Compare commits

...

20 Commits

Author SHA1 Message Date
Jakob Unterwurzacher b370325ccf speed: GoGCM: start at block size 16
BenchmarkGoGCMBlockSize/16-4      	 5499200	       219.7 ns/op	  72.83 MB/s
BenchmarkGoGCMBlockSize/32-4      	 4497284	       266.2 ns/op	 120.22 MB/s
BenchmarkGoGCMBlockSize/64-4      	 3296336	       363.4 ns/op	 176.10 MB/s
BenchmarkGoGCMBlockSize/128-4     	 4204794	       285.5 ns/op	 448.36 MB/s
BenchmarkGoGCMBlockSize/256-4     	 2928472	       409.7 ns/op	 624.83 MB/s
BenchmarkGoGCMBlockSize/512-4     	 1825164	       658.0 ns/op	 778.09 MB/s
BenchmarkGoGCMBlockSize/1024-4    	 1000000	      1151 ns/op	 889.98 MB/s
BenchmarkGoGCMBlockSize/2048-4    	  560275	      2135 ns/op	 959.47 MB/s
BenchmarkGoGCMBlockSize/4096-4    	  291906	      4099 ns/op	 999.28 MB/s
BenchmarkGoGCMBlockSize/8192-4    	  148916	      8033 ns/op	1019.83 MB/s
BenchmarkGoGCMBlockSize/16384-4   	   75337	     15911 ns/op	1029.75 MB/s
BenchmarkGoGCMBlockSize/32768-4   	   37912	     31651 ns/op	1035.30 MB/s
BenchmarkGoGCMBlockSize/65536-4   	   19000	     64287 ns/op	1019.43 MB/s
BenchmarkGoGCMBlockSize/131072-4  	    9225	    127636 ns/op	1026.92 MB/s
BenchmarkGoGCMBlockSize/262144-4  	    4752	    252300 ns/op	1039.02 MB/s
BenchmarkGoGCMBlockSize/524288-4  	    2377	    504612 ns/op	1038.99 MB/s
BenchmarkGoGCMBlockSize/1048576-4 	    1183	   1011637 ns/op	1036.51 MB/s
2023-03-08 17:04:07 +01:00
Jakob Unterwurzacher d74cf7c723 speed: add per-blocksize GoGCM benchmarks
Only visible when you run "go test -bench" like this:

$ cd gocryptfs/internal/speed
$ go test -bench .

goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/speed
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkStupidGCM-4              	  202352	      5937 ns/op	 689.96 MB/s
BenchmarkStupidGCMDecrypt-4       	  206023	      5782 ns/op	 708.38 MB/s
BenchmarkGoGCM-4                  	  291878	      4098 ns/op	 999.45 MB/s
BenchmarkGoGCMBlockSize/1024-4    	 1000000	      1151 ns/op	 889.88 MB/s
BenchmarkGoGCMBlockSize/2048-4    	  561182	      2134 ns/op	 959.60 MB/s
BenchmarkGoGCMBlockSize/4096-4    	  292057	      4101 ns/op	 998.87 MB/s
BenchmarkGoGCMBlockSize/8192-4    	  149216	      8031 ns/op	1020.09 MB/s
BenchmarkGoGCMBlockSize/16384-4   	   75361	     15917 ns/op	1029.34 MB/s
BenchmarkGoGCMBlockSize/32768-4   	   37916	     31649 ns/op	1035.35 MB/s
BenchmarkGoGCMBlockSize/65536-4   	   19005	     63117 ns/op	1038.33 MB/s
BenchmarkGoGCMBlockSize/131072-4  	    9498	    126166 ns/op	1038.89 MB/s
BenchmarkGoGCMBlockSize/262144-4  	    4755	    252149 ns/op	1039.64 MB/s
BenchmarkGoGCMBlockSize/524288-4  	    2377	    504108 ns/op	1040.03 MB/s
BenchmarkGoGCMBlockSize/1048576-4 	    1188	   1008675 ns/op	1039.56 MB/s
BenchmarkGoGCMDecrypt-4           	  294664	      4059 ns/op	1009.02 MB/s
BenchmarkAESSIV-4                 	   46498	     25432 ns/op	 161.05 MB/s
BenchmarkAESSIVDecrypt-4          	   46908	     25509 ns/op	 160.57 MB/s
BenchmarkXchacha-4                	  244473	      4894 ns/op	 836.97 MB/s
BenchmarkXchachaDecrypt-4         	  249710	      4798 ns/op	 853.75 MB/s
BenchmarkStupidXchacha-4          	  166988	      7101 ns/op	 576.79 MB/s
BenchmarkStupidXchachaDecrypt-4   	  163093	      7240 ns/op	 565.72 MB/s
BenchmarkStupidChacha-4           	  184172	      6527 ns/op	 627.58 MB/s
BenchmarkStupidChachaDecrypt-4    	  179796	      6659 ns/op	 615.11 MB/s
PASS
ok  	github.com/rfjakob/gocryptfs/v2/internal/speed	30.068s
2023-03-08 16:54:56 +01:00
Jakob Unterwurzacher 77a0410e2e README: update changelog for v2.3.1 2023-03-04 13:52:45 +01:00
rfjakob 403f59b1c0
Update README.md
Package has been removed from Fedora.

https://github.com/rfjakob/gocryptfs/issues/659
2023-02-25 18:12:10 +01:00
Jakob Unterwurzacher 8f3ec5dcaa fusefrontend: unbreak isConsecutiveWrite streaming write optimization
Commit 6196a5b5 got the logic inverted, hence we never
set the last position markers.

Fixes https://github.com/rfjakob/gocryptfs/issues/712
2023-02-21 22:08:41 +01:00
Jakob Unterwurzacher 85297cda97 fusefrontend: doWrite: report readFileID errors as I/O error
It used to be reported as "function not implemented", accompanied
with this log output:

  go-fuse: can't convert error type: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000

Now we report EIO and log this:

  doWrite 1372183: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
2023-02-21 22:08:41 +01:00
Jakob Unterwurzacher e9a5b8962b contentenc: simplify testRange tables
Get rid of this eyesore.
2023-02-21 22:08:41 +01:00
Evgeny 6dc8c26100 MANPAGE: add a note on enabling Trash on macOS 2023-02-01 08:38:33 +01:00
Jakob Unterwurzacher 88bc0aa607 MANPAGE: scryptn: list how much memory is needed
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ ,
and add benchmarks to double-check the numbers. They match.
2023-01-08 22:17:14 +01:00
Gisi0 0b5b864a06 Update MANPAGE.md
added which package on linux is needed to use fido2 stick
2023-01-07 10:04:08 +01:00
a1346054 3c1ac3b06b MANPAGE.md: use correct indefinite article a->an 2023-01-01 22:06:29 +01:00
Jakob Unterwurzacher c4b95cf35a github ci: bump actions ; add "stable" and "oldstable" Go versions 2022-12-29 15:28:59 +01:00
Jakob Unterwurzacher b2a5cec4dd main: BuildInfo: fix build with Go 1.17 and older
On Go 1.17 and older we get this:

  Error: ./version.go:67:24: info.Settings undefined (type *debug.BuildInfo has no field or method Settings)

Fix the build error by shedding some nice-to-have features.
2022-12-29 15:21:17 +01:00
Jakob Unterwurzacher 856ccaac10 make format
Run "make format" using
go version go1.19.4 linux/amd64
2022-12-29 15:00:37 +01:00
Jakob Unterwurzacher 99cdaa0b69 main: refactor BuildInfo code
Simplify and move it into a new file version.go.
2022-12-29 14:43:48 +01:00
Daniel Theophanes 439dea1b19 Use existing build information for version if not embedded with build script
Go1.12 introduced BuildInfo which embeds build information. It does
not embed build date to facilitate reproducable builds by default.
If build information is embedded from build script, use the information
provided by the Go build system.
2022-12-29 14:42:13 +01:00
Jakob Unterwurzacher ff32e99791 main: doMount: call Setsid before starting logger
The logger should be in the new background session together
with the gocryptfs process.

Before:
	$ xfce4-terminal -x gocryptfs a b
	$ ps xao pid,ppid,pgid,sid,comm,args
	    PID    PPID    PGID     SID COMMAND         COMMAND
	 192272    1371  192272  192272 gocryptfs       /ssd2/jakob.donotbackup/go/bin/gocryptfs -fg -notifypid=192265 a b
	 192292  192272  192265  192265 logge <defunct> [logger] <defunct>

After:
	$ xfce4-terminal -x gocryptfs a b
	$ ps xao pid,ppid,pgid,sid,comm,args
	    PID    PPID    PGID     SID COMMAND         COMMAND
	 211714    1371  211714  211714 gocryptfs       /ssd2/jakob.donotbackup/go/bin/gocryptfs -fg -notifypid=211708 a b
	 211776  211714  211714  211714 logger          logger -t gocryptfs-211714-logger

Fixes https://github.com/rfjakob/gocryptfs/issues/660
2022-12-29 13:57:03 +01:00
Christian Stewart 7ee4c8e9c3 go.mod: fix jacobsa/crypto build on riscv64
Replace dependency jacobsa/crypto with a fork with support for riscv64.

Issue: https://github.com/rfjakob/gocryptfs/issues/666

Upstream PR: https://github.com/jacobsa/crypto/issues/13

Unaddressed on jacobsa/crypto:

https://github.com/jacobsa/crypto/pull/14#issuecomment-1182744229

Signed-off-by: Christian Stewart <christian@paral.in>
2022-12-21 18:38:11 +01:00
Val 0ec7ffbfe9 Upgrade go-fuse
Ran `go get -u github.com/hanwen/go-fuse/v2@master` to get this diff

As pointed out in https://github.com/rfjakob/gocryptfs/issues/595#issuecomment-1222271612, go-fuse was updated with a patch to allow `-reverse` mode on macOS!
2022-11-27 10:18:11 +01:00
Jakob Unterwurzacher f8bd172289 Update changelog for v2.3.0 2022-10-21 22:06:25 +02:00
28 changed files with 306 additions and 204 deletions

View File

@ -13,16 +13,16 @@ jobs:
go:
- "1.13.x" # Ubuntu 20.04 LTS "focal"
- "1.15.x" # Debian 11 "Bullseye"
- "1.17.x" # Golang upstream stable
- "1.18.x" # Golang upstream stable
- "1.19.x" # Golang upstream stable
- "1.18.x" # Ubuntu 22.04 LTS "jammy"
- "oldstable" # 2nd-latest Golang upstream stable
- "stable" # Latest Go upstream stable
# Don't cancel everything when one Go version fails
fail-fast: false
runs-on: ubuntu-latest
steps:
- name: Install Go ${{ matrix.go }}
uses: actions/setup-go@v2
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go }}
@ -30,7 +30,7 @@ jobs:
# https://github.com/actions/runner/issues/1188
- run: ls -l /proc/self/fd
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Make "git describe" work
@ -42,7 +42,7 @@ jobs:
# Build & upload static binary
- run: ./build-without-openssl.bash
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: gocryptfs static binary (Go ${{ matrix.go }})
path: gocryptfs

View File

@ -305,8 +305,10 @@ runs as root, you can enable device files by passing the opposite mount option,
"dev", and if you want to enable suid-binaries, pass "suid".
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
interesting. For a complete list see the section
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local",
"noapplexattr", "noappledouble" may be interesting.
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local" enables volume-based trash
if you have `.Trashes` folder in the root of your volume (might need to be manually created)
note, though, that "local" is marked as "experimental" in [osxfuse](https://github.com/osxfuse/osxfuse/wiki/Mount-options#local);
"noapplexattr", "noappledouble" may also be interesting.
Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE
the directories. Example:
@ -478,11 +480,12 @@ for details.
#### -fido2 DEVICE_PATH
Use a FIDO2 token to initialize and unlock the filesystem.
Use "fido2-token -L" to obtain the FIDO2 token device path.
For linux, "fido2-tools" package is needed.
Applies to: all actions that ask for a password.
#### -masterkey string
Use a explicit master key specified on the command line or, if the special
Use an explicit master key specified on the command line or, if the special
value "stdin" is used, read the masterkey from stdin, instead of reading
the config file and asking for the decryption password.
@ -562,15 +565,44 @@ Quiet - silence informational messages.
Applies to: all actions.
#### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
10 to 28, representing N=2^10 to N=2^28.
gocryptfs uses *scrypt* for hashing the password when mounting,
which protects from brute-force attacks.
`-scryptn` controls the *scrypt* cost parameter "N" expressed as scryptn=log2(N).
Possible values are `-scryptn=10` to `-scryptn=28`, representing N=2^10 to N=2^28.
Setting this to a lower
value speeds up mounting and reduces its memory needs, but makes
the password susceptible to brute-force attacks. The default is 16.
The memory usage for *scrypt* during mounting is as follows:
scryptn Memory Usage
======= ============
10 1 MiB
11 2
12 4
13 8
14 16
15 32
16 64
17 128
18 256
19 512
20 1 GiB
21 2
22 4
23 8
24 16
25 32
26 64
27 128
28 256
Applies to: `-init`, `-passwd`
See also: the benchmarks in the gocryptfs source code in internal/configfile.
#### -trace string
Write execution trace to file. View the trace using "go tool trace FILE".

View File

@ -62,7 +62,6 @@ distribution must be installed for mounting to work.
gocryptfs is also available as a package in most distributions. Examples:
* Debian, Ubuntu: `apt install gocryptfs`
* Fedora: `dnf install gocryptfs`
* Arch: `pacman -S gocryptfs`
* MacPorts: `port install gocryptfs`
@ -196,6 +195,25 @@ RM: 2,367
Changelog
---------
#### v2.3.1, 2023-03-04
* Optimize NFS streaming write performance ([#712](https://github.com/rfjakob/gocryptfs/issues/712),
[commit](https://github.com/rfjakob/gocryptfs/commit/8f3ec5dcaa6eb18d11746675190a7aaceb422764)).
You should see about a 4x performance increase.
* Use `debug.ReadBuildInfo()` to provide some
version information even when not built with `build.bash` ([#701](https://github.com/rfjakob/gocryptfs/pull/701)) .
* Fix bug that caused the `logger` process to be killed when started from `xfce4-terminal`,
and that terminal window was closed ([#660](https://github.com/rfjakob/gocryptfs/issues/660),
[commit](https://github.com/rfjakob/gocryptfs/commit/ff32e9979130e6237b0d97ef88304fa79ce61b06)).
* MacOS: Fix reverse mount failing with `read-only file system` ([#690](https://github.com/rfjakob/gocryptfs/pull/690))
* Make gocryptfs compile on riscv64 by switching from [jacobsa/crypto](https://github.com/jacobsa/crypto)
to maintained fork [aperturerobotics/jacobsa-crypto](https://github.com/aperturerobotics/jacobsa-crypto)
([#674](https://github.com/rfjakob/gocryptfs/pull/674))
#### v2.3.0, 2022-10-21
* Identical to v2.3, just tagged once more in full semver x.y.z format. This make Go's fetching logic happy,
which ignores v2.3 (without the third digit) completely.
Fixes [#694](https://github.com/rfjakob/gocryptfs/issues/694), [#688](https://github.com/rfjakob/gocryptfs/issues/688).
#### v2.3, 2022-08-28
* Add **`-longnamemax`** flag to `-init` ([#499](https://github.com/rfjakob/gocryptfs/issues/499)).
Can be used to work around file or path length restrictions on online storage.
@ -580,7 +598,7 @@ Changelog
* **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))**
* AES-SIV (RFC5297) encryption to implement deterministic encryption
securely. Uses the excellent
[jacobsa/crypto](https://github.com/jacobsa/crypto) library.
[jacobsa/crypto](https://github.com/aperturerobotics/jacobsa-crypto) library.
The corresponding feature flag is called `AESSIV`.
* New command-line options: `-reverse`, `-aessiv`
* Filesystems using reverse mode can only be mounted with gocryptfs v1.1

11
go.mod
View File

@ -3,18 +3,13 @@ module github.com/rfjakob/gocryptfs/v2
go 1.16
require (
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd // indirect
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff // indirect
github.com/jacobsa/ogletest v0.0.0-20170503003838-80d50a735a11 // indirect
github.com/jacobsa/reqtrace v0.0.0-20150505043853-245c9e0234cb // indirect
github.com/aperturerobotics/jacobsa-crypto v1.0.0
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde
github.com/pkg/xattr v0.4.3
github.com/rfjakob/eme v1.1.2
github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
github.com/spf13/pflag v1.0.5
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
)

21
go.sum
View File

@ -1,9 +1,10 @@
github.com/aperturerobotics/jacobsa-crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:XKd7k7LIBmeR/WGENaSpUSjQbWBVKZFhMT7+zKM5KVU=
github.com/aperturerobotics/jacobsa-crypto v1.0.0 h1:ARfIuzgovK+5leAKbFHcicKEgMzD94tb/FTiWSHdGLU=
github.com/aperturerobotics/jacobsa-crypto v1.0.0/go.mod h1:xq0oOkHSPQ1E5ByqbwLhCJ1mygYHtXTMQnvHD4tz4Cc=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914 h1:hGXMxS1wTE4y+f7iBqFArrJ6X8QozHnEdnVzGZI9Ywc=
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115 h1:YuDUUFNM21CAbyPOpOP8BicaTD/0klJEKt5p8yuw+uY=
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:LadVJg0XuawGk+8L1rYnIED8451UyNxEMdTWCEt5kmU=
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde h1:fgTauqHA48CDt+qVQR+PJXqiI9bpYQglMIIi+h/mMts=
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA=
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M=
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw=
@ -30,21 +31,21 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0=
golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 h1:c8PlLMqBbOHoqtjteWm5/kbe6rNY2pbRfbIMVnepueo=
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=

View File

@ -1,60 +1,45 @@
package configfile
import (
"fmt"
"testing"
)
/*
Results on a 2.7GHz Pentium G630:
gocryptfs/cryptfs$ go test -bench=.
$ time go test -bench . -run none
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/configfile
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkScryptN/10-4 339 3488649 ns/op 1053167 B/op 22 allocs/op ... 3ms+1MiB
BenchmarkScryptN/11-4 175 6816072 ns/op 2101742 B/op 22 allocs/op
BenchmarkScryptN/12-4 87 13659346 ns/op 4198898 B/op 22 allocs/op
BenchmarkScryptN/13-4 43 27443071 ns/op 8393209 B/op 22 allocs/op
BenchmarkScryptN/14-4 21 56931664 ns/op 16781820 B/op 22 allocs/op
BenchmarkScryptN/15-4 10 108494502 ns/op 33559027 B/op 22 allocs/op
BenchmarkScryptN/16-4 5 217347137 ns/op 67113465 B/op 22 allocs/op ... 217ms+67MiB
BenchmarkScryptN/17-4 3 449680138 ns/op 134222362 B/op 22 allocs/op
BenchmarkScryptN/18-4 2 867481653 ns/op 268440064 B/op 22 allocs/op
BenchmarkScryptN/19-4 1 1738085333 ns/op 536875536 B/op 23 allocs/op
BenchmarkScryptN/20-4 1 3508224867 ns/op 1073746448 B/op 23 allocs/op
BenchmarkScryptN/21-4 1 9536561994 ns/op 2147488272 B/op 23 allocs/op
BenchmarkScryptN/22-4 1 16937072495 ns/op 4294971920 B/op 23 allocs/op
PASS
BenchmarkScrypt10-2 300 6021435 ns/op ... 6ms
BenchmarkScrypt11-2 100 11861460 ns/op
BenchmarkScrypt12-2 100 23420822 ns/op
BenchmarkScrypt13-2 30 47666518 ns/op
BenchmarkScrypt14-2 20 92561590 ns/op ... 92ms
BenchmarkScrypt15-2 10 183971593 ns/op
BenchmarkScrypt16-2 3 368506365 ns/op
BenchmarkScrypt17-2 2 755502608 ns/op ... 755ms
ok github.com/rfjakob/gocryptfs/v2/cryptfs 18.772s
ok github.com/rfjakob/gocryptfs/v2/internal/configfile 47.545s
*/
func benchmarkScryptN(n int, b *testing.B) {
func BenchmarkScryptN(b *testing.B) {
for n := 10; n <= 20; n++ {
b.Run(fmt.Sprintf("%d", n), func(b *testing.B) {
benchmarkScryptN(b, n)
})
}
}
func benchmarkScryptN(b *testing.B, n int) {
kdf := NewScryptKDF(n)
for i := 0; i < b.N; i++ {
kdf.DeriveKey(testPw)
}
}
func BenchmarkScrypt10(b *testing.B) {
benchmarkScryptN(10, b)
}
func BenchmarkScrypt11(b *testing.B) {
benchmarkScryptN(11, b)
}
func BenchmarkScrypt12(b *testing.B) {
benchmarkScryptN(12, b)
}
func BenchmarkScrypt13(b *testing.B) {
benchmarkScryptN(13, b)
}
func BenchmarkScrypt14(b *testing.B) {
benchmarkScryptN(14, b)
}
func BenchmarkScrypt15(b *testing.B) {
benchmarkScryptN(15, b)
}
func BenchmarkScrypt16(b *testing.B) {
benchmarkScryptN(16, b)
}
func BenchmarkScrypt17(b *testing.B) {
benchmarkScryptN(17, b)
b.ReportAllocs()
}

View File

@ -12,15 +12,15 @@ type testRange struct {
}
func TestSplitRange(t *testing.T) {
var ranges []testRange
ranges = append(ranges, testRange{0, 70000},
testRange{0, 10},
testRange{234, 6511},
testRange{65444, 54},
testRange{0, 1024 * 1024},
testRange{0, 65536},
testRange{6654, 8945})
ranges := []testRange{
{0, 70000},
{0, 10},
{234, 6511},
{65444, 54},
{0, 1024 * 1024},
{0, 65536},
{6654, 8945},
}
key := make([]byte, cryptocore.KeyLen)
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
@ -42,13 +42,13 @@ func TestSplitRange(t *testing.T) {
}
func TestCiphertextRange(t *testing.T) {
var ranges []testRange
ranges = append(ranges, testRange{0, 70000},
testRange{0, 10},
testRange{234, 6511},
testRange{65444, 54},
testRange{6654, 8945})
ranges := []testRange{
{0, 70000},
{0, 10},
{234, 6511},
{65444, 54},
{6654, 8945},
}
key := make([]byte, cryptocore.KeyLen)
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)

View File

@ -6,10 +6,11 @@ import (
)
// SanitizePath adapts filepath.Clean for FUSE paths.
// 1) Leading slash(es) are dropped
// 2) It returns "" instead of "."
// 3) If the cleaned path points above CWD (start with ".."), an empty string
// 1. Leading slash(es) are dropped
// 2. It returns "" instead of "."
// 3. If the cleaned path points above CWD (start with ".."), an empty string
// is returned
//
// See the TestSanitizePath testcases for examples.
func SanitizePath(path string) string {
// (1)

View File

@ -273,6 +273,10 @@ func (f *File) doWrite(data []byte, off int64) (uint32, syscall.Errno) {
if err == io.EOF {
fileID, err = f.createHeader()
fileWasEmpty = true
} else if err != nil {
// Other errors mean readFileID() found a corrupt header
tlog.Warn.Printf("doWrite %d: corrupt header: %v", f.qIno.Ino, err)
return 0, syscall.EIO
}
if err != nil {
return 0, fs.ToErrno(err)
@ -380,7 +384,7 @@ func (f *File) Write(ctx context.Context, data []byte, off int64) (uint32, sysca
}
}
n, errno := f.doWrite(data, off)
if errno != 0 {
if errno == 0 {
f.lastOpCount = openfiletable.WriteOpCount()
f.lastWrittenOffset = off + int64(len(data)) - 1
}

View File

@ -5,7 +5,7 @@ import (
"encoding/hex"
"testing"
"github.com/jacobsa/crypto/siv"
"github.com/aperturerobotics/jacobsa-crypto/siv"
)
// Test all supported key lengths

View File

@ -6,7 +6,7 @@ import (
"crypto/cipher"
"log"
"github.com/jacobsa/crypto/siv"
"github.com/aperturerobotics/jacobsa-crypto/siv"
)
type sivAead struct {
@ -63,7 +63,7 @@ func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte {
if len(s.key) == 0 {
log.Panic("Key has been wiped?")
}
// https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48:
// https://github.com/aperturerobotics/jacobsa-crypto/blob/master/siv/encrypt.go#L48:
// As per RFC 5297 section 3, you may use this function for nonce-based
// authenticated encryption by passing a nonce as the last associated
// data element.

View File

@ -23,7 +23,7 @@ import (
const adLen = 24
// gocryptfs uses fixed-size 4 kiB blocks
const blockSize = 4096
const gocryptfsBlockSize = 4096
// Run - run the speed the test and print the results.
func Run() {
@ -83,6 +83,11 @@ func randBytes(n int) []byte {
// bEncrypt benchmarks the encryption speed of cipher "c"
func bEncrypt(b *testing.B, c cipher.AEAD) {
bEncryptBlockSize(b, c, gocryptfsBlockSize)
}
// bEncryptBlockSize benchmarks the encryption speed of cipher "c" at block size "blockSize"
func bEncryptBlockSize(b *testing.B, c cipher.AEAD, blockSize int) {
authData := randBytes(adLen)
iv := randBytes(c.NonceSize())
in := make([]byte, blockSize)
@ -97,13 +102,12 @@ func bEncrypt(b *testing.B, c cipher.AEAD) {
// Encrypt and append to nonce
c.Seal(dst, iv, in, authData)
}
}
func bDecrypt(b *testing.B, c cipher.AEAD) {
authData := randBytes(adLen)
iv := randBytes(c.NonceSize())
plain := randBytes(blockSize)
plain := randBytes(gocryptfsBlockSize)
ciphertext := c.Seal(iv, iv, plain, authData)
b.SetBytes(int64(len(plain)))
@ -129,6 +133,10 @@ func bStupidGCM(b *testing.B) {
// bGoGCM benchmarks Go stdlib GCM
func bGoGCM(b *testing.B) {
bGoGCMBlockSize(b, gocryptfsBlockSize)
}
func bGoGCMBlockSize(b *testing.B, blockSize int) {
gAES, err := aes.NewCipher(randBytes(32))
if err != nil {
b.Fatal(err)
@ -137,10 +145,10 @@ func bGoGCM(b *testing.B) {
if err != nil {
b.Fatal(err)
}
bEncrypt(b, gGCM)
bEncryptBlockSize(b, gGCM, blockSize)
}
// bAESSIV benchmarks AES-SIV from github.com/jacobsa/crypto/siv
// bAESSIV benchmarks AES-SIV from github.com/aperturerobotics/jacobsa-crypto/siv
func bAESSIV(b *testing.B) {
c := siv_aead.New(randBytes(64))
bEncrypt(b, c)

View File

@ -3,6 +3,7 @@ package speed
import (
"crypto/aes"
"crypto/cipher"
"fmt"
"testing"
"golang.org/x/crypto/chacha20poly1305"
@ -38,6 +39,13 @@ func BenchmarkGoGCM(b *testing.B) {
bGoGCM(b)
}
func BenchmarkGoGCMBlockSize(b *testing.B) {
for blockSize := 16; blockSize <= 1024*1024; blockSize *= 2 {
name := fmt.Sprintf("%d", blockSize)
b.Run(name, func(b *testing.B) { bGoGCMBlockSize(b, blockSize) })
}
}
func BenchmarkGoGCMDecrypt(b *testing.B) {
gAES, err := aes.NewCipher(randBytes(32))
if err != nil {

View File

@ -33,7 +33,7 @@
// Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
// decryption.
//
// XChaCha20-Poly1305
// # XChaCha20-Poly1305
//
// The XChaCha20-Poly1305 implementation is more complicated than the others,
// because OpenSSL does not support XChaCha20-Poly1305 directly. Follow

View File

@ -11,8 +11,8 @@ import (
//
// Go GCM is only faster if the CPU either:
//
// 1) Is X86_64 && has AES instructions && Go is v1.6 or higher
// 2) Is ARM64 && has AES instructions && Go is v1.11 or higher
// 1. Is X86_64 && has AES instructions && Go is v1.6 or higher
// 2. Is ARM64 && has AES instructions && Go is v1.11 or higher
// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
//
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks

34
main.go
View File

@ -4,7 +4,6 @@
package main
import (
"fmt"
"log"
"os"
"path/filepath"
@ -20,22 +19,9 @@ import (
"github.com/rfjakob/gocryptfs/v2/internal/fido2"
"github.com/rfjakob/gocryptfs/v2/internal/readpassword"
"github.com/rfjakob/gocryptfs/v2/internal/speed"
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)
// GitVersion is the gocryptfs version according to git, set by build.bash
var GitVersion = "[GitVersion not set - please compile using ./build.bash]"
// GitVersionFuse is the go-fuse library version, set by build.bash
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
// BuildDate is a date string like "2017-09-06", set by build.bash
var BuildDate = "0000-00-00"
// raceDetector is set to true by race.go if we are compiled with "go build -race"
var raceDetector bool
// loadConfig loads the config file `args.config` and decrypts the masterkey,
// or gets via the `-masterkey` or `-zerokey` command line options, if specified.
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
@ -137,26 +123,6 @@ func changePassword(args *argContainer) {
tlog.Info.Printf(tlog.ColorGreen + "Password changed." + tlog.ColorReset)
}
// printVersion prints a version string like this:
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
func printVersion() {
var tagsSlice []string
if stupidgcm.BuiltWithoutOpenssl {
tagsSlice = append(tagsSlice, "without_openssl")
}
tags := ""
if tagsSlice != nil {
tags = " " + strings.Join(tagsSlice, " ")
}
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
if raceDetector {
built += " -race"
}
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
runtime.GOOS, runtime.GOARCH)
}
func main() {
mxp := runtime.GOMAXPROCS(0)
if mxp < 4 && os.Getenv("GOMAXPROCS") == "" {

View File

@ -120,9 +120,18 @@ func doMount(args *argContainer) {
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
// We have been forked into the background, as evidenced by the set
// "notifypid".
// Do what daemons should do: https://man7.org/linux/man-pages/man7/daemon.7.html
if args.notifypid > 0 {
// Chdir to the root directory so we don't block unmounting the CWD
os.Chdir("/")
// Disconnect from the controlling terminal by creating a new session.
// This prevents us from getting SIGINT when the user presses Ctrl-C
// to exit a running script that has called gocryptfs, or SIGHUP when
// xfce4-terminal closes itself ( https://github.com/rfjakob/gocryptfs/issues/660 ).
_, err = syscall.Setsid()
if err != nil {
tlog.Warn.Printf("Setsid: %v", err)
}
// Switch to syslog
if !args.nosyslog {
// Switch all of our logs and the generic logger to syslog
@ -134,13 +143,6 @@ func doMount(args *argContainer) {
// Daemons should redirect stdin, stdout and stderr
redirectStdFds()
}
// Disconnect from the controlling terminal by creating a new session.
// This prevents us from getting SIGINT when the user presses Ctrl-C
// to exit a running script that has called gocryptfs.
_, err = syscall.Setsid()
if err != nil {
tlog.Warn.Printf("Setsid: %v", err)
}
// Send SIGUSR1 to our parent
sendUsr1(args.notifypid)
}

View File

@ -462,7 +462,9 @@ func TestPasswdPasswordIncorrect(t *testing.T) {
// Check that we correctly background on mount and close stderr and stdout.
// Something like
//
// gocryptfs a b | cat
//
// must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ).
func TestMountBackground(t *testing.T) {
dir := test_helpers.InitFS(t)

View File

@ -204,7 +204,9 @@ func TestWrite0200File(t *testing.T) {
// TestMvWarnings:
// When xattr support was introduced, mv threw warnings like these:
//
// mv: preserving permissions for b/x: Operation not permitted
//
// because we returned EPERM when it tried to set system.posix_acl_access.
// Now we return EOPNOTSUPP and mv is happy.
func TestMvWarnings(t *testing.T) {

78
version.go Normal file
View File

@ -0,0 +1,78 @@
package main
import (
"fmt"
"runtime"
"runtime/debug"
"strings"
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)
const (
gitVersionNotSet = "[GitVersion not set - please compile using ./build.bash]"
gitVersionFuseNotSet = "[GitVersionFuse not set - please compile using ./build.bash]"
buildDateNotSet = "0000-00-00"
)
var (
// GitVersion is the gocryptfs version according to git, set by build.bash
GitVersion = gitVersionNotSet
// GitVersionFuse is the go-fuse library version, set by build.bash
GitVersionFuse = gitVersionFuseNotSet
// BuildDate is a date string like "2017-09-06", set by build.bash
BuildDate = buildDateNotSet
)
func init() {
versionFromBuildInfo()
}
// raceDetector is set to true by race.go if we are compiled with "go build -race"
var raceDetector bool
// printVersion prints a version string like this:
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
func printVersion() {
var tagsSlice []string
if stupidgcm.BuiltWithoutOpenssl {
tagsSlice = append(tagsSlice, "without_openssl")
}
tags := ""
if tagsSlice != nil {
tags = " " + strings.Join(tagsSlice, " ")
}
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
if raceDetector {
built += " -race"
}
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
runtime.GOOS, runtime.GOARCH)
}
// versionFromBuildInfo tries to get some information out of the information baked in
// by the Go compiler. Does nothing when build.bash was used to build.
func versionFromBuildInfo() {
info, ok := debug.ReadBuildInfo()
if !ok {
tlog.Debug.Println("versionFromBuildInfo: ReadBuildInfo() failed")
return
}
// Fill our version strings
if GitVersion == gitVersionNotSet && info.Main.Version != "(devel)" {
GitVersion = info.Main.Version
}
if GitVersionFuse == gitVersionFuseNotSet {
for _, m := range info.Deps {
if m.Path == "github.com/hanwen/go-fuse/v2" {
GitVersionFuse = m.Version
if m.Replace != nil {
GitVersionFuse = m.Replace.Version
}
break
}
}
}
}