Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=aegis 2025-03-12T19:43:23+00:00 2025-03-12T19:43:23+00:00 Frank Denis 2025-03-11T23:32:04+00:00 urn:sha1:3e852eb354f99fb95b399c68d950298b33ed88ab 2025-03-12T19:43:23+00:00 Frank Denis 2025-02-25T14:03:50+00:00 urn:sha1:779a850e0fb967aac79124c7e18b14706d5f2652 AEGIS is a new family of authenticated encryption algorithms that offers stronger security, higher usage limits, and better performance than AES-GCM. This pull request adds support for a new `-aegis` command-line flag, allowing AEGIS-128X2 to be used as an alternative to AES-GCM on CPUs with AES acceleration. It also introduces the ability to use ciphers with different key sizes. More information on AEGIS is available here: - https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html - https://github.com/cfrg/draft-irtf-cfrg-aegis-aead gocryptfs -speed speed on Apple M1: AES-GCM-256-OpenSSL 3718.79 MB/s AES-GCM-256-Go 5083.43 MB/s (selected in auto mode) AES-SIV-512-Go 625.20 MB/s XChaCha20-Poly1305-OpenSSL 1358.63 MB/s (selected in auto mode) XChaCha20-Poly1305-Go 832.11 MB/s Aegis128X2-Go 11818.73 MB/s gocryptfs -speed speed on AMD Zen 4: AES-GCM-256-OpenSSL 5215.86 MB/s AES-GCM-256-Go 6918.01 MB/s (selected in auto mode) AES-SIV-512-Go 449.61 MB/s XChaCha20-Poly1305-OpenSSL 2643.48 MB/s XChaCha20-Poly1305-Go 3727.46 MB/s (selected in auto mode) Aegis128X2-Go 28109.92 MB/s 2024-11-11T21:33:07+00:00 Jakob Unterwurzacher 2024-11-11T21:27:42+00:00 urn:sha1:86891054ef2a5d1b0b59c7c140aae284e7c5bd87 Now that https://github.com/hanwen/go-fuse/issues/399 has landed we can report an inode number for the root node. Fixes https://github.com/rfjakob/gocryptfs/issues/580 2024-03-09T20:32:48+00:00 Alex Shumsky 2024-03-07T20:33:11+00:00 urn:sha1:1d7dd0a76c15cf8c0dffef918a6b6c3dcb6347c4 2023-05-17T21:26:56+00:00 Jakob Unterwurzacher 2023-05-17T21:26:56+00:00 urn:sha1:09954c4bdecf0ca6da65776f176dc934ffced2b0 Not having Access() means go-fuse emulates it by looking at Getattr(). This works fine most of the time, but breaks down on sshfs, where sshfs-benchmark.bash shows this: gocryptfs/tests$ ./sshfs-benchmark.bash nuetzlich.net working directory: /tmp/sshfs-benchmark.bash.JQC sshfs mounted: nuetzlich.net:/tmp -> sshfs.mnt gocryptfs mounted: sshfs.mnt/sshfs-benchmark.bash.Wrz/gocryptfs.crypt -> gocryptfs.mnt sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 3.98 6.80 rsync 7.71 10.84 rm -R 4.30rm: descend into write-protected directory 'gocryptfs.mnt/git1'? The go-fuse emulation gets it wrong here because sshfs reports permissions but does not enforce them. Implement it ourselves properly. 2023-03-29T20:16:14+00:00 Jakob Unterwurzacher 2023-03-29T20:16:14+00:00 urn:sha1:24b3978715186bed3edc2703e81f165a73c0a74a And add a test for it. Fixes https://github.com/rfjakob/gocryptfs/issues/724 2023-02-21T21:08:41+00:00 Jakob Unterwurzacher 2023-02-21T21:04:30+00:00 urn:sha1:8f3ec5dcaa6eb18d11746675190a7aaceb422764 Commit 6196a5b5 got the logic inverted, hence we never set the last position markers. Fixes https://github.com/rfjakob/gocryptfs/issues/712 2023-02-21T21:08:41+00:00 Jakob Unterwurzacher 2023-01-24T21:07:28+00:00 urn:sha1:85297cda97d018b514361a2088a78f50f1446f95 It used to be reported as "function not implemented", accompanied with this log output: go-fuse: can't convert error type: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000 Now we report EIO and log this: doWrite 1372183: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000 2022-12-29T14:00:37+00:00 Jakob Unterwurzacher 2022-12-29T14:00:24+00:00 urn:sha1:856ccaac10579abda5620dfc86ad6031b1076a43 Run "make format" using go version go1.19.4 linux/amd64 2022-06-26T08:59:06+00:00 Yuta Hayashibe 2022-05-04T09:06:20+00:00 urn:sha1:e9ecff7f07aeb1efe0edec7b4b050ce3c0ef75f8