aboutsummaryrefslogtreecommitdiff
path: root/internal/stupidgcm
AgeCommit message (Collapse)Author
2024-06-06stupidgcm: detect AES-GCM acceleration like crypto/tlsJakob Unterwurzacher
Instead of just looking for AES, also look for PCLMULQDQ, like crypto/tls does. Fixes: https://github.com/rfjakob/gocryptfs/issues/822
2022-12-29make formatJakob Unterwurzacher
Run "make format" using go version go1.19.4 linux/amd64
2022-08-28make formatJakob Unterwurzacher
2022-08-15fix minor unreachable code caused by t.FatalAbirdcfly
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
2022-06-26Fix typosYuta Hayashibe
2021-09-14stupidgcm: add CpuHasAES()Jakob Unterwurzacher
Makes the code clearer, and will be used in the next commit.
2021-09-10cli: drop -forcedecode flagJakob Unterwurzacher
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
2021-09-08stupidgcm: add PreferOpenSSL{AES256GCM,Xchacha20poly1305}Jakob Unterwurzacher
Add PreferOpenSSLXchacha20poly1305, rename PreferOpenSSL -> PreferOpenSSLAES256GCM.
2021-09-07stupidgcm: normalize constructor namingJakob Unterwurzacher
New() -> NewAES256GCM() Also add missing NewChacha20poly1305 constructor in without_openssl.go.
2021-09-07stupidgcm: revamp package documentationJakob Unterwurzacher
Maybe interesting for people following https://github.com/rfjakob/gocryptfs/issues/452
2021-09-07stupidgcm: unexport stupidGCM structJakob Unterwurzacher
No need to have it exported.
2021-09-07stupidgcm: allow zero-length input dataJakob Unterwurzacher
We used to panic in this case because it is useless. But Go stdlib supports it, so we should as well.
2021-09-07stupidgcm: fix build with CGO_ENABLED=1 without_opensslJakob Unterwurzacher
We missed some "// +build" lines
2021-09-07stupidgcm: NewChacha20poly1305: avoid slice appendJakob Unterwurzacher
I noticed that growslice() shows up in the cpuprofile. Avoiding slice append for the private jey copy gives a 0.6% speedup: gocryptfs/internal/speed$ benchstat old new name old time/op new time/op delta StupidXchacha-4 5.68µs ± 0% 5.65µs ± 0% -0.63% (p=0.008 n=5+5) name old speed new speed delta StupidXchacha-4 721MB/s ± 0% 725MB/s ± 0% +0.63% (p=0.008 n=5+5)
2021-09-07stupidgcm: add testConcurrencyJakob Unterwurzacher
Verifies that we don't corrupt data when called concurrently.
2021-09-07stupidgcm: cache C.EVP_chacha20_poly1305()Jakob Unterwurzacher
2% performance improvement, almost for free. gocryptfs/internal/speed$ benchstat old new name old time/op new time/op delta StupidXchacha-4 5.82µs ± 0% 5.68µs ± 0% -2.37% (p=0.008 n=5+5) name old speed new speed delta StupidXchacha-4 704MB/s ± 0% 721MB/s ± 0% +2.43% (p=0.008 n=5+5)
2021-09-07stupidgcm: add BenchmarkCCallJakob Unterwurzacher
gocryptfs/internal/stupidgcm$ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/stupidgcm cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkCCall-4 15864030 78.60 ns/op PASS ok github.com/rfjakob/gocryptfs/v2/internal/stupidgcm 1.898s
2021-09-07speed: add BenchmarkStupidChachaJakob Unterwurzacher
gocryptfs/internal/speed$ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/speed cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkStupidGCM-4 249396 4722 ns/op 867.50 MB/s BenchmarkStupidGCMDecrypt-4 257872 4616 ns/op 887.35 MB/s BenchmarkGoGCM-4 290952 4097 ns/op 999.83 MB/s BenchmarkGoGCMDecrypt-4 294106 4060 ns/op 1008.84 MB/s BenchmarkAESSIV-4 46520 25532 ns/op 160.42 MB/s BenchmarkAESSIVDecrypt-4 46974 25478 ns/op 160.76 MB/s BenchmarkXchacha-4 244108 4881 ns/op 839.14 MB/s BenchmarkXchachaDecrypt-4 249658 4786 ns/op 855.86 MB/s BenchmarkStupidXchacha-4 205339 5768 ns/op 710.11 MB/s BenchmarkStupidXchachaDecrypt-4 204577 5836 ns/op 701.84 MB/s BenchmarkStupidChacha-4 227510 5224 ns/op 784.06 MB/s BenchmarkStupidChachaDecrypt-4 222787 5359 ns/op 764.34 MB/s PASS ok github.com/rfjakob/gocryptfs/v2/internal/speed 15.328s
2021-09-07stupidgcm: replace naked panicsJakob Unterwurzacher
2021-09-07stupidgcm: fix without_openssl buildJakob Unterwurzacher
$ ./build-without-openssl.bash internal/speed/speed.go:152:14: undefined: stupidgcm.NewXchacha20poly1305
2021-09-07stupidgcm: introduce stupidAEADCommon and use for both chacha & gcmJakob Unterwurzacher
Nice deduplication and brings the GCM decrypt speed up to par. internal/speed$ benchstat old new name old time/op new time/op delta StupidGCM-4 4.71µs ± 0% 4.66µs ± 0% -0.99% (p=0.008 n=5+5) StupidGCMDecrypt-4 5.77µs ± 1% 4.51µs ± 0% -21.80% (p=0.008 n=5+5) name old speed new speed delta StupidGCM-4 870MB/s ± 0% 879MB/s ± 0% +1.01% (p=0.008 n=5+5) StupidGCMDecrypt-4 710MB/s ± 1% 908MB/s ± 0% +27.87% (p=0.008 n=5+5)
2021-09-07stupidgcm: stupidChacha20poly1305.Open: batch C calls in aead_openJakob Unterwurzacher
Gets the decryption speed to the same level as the encryption speed. internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 732MB/s ± 0% 740MB/s ± 0% ~ (p=1.000 n=1+1) StupidXchachaDecrypt-4 602MB/s ± 0% 741MB/s ± 0% ~ (p=1.000 n=1+1)
2021-09-07stupidgcm: use aead_seal for gcm as wellJakob Unterwurzacher
$ benchstat old.txt new.txt name old time/op new time/op delta StupidGCM-4 7.87µs ± 1% 6.64µs ± 2% -15.65% (p=0.000 n=10+10) name old speed new speed delta StupidGCM-4 520MB/s ± 1% 617MB/s ± 2% +18.56% (p=0.000 n=10+10)
2021-09-07stupidgcm: replace chacha20poly1305_seal with generic aead_sealJakob Unterwurzacher
2021-09-07stupidgcm: batch C calls in chacha20poly1305_sealJakob Unterwurzacher
Go has a high overhead for each C call, so batch all openssl operations in the new C function chacha20poly1305_seal. Benchmark results: internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > old.txt internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > new.txt internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 8.79µs ± 1% 7.25µs ± 1% -17.54% (p=0.000 n=10+10) name old speed new speed delta StupidXchacha-4 466MB/s ± 1% 565MB/s ± 1% +21.27% (p=0.000 n=10+10)
2021-09-07stupidgcm: add stupidXchacha20poly1305Jakob Unterwurzacher
Implementation copied from https://github.com/golang/crypto/blob/32db794688a5a24a23a43f2a984cecd5b3d8da58/chacha20poly1305/xchacha20poly1305.go
2021-09-07stupidgcm: stupidChacha20poly1305: normalize panic messagesJakob Unterwurzacher
2021-09-07stupidgcm: stupidChacha20poly1305: use byte array for keyJakob Unterwurzacher
Follow what golang.org/x/crypto/chacha20poly1305 does for easier integration in the next commit.
2021-09-02stupidgcm: add testWipe testJakob Unterwurzacher
After looking at the cover profile, this was the only untested code except panic cases.
2021-09-02stupidgcm: deduplicate tests 2/2Jakob Unterwurzacher
Deduplicate the cipher setup that was identical for all tests for each cipher.
2021-09-02stupidgcm: deduplicate tests 1/2Jakob Unterwurzacher
Pull the code shared between chacha and gcm into generic functions.
2021-09-02stupidgcm: add chacha20poly1305 via opensslJakob Unterwurzacher
"stupidChacha20poly1305". XChaCha will build upon this.
2021-08-30Unbreak hyperlinks broken by go mod v2 conversionJakob Unterwurzacher
Commit 69d88505fd7f4cb0d9e4f1918de296342fe05858 go mod: declare module version v2 translated all instances of "github.com/rfjakob/gocryptfs/" to "github.com/rfjakob/gocryptfs/v2/". Unfortunately, this included hyperlinks. Unbreak the hyperlinks like this: find . -name \*.go | xargs sed -i s%https://github.com/rfjakob/gocryptfs/v2/%https://github.com/rfjakob/gocryptfs/v2/%
2021-08-23go mod: declare module version v2Jakob Unterwurzacher
Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
2021-08-19golangci-lint: fix issues found by gosimpleJakob Unterwurzacher
Everything except the if err2.Err == syscall.EOPNOTSUPP case. Gets too confusing when collapsed into a single line. Issues were: $ golangci-lint run --disable-all --enable gosimple mount.go:473:2: S1008: should use 'return strings.HasPrefix(v, "fusermount version")' instead of 'if strings.HasPrefix(v, "fusermount version") { return true }; return false' (gosimple) if strings.HasPrefix(v, "fusermount version") { ^ cli_args.go:258:5: S1002: should omit comparison to bool constant, can be simplified to `args.forcedecode` (gosimple) if args.forcedecode == true { ^ cli_args.go:263:6: S1002: should omit comparison to bool constant, can be simplified to `args.aessiv` (gosimple) if args.aessiv == true { ^ cli_args.go:267:6: S1002: should omit comparison to bool constant, can be simplified to `args.reverse` (gosimple) if args.reverse == true { ^ internal/stupidgcm/stupidgcm.go:227:6: S1002: should omit comparison to bool constant, can be simplified to `g.forceDecode` (gosimple) if g.forceDecode == true { ^ gocryptfs-xray/xray_tests/xray_test.go:23:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple) if bytes.Compare(out, expected) != 0 { ^ gocryptfs-xray/xray_tests/xray_test.go:40:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple) if bytes.Compare(out, expected) != 0 { ^ gocryptfs-xray/paths_ctlsock.go:34:20: S1002: should omit comparison to bool constant, can be simplified to `!eof` (gosimple) for eof := false; eof == false; line++ { ^ tests/reverse/xattr_test.go:19:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple) if err2.Err == syscall.EOPNOTSUPP { ^ internal/fusefrontend/node.go:459:45: S1002: should omit comparison to bool constant, can be simplified to `!nameFileAlreadyThere` (gosimple) if nametransform.IsLongContent(cName2) && nameFileAlreadyThere == false { ^ tests/xattr/xattr_integration_test.go:221:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple) if err2.Err == syscall.EOPNOTSUPP { ^ tests/test_helpers/helpers.go:338:19: S1002: should omit comparison to bool constant, can be simplified to `open` (gosimple) if err != nil && open == true { ^ tests/matrix/concurrency_test.go:121:7: S1004: should use !bytes.Equal(buf, content) instead (gosimple) if bytes.Compare(buf, content) != 0 { ^
2021-05-26stupidgcm: prefer Go stdlib over OpenSSL on Apple M1Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/556
2020-04-13Prefer Go stdlib aes-gcm on arm64 with aes instructionsJakob Unterwurzacher
We used to prefer openssl in this situation, which used to make sense, but now Go gained an optimized assembly implementation for aes-gcm on arm64 with aes instructions: root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64 AES-GCM-256-OpenSSL 212.30 MB/s (selected in auto mode) AES-GCM-256-Go 452.30 MB/s AES-SIV-512-Go 100.25 MB/s XChaCha20-Poly1305-Go 137.35 MB/s https://github.com/rfjakob/gocryptfs/issues/452
2020-02-15merge prefer_openssl package into stupidgcmJakob Unterwurzacher
Now that I have discovered golang.org/x/sys/cpu and that Go versions below 1.6 are uncommon, there was not much useful code left in prefer_openssl. Merge the remains into stupidgcm.
2018-12-27Assorted spelling fixes.Sebastian Lackner
Mostly detected with the 'codespell' utility, but also includes some manual grammar fixes.
2018-05-10stupidgcm: return error on too short input instead of panicingJakob Unterwurzacher
This is what Go GCM does as well.
2018-04-08Fix the easy golint warningsJakob Unterwurzacher
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-02-18stupidgcm: create private copy of the keyJakob Unterwurzacher
Relieves the caller from worrying about whether they can overwrite the key.
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: implement key wipeJakob Unterwurzacher
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-17stupidgcm: switch to pointer receiversJakob Unterwurzacher
What the key slice does not get copied around will make it possible to check if the key has been wiped.
2017-07-14macos: make testing without openssl work properlyJakob Unterwurzacher
On MacOS, building and testing without openssl is much easier. The tests should skip tests that fail because of missing openssl instead of aborting. Fixes https://github.com/rfjakob/gocryptfs/issues/123
2017-07-14stupidgcm: fix openssl 1.1 build failureJakob Unterwurzacher
Fixed by including the correct header. Should work on older openssl versions as well. Error was: locking.go:21: undefined reference to `CRYPTO_set_locking_callback'
2017-07-01stupidgcm: add test for in-place OpenJakob Unterwurzacher
Adds a test for the optimization introduced in: stupidgcm: Open: if "dst" is big enough, use it as the output buffer
2017-06-30stupidgcm: Open: if "dst" is big enough, use it as the output bufferJakob Unterwurzacher
This means we won't need any allocation for the plaintext.
2017-06-29stupidgcm: use "dst" as the output buffer it is big enoughJakob Unterwurzacher
This saves an allocation of the ciphertext block.