Compare commits
20 Commits
a55b3cc15a
...
b370325ccf
Author | SHA1 | Date |
---|---|---|
Jakob Unterwurzacher | b370325ccf | |
Jakob Unterwurzacher | d74cf7c723 | |
Jakob Unterwurzacher | 77a0410e2e | |
rfjakob | 403f59b1c0 | |
Jakob Unterwurzacher | 8f3ec5dcaa | |
Jakob Unterwurzacher | 85297cda97 | |
Jakob Unterwurzacher | e9a5b8962b | |
Evgeny | 6dc8c26100 | |
Jakob Unterwurzacher | 88bc0aa607 | |
Gisi0 | 0b5b864a06 | |
a1346054 | 3c1ac3b06b | |
Jakob Unterwurzacher | c4b95cf35a | |
Jakob Unterwurzacher | b2a5cec4dd | |
Jakob Unterwurzacher | 856ccaac10 | |
Jakob Unterwurzacher | 99cdaa0b69 | |
Daniel Theophanes | 439dea1b19 | |
Jakob Unterwurzacher | ff32e99791 | |
Christian Stewart | 7ee4c8e9c3 | |
Val | 0ec7ffbfe9 | |
Jakob Unterwurzacher | f8bd172289 |
|
@ -13,16 +13,16 @@ jobs:
|
|||
go:
|
||||
- "1.13.x" # Ubuntu 20.04 LTS "focal"
|
||||
- "1.15.x" # Debian 11 "Bullseye"
|
||||
- "1.17.x" # Golang upstream stable
|
||||
- "1.18.x" # Golang upstream stable
|
||||
- "1.19.x" # Golang upstream stable
|
||||
- "1.18.x" # Ubuntu 22.04 LTS "jammy"
|
||||
- "oldstable" # 2nd-latest Golang upstream stable
|
||||
- "stable" # Latest Go upstream stable
|
||||
# Don't cancel everything when one Go version fails
|
||||
fail-fast: false
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Install Go ${{ matrix.go }}
|
||||
uses: actions/setup-go@v2
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: ${{ matrix.go }}
|
||||
|
||||
|
@ -30,7 +30,7 @@ jobs:
|
|||
# https://github.com/actions/runner/issues/1188
|
||||
- run: ls -l /proc/self/fd
|
||||
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0 # Make "git describe" work
|
||||
|
||||
|
@ -42,7 +42,7 @@ jobs:
|
|||
|
||||
# Build & upload static binary
|
||||
- run: ./build-without-openssl.bash
|
||||
- uses: actions/upload-artifact@v2
|
||||
- uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: gocryptfs static binary (Go ${{ matrix.go }})
|
||||
path: gocryptfs
|
||||
|
|
|
@ -305,8 +305,10 @@ runs as root, you can enable device files by passing the opposite mount option,
|
|||
"dev", and if you want to enable suid-binaries, pass "suid".
|
||||
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
|
||||
interesting. For a complete list see the section
|
||||
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local",
|
||||
"noapplexattr", "noappledouble" may be interesting.
|
||||
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local" enables volume-based trash
|
||||
if you have `.Trashes` folder in the root of your volume (might need to be manually created)
|
||||
note, though, that "local" is marked as "experimental" in [osxfuse](https://github.com/osxfuse/osxfuse/wiki/Mount-options#local);
|
||||
"noapplexattr", "noappledouble" may also be interesting.
|
||||
|
||||
Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE
|
||||
the directories. Example:
|
||||
|
@ -478,11 +480,12 @@ for details.
|
|||
#### -fido2 DEVICE_PATH
|
||||
Use a FIDO2 token to initialize and unlock the filesystem.
|
||||
Use "fido2-token -L" to obtain the FIDO2 token device path.
|
||||
For linux, "fido2-tools" package is needed.
|
||||
|
||||
Applies to: all actions that ask for a password.
|
||||
|
||||
#### -masterkey string
|
||||
Use a explicit master key specified on the command line or, if the special
|
||||
Use an explicit master key specified on the command line or, if the special
|
||||
value "stdin" is used, read the masterkey from stdin, instead of reading
|
||||
the config file and asking for the decryption password.
|
||||
|
||||
|
@ -562,15 +565,44 @@ Quiet - silence informational messages.
|
|||
Applies to: all actions.
|
||||
|
||||
#### -scryptn int
|
||||
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
|
||||
10 to 28, representing N=2^10 to N=2^28.
|
||||
gocryptfs uses *scrypt* for hashing the password when mounting,
|
||||
which protects from brute-force attacks.
|
||||
|
||||
`-scryptn` controls the *scrypt* cost parameter "N" expressed as scryptn=log2(N).
|
||||
Possible values are `-scryptn=10` to `-scryptn=28`, representing N=2^10 to N=2^28.
|
||||
|
||||
Setting this to a lower
|
||||
value speeds up mounting and reduces its memory needs, but makes
|
||||
the password susceptible to brute-force attacks. The default is 16.
|
||||
|
||||
The memory usage for *scrypt* during mounting is as follows:
|
||||
|
||||
scryptn Memory Usage
|
||||
======= ============
|
||||
10 1 MiB
|
||||
11 2
|
||||
12 4
|
||||
13 8
|
||||
14 16
|
||||
15 32
|
||||
16 64
|
||||
17 128
|
||||
18 256
|
||||
19 512
|
||||
20 1 GiB
|
||||
21 2
|
||||
22 4
|
||||
23 8
|
||||
24 16
|
||||
25 32
|
||||
26 64
|
||||
27 128
|
||||
28 256
|
||||
|
||||
Applies to: `-init`, `-passwd`
|
||||
|
||||
See also: the benchmarks in the gocryptfs source code in internal/configfile.
|
||||
|
||||
#### -trace string
|
||||
Write execution trace to file. View the trace using "go tool trace FILE".
|
||||
|
||||
|
|
22
README.md
22
README.md
|
@ -62,7 +62,6 @@ distribution must be installed for mounting to work.
|
|||
gocryptfs is also available as a package in most distributions. Examples:
|
||||
|
||||
* Debian, Ubuntu: `apt install gocryptfs`
|
||||
* Fedora: `dnf install gocryptfs`
|
||||
* Arch: `pacman -S gocryptfs`
|
||||
* MacPorts: `port install gocryptfs`
|
||||
|
||||
|
@ -196,6 +195,25 @@ RM: 2,367
|
|||
Changelog
|
||||
---------
|
||||
|
||||
#### v2.3.1, 2023-03-04
|
||||
* Optimize NFS streaming write performance ([#712](https://github.com/rfjakob/gocryptfs/issues/712),
|
||||
[commit](https://github.com/rfjakob/gocryptfs/commit/8f3ec5dcaa6eb18d11746675190a7aaceb422764)).
|
||||
You should see about a 4x performance increase.
|
||||
* Use `debug.ReadBuildInfo()` to provide some
|
||||
version information even when not built with `build.bash` ([#701](https://github.com/rfjakob/gocryptfs/pull/701)) .
|
||||
* Fix bug that caused the `logger` process to be killed when started from `xfce4-terminal`,
|
||||
and that terminal window was closed ([#660](https://github.com/rfjakob/gocryptfs/issues/660),
|
||||
[commit](https://github.com/rfjakob/gocryptfs/commit/ff32e9979130e6237b0d97ef88304fa79ce61b06)).
|
||||
* MacOS: Fix reverse mount failing with `read-only file system` ([#690](https://github.com/rfjakob/gocryptfs/pull/690))
|
||||
* Make gocryptfs compile on riscv64 by switching from [jacobsa/crypto](https://github.com/jacobsa/crypto)
|
||||
to maintained fork [aperturerobotics/jacobsa-crypto](https://github.com/aperturerobotics/jacobsa-crypto)
|
||||
([#674](https://github.com/rfjakob/gocryptfs/pull/674))
|
||||
|
||||
#### v2.3.0, 2022-10-21
|
||||
* Identical to v2.3, just tagged once more in full semver x.y.z format. This make Go's fetching logic happy,
|
||||
which ignores v2.3 (without the third digit) completely.
|
||||
Fixes [#694](https://github.com/rfjakob/gocryptfs/issues/694), [#688](https://github.com/rfjakob/gocryptfs/issues/688).
|
||||
|
||||
#### v2.3, 2022-08-28
|
||||
* Add **`-longnamemax`** flag to `-init` ([#499](https://github.com/rfjakob/gocryptfs/issues/499)).
|
||||
Can be used to work around file or path length restrictions on online storage.
|
||||
|
@ -580,7 +598,7 @@ Changelog
|
|||
* **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))**
|
||||
* AES-SIV (RFC5297) encryption to implement deterministic encryption
|
||||
securely. Uses the excellent
|
||||
[jacobsa/crypto](https://github.com/jacobsa/crypto) library.
|
||||
[jacobsa/crypto](https://github.com/aperturerobotics/jacobsa-crypto) library.
|
||||
The corresponding feature flag is called `AESSIV`.
|
||||
* New command-line options: `-reverse`, `-aessiv`
|
||||
* Filesystems using reverse mode can only be mounted with gocryptfs v1.1
|
||||
|
|
11
go.mod
11
go.mod
|
@ -3,18 +3,13 @@ module github.com/rfjakob/gocryptfs/v2
|
|||
go 1.16
|
||||
|
||||
require (
|
||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914
|
||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115
|
||||
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd // indirect
|
||||
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff // indirect
|
||||
github.com/jacobsa/ogletest v0.0.0-20170503003838-80d50a735a11 // indirect
|
||||
github.com/jacobsa/reqtrace v0.0.0-20150505043853-245c9e0234cb // indirect
|
||||
github.com/aperturerobotics/jacobsa-crypto v1.0.0
|
||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde
|
||||
github.com/pkg/xattr v0.4.3
|
||||
github.com/rfjakob/eme v1.1.2
|
||||
github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
|
||||
github.com/spf13/pflag v1.0.5
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
|
||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
|
||||
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
|
||||
)
|
||||
|
|
21
go.sum
21
go.sum
|
@ -1,9 +1,10 @@
|
|||
github.com/aperturerobotics/jacobsa-crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:XKd7k7LIBmeR/WGENaSpUSjQbWBVKZFhMT7+zKM5KVU=
|
||||
github.com/aperturerobotics/jacobsa-crypto v1.0.0 h1:ARfIuzgovK+5leAKbFHcicKEgMzD94tb/FTiWSHdGLU=
|
||||
github.com/aperturerobotics/jacobsa-crypto v1.0.0/go.mod h1:xq0oOkHSPQ1E5ByqbwLhCJ1mygYHtXTMQnvHD4tz4Cc=
|
||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914 h1:hGXMxS1wTE4y+f7iBqFArrJ6X8QozHnEdnVzGZI9Ywc=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
|
||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115 h1:YuDUUFNM21CAbyPOpOP8BicaTD/0klJEKt5p8yuw+uY=
|
||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:LadVJg0XuawGk+8L1rYnIED8451UyNxEMdTWCEt5kmU=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde h1:fgTauqHA48CDt+qVQR+PJXqiI9bpYQglMIIi+h/mMts=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
|
||||
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA=
|
||||
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M=
|
||||
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw=
|
||||
|
@ -30,21 +31,21 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
|
|||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
|
||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0=
|
||||
golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 h1:c8PlLMqBbOHoqtjteWm5/kbe6rNY2pbRfbIMVnepueo=
|
||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
|
||||
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||
|
|
|
@ -1,60 +1,45 @@
|
|||
package configfile
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
)
|
||||
|
||||
/*
|
||||
Results on a 2.7GHz Pentium G630:
|
||||
|
||||
gocryptfs/cryptfs$ go test -bench=.
|
||||
$ time go test -bench . -run none
|
||||
goos: linux
|
||||
goarch: amd64
|
||||
pkg: github.com/rfjakob/gocryptfs/v2/internal/configfile
|
||||
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
|
||||
BenchmarkScryptN/10-4 339 3488649 ns/op 1053167 B/op 22 allocs/op ... 3ms+1MiB
|
||||
BenchmarkScryptN/11-4 175 6816072 ns/op 2101742 B/op 22 allocs/op
|
||||
BenchmarkScryptN/12-4 87 13659346 ns/op 4198898 B/op 22 allocs/op
|
||||
BenchmarkScryptN/13-4 43 27443071 ns/op 8393209 B/op 22 allocs/op
|
||||
BenchmarkScryptN/14-4 21 56931664 ns/op 16781820 B/op 22 allocs/op
|
||||
BenchmarkScryptN/15-4 10 108494502 ns/op 33559027 B/op 22 allocs/op
|
||||
BenchmarkScryptN/16-4 5 217347137 ns/op 67113465 B/op 22 allocs/op ... 217ms+67MiB
|
||||
BenchmarkScryptN/17-4 3 449680138 ns/op 134222362 B/op 22 allocs/op
|
||||
BenchmarkScryptN/18-4 2 867481653 ns/op 268440064 B/op 22 allocs/op
|
||||
BenchmarkScryptN/19-4 1 1738085333 ns/op 536875536 B/op 23 allocs/op
|
||||
BenchmarkScryptN/20-4 1 3508224867 ns/op 1073746448 B/op 23 allocs/op
|
||||
BenchmarkScryptN/21-4 1 9536561994 ns/op 2147488272 B/op 23 allocs/op
|
||||
BenchmarkScryptN/22-4 1 16937072495 ns/op 4294971920 B/op 23 allocs/op
|
||||
PASS
|
||||
BenchmarkScrypt10-2 300 6021435 ns/op ... 6ms
|
||||
BenchmarkScrypt11-2 100 11861460 ns/op
|
||||
BenchmarkScrypt12-2 100 23420822 ns/op
|
||||
BenchmarkScrypt13-2 30 47666518 ns/op
|
||||
BenchmarkScrypt14-2 20 92561590 ns/op ... 92ms
|
||||
BenchmarkScrypt15-2 10 183971593 ns/op
|
||||
BenchmarkScrypt16-2 3 368506365 ns/op
|
||||
BenchmarkScrypt17-2 2 755502608 ns/op ... 755ms
|
||||
ok github.com/rfjakob/gocryptfs/v2/cryptfs 18.772s
|
||||
ok github.com/rfjakob/gocryptfs/v2/internal/configfile 47.545s
|
||||
*/
|
||||
|
||||
func benchmarkScryptN(n int, b *testing.B) {
|
||||
func BenchmarkScryptN(b *testing.B) {
|
||||
for n := 10; n <= 20; n++ {
|
||||
b.Run(fmt.Sprintf("%d", n), func(b *testing.B) {
|
||||
benchmarkScryptN(b, n)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func benchmarkScryptN(b *testing.B, n int) {
|
||||
kdf := NewScryptKDF(n)
|
||||
for i := 0; i < b.N; i++ {
|
||||
kdf.DeriveKey(testPw)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkScrypt10(b *testing.B) {
|
||||
benchmarkScryptN(10, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt11(b *testing.B) {
|
||||
benchmarkScryptN(11, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt12(b *testing.B) {
|
||||
benchmarkScryptN(12, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt13(b *testing.B) {
|
||||
benchmarkScryptN(13, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt14(b *testing.B) {
|
||||
benchmarkScryptN(14, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt15(b *testing.B) {
|
||||
benchmarkScryptN(15, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt16(b *testing.B) {
|
||||
benchmarkScryptN(16, b)
|
||||
}
|
||||
|
||||
func BenchmarkScrypt17(b *testing.B) {
|
||||
benchmarkScryptN(17, b)
|
||||
b.ReportAllocs()
|
||||
}
|
||||
|
|
|
@ -12,15 +12,15 @@ type testRange struct {
|
|||
}
|
||||
|
||||
func TestSplitRange(t *testing.T) {
|
||||
var ranges []testRange
|
||||
|
||||
ranges = append(ranges, testRange{0, 70000},
|
||||
testRange{0, 10},
|
||||
testRange{234, 6511},
|
||||
testRange{65444, 54},
|
||||
testRange{0, 1024 * 1024},
|
||||
testRange{0, 65536},
|
||||
testRange{6654, 8945})
|
||||
ranges := []testRange{
|
||||
{0, 70000},
|
||||
{0, 10},
|
||||
{234, 6511},
|
||||
{65444, 54},
|
||||
{0, 1024 * 1024},
|
||||
{0, 65536},
|
||||
{6654, 8945},
|
||||
}
|
||||
|
||||
key := make([]byte, cryptocore.KeyLen)
|
||||
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
|
||||
|
@ -42,13 +42,13 @@ func TestSplitRange(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCiphertextRange(t *testing.T) {
|
||||
var ranges []testRange
|
||||
|
||||
ranges = append(ranges, testRange{0, 70000},
|
||||
testRange{0, 10},
|
||||
testRange{234, 6511},
|
||||
testRange{65444, 54},
|
||||
testRange{6654, 8945})
|
||||
ranges := []testRange{
|
||||
{0, 70000},
|
||||
{0, 10},
|
||||
{234, 6511},
|
||||
{65444, 54},
|
||||
{6654, 8945},
|
||||
}
|
||||
|
||||
key := make([]byte, cryptocore.KeyLen)
|
||||
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
|
||||
|
|
|
@ -6,10 +6,11 @@ import (
|
|||
)
|
||||
|
||||
// SanitizePath adapts filepath.Clean for FUSE paths.
|
||||
// 1) Leading slash(es) are dropped
|
||||
// 2) It returns "" instead of "."
|
||||
// 3) If the cleaned path points above CWD (start with ".."), an empty string
|
||||
// 1. Leading slash(es) are dropped
|
||||
// 2. It returns "" instead of "."
|
||||
// 3. If the cleaned path points above CWD (start with ".."), an empty string
|
||||
// is returned
|
||||
//
|
||||
// See the TestSanitizePath testcases for examples.
|
||||
func SanitizePath(path string) string {
|
||||
// (1)
|
||||
|
|
|
@ -273,6 +273,10 @@ func (f *File) doWrite(data []byte, off int64) (uint32, syscall.Errno) {
|
|||
if err == io.EOF {
|
||||
fileID, err = f.createHeader()
|
||||
fileWasEmpty = true
|
||||
} else if err != nil {
|
||||
// Other errors mean readFileID() found a corrupt header
|
||||
tlog.Warn.Printf("doWrite %d: corrupt header: %v", f.qIno.Ino, err)
|
||||
return 0, syscall.EIO
|
||||
}
|
||||
if err != nil {
|
||||
return 0, fs.ToErrno(err)
|
||||
|
@ -380,7 +384,7 @@ func (f *File) Write(ctx context.Context, data []byte, off int64) (uint32, sysca
|
|||
}
|
||||
}
|
||||
n, errno := f.doWrite(data, off)
|
||||
if errno != 0 {
|
||||
if errno == 0 {
|
||||
f.lastOpCount = openfiletable.WriteOpCount()
|
||||
f.lastWrittenOffset = off + int64(len(data)) - 1
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
"encoding/hex"
|
||||
"testing"
|
||||
|
||||
"github.com/jacobsa/crypto/siv"
|
||||
"github.com/aperturerobotics/jacobsa-crypto/siv"
|
||||
)
|
||||
|
||||
// Test all supported key lengths
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
"crypto/cipher"
|
||||
"log"
|
||||
|
||||
"github.com/jacobsa/crypto/siv"
|
||||
"github.com/aperturerobotics/jacobsa-crypto/siv"
|
||||
)
|
||||
|
||||
type sivAead struct {
|
||||
|
@ -63,7 +63,7 @@ func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte {
|
|||
if len(s.key) == 0 {
|
||||
log.Panic("Key has been wiped?")
|
||||
}
|
||||
// https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48:
|
||||
// https://github.com/aperturerobotics/jacobsa-crypto/blob/master/siv/encrypt.go#L48:
|
||||
// As per RFC 5297 section 3, you may use this function for nonce-based
|
||||
// authenticated encryption by passing a nonce as the last associated
|
||||
// data element.
|
||||
|
|
|
@ -23,7 +23,7 @@ import (
|
|||
const adLen = 24
|
||||
|
||||
// gocryptfs uses fixed-size 4 kiB blocks
|
||||
const blockSize = 4096
|
||||
const gocryptfsBlockSize = 4096
|
||||
|
||||
// Run - run the speed the test and print the results.
|
||||
func Run() {
|
||||
|
@ -83,6 +83,11 @@ func randBytes(n int) []byte {
|
|||
|
||||
// bEncrypt benchmarks the encryption speed of cipher "c"
|
||||
func bEncrypt(b *testing.B, c cipher.AEAD) {
|
||||
bEncryptBlockSize(b, c, gocryptfsBlockSize)
|
||||
}
|
||||
|
||||
// bEncryptBlockSize benchmarks the encryption speed of cipher "c" at block size "blockSize"
|
||||
func bEncryptBlockSize(b *testing.B, c cipher.AEAD, blockSize int) {
|
||||
authData := randBytes(adLen)
|
||||
iv := randBytes(c.NonceSize())
|
||||
in := make([]byte, blockSize)
|
||||
|
@ -97,13 +102,12 @@ func bEncrypt(b *testing.B, c cipher.AEAD) {
|
|||
// Encrypt and append to nonce
|
||||
c.Seal(dst, iv, in, authData)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func bDecrypt(b *testing.B, c cipher.AEAD) {
|
||||
authData := randBytes(adLen)
|
||||
iv := randBytes(c.NonceSize())
|
||||
plain := randBytes(blockSize)
|
||||
plain := randBytes(gocryptfsBlockSize)
|
||||
ciphertext := c.Seal(iv, iv, plain, authData)
|
||||
|
||||
b.SetBytes(int64(len(plain)))
|
||||
|
@ -129,6 +133,10 @@ func bStupidGCM(b *testing.B) {
|
|||
|
||||
// bGoGCM benchmarks Go stdlib GCM
|
||||
func bGoGCM(b *testing.B) {
|
||||
bGoGCMBlockSize(b, gocryptfsBlockSize)
|
||||
}
|
||||
|
||||
func bGoGCMBlockSize(b *testing.B, blockSize int) {
|
||||
gAES, err := aes.NewCipher(randBytes(32))
|
||||
if err != nil {
|
||||
b.Fatal(err)
|
||||
|
@ -137,10 +145,10 @@ func bGoGCM(b *testing.B) {
|
|||
if err != nil {
|
||||
b.Fatal(err)
|
||||
}
|
||||
bEncrypt(b, gGCM)
|
||||
bEncryptBlockSize(b, gGCM, blockSize)
|
||||
}
|
||||
|
||||
// bAESSIV benchmarks AES-SIV from github.com/jacobsa/crypto/siv
|
||||
// bAESSIV benchmarks AES-SIV from github.com/aperturerobotics/jacobsa-crypto/siv
|
||||
func bAESSIV(b *testing.B) {
|
||||
c := siv_aead.New(randBytes(64))
|
||||
bEncrypt(b, c)
|
||||
|
|
|
@ -3,6 +3,7 @@ package speed
|
|||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"golang.org/x/crypto/chacha20poly1305"
|
||||
|
@ -38,6 +39,13 @@ func BenchmarkGoGCM(b *testing.B) {
|
|||
bGoGCM(b)
|
||||
}
|
||||
|
||||
func BenchmarkGoGCMBlockSize(b *testing.B) {
|
||||
for blockSize := 16; blockSize <= 1024*1024; blockSize *= 2 {
|
||||
name := fmt.Sprintf("%d", blockSize)
|
||||
b.Run(name, func(b *testing.B) { bGoGCMBlockSize(b, blockSize) })
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkGoGCMDecrypt(b *testing.B) {
|
||||
gAES, err := aes.NewCipher(randBytes(32))
|
||||
if err != nil {
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
// Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
|
||||
// decryption.
|
||||
//
|
||||
// XChaCha20-Poly1305
|
||||
// # XChaCha20-Poly1305
|
||||
//
|
||||
// The XChaCha20-Poly1305 implementation is more complicated than the others,
|
||||
// because OpenSSL does not support XChaCha20-Poly1305 directly. Follow
|
||||
|
|
|
@ -11,8 +11,8 @@ import (
|
|||
//
|
||||
// Go GCM is only faster if the CPU either:
|
||||
//
|
||||
// 1) Is X86_64 && has AES instructions && Go is v1.6 or higher
|
||||
// 2) Is ARM64 && has AES instructions && Go is v1.11 or higher
|
||||
// 1. Is X86_64 && has AES instructions && Go is v1.6 or higher
|
||||
// 2. Is ARM64 && has AES instructions && Go is v1.11 or higher
|
||||
// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
|
||||
//
|
||||
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
|
||||
|
|
34
main.go
34
main.go
|
@ -4,7 +4,6 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
@ -20,22 +19,9 @@ import (
|
|||
"github.com/rfjakob/gocryptfs/v2/internal/fido2"
|
||||
"github.com/rfjakob/gocryptfs/v2/internal/readpassword"
|
||||
"github.com/rfjakob/gocryptfs/v2/internal/speed"
|
||||
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
|
||||
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
||||
)
|
||||
|
||||
// GitVersion is the gocryptfs version according to git, set by build.bash
|
||||
var GitVersion = "[GitVersion not set - please compile using ./build.bash]"
|
||||
|
||||
// GitVersionFuse is the go-fuse library version, set by build.bash
|
||||
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
|
||||
|
||||
// BuildDate is a date string like "2017-09-06", set by build.bash
|
||||
var BuildDate = "0000-00-00"
|
||||
|
||||
// raceDetector is set to true by race.go if we are compiled with "go build -race"
|
||||
var raceDetector bool
|
||||
|
||||
// loadConfig loads the config file `args.config` and decrypts the masterkey,
|
||||
// or gets via the `-masterkey` or `-zerokey` command line options, if specified.
|
||||
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
|
||||
|
@ -137,26 +123,6 @@ func changePassword(args *argContainer) {
|
|||
tlog.Info.Printf(tlog.ColorGreen + "Password changed." + tlog.ColorReset)
|
||||
}
|
||||
|
||||
// printVersion prints a version string like this:
|
||||
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
|
||||
func printVersion() {
|
||||
var tagsSlice []string
|
||||
if stupidgcm.BuiltWithoutOpenssl {
|
||||
tagsSlice = append(tagsSlice, "without_openssl")
|
||||
}
|
||||
tags := ""
|
||||
if tagsSlice != nil {
|
||||
tags = " " + strings.Join(tagsSlice, " ")
|
||||
}
|
||||
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
|
||||
if raceDetector {
|
||||
built += " -race"
|
||||
}
|
||||
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
|
||||
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
|
||||
runtime.GOOS, runtime.GOARCH)
|
||||
}
|
||||
|
||||
func main() {
|
||||
mxp := runtime.GOMAXPROCS(0)
|
||||
if mxp < 4 && os.Getenv("GOMAXPROCS") == "" {
|
||||
|
|
16
mount.go
16
mount.go
|
@ -120,9 +120,18 @@ func doMount(args *argContainer) {
|
|||
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
|
||||
// We have been forked into the background, as evidenced by the set
|
||||
// "notifypid".
|
||||
// Do what daemons should do: https://man7.org/linux/man-pages/man7/daemon.7.html
|
||||
if args.notifypid > 0 {
|
||||
// Chdir to the root directory so we don't block unmounting the CWD
|
||||
os.Chdir("/")
|
||||
// Disconnect from the controlling terminal by creating a new session.
|
||||
// This prevents us from getting SIGINT when the user presses Ctrl-C
|
||||
// to exit a running script that has called gocryptfs, or SIGHUP when
|
||||
// xfce4-terminal closes itself ( https://github.com/rfjakob/gocryptfs/issues/660 ).
|
||||
_, err = syscall.Setsid()
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Setsid: %v", err)
|
||||
}
|
||||
// Switch to syslog
|
||||
if !args.nosyslog {
|
||||
// Switch all of our logs and the generic logger to syslog
|
||||
|
@ -134,13 +143,6 @@ func doMount(args *argContainer) {
|
|||
// Daemons should redirect stdin, stdout and stderr
|
||||
redirectStdFds()
|
||||
}
|
||||
// Disconnect from the controlling terminal by creating a new session.
|
||||
// This prevents us from getting SIGINT when the user presses Ctrl-C
|
||||
// to exit a running script that has called gocryptfs.
|
||||
_, err = syscall.Setsid()
|
||||
if err != nil {
|
||||
tlog.Warn.Printf("Setsid: %v", err)
|
||||
}
|
||||
// Send SIGUSR1 to our parent
|
||||
sendUsr1(args.notifypid)
|
||||
}
|
||||
|
|
|
@ -462,7 +462,9 @@ func TestPasswdPasswordIncorrect(t *testing.T) {
|
|||
|
||||
// Check that we correctly background on mount and close stderr and stdout.
|
||||
// Something like
|
||||
//
|
||||
// gocryptfs a b | cat
|
||||
//
|
||||
// must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ).
|
||||
func TestMountBackground(t *testing.T) {
|
||||
dir := test_helpers.InitFS(t)
|
||||
|
|
|
@ -204,7 +204,9 @@ func TestWrite0200File(t *testing.T) {
|
|||
|
||||
// TestMvWarnings:
|
||||
// When xattr support was introduced, mv threw warnings like these:
|
||||
//
|
||||
// mv: preserving permissions for ‘b/x’: Operation not permitted
|
||||
//
|
||||
// because we returned EPERM when it tried to set system.posix_acl_access.
|
||||
// Now we return EOPNOTSUPP and mv is happy.
|
||||
func TestMvWarnings(t *testing.T) {
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"runtime"
|
||||
"runtime/debug"
|
||||
"strings"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
|
||||
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
||||
)
|
||||
|
||||
const (
|
||||
gitVersionNotSet = "[GitVersion not set - please compile using ./build.bash]"
|
||||
gitVersionFuseNotSet = "[GitVersionFuse not set - please compile using ./build.bash]"
|
||||
buildDateNotSet = "0000-00-00"
|
||||
)
|
||||
|
||||
var (
|
||||
// GitVersion is the gocryptfs version according to git, set by build.bash
|
||||
GitVersion = gitVersionNotSet
|
||||
// GitVersionFuse is the go-fuse library version, set by build.bash
|
||||
GitVersionFuse = gitVersionFuseNotSet
|
||||
// BuildDate is a date string like "2017-09-06", set by build.bash
|
||||
BuildDate = buildDateNotSet
|
||||
)
|
||||
|
||||
func init() {
|
||||
versionFromBuildInfo()
|
||||
}
|
||||
|
||||
// raceDetector is set to true by race.go if we are compiled with "go build -race"
|
||||
var raceDetector bool
|
||||
|
||||
// printVersion prints a version string like this:
|
||||
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
|
||||
func printVersion() {
|
||||
var tagsSlice []string
|
||||
if stupidgcm.BuiltWithoutOpenssl {
|
||||
tagsSlice = append(tagsSlice, "without_openssl")
|
||||
}
|
||||
tags := ""
|
||||
if tagsSlice != nil {
|
||||
tags = " " + strings.Join(tagsSlice, " ")
|
||||
}
|
||||
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
|
||||
if raceDetector {
|
||||
built += " -race"
|
||||
}
|
||||
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
|
||||
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
|
||||
runtime.GOOS, runtime.GOARCH)
|
||||
}
|
||||
|
||||
// versionFromBuildInfo tries to get some information out of the information baked in
|
||||
// by the Go compiler. Does nothing when build.bash was used to build.
|
||||
func versionFromBuildInfo() {
|
||||
info, ok := debug.ReadBuildInfo()
|
||||
if !ok {
|
||||
tlog.Debug.Println("versionFromBuildInfo: ReadBuildInfo() failed")
|
||||
return
|
||||
}
|
||||
// Fill our version strings
|
||||
if GitVersion == gitVersionNotSet && info.Main.Version != "(devel)" {
|
||||
GitVersion = info.Main.Version
|
||||
}
|
||||
if GitVersionFuse == gitVersionFuseNotSet {
|
||||
for _, m := range info.Deps {
|
||||
if m.Path == "github.com/hanwen/go-fuse/v2" {
|
||||
GitVersionFuse = m.Version
|
||||
if m.Replace != nil {
|
||||
GitVersionFuse = m.Replace.Version
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue