summaryrefslogtreecommitdiff
path: root/internal/stupidgcm
AgeCommit message (Collapse)Author
2021-09-07stupidgcm: replace chacha20poly1305_seal with generic aead_sealJakob Unterwurzacher
2021-09-07stupidgcm: batch C calls in chacha20poly1305_sealJakob Unterwurzacher
Go has a high overhead for each C call, so batch all openssl operations in the new C function chacha20poly1305_seal. Benchmark results: internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > old.txt internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > new.txt internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 8.79µs ± 1% 7.25µs ± 1% -17.54% (p=0.000 n=10+10) name old speed new speed delta StupidXchacha-4 466MB/s ± 1% 565MB/s ± 1% +21.27% (p=0.000 n=10+10)
2021-09-07stupidgcm: add stupidXchacha20poly1305Jakob Unterwurzacher
Implementation copied from https://github.com/golang/crypto/blob/32db794688a5a24a23a43f2a984cecd5b3d8da58/chacha20poly1305/xchacha20poly1305.go
2021-09-07stupidgcm: stupidChacha20poly1305: normalize panic messagesJakob Unterwurzacher
2021-09-07stupidgcm: stupidChacha20poly1305: use byte array for keyJakob Unterwurzacher
Follow what golang.org/x/crypto/chacha20poly1305 does for easier integration in the next commit.
2021-09-02stupidgcm: add testWipe testJakob Unterwurzacher
After looking at the cover profile, this was the only untested code except panic cases.
2021-09-02stupidgcm: deduplicate tests 2/2Jakob Unterwurzacher
Deduplicate the cipher setup that was identical for all tests for each cipher.
2021-09-02stupidgcm: deduplicate tests 1/2Jakob Unterwurzacher
Pull the code shared between chacha and gcm into generic functions.
2021-09-02stupidgcm: add chacha20poly1305 via opensslJakob Unterwurzacher
"stupidChacha20poly1305". XChaCha will build upon this.
2021-08-30Unbreak hyperlinks broken by go mod v2 conversionJakob Unterwurzacher
Commit 69d88505fd7f4cb0d9e4f1918de296342fe05858 go mod: declare module version v2 translated all instances of "github.com/rfjakob/gocryptfs/" to "github.com/rfjakob/gocryptfs/v2/". Unfortunately, this included hyperlinks. Unbreak the hyperlinks like this: find . -name \*.go | xargs sed -i s%https://github.com/rfjakob/gocryptfs/v2/%https://github.com/rfjakob/gocryptfs/v2/%
2021-08-23go mod: declare module version v2Jakob Unterwurzacher
Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
2021-08-19golangci-lint: fix issues found by gosimpleJakob Unterwurzacher
Everything except the if err2.Err == syscall.EOPNOTSUPP case. Gets too confusing when collapsed into a single line. Issues were: $ golangci-lint run --disable-all --enable gosimple mount.go:473:2: S1008: should use 'return strings.HasPrefix(v, "fusermount version")' instead of 'if strings.HasPrefix(v, "fusermount version") { return true }; return false' (gosimple) if strings.HasPrefix(v, "fusermount version") { ^ cli_args.go:258:5: S1002: should omit comparison to bool constant, can be simplified to `args.forcedecode` (gosimple) if args.forcedecode == true { ^ cli_args.go:263:6: S1002: should omit comparison to bool constant, can be simplified to `args.aessiv` (gosimple) if args.aessiv == true { ^ cli_args.go:267:6: S1002: should omit comparison to bool constant, can be simplified to `args.reverse` (gosimple) if args.reverse == true { ^ internal/stupidgcm/stupidgcm.go:227:6: S1002: should omit comparison to bool constant, can be simplified to `g.forceDecode` (gosimple) if g.forceDecode == true { ^ gocryptfs-xray/xray_tests/xray_test.go:23:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple) if bytes.Compare(out, expected) != 0 { ^ gocryptfs-xray/xray_tests/xray_test.go:40:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple) if bytes.Compare(out, expected) != 0 { ^ gocryptfs-xray/paths_ctlsock.go:34:20: S1002: should omit comparison to bool constant, can be simplified to `!eof` (gosimple) for eof := false; eof == false; line++ { ^ tests/reverse/xattr_test.go:19:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple) if err2.Err == syscall.EOPNOTSUPP { ^ internal/fusefrontend/node.go:459:45: S1002: should omit comparison to bool constant, can be simplified to `!nameFileAlreadyThere` (gosimple) if nametransform.IsLongContent(cName2) && nameFileAlreadyThere == false { ^ tests/xattr/xattr_integration_test.go:221:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple) if err2.Err == syscall.EOPNOTSUPP { ^ tests/test_helpers/helpers.go:338:19: S1002: should omit comparison to bool constant, can be simplified to `open` (gosimple) if err != nil && open == true { ^ tests/matrix/concurrency_test.go:121:7: S1004: should use !bytes.Equal(buf, content) instead (gosimple) if bytes.Compare(buf, content) != 0 { ^
2021-05-26stupidgcm: prefer Go stdlib over OpenSSL on Apple M1Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/556
2020-04-13Prefer Go stdlib aes-gcm on arm64 with aes instructionsJakob Unterwurzacher
We used to prefer openssl in this situation, which used to make sense, but now Go gained an optimized assembly implementation for aes-gcm on arm64 with aes instructions: root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64 AES-GCM-256-OpenSSL 212.30 MB/s (selected in auto mode) AES-GCM-256-Go 452.30 MB/s AES-SIV-512-Go 100.25 MB/s XChaCha20-Poly1305-Go 137.35 MB/s https://github.com/rfjakob/gocryptfs/issues/452
2020-02-15merge prefer_openssl package into stupidgcmJakob Unterwurzacher
Now that I have discovered golang.org/x/sys/cpu and that Go versions below 1.6 are uncommon, there was not much useful code left in prefer_openssl. Merge the remains into stupidgcm.
2018-12-27Assorted spelling fixes.Sebastian Lackner
Mostly detected with the 'codespell' utility, but also includes some manual grammar fixes.
2018-05-10stupidgcm: return error on too short input instead of panicingJakob Unterwurzacher
This is what Go GCM does as well.
2018-04-08Fix the easy golint warningsJakob Unterwurzacher
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-02-18stupidgcm: create private copy of the keyJakob Unterwurzacher
Relieves the caller from worrying about whether they can overwrite the key.
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: implement key wipeJakob Unterwurzacher
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: switch to pointer receiversJakob Unterwurzacher
What the key slice does not get copied around will make it possible to check if the key has been wiped.
2017-07-14macos: make testing without openssl work properlyJakob Unterwurzacher
On MacOS, building and testing without openssl is much easier. The tests should skip tests that fail because of missing openssl instead of aborting. Fixes https://github.com/rfjakob/gocryptfs/issues/123
2017-07-14stupidgcm: fix openssl 1.1 build failureJakob Unterwurzacher
Fixed by including the correct header. Should work on older openssl versions as well. Error was: locking.go:21: undefined reference to `CRYPTO_set_locking_callback'
2017-07-01stupidgcm: add test for in-place OpenJakob Unterwurzacher
Adds a test for the optimization introduced in: stupidgcm: Open: if "dst" is big enough, use it as the output buffer
2017-06-30stupidgcm: Open: if "dst" is big enough, use it as the output bufferJakob Unterwurzacher
This means we won't need any allocation for the plaintext.
2017-06-29stupidgcm: use "dst" as the output buffer it is big enoughJakob Unterwurzacher
This saves an allocation of the ciphertext block.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-04-24forcedecode: tighten checksJakob Unterwurzacher
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-03-05Drop Go 1.4 compatability code everywhereJakob Unterwurzacher
Yields a nice reduction in code size.
2017-02-24stupidgcm: drop only external dependecyJakob Unterwurzacher
This makes it easier to use the package in external projects. See https://github.com/rfjakob/gocryptfs/issues/79
2017-02-24speed: add benchmark.bash helperJakob Unterwurzacher
2017-02-22Implement "gocryptfs -speed"Jakob Unterwurzacher
A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s
2016-12-10stupidgcm: Fix without_openssl build failureJakob Unterwurzacher
Also, always call build-without-openssl.bash from test.bash. Failure was: internal/stupidgcm/without_openssl.go:29: missing return at end of function
2016-12-10Replace all calls to naked panic() with log.Panic()Jakob Unterwurzacher
We want all panics to show up in the syslog.
2016-10-04A few more lint fixesJakob Unterwurzacher
2016-10-04lint fixesValient Gough
2016-10-04without_openssl: support compiling completely without opensslJakob Unterwurzacher
Build helper script: build-without-openssl.bash
2016-09-26reverse: switch from GCM-SIV to AES-SIVv1.1-beta1Jakob Unterwurzacher
GCM-SIV is not yet finalized, and the reference implemenation is painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-25stupidgcm: add GCM-SIV benchmarkJakob Unterwurzacher
On a CPU without AES-NI: $ go test -bench . Benchmark4kEncStupidGCM-2 50000 24155 ns/op 169.57 MB/s Benchmark4kEncGoGCM-2 20000 93965 ns/op 43.59 MB/s Benchmark4kEncGCMSIV-2 500 2576193 ns/op 1.59 MB/s
2016-09-25Implement changes proposed by gosimple.Jakob Unterwurzacher
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-07-04stupidgcm: use __builtin_trap()Jakob Unterwurzacher
[...]/stupidgcm/locking.go:16:2: warning: indirection of non-volatile null pointer will be deleted, not trap [-Wnull-dereference] [...]/stupidgcm/locking.go:16:2: note: consider using __builtin_trap() or qualifying pointer with 'volatile' https://github.com/rfjakob/gocryptfs/issues/15
2016-05-22stupidgcm: add benchmark.bash wrapperJakob Unterwurzacher
Add a simple bash wrapper to make it easier to run the GCM benchmarks.
2016-05-05stupidgcm: set dummy locking callback.v0.10-rc2Jakob Unterwurzacher
In general, OpenSSL is only threadsafe if you provide a locking function through CRYPTO_set_locking_callback. However, the GCM operations that stupidgcm uses never call that function. To guard against that ever changing, set a dummy locking callback that crashes the app.
2016-05-05stupidgcm: skip tests on Go 1.4 and olderJakob Unterwurzacher
Quoting from the patch: We compare against Go's built-in GCM implementation. Since stupidgcm only supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot run these tests on older Go versions.
2016-05-05Revert "stupidgcm: print openssl error stack before panicing"Jakob Unterwurzacher
This did not help in debugging the openssl <= 1.0.1c issue at all and makes the code more complex. Keep it simple.
2016-05-05stupidgcm: reorder calls to support openssl <= 1.0.1cJakob Unterwurzacher
This fixes the test failures on Travis CI. Quoting from https://github.com/openssl/openssl/commit/07a4ff79d23e45f1a45da717b7c1f41a5e1c7c0c /* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier * required the tag before any AAD or ciphertext */
2016-05-04stupidgcm: print openssl error stack before panicingJakob Unterwurzacher
2016-05-04stupidgcm: fix copy-paste error in panic messageJakob Unterwurzacher
Also, print the openssl version in Travis CI