Age | Commit message (Collapse) | Author |
|
|
|
Add PreferOpenSSLXchacha20poly1305,
rename PreferOpenSSL -> PreferOpenSSLAES256GCM.
|
|
New() -> NewAES256GCM()
Also add missing NewChacha20poly1305
constructor in without_openssl.go.
|
|
gocryptfs/internal/speed$ go test -bench .
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/speed
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkStupidGCM-4 263742 4523 ns/op 905.61 MB/s
BenchmarkStupidGCMDecrypt-4 204858 5779 ns/op 708.76 MB/s
BenchmarkGoGCM-4 291259 4095 ns/op 1000.25 MB/s
BenchmarkGoGCMDecrypt-4 293886 4061 ns/op 1008.53 MB/s
BenchmarkAESSIV-4 46537 25538 ns/op 160.39 MB/s
BenchmarkAESSIVDecrypt-4 46770 25627 ns/op 159.83 MB/s
BenchmarkXchacha-4 243619 4893 ns/op 837.03 MB/s
BenchmarkXchachaDecrypt-4 248857 4793 ns/op 854.51 MB/s
BenchmarkStupidXchacha-4 213717 5558 ns/op 736.99 MB/s
BenchmarkStupidXchachaDecrypt-4 176635 6782 ns/op 603.96 MB/s
PASS
ok github.com/rfjakob/gocryptfs/v2/internal/speed 12.871s
|
|
The bEncrypt helper massively deduplicates the code,
and reusing the dst buffer gives higher performance,
and that's what gocryptfs does in normal operation via
sync.Pool.
$ benchstat old.txt new.txt
name old time/op new time/op delta
StupidGCM-4 6.24µs ± 1% 4.65µs ± 0% -25.47% (p=0.008 n=5+5)
GoGCM-4 4.90µs ± 0% 4.10µs ± 0% -16.44% (p=0.008 n=5+5)
AESSIV-4 26.4µs ± 0% 25.6µs ± 0% -2.90% (p=0.008 n=5+5)
Xchacha-4 5.76µs ± 0% 4.91µs ± 0% -14.79% (p=0.008 n=5+5)
StupidXchacha-4 7.24µs ± 1% 5.48µs ± 0% -24.33% (p=0.008 n=5+5)
name old speed new speed delta
StupidGCM-4 656MB/s ± 1% 880MB/s ± 0% +34.15% (p=0.008 n=5+5)
GoGCM-4 835MB/s ± 0% 1000MB/s ± 0% +19.68% (p=0.008 n=5+5)
AESSIV-4 155MB/s ± 0% 160MB/s ± 0% +2.99% (p=0.008 n=5+5)
Xchacha-4 711MB/s ± 0% 834MB/s ± 0% +17.35% (p=0.008 n=5+5)
StupidXchacha-4 565MB/s ± 1% 747MB/s ± 0% +32.15% (p=0.008 n=5+5)
|
|
$ ./gocryptfs -speed
gocryptfs v2.1-56-gdb1466f-dirty.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-02 go1.17 linux/amd64
AES-GCM-256-OpenSSL 529.53 MB/s
AES-GCM-256-Go 833.85 MB/s (selected in auto mode)
AES-SIV-512-Go 155.27 MB/s
XChaCha20-Poly1305-Go 715.33 MB/s (use via -xchacha flag)
XChaCha20-Poly1305-OpenSSL 468.94 MB/s
https://github.com/rfjakob/gocryptfs/issues/452
|
|
|
|
|
|
Our git version is v2+ for some time now, but go.mod
still declared v1. Hopefully making both match makes
https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work.
All the import paths have been fixed like this:
find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
|
|
This is unclear to users, as seen on
https://github.com/rfjakob/gocryptfs/issues/452#issuecomment-828836651
|
|
https://github.com/rfjakob/gocryptfs/issues/452
|
|
|
|
Now that I have discovered golang.org/x/sys/cpu and that Go
versions below 1.6 are uncommon, there was not much useful
code left in prefer_openssl.
Merge the remains into stupidgcm.
|
|
|
|
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 .
|
|
Yields a nice reduction in code size.
|
|
Old Go versions miss cipher.NewGCMWithNonceSize, which causes:
internal/speed/speed.go:95: undefined: cipher.NewGCMWithNonceSize
|
|
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
|