkGoGCMBlockSize/524288-4  	    2377	    504108 ns/op	1040.03 MB/s
BenchmarkGoGCMBlockSize/1048576-4 	    1188	   1008675 ns/op	1039.56 MB/s
BenchmarkGoGCMDecrypt-4           	  294664	      4059 ns/op	1009.02 MB/s
BenchmarkAESSIV-4                 	   46498	     25432 ns/op	 161.05 MB/s
BenchmarkAESSIVDecrypt-4          	   46908	     25509 ns/op	 160.57 MB/s
BenchmarkXchacha-4                	  244473	      4894 ns/op	 836.97 MB/s
BenchmarkXchachaDecrypt-4         	  249710	      4798 ns/op	 853.75 MB/s
BenchmarkStupidXchacha-4          	  166988	      7101 ns/op	 576.79 MB/s
BenchmarkStupidXchachaDecrypt-4   	  163093	      7240 ns/op	 565.72 MB/s
BenchmarkStupidChacha-4           	  184172	      6527 ns/op	 627.58 MB/s
BenchmarkStupidChachaDecrypt-4    	  179796	      6659 ns/op	 615.11 MB/s
PASS
ok  	github.com/rfjakob/gocryptfs/v2/internal/speed	30.068s
2023-03-08 16:54:56 +01:00
Jakob Unterwurzacher 77a0410e2e README: update changelog for v2.3.1 2023-03-04 13:52:45 +01:00
rfjakob 403f59b1c0
Update README.md
Package has been removed from Fedora.

https://github.com/rfjakob/gocryptfs/issues/659
2023-02-25 18:12:10 +01:00
Jakob Unterwurzacher 8f3ec5dcaa fusefrontend: unbreak isConsecutiveWrite streaming write optimization
Commit 6196a5b5 got the logic inverted, hence we never
set the last position markers.

Fixes https://github.com/rfjakob/gocryptfs/issues/712
2023-02-21 22:08:41 +01:00
Jakob Unterwurzacher 85297cda97 fusefrontend: doWrite: report readFileID errors as I/O error
It used to be reported as "function not implemented", accompanied
with this log output:

  go-fuse: can't convert error type: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000

Now we report EIO and log this:

  doWrite 1372183: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
2023-02-21 22:08:41 +01:00
Jakob Unterwurzacher e9a5b8962b contentenc: simplify testRange tables
Get rid of this eyesore.
2023-02-21 22:08:41 +01:00
Evgeny 6dc8c26100 MANPAGE: add a note on enabling Trash on macOS 2023-02-01 08:38:33 +01:00
Jakob Unterwurzacher 88bc0aa607 MANPAGE: scryptn: list how much memory is needed
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ ,
and add benchmarks to double-check the numbers. They match.
2023-01-08 22:17:14 +01:00
Gisi0 0b5b864a06 Update MANPAGE.md
added which package on linux is needed to use fido2 stick
2023-01-07 10:04:08 +01:00
a1346054 3c1ac3b06b MANPAGE.md: use correct indefinite article a->an 2023-01-01 22:06:29 +01:00
Jakob Unterwurzacher c4b95cf35a github ci: bump actions ; add "stable" and "oldstable" Go versions 2022-12-29 15:28:59 +01:00
Jakob Unterwurzacher b2a5cec4dd main: BuildInfo: fix build with Go 1.17 and older
On Go 1.17 and older we get this:

  Error: ./version.go:67:24: info.Settings undefined (type *debug.BuildInfo has no field or method Settings)

Fix the build error by shedding some nice-to-have features.
2022-12-29 15:21:17 +01:00
Jakob Unterwurzacher 856ccaac10 make format
Run "make format" using
go version go1.19.4 linux/amd64
2022-12-29 15:00:37 +01:00
Jakob Unterwurzacher 99cdaa0b69 main: refactor BuildInfo code
Simplify and move it into a new file version.go.
2022-12-29 14:43:48 +01:00
Daniel Theophanes 439dea1b19 Use existing build information for version if not embedded with build script
Go1.12 introduced BuildInfo which embeds build information. It does
not embed build date to facilitate reproducable builds by default.
If build information is embedded from build script, use the information
provided by the Go build system.
2022-12-29 14:42:13 +01:00
Jakob Unterwurzacher ff32e99791 main: doMount: call Setsid before starting logger
The logger should be in the new background session together
with the gocryptfs process.

Before:
	$ xfce4-terminal -x gocryptfs a b
	$ ps xao pid,ppid,pgid,sid,comm,args
	    PID    PPID    PGID     SID COMMAND         COMMAND
	 192272    1371  192272  192272 gocryptfs       /ssd2/jakob.donotbackup/go/bin/gocryptfs -fg -notifypid=192265 a b
	 192292  192272  192265  192265 logge <defunct> [logger] <defunct>

After:
	$ xfce4-terminal -x gocryptfs a b
	$ ps xao pid,ppid,pgid,sid,comm,args
	    PID    PPID    PGID     SID COMMAND         COMMAND
	 211714    1371  211714  211714 gocryptfs       /ssd2/jakob.donotbackup/go/bin/gocryptfs -fg -notifypid=211708 a b
	 211776  211714  211714  211714 logger          logger -t gocryptfs-211714-logger

Fixes https://github.com/rfjakob/gocryptfs/issues/660
2022-12-29 13:57:03 +01:00
Christian Stewart 7ee4c8e9c3 go.mod: fix jacobsa/crypto build on riscv64
Replace dependency jacobsa/crypto with a fork with support for riscv64.

Issue: https://github.com/rfjakob/gocryptfs/issues/666

Upstream PR: https://github.com/jacobsa/crypto/issues/13

Unaddressed on jacobsa/crypto:

https://github.com/jacobsa/crypto/pull/14#issuecomment-1182744229

Signed-off-by: Christian Stewart <christian@paral.in>
2022-12-21 18:38:11 +01:00
Val 0ec7ffbfe9 Upgrade go-fuse
Ran `go get -u github.com/hanwen/go-fuse/v2@master` to get this diff

As pointed out in https://github.com/rfjakob/gocryptfs/issues/595#issuecomment-1222271612, go-fuse was updated with a patch to allow `-reverse` mode on macOS!
2022-11-27 10:18:11 +01:00
Jakob Unterwurzacher f8bd172289 Update changelog for v2.3.0 2022-10-21 22:06:25 +02:00
28 changed files with 306 additions and 204 deletions

View File

@ -13,16 +13,16 @@ jobs:
go: go:
- "1.13.x" # Ubuntu 20.04 LTS "focal" - "1.13.x" # Ubuntu 20.04 LTS "focal"
- "1.15.x" # Debian 11 "Bullseye" - "1.15.x" # Debian 11 "Bullseye"
- "1.17.x" # Golang upstream stable - "1.18.x" # Ubuntu 22.04 LTS "jammy"
- "1.18.x" # Golang upstream stable - "oldstable" # 2nd-latest Golang upstream stable
- "1.19.x" # Golang upstream stable - "stable" # Latest Go upstream stable
# Don't cancel everything when one Go version fails # Don't cancel everything when one Go version fails
fail-fast: false fail-fast: false
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Install Go ${{ matrix.go }} - name: Install Go ${{ matrix.go }}
uses: actions/setup-go@v2 uses: actions/setup-go@v3
with: with:
go-version: ${{ matrix.go }} go-version: ${{ matrix.go }}
@ -30,7 +30,7 @@ jobs:
# https://github.com/actions/runner/issues/1188 # https://github.com/actions/runner/issues/1188
- run: ls -l /proc/self/fd - run: ls -l /proc/self/fd
- uses: actions/checkout@v2 - uses: actions/checkout@v3
with: with:
fetch-depth: 0 # Make "git describe" work fetch-depth: 0 # Make "git describe" work
@ -42,7 +42,7 @@ jobs:
# Build & upload static binary # Build & upload static binary
- run: ./build-without-openssl.bash - run: ./build-without-openssl.bash
- uses: actions/upload-artifact@v2 - uses: actions/upload-artifact@v3
with: with:
name: gocryptfs static binary (Go ${{ matrix.go }}) name: gocryptfs static binary (Go ${{ matrix.go }})
path: gocryptfs path: gocryptfs

View File

@ -305,8 +305,10 @@ runs as root, you can enable device files by passing the opposite mount option,
"dev", and if you want to enable suid-binaries, pass "suid". "dev", and if you want to enable suid-binaries, pass "suid".
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be "ro" (equivalent to passing the "-ro" option) and "noexec" may also be
interesting. For a complete list see the section interesting. For a complete list see the section
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local", `FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local" enables volume-based trash
"noapplexattr", "noappledouble" may be interesting. if you have `.Trashes` folder in the root of your volume (might need to be manually created)
note, though, that "local" is marked as "experimental" in [osxfuse](https://github.com/osxfuse/osxfuse/wiki/Mount-options#local);
"noapplexattr", "noappledouble" may also be interesting.
Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE
the directories. Example: the directories. Example:
@ -478,11 +480,12 @@ for details.
#### -fido2 DEVICE_PATH #### -fido2 DEVICE_PATH
Use a FIDO2 token to initialize and unlock the filesystem. Use a FIDO2 token to initialize and unlock the filesystem.
Use "fido2-token -L" to obtain the FIDO2 token device path. Use "fido2-token -L" to obtain the FIDO2 token device path.
For linux, "fido2-tools" package is needed.
Applies to: all actions that ask for a password. Applies to: all actions that ask for a password.
#### -masterkey string #### -masterkey string
Use a explicit master key specified on the command line or, if the special Use an explicit master key specified on the command line or, if the special
value "stdin" is used, read the masterkey from stdin, instead of reading value "stdin" is used, read the masterkey from stdin, instead of reading
the config file and asking for the decryption password. the config file and asking for the decryption password.
@ -562,15 +565,44 @@ Quiet - silence informational messages.
Applies to: all actions. Applies to: all actions.
#### -scryptn int #### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are gocryptfs uses *scrypt* for hashing the password when mounting,
10 to 28, representing N=2^10 to N=2^28. which protects from brute-force attacks.
`-scryptn` controls the *scrypt* cost parameter "N" expressed as scryptn=log2(N).
Possible values are `-scryptn=10` to `-scryptn=28`, representing N=2^10 to N=2^28.
Setting this to a lower Setting this to a lower
value speeds up mounting and reduces its memory needs, but makes value speeds up mounting and reduces its memory needs, but makes
the password susceptible to brute-force attacks. The default is 16. the password susceptible to brute-force attacks. The default is 16.
The memory usage for *scrypt* during mounting is as follows:
scryptn Memory Usage
======= ============
10 1 MiB
11 2
12 4
13 8
14 16
15 32
16 64
17 128
18 256
19 512
20 1 GiB
21 2
22 4
23 8
24 16
25 32
26 64
27 128
28 256
Applies to: `-init`, `-passwd` Applies to: `-init`, `-passwd`
See also: the benchmarks in the gocryptfs source code in internal/configfile.
#### -trace string #### -trace string
Write execution trace to file. View the trace using "go tool trace FILE". Write execution trace to file. View the trace using "go tool trace FILE".

View File

@ -62,7 +62,6 @@ distribution must be installed for mounting to work.
gocryptfs is also available as a package in most distributions. Examples: gocryptfs is also available as a package in most distributions. Examples:
* Debian, Ubuntu: `apt install gocryptfs` * Debian, Ubuntu: `apt install gocryptfs`
* Fedora: `dnf install gocryptfs`
* Arch: `pacman -S gocryptfs` * Arch: `pacman -S gocryptfs`
* MacPorts: `port install gocryptfs` * MacPorts: `port install gocryptfs`
@ -196,6 +195,25 @@ RM: 2,367
Changelog Changelog
--------- ---------
#### v2.3.1, 2023-03-04
* Optimize NFS streaming write performance ([#712](https://github.com/rfjakob/gocryptfs/issues/712),
[commit](https://github.com/rfjakob/gocryptfs/commit/8f3ec5dcaa6eb18d11746675190a7aaceb422764)).
You should see about a 4x performance increase.
* Use `debug.ReadBuildInfo()` to provide some
version information even when not built with `build.bash` ([#701](https://github.com/rfjakob/gocryptfs/pull/701)) .
* Fix bug that caused the `logger` process to be killed when started from `xfce4-terminal`,
and that terminal window was closed ([#660](https://github.com/rfjakob/gocryptfs/issues/660),
[commit](https://github.com/rfjakob/gocryptfs/commit/ff32e9979130e6237b0d97ef88304fa79ce61b06)).
* MacOS: Fix reverse mount failing with `read-only file system` ([#690](https://github.com/rfjakob/gocryptfs/pull/690))
* Make gocryptfs compile on riscv64 by switching from [jacobsa/crypto](https://github.com/jacobsa/crypto)
to maintained fork [aperturerobotics/jacobsa-crypto](https://github.com/aperturerobotics/jacobsa-crypto)
([#674](https://github.com/rfjakob/gocryptfs/pull/674))
#### v2.3.0, 2022-10-21
* Identical to v2.3, just tagged once more in full semver x.y.z format. This make Go's fetching logic happy,
which ignores v2.3 (without the third digit) completely.
Fixes [#694](https://github.com/rfjakob/gocryptfs/issues/694), [#688](https://github.com/rfjakob/gocryptfs/issues/688).
#### v2.3, 2022-08-28 #### v2.3, 2022-08-28
* Add **`-longnamemax`** flag to `-init` ([#499](https://github.com/rfjakob/gocryptfs/issues/499)). * Add **`-longnamemax`** flag to `-init` ([#499](https://github.com/rfjakob/gocryptfs/issues/499)).
Can be used to work around file or path length restrictions on online storage. Can be used to work around file or path length restrictions on online storage.
@ -580,7 +598,7 @@ Changelog
* **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))** * **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))**
* AES-SIV (RFC5297) encryption to implement deterministic encryption * AES-SIV (RFC5297) encryption to implement deterministic encryption
securely. Uses the excellent securely. Uses the excellent
[jacobsa/crypto](https://github.com/jacobsa/crypto) library. [jacobsa/crypto](https://github.com/aperturerobotics/jacobsa-crypto) library.
The corresponding feature flag is called `AESSIV`. The corresponding feature flag is called `AESSIV`.
* New command-line options: `-reverse`, `-aessiv` * New command-line options: `-reverse`, `-aessiv`
* Filesystems using reverse mode can only be mounted with gocryptfs v1.1 * Filesystems using reverse mode can only be mounted with gocryptfs v1.1

11
go.mod
View File

@ -3,18 +3,13 @@ module github.com/rfjakob/gocryptfs/v2
go 1.16 go 1.16
require ( require (
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914 github.com/aperturerobotics/jacobsa-crypto v1.0.0
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115 github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd // indirect
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff // indirect
github.com/jacobsa/ogletest v0.0.0-20170503003838-80d50a735a11 // indirect
github.com/jacobsa/reqtrace v0.0.0-20150505043853-245c9e0234cb // indirect
github.com/pkg/xattr v0.4.3 github.com/pkg/xattr v0.4.3
github.com/rfjakob/eme v1.1.2 github.com/rfjakob/eme v1.1.2
github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
) )

21
go.sum
View File

@ -1,9 +1,10 @@
github.com/aperturerobotics/jacobsa-crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:XKd7k7LIBmeR/WGENaSpUSjQbWBVKZFhMT7+zKM5KVU=
github.com/aperturerobotics/jacobsa-crypto v1.0.0 h1:ARfIuzgovK+5leAKbFHcicKEgMzD94tb/FTiWSHdGLU=
github.com/aperturerobotics/jacobsa-crypto v1.0.0/go.mod h1:xq0oOkHSPQ1E5ByqbwLhCJ1mygYHtXTMQnvHD4tz4Cc=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914 h1:hGXMxS1wTE4y+f7iBqFArrJ6X8QozHnEdnVzGZI9Ywc= github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde h1:fgTauqHA48CDt+qVQR+PJXqiI9bpYQglMIIi+h/mMts=
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc= github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115 h1:YuDUUFNM21CAbyPOpOP8BicaTD/0klJEKt5p8yuw+uY=
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:LadVJg0XuawGk+8L1rYnIED8451UyNxEMdTWCEt5kmU=
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA= github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA=
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M= github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M=
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw= github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw=
@ -30,21 +31,21 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c= golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 h1:c8PlLMqBbOHoqtjteWm5/kbe6rNY2pbRfbIMVnepueo= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=

View File

@ -1,60 +1,45 @@
package configfile package configfile
import ( import (
"fmt"
"testing" "testing"
) )
/* /*
Results on a 2.7GHz Pentium G630: $ time go test -bench . -run none
goos: linux
gocryptfs/cryptfs$ go test -bench=. goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/configfile
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkScryptN/10-4 339 3488649 ns/op 1053167 B/op 22 allocs/op ... 3ms+1MiB
BenchmarkScryptN/11-4 175 6816072 ns/op 2101742 B/op 22 allocs/op
BenchmarkScryptN/12-4 87 13659346 ns/op 4198898 B/op 22 allocs/op
BenchmarkScryptN/13-4 43 27443071 ns/op 8393209 B/op 22 allocs/op
BenchmarkScryptN/14-4 21 56931664 ns/op 16781820 B/op 22 allocs/op
BenchmarkScryptN/15-4 10 108494502 ns/op 33559027 B/op 22 allocs/op
BenchmarkScryptN/16-4 5 217347137 ns/op 67113465 B/op 22 allocs/op ... 217ms+67MiB
BenchmarkScryptN/17-4 3 449680138 ns/op 134222362 B/op 22 allocs/op
BenchmarkScryptN/18-4 2 867481653 ns/op 268440064 B/op 22 allocs/op
BenchmarkScryptN/19-4 1 1738085333 ns/op 536875536 B/op 23 allocs/op
BenchmarkScryptN/20-4 1 3508224867 ns/op 1073746448 B/op 23 allocs/op
BenchmarkScryptN/21-4 1 9536561994 ns/op 2147488272 B/op 23 allocs/op
BenchmarkScryptN/22-4 1 16937072495 ns/op 4294971920 B/op 23 allocs/op
PASS PASS
BenchmarkScrypt10-2 300 6021435 ns/op ... 6ms ok github.com/rfjakob/gocryptfs/v2/internal/configfile 47.545s
BenchmarkScrypt11-2 100 11861460 ns/op
BenchmarkScrypt12-2 100 23420822 ns/op
BenchmarkScrypt13-2 30 47666518 ns/op
BenchmarkScrypt14-2 20 92561590 ns/op ... 92ms
BenchmarkScrypt15-2 10 183971593 ns/op
BenchmarkScrypt16-2 3 368506365 ns/op
BenchmarkScrypt17-2 2 755502608 ns/op ... 755ms
ok github.com/rfjakob/gocryptfs/v2/cryptfs 18.772s
*/ */
func benchmarkScryptN(n int, b *testing.B) { func BenchmarkScryptN(b *testing.B) {
for n := 10; n <= 20; n++ {
b.Run(fmt.Sprintf("%d", n), func(b *testing.B) {
benchmarkScryptN(b, n)
})
}
}
func benchmarkScryptN(b *testing.B, n int) {
kdf := NewScryptKDF(n) kdf := NewScryptKDF(n)
for i := 0; i < b.N; i++ { for i := 0; i < b.N; i++ {
kdf.DeriveKey(testPw) kdf.DeriveKey(testPw)
} }
} b.ReportAllocs()
func BenchmarkScrypt10(b *testing.B) {
benchmarkScryptN(10, b)
}
func BenchmarkScrypt11(b *testing.B) {
benchmarkScryptN(11, b)
}
func BenchmarkScrypt12(b *testing.B) {
benchmarkScryptN(12, b)
}
func BenchmarkScrypt13(b *testing.B) {
benchmarkScryptN(13, b)
}
func BenchmarkScrypt14(b *testing.B) {
benchmarkScryptN(14, b)
}
func BenchmarkScrypt15(b *testing.B) {
benchmarkScryptN(15, b)
}
func BenchmarkScrypt16(b *testing.B) {
benchmarkScryptN(16, b)
}
func BenchmarkScrypt17(b *testing.B) {
benchmarkScryptN(17, b)
} }

View File

@ -12,15 +12,15 @@ type testRange struct {
} }
func TestSplitRange(t *testing.T) { func TestSplitRange(t *testing.T) {
var ranges []testRange ranges := []testRange{
{0, 70000},
ranges = append(ranges, testRange{0, 70000}, {0, 10},
testRange{0, 10}, {234, 6511},
testRange{234, 6511}, {65444, 54},
testRange{65444, 54}, {0, 1024 * 1024},
testRange{0, 1024 * 1024}, {0, 65536},
testRange{0, 65536}, {6654, 8945},
testRange{6654, 8945}) }
key := make([]byte, cryptocore.KeyLen) key := make([]byte, cryptocore.KeyLen)
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true) cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
@ -42,13 +42,13 @@ func TestSplitRange(t *testing.T) {
} }
func TestCiphertextRange(t *testing.T) { func TestCiphertextRange(t *testing.T) {
var ranges []testRange ranges := []testRange{
{0, 70000},
ranges = append(ranges, testRange{0, 70000}, {0, 10},
testRange{0, 10}, {234, 6511},
testRange{234, 6511}, {65444, 54},
testRange{65444, 54}, {6654, 8945},
testRange{6654, 8945}) }
key := make([]byte, cryptocore.KeyLen) key := make([]byte, cryptocore.KeyLen)
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true) cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)

View File

@ -6,10 +6,11 @@ import (
) )
// SanitizePath adapts filepath.Clean for FUSE paths. // SanitizePath adapts filepath.Clean for FUSE paths.
// 1) Leading slash(es) are dropped // 1. Leading slash(es) are dropped
// 2) It returns "" instead of "." // 2. It returns "" instead of "."
// 3) If the cleaned path points above CWD (start with ".."), an empty string // 3. If the cleaned path points above CWD (start with ".."), an empty string
// is returned // is returned
//
// See the TestSanitizePath testcases for examples. // See the TestSanitizePath testcases for examples.
func SanitizePath(path string) string { func SanitizePath(path string) string {
// (1) // (1)

View File

@ -5,7 +5,7 @@
// //
// Use like this: // Use like this:
// //
// import _ "github.com/rfjakob/gocryptfs/v2/internal/ensurefds012" // import _ "github.com/rfjakob/gocryptfs/v2/internal/ensurefds012"
// //
// The import line MUST be in the alphabitcally first source code file of // The import line MUST be in the alphabitcally first source code file of
// package main! // package main!
@ -13,17 +13,17 @@
// You can test if it works as expected by inserting a long sleep into main, // You can test if it works as expected by inserting a long sleep into main,
// startings gocryptfs with all fds closed like this, // startings gocryptfs with all fds closed like this,
// //
// $ ./gocryptfs 0<&- 1>&- 2>&- // $ ./gocryptfs 0<&- 1>&- 2>&-
// //
// and then checking the open fds. It should look like this: // and then checking the open fds. It should look like this:
// //
// $ ls -l /proc/$(pgrep gocryptfs)/fd // $ ls -l /proc/$(pgrep gocryptfs)/fd
// total 0 // total 0
// lrwx------. 1 jakob jakob 64 Jan 5 15:54 0 -> /dev/null // lrwx------. 1 jakob jakob 64 Jan 5 15:54 0 -> /dev/null
// lrwx------. 1 jakob jakob 64 Jan 5 15:54 1 -> /dev/null // lrwx------. 1 jakob jakob 64 Jan 5 15:54 1 -> /dev/null
// lrwx------. 1 jakob jakob 64 Jan 5 15:54 2 -> /dev/null // lrwx------. 1 jakob jakob 64 Jan 5 15:54 2 -> /dev/null
// l-wx------. 1 jakob jakob 64 Jan 5 15:54 3 -> /dev/null // l-wx------. 1 jakob jakob 64 Jan 5 15:54 3 -> /dev/null
// lrwx------. 1 jakob jakob 64 Jan 5 15:54 4 -> 'anon_inode:[eventpoll]' // lrwx------. 1 jakob jakob 64 Jan 5 15:54 4 -> 'anon_inode:[eventpoll]'
// //
// See https://github.com/rfjakob/gocryptfs/issues/320 for details. // See https://github.com/rfjakob/gocryptfs/issues/320 for details.
package ensurefds012 package ensurefds012

View File

@ -273,6 +273,10 @@ func (f *File) doWrite(data []byte, off int64) (uint32, syscall.Errno) {
if err == io.EOF { if err == io.EOF {
fileID, err = f.createHeader() fileID, err = f.createHeader()
fileWasEmpty = true fileWasEmpty = true
} else if err != nil {
// Other errors mean readFileID() found a corrupt header
tlog.Warn.Printf("doWrite %d: corrupt header: %v", f.qIno.Ino, err)
return 0, syscall.EIO
} }
if err != nil { if err != nil {
return 0, fs.ToErrno(err) return 0, fs.ToErrno(err)
@ -380,7 +384,7 @@ func (f *File) Write(ctx context.Context, data []byte, off int64) (uint32, sysca
} }
} }
n, errno := f.doWrite(data, off) n, errno := f.doWrite(data, off)
if errno != 0 { if errno == 0 {
f.lastOpCount = openfiletable.WriteOpCount() f.lastOpCount = openfiletable.WriteOpCount()
f.lastWrittenOffset = off + int64(len(data)) - 1 f.lastWrittenOffset = off + int64(len(data)) - 1
} }

View File

@ -30,8 +30,8 @@ var allocateWarnOnce sync.Once
// //
// mode=FALLOC_DEFAULT is implemented as a two-step process: // mode=FALLOC_DEFAULT is implemented as a two-step process:
// //
// (1) Allocate the space using FALLOC_FL_KEEP_SIZE // (1) Allocate the space using FALLOC_FL_KEEP_SIZE
// (2) Set the file size using ftruncate (via truncateGrowFile) // (2) Set the file size using ftruncate (via truncateGrowFile)
// //
// This allows us to reuse the file grow mechanics from Truncate as they are // This allows us to reuse the file grow mechanics from Truncate as they are
// complicated and hard to get right. // complicated and hard to get right.

View File

@ -3,8 +3,8 @@
// //
// Format of the returned inode numbers: // Format of the returned inode numbers:
// //
// [spill bit = 0][15 bit namespace id][48 bit passthru inode number] // [spill bit = 0][15 bit namespace id][48 bit passthru inode number]
// [spill bit = 1][63 bit spill inode number ] // [spill bit = 1][63 bit spill inode number ]
// //
// Each (Dev, Tag) tuple gets a namespace id assigned. The original inode // Each (Dev, Tag) tuple gets a namespace id assigned. The original inode
// number is then passed through in the lower 48 bits. // number is then passed through in the lower 48 bits.

View File

@ -5,7 +5,7 @@ import (
"encoding/hex" "encoding/hex"
"testing" "testing"
"github.com/jacobsa/crypto/siv" "github.com/aperturerobotics/jacobsa-crypto/siv"
) )
// Test all supported key lengths // Test all supported key lengths

View File

@ -6,7 +6,7 @@ import (
"crypto/cipher" "crypto/cipher"
"log" "log"
"github.com/jacobsa/crypto/siv" "github.com/aperturerobotics/jacobsa-crypto/siv"
) )
type sivAead struct { type sivAead struct {
@ -63,7 +63,7 @@ func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte {
if len(s.key) == 0 { if len(s.key) == 0 {
log.Panic("Key has been wiped?") log.Panic("Key has been wiped?")
} }
// https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48: // https://github.com/aperturerobotics/jacobsa-crypto/blob/master/siv/encrypt.go#L48:
// As per RFC 5297 section 3, you may use this function for nonce-based // As per RFC 5297 section 3, you may use this function for nonce-based
// authenticated encryption by passing a nonce as the last associated // authenticated encryption by passing a nonce as the last associated
// data element. // data element.

View File

@ -12,17 +12,17 @@ import (
// //
// Examples: On my desktop PC: // Examples: On my desktop PC:
// //
// $ grep "model name" /proc/cpuinfo // $ grep "model name" /proc/cpuinfo
// model name : Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz // model name : Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
// //
// --> Returns "Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz". // --> Returns "Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz".
// //
// On a Raspberry Pi 4: // On a Raspberry Pi 4:
// //
// $ grep "model name" /proc/cpuinfo // $ grep "model name" /proc/cpuinfo
// (empty) // (empty)
// $ grep Hardware /proc/cpuinfo // $ grep Hardware /proc/cpuinfo
// Hardware : BCM2835 // Hardware : BCM2835
// //
// --> Returns "BCM2835" // --> Returns "BCM2835"
func cpuModelName() string { func cpuModelName() string {

View File

@ -23,7 +23,7 @@ import (
const adLen = 24 const adLen = 24
// gocryptfs uses fixed-size 4 kiB blocks // gocryptfs uses fixed-size 4 kiB blocks
const blockSize = 4096 const gocryptfsBlockSize = 4096
// Run - run the speed the test and print the results. // Run - run the speed the test and print the results.
func Run() { func Run() {
@ -83,6 +83,11 @@ func randBytes(n int) []byte {
// bEncrypt benchmarks the encryption speed of cipher "c" // bEncrypt benchmarks the encryption speed of cipher "c"
func bEncrypt(b *testing.B, c cipher.AEAD) { func bEncrypt(b *testing.B, c cipher.AEAD) {
bEncryptBlockSize(b, c, gocryptfsBlockSize)
}
// bEncryptBlockSize benchmarks the encryption speed of cipher "c" at block size "blockSize"
func bEncryptBlockSize(b *testing.B, c cipher.AEAD, blockSize int) {
authData := randBytes(adLen) authData := randBytes(adLen)
iv := randBytes(c.NonceSize()) iv := randBytes(c.NonceSize())
in := make([]byte, blockSize) in := make([]byte, blockSize)
@ -97,13 +102,12 @@ func bEncrypt(b *testing.B, c cipher.AEAD) {
// Encrypt and append to nonce // Encrypt and append to nonce
c.Seal(dst, iv, in, authData) c.Seal(dst, iv, in, authData)
} }
} }
func bDecrypt(b *testing.B, c cipher.AEAD) { func bDecrypt(b *testing.B, c cipher.AEAD) {
authData := randBytes(adLen) authData := randBytes(adLen)
iv := randBytes(c.NonceSize()) iv := randBytes(c.NonceSize())
plain := randBytes(blockSize) plain := randBytes(gocryptfsBlockSize)
ciphertext := c.Seal(iv, iv, plain, authData) ciphertext := c.Seal(iv, iv, plain, authData)
b.SetBytes(int64(len(plain))) b.SetBytes(int64(len(plain)))
@ -129,6 +133,10 @@ func bStupidGCM(b *testing.B) {
// bGoGCM benchmarks Go stdlib GCM // bGoGCM benchmarks Go stdlib GCM
func bGoGCM(b *testing.B) { func bGoGCM(b *testing.B) {
bGoGCMBlockSize(b, gocryptfsBlockSize)
}
func bGoGCMBlockSize(b *testing.B, blockSize int) {
gAES, err := aes.NewCipher(randBytes(32)) gAES, err := aes.NewCipher(randBytes(32))
if err != nil { if err != nil {
b.Fatal(err) b.Fatal(err)
@ -137,10 +145,10 @@ func bGoGCM(b *testing.B) {
if err != nil { if err != nil {
b.Fatal(err) b.Fatal(err)
} }
bEncrypt(b, gGCM) bEncryptBlockSize(b, gGCM, blockSize)
} }
// bAESSIV benchmarks AES-SIV from github.com/jacobsa/crypto/siv // bAESSIV benchmarks AES-SIV from github.com/aperturerobotics/jacobsa-crypto/siv
func bAESSIV(b *testing.B) { func bAESSIV(b *testing.B) {
c := siv_aead.New(randBytes(64)) c := siv_aead.New(randBytes(64))
bEncrypt(b, c) bEncrypt(b, c)

View File

@ -3,6 +3,7 @@ package speed
import ( import (
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"fmt"
"testing" "testing"
"golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/chacha20poly1305"
@ -38,6 +39,13 @@ func BenchmarkGoGCM(b *testing.B) {
bGoGCM(b) bGoGCM(b)
} }
func BenchmarkGoGCMBlockSize(b *testing.B) {
for blockSize := 16; blockSize <= 1024*1024; blockSize *= 2 {
name := fmt.Sprintf("%d", blockSize)
b.Run(name, func(b *testing.B) { bGoGCMBlockSize(b, blockSize) })
}
}
func BenchmarkGoGCMDecrypt(b *testing.B) { func BenchmarkGoGCMDecrypt(b *testing.B) {
gAES, err := aes.NewCipher(randBytes(32)) gAES, err := aes.NewCipher(randBytes(32))
if err != nil { if err != nil {

View File

@ -16,13 +16,13 @@
// However, OpenSSL has optimized assembly for almost all platforms, which Go // However, OpenSSL has optimized assembly for almost all platforms, which Go
// does not. Example for a 32-bit ARM device (Odroid XU4): // does not. Example for a 32-bit ARM device (Odroid XU4):
// //
// $ gocrypts -speed // $ gocrypts -speed
// gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm // gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm
// AES-GCM-256-OpenSSL 56.84 MB/s (selected in auto mode) // AES-GCM-256-OpenSSL 56.84 MB/s (selected in auto mode)
// AES-GCM-256-Go 16.61 MB/s // AES-GCM-256-Go 16.61 MB/s
// AES-SIV-512-Go 16.49 MB/s // AES-SIV-512-Go 16.49 MB/s
// XChaCha20-Poly1305-Go 39.08 MB/s (use via -xchacha flag) // XChaCha20-Poly1305-Go 39.08 MB/s (use via -xchacha flag)
// XChaCha20-Poly1305-OpenSSL 141.82 MB/s // XChaCha20-Poly1305-OpenSSL 141.82 MB/s
// //
// This package is "stupid" in the sense that it only supports a narrow set of // This package is "stupid" in the sense that it only supports a narrow set of
// key- and iv-lengths, and panics if it does not like what you pass it. // key- and iv-lengths, and panics if it does not like what you pass it.
@ -33,7 +33,7 @@
// Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on // Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
// decryption. // decryption.
// //
// XChaCha20-Poly1305 // # XChaCha20-Poly1305
// //
// The XChaCha20-Poly1305 implementation is more complicated than the others, // The XChaCha20-Poly1305 implementation is more complicated than the others,
// because OpenSSL does not support XChaCha20-Poly1305 directly. Follow // because OpenSSL does not support XChaCha20-Poly1305 directly. Follow
@ -43,16 +43,16 @@
// Fortunately, XChaCha20-Poly1305 is just ChaCha20-Poly1305 with some key+iv // Fortunately, XChaCha20-Poly1305 is just ChaCha20-Poly1305 with some key+iv
// mixing using HChaCha20 in front: // mixing using HChaCha20 in front:
// //
// key (32 bytes), iv (24 bytes) // key (32 bytes), iv (24 bytes)
// | // |
// v // v
// HChaCha20 (provided by golang.org/x/crypto/chacha20) // HChaCha20 (provided by golang.org/x/crypto/chacha20)
// | // |
// v // v
// key2 (32 bytes), iv2 (16 bytes) // key2 (32 bytes), iv2 (16 bytes)
// | // |
// v // v
// ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305) // ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305)
// //
// As HChaCha20 is very fast, XChaCha20-Poly1305 gets almost the same throughput // As HChaCha20 is very fast, XChaCha20-Poly1305 gets almost the same throughput
// as ChaCha20-Poly1305 (for 4kiB blocks). // as ChaCha20-Poly1305 (for 4kiB blocks).

View File

@ -11,9 +11,9 @@ import (
// //
// Go GCM is only faster if the CPU either: // Go GCM is only faster if the CPU either:
// //
// 1) Is X86_64 && has AES instructions && Go is v1.6 or higher // 1. Is X86_64 && has AES instructions && Go is v1.6 or higher
// 2) Is ARM64 && has AES instructions && Go is v1.11 or higher // 2. Is ARM64 && has AES instructions && Go is v1.11 or higher
// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda) // (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
// //
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks // See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
// for benchmarks. // for benchmarks.

34
main.go
View File

@ -4,7 +4,6 @@
package main package main
import ( import (
"fmt"
"log" "log"
"os" "os"
"path/filepath" "path/filepath"
@ -20,22 +19,9 @@ import (
"github.com/rfjakob/gocryptfs/v2/internal/fido2" "github.com/rfjakob/gocryptfs/v2/internal/fido2"
"github.com/rfjakob/gocryptfs/v2/internal/readpassword" "github.com/rfjakob/gocryptfs/v2/internal/readpassword"
"github.com/rfjakob/gocryptfs/v2/internal/speed" "github.com/rfjakob/gocryptfs/v2/internal/speed"
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/v2/internal/tlog" "github.com/rfjakob/gocryptfs/v2/internal/tlog"
) )
// GitVersion is the gocryptfs version according to git, set by build.bash
var GitVersion = "[GitVersion not set - please compile using ./build.bash]"
// GitVersionFuse is the go-fuse library version, set by build.bash
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
// BuildDate is a date string like "2017-09-06", set by build.bash
var BuildDate = "0000-00-00"
// raceDetector is set to true by race.go if we are compiled with "go build -race"
var raceDetector bool
// loadConfig loads the config file `args.config` and decrypts the masterkey, // loadConfig loads the config file `args.config` and decrypts the masterkey,
// or gets via the `-masterkey` or `-zerokey` command line options, if specified. // or gets via the `-masterkey` or `-zerokey` command line options, if specified.
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) { func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
@ -137,26 +123,6 @@ func changePassword(args *argContainer) {
tlog.Info.Printf(tlog.ColorGreen + "Password changed." + tlog.ColorReset) tlog.Info.Printf(tlog.ColorGreen + "Password changed." + tlog.ColorReset)
} }
// printVersion prints a version string like this:
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
func printVersion() {
var tagsSlice []string
if stupidgcm.BuiltWithoutOpenssl {
tagsSlice = append(tagsSlice, "without_openssl")
}
tags := ""
if tagsSlice != nil {
tags = " " + strings.Join(tagsSlice, " ")
}
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
if raceDetector {
built += " -race"
}
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
runtime.GOOS, runtime.GOARCH)
}
func main() { func main() {
mxp := runtime.GOMAXPROCS(0) mxp := runtime.GOMAXPROCS(0)
if mxp < 4 && os.Getenv("GOMAXPROCS") == "" { if mxp < 4 && os.Getenv("GOMAXPROCS") == "" {

View File

@ -120,9 +120,18 @@ func doMount(args *argContainer) {
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset) tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
// We have been forked into the background, as evidenced by the set // We have been forked into the background, as evidenced by the set
// "notifypid". // "notifypid".
// Do what daemons should do: https://man7.org/linux/man-pages/man7/daemon.7.html
if args.notifypid > 0 { if args.notifypid > 0 {
// Chdir to the root directory so we don't block unmounting the CWD // Chdir to the root directory so we don't block unmounting the CWD
os.Chdir("/") os.Chdir("/")
// Disconnect from the controlling terminal by creating a new session.
// This prevents us from getting SIGINT when the user presses Ctrl-C
// to exit a running script that has called gocryptfs, or SIGHUP when
// xfce4-terminal closes itself ( https://github.com/rfjakob/gocryptfs/issues/660 ).
_, err = syscall.Setsid()
if err != nil {
tlog.Warn.Printf("Setsid: %v", err)
}
// Switch to syslog // Switch to syslog
if !args.nosyslog { if !args.nosyslog {
// Switch all of our logs and the generic logger to syslog // Switch all of our logs and the generic logger to syslog
@ -134,13 +143,6 @@ func doMount(args *argContainer) {
// Daemons should redirect stdin, stdout and stderr // Daemons should redirect stdin, stdout and stderr
redirectStdFds() redirectStdFds()
} }
// Disconnect from the controlling terminal by creating a new session.
// This prevents us from getting SIGINT when the user presses Ctrl-C
// to exit a running script that has called gocryptfs.
_, err = syscall.Setsid()
if err != nil {
tlog.Warn.Printf("Setsid: %v", err)
}
// Send SIGUSR1 to our parent // Send SIGUSR1 to our parent
sendUsr1(args.notifypid) sendUsr1(args.notifypid)
} }

View File

@ -462,7 +462,9 @@ func TestPasswdPasswordIncorrect(t *testing.T) {
// Check that we correctly background on mount and close stderr and stdout. // Check that we correctly background on mount and close stderr and stdout.
// Something like // Something like
// gocryptfs a b | cat //
// gocryptfs a b | cat
//
// must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ). // must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ).
func TestMountBackground(t *testing.T) { func TestMountBackground(t *testing.T) {
dir := test_helpers.InitFS(t) dir := test_helpers.InitFS(t)

View File

@ -204,7 +204,9 @@ func TestWrite0200File(t *testing.T) {
// TestMvWarnings: // TestMvWarnings:
// When xattr support was introduced, mv threw warnings like these: // When xattr support was introduced, mv threw warnings like these:
// mv: preserving permissions for b/x: Operation not permitted //
// mv: preserving permissions for b/x: Operation not permitted
//
// because we returned EPERM when it tried to set system.posix_acl_access. // because we returned EPERM when it tried to set system.posix_acl_access.
// Now we return EOPNOTSUPP and mv is happy. // Now we return EOPNOTSUPP and mv is happy.
func TestMvWarnings(t *testing.T) { func TestMvWarnings(t *testing.T) {

View File

@ -134,7 +134,7 @@ func TestConcurrentReadCreate(t *testing.T) {
// //
// So far, it only has triggered warnings like this // So far, it only has triggered warnings like this
// //
// go-fuse: warning: Inode.Path: inode i4201033 is orphaned, replacing segment with ".go-fuse.5577006791947779410/deleted" // go-fuse: warning: Inode.Path: inode i4201033 is orphaned, replacing segment with ".go-fuse.5577006791947779410/deleted"
// //
// but none of the "blocked waiting for FORGET". // but none of the "blocked waiting for FORGET".
func TestInoReuse(t *testing.T) { func TestInoReuse(t *testing.T) {

View File

@ -92,10 +92,10 @@ func TestFiltered(t *testing.T) {
// Only works on filesystems that recycle inode numbers (ext4 does), // Only works on filesystems that recycle inode numbers (ext4 does),
// and then the test causes a hang with these messages: // and then the test causes a hang with these messages:
// //
// go-fuse: blocked for 5 seconds waiting for FORGET on i4329366 // go-fuse: blocked for 5 seconds waiting for FORGET on i4329366
// go-fuse: blocked for 11 seconds waiting for FORGET on i4329366 // go-fuse: blocked for 11 seconds waiting for FORGET on i4329366
// go-fuse: blocked for 17 seconds waiting for FORGET on i4329366 // go-fuse: blocked for 17 seconds waiting for FORGET on i4329366
// [...] // [...]
// //
// The test runs with -plaintextnames because that makes it easier to manipulate // The test runs with -plaintextnames because that makes it easier to manipulate
// cipherdir directly. // cipherdir directly.

View File

@ -35,15 +35,15 @@ func findIno(dir string, ino uint64) string {
// TestVirtualFileIno creates a directory tree like this: // TestVirtualFileIno creates a directory tree like this:
// //
// TestVirtualFileIno <---- parent // TestVirtualFileIno <---- parent
// └── xxxxxxx[...] <---- child // └── xxxxxxx[...] <---- child
// //
// Which looks like this encrypted: // Which looks like this encrypted:
// //
// OLUKdPMg6l87EiKVlufgwIkQL8MD6JdUgOR3a8nEZ-w <---- parent // OLUKdPMg6l87EiKVlufgwIkQL8MD6JdUgOR3a8nEZ-w <---- parent
// ├── gocryptfs.diriv <---- diriv // ├── gocryptfs.diriv <---- diriv
// ├── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50 <---- child // ├── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50 <---- child
// └── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50.name <---- name // └── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50.name <---- name
// //
// It verifies that the inode numbers match what we expect. // It verifies that the inode numbers match what we expect.
func TestVirtualFileIno(t *testing.T) { func TestVirtualFileIno(t *testing.T) {

View File

@ -67,10 +67,10 @@ func doInit() {
// ResetTmpDir deletes TmpDir, create new dir tree: // ResetTmpDir deletes TmpDir, create new dir tree:
// //
// TmpDir // TmpDir
// |-- DefaultPlainDir // |-- DefaultPlainDir
// *-- DefaultCipherDir // *-- DefaultCipherDir
// *-- gocryptfs.diriv // *-- gocryptfs.diriv
func ResetTmpDir(createDirIV bool) { func ResetTmpDir(createDirIV bool) {
// Try to unmount and delete everything // Try to unmount and delete everything
entries, err := ioutil.ReadDir(TmpDir) entries, err := ioutil.ReadDir(TmpDir)
@ -138,7 +138,7 @@ func isExt4(path string) bool {
// InitFS creates a new empty cipherdir and calls // InitFS creates a new empty cipherdir and calls
// //
// gocryptfs -q -init -extpass "echo test" -scryptn=10 $extraArgs $cipherdir // gocryptfs -q -init -extpass "echo test" -scryptn=10 $extraArgs $cipherdir
// //
// It returns cipherdir without a trailing slash. // It returns cipherdir without a trailing slash.
// //

78
version.go Normal file
View File

@ -0,0 +1,78 @@
package main
import (
"fmt"
"runtime"
"runtime/debug"
"strings"
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)
const (
gitVersionNotSet = "[GitVersion not set - please compile using ./build.bash]"
gitVersionFuseNotSet = "[GitVersionFuse not set - please compile using ./build.bash]"
buildDateNotSet = "0000-00-00"
)
var (
// GitVersion is the gocryptfs version according to git, set by build.bash
GitVersion = gitVersionNotSet
// GitVersionFuse is the go-fuse library version, set by build.bash
GitVersionFuse = gitVersionFuseNotSet
// BuildDate is a date string like "2017-09-06", set by build.bash
BuildDate = buildDateNotSet
)
func init() {
versionFromBuildInfo()
}
// raceDetector is set to true by race.go if we are compiled with "go build -race"
var raceDetector bool
// printVersion prints a version string like this:
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
func printVersion() {
var tagsSlice []string
if stupidgcm.BuiltWithoutOpenssl {
tagsSlice = append(tagsSlice, "without_openssl")
}
tags := ""
if tagsSlice != nil {
tags = " " + strings.Join(tagsSlice, " ")
}
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
if raceDetector {
built += " -race"
}
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
runtime.GOOS, runtime.GOARCH)
}
// versionFromBuildInfo tries to get some information out of the information baked in
// by the Go compiler. Does nothing when build.bash was used to build.
func versionFromBuildInfo() {
info, ok := debug.ReadBuildInfo()
if !ok {
tlog.Debug.Println("versionFromBuildInfo: ReadBuildInfo() failed")
return
}
// Fill our version strings
if GitVersion == gitVersionNotSet && info.Main.Version != "(devel)" {
GitVersion = info.Main.Version
}
if GitVersionFuse == gitVersionFuseNotSet {
for _, m := range info.Deps {
if m.Path == "github.com/hanwen/go-fuse/v2" {
GitVersionFuse = m.Version
if m.Replace != nil {
GitVersionFuse = m.Replace.Version
}
break
}
}
}
}