aboutsummaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2021-10-21nametransform: add longNameMax parameterJakob Unterwurzacher
Determines when to start hashing long names instead of hardcoded 255. Will be used to alleviate "name too long" issues some users see on cloud storage. https://github.com/rfjakob/gocryptfs/issues/499
2021-10-21configfile: replace broken switch/case logic with ifJakob Unterwurzacher
Because switch only matches once, we could have missed invalid cases. Replace the switch statements with a straight if rake.
2021-10-15fusefrontend: honor ForceOwner for LOOKUP and CREATE operationsCharles Duffy
2021-09-28cryptocore: simplify declarationsJakob Unterwurzacher
Reported by codacity: internal/cryptocore/cryptocore.go Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendAESSIV; it will be inferred from the right-hand side var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305; it will be inferred from the right-hand side var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305OpenSSL; it will be inferred from the right-hand side var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX} Found 2 possible new issues internal/cryptocore/cryptocore.go Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendOpenSSL; it will be inferred from the right-hand side var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendGoGCM; it will be inferred from the right-hand side var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16}
2021-09-28cryptocore: disentangle algorithm / library implementation nameJakob Unterwurzacher
Used in gocryptfs-xray, and will also be used in -info.
2021-09-14-speed: print cpu modelJakob Unterwurzacher
When somebody posts "gocryptfs -speed" results, they are most helpful together with the CPU model. Add the cpu model to the output. Example: $ ./gocryptfs -speed gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64 cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration AES-GCM-256-OpenSSL 862.79 MB/s AES-GCM-256-Go 997.71 MB/s (selected in auto mode) AES-SIV-512-Go 159.58 MB/s XChaCha20-Poly1305-OpenSSL 729.65 MB/s XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
2021-09-14stupidgcm: add CpuHasAES()Jakob Unterwurzacher
Makes the code clearer, and will be used in the next commit.
2021-09-14-speed: drop useless tab at end of lineJakob Unterwurzacher
2021-09-10inomap: deterministically set root deviceJakob Unterwurzacher
We used to have "first Translate() wins". This is not deterministic, as the LOOKUP for the root directory does not seem to reach us, so the first user LOOKUP would win, which may be on a mountpoint.
2021-09-10cli: drop -forcedecode flagJakob Unterwurzacher
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
2021-09-08-speed: show which xchacha implementation is preferredJakob Unterwurzacher
2021-09-08Make -openssl also apply to xchachaJakob Unterwurzacher
Now that stupidgcm supports xchacha, make it available on mount.
2021-09-08stupidgcm: add PreferOpenSSL{AES256GCM,Xchacha20poly1305}Jakob Unterwurzacher
Add PreferOpenSSLXchacha20poly1305, rename PreferOpenSSL -> PreferOpenSSLAES256GCM.
2021-09-07stupidgcm: normalize constructor namingJakob Unterwurzacher
New() -> NewAES256GCM() Also add missing NewChacha20poly1305 constructor in without_openssl.go.
2021-09-07stupidgcm: revamp package documentationJakob Unterwurzacher
Maybe interesting for people following https://github.com/rfjakob/gocryptfs/issues/452
2021-09-07stupidgcm: unexport stupidGCM structJakob Unterwurzacher
No need to have it exported.
2021-09-07stupidgcm: allow zero-length input dataJakob Unterwurzacher
We used to panic in this case because it is useless. But Go stdlib supports it, so we should as well.
2021-09-07stupidgcm: fix build with CGO_ENABLED=1 without_opensslJakob Unterwurzacher
We missed some "// +build" lines
2021-09-07stupidgcm: NewChacha20poly1305: avoid slice appendJakob Unterwurzacher
I noticed that growslice() shows up in the cpuprofile. Avoiding slice append for the private jey copy gives a 0.6% speedup: gocryptfs/internal/speed$ benchstat old new name old time/op new time/op delta StupidXchacha-4 5.68µs ± 0% 5.65µs ± 0% -0.63% (p=0.008 n=5+5) name old speed new speed delta StupidXchacha-4 721MB/s ± 0% 725MB/s ± 0% +0.63% (p=0.008 n=5+5)
2021-09-07stupidgcm: add testConcurrencyJakob Unterwurzacher
Verifies that we don't corrupt data when called concurrently.
2021-09-07stupidgcm: cache C.EVP_chacha20_poly1305()Jakob Unterwurzacher
2% performance improvement, almost for free. gocryptfs/internal/speed$ benchstat old new name old time/op new time/op delta StupidXchacha-4 5.82µs ± 0% 5.68µs ± 0% -2.37% (p=0.008 n=5+5) name old speed new speed delta StupidXchacha-4 704MB/s ± 0% 721MB/s ± 0% +2.43% (p=0.008 n=5+5)
2021-09-07stupidgcm: add BenchmarkCCallJakob Unterwurzacher
gocryptfs/internal/stupidgcm$ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/stupidgcm cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkCCall-4 15864030 78.60 ns/op PASS ok github.com/rfjakob/gocryptfs/v2/internal/stupidgcm 1.898s
2021-09-07speed: add BenchmarkStupidChachaJakob Unterwurzacher
gocryptfs/internal/speed$ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/speed cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkStupidGCM-4 249396 4722 ns/op 867.50 MB/s BenchmarkStupidGCMDecrypt-4 257872 4616 ns/op 887.35 MB/s BenchmarkGoGCM-4 290952 4097 ns/op 999.83 MB/s BenchmarkGoGCMDecrypt-4 294106 4060 ns/op 1008.84 MB/s BenchmarkAESSIV-4 46520 25532 ns/op 160.42 MB/s BenchmarkAESSIVDecrypt-4 46974 25478 ns/op 160.76 MB/s BenchmarkXchacha-4 244108 4881 ns/op 839.14 MB/s BenchmarkXchachaDecrypt-4 249658 4786 ns/op 855.86 MB/s BenchmarkStupidXchacha-4 205339 5768 ns/op 710.11 MB/s BenchmarkStupidXchachaDecrypt-4 204577 5836 ns/op 701.84 MB/s BenchmarkStupidChacha-4 227510 5224 ns/op 784.06 MB/s BenchmarkStupidChachaDecrypt-4 222787 5359 ns/op 764.34 MB/s PASS ok github.com/rfjakob/gocryptfs/v2/internal/speed 15.328s
2021-09-07stupidgcm: replace naked panicsJakob Unterwurzacher
2021-09-07stupidgcm: fix without_openssl buildJakob Unterwurzacher
$ ./build-without-openssl.bash internal/speed/speed.go:152:14: undefined: stupidgcm.NewXchacha20poly1305
2021-09-07stupidgcm: introduce stupidAEADCommon and use for both chacha & gcmJakob Unterwurzacher
Nice deduplication and brings the GCM decrypt speed up to par. internal/speed$ benchstat old new name old time/op new time/op delta StupidGCM-4 4.71µs ± 0% 4.66µs ± 0% -0.99% (p=0.008 n=5+5) StupidGCMDecrypt-4 5.77µs ± 1% 4.51µs ± 0% -21.80% (p=0.008 n=5+5) name old speed new speed delta StupidGCM-4 870MB/s ± 0% 879MB/s ± 0% +1.01% (p=0.008 n=5+5) StupidGCMDecrypt-4 710MB/s ± 1% 908MB/s ± 0% +27.87% (p=0.008 n=5+5)
2021-09-07stupidgcm: stupidChacha20poly1305.Open: batch C calls in aead_openJakob Unterwurzacher
Gets the decryption speed to the same level as the encryption speed. internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 732MB/s ± 0% 740MB/s ± 0% ~ (p=1.000 n=1+1) StupidXchachaDecrypt-4 602MB/s ± 0% 741MB/s ± 0% ~ (p=1.000 n=1+1)
2021-09-07speed: add decryption benchmarksJakob Unterwurzacher
gocryptfs/internal/speed$ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/speed cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkStupidGCM-4 263742 4523 ns/op 905.61 MB/s BenchmarkStupidGCMDecrypt-4 204858 5779 ns/op 708.76 MB/s BenchmarkGoGCM-4 291259 4095 ns/op 1000.25 MB/s BenchmarkGoGCMDecrypt-4 293886 4061 ns/op 1008.53 MB/s BenchmarkAESSIV-4 46537 25538 ns/op 160.39 MB/s BenchmarkAESSIVDecrypt-4 46770 25627 ns/op 159.83 MB/s BenchmarkXchacha-4 243619 4893 ns/op 837.03 MB/s BenchmarkXchachaDecrypt-4 248857 4793 ns/op 854.51 MB/s BenchmarkStupidXchacha-4 213717 5558 ns/op 736.99 MB/s BenchmarkStupidXchachaDecrypt-4 176635 6782 ns/op 603.96 MB/s PASS ok github.com/rfjakob/gocryptfs/v2/internal/speed 12.871s
2021-09-07speed: add bEncrypt helper, reuse dst bufferJakob Unterwurzacher
The bEncrypt helper massively deduplicates the code, and reusing the dst buffer gives higher performance, and that's what gocryptfs does in normal operation via sync.Pool. $ benchstat old.txt new.txt name old time/op new time/op delta StupidGCM-4 6.24µs ± 1% 4.65µs ± 0% -25.47% (p=0.008 n=5+5) GoGCM-4 4.90µs ± 0% 4.10µs ± 0% -16.44% (p=0.008 n=5+5) AESSIV-4 26.4µs ± 0% 25.6µs ± 0% -2.90% (p=0.008 n=5+5) Xchacha-4 5.76µs ± 0% 4.91µs ± 0% -14.79% (p=0.008 n=5+5) StupidXchacha-4 7.24µs ± 1% 5.48µs ± 0% -24.33% (p=0.008 n=5+5) name old speed new speed delta StupidGCM-4 656MB/s ± 1% 880MB/s ± 0% +34.15% (p=0.008 n=5+5) GoGCM-4 835MB/s ± 0% 1000MB/s ± 0% +19.68% (p=0.008 n=5+5) AESSIV-4 155MB/s ± 0% 160MB/s ± 0% +2.99% (p=0.008 n=5+5) Xchacha-4 711MB/s ± 0% 834MB/s ± 0% +17.35% (p=0.008 n=5+5) StupidXchacha-4 565MB/s ± 1% 747MB/s ± 0% +32.15% (p=0.008 n=5+5)
2021-09-07stupidgcm: use aead_seal for gcm as wellJakob Unterwurzacher
$ benchstat old.txt new.txt name old time/op new time/op delta StupidGCM-4 7.87µs ± 1% 6.64µs ± 2% -15.65% (p=0.000 n=10+10) name old speed new speed delta StupidGCM-4 520MB/s ± 1% 617MB/s ± 2% +18.56% (p=0.000 n=10+10)
2021-09-07stupidgcm: replace chacha20poly1305_seal with generic aead_sealJakob Unterwurzacher
2021-09-07stupidgcm: batch C calls in chacha20poly1305_sealJakob Unterwurzacher
Go has a high overhead for each C call, so batch all openssl operations in the new C function chacha20poly1305_seal. Benchmark results: internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > old.txt internal/speed$ go test -bench BenchmarkStupidXchacha -count 10 > new.txt internal/speed$ benchstat old.txt new.txt name old time/op new time/op delta StupidXchacha-4 8.79µs ± 1% 7.25µs ± 1% -17.54% (p=0.000 n=10+10) name old speed new speed delta StupidXchacha-4 466MB/s ± 1% 565MB/s ± 1% +21.27% (p=0.000 n=10+10)
2021-09-07-speed: add XChaCha20-Poly1305-OpenSSLJakob Unterwurzacher
$ ./gocryptfs -speed gocryptfs v2.1-56-gdb1466f-dirty.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-02 go1.17 linux/amd64 AES-GCM-256-OpenSSL 529.53 MB/s AES-GCM-256-Go 833.85 MB/s (selected in auto mode) AES-SIV-512-Go 155.27 MB/s XChaCha20-Poly1305-Go 715.33 MB/s (use via -xchacha flag) XChaCha20-Poly1305-OpenSSL 468.94 MB/s https://github.com/rfjakob/gocryptfs/issues/452
2021-09-07stupidgcm: add stupidXchacha20poly1305Jakob Unterwurzacher
Implementation copied from https://github.com/golang/crypto/blob/32db794688a5a24a23a43f2a984cecd5b3d8da58/chacha20poly1305/xchacha20poly1305.go
2021-09-07stupidgcm: stupidChacha20poly1305: normalize panic messagesJakob Unterwurzacher
2021-09-07stupidgcm: stupidChacha20poly1305: use byte array for keyJakob Unterwurzacher
Follow what golang.org/x/crypto/chacha20poly1305 does for easier integration in the next commit.
2021-09-02stupidgcm: add testWipe testJakob Unterwurzacher
After looking at the cover profile, this was the only untested code except panic cases.
2021-09-02stupidgcm: deduplicate tests 2/2Jakob Unterwurzacher
Deduplicate the cipher setup that was identical for all tests for each cipher.
2021-09-02stupidgcm: deduplicate tests 1/2Jakob Unterwurzacher
Pull the code shared between chacha and gcm into generic functions.
2021-09-02stupidgcm: add chacha20poly1305 via opensslJakob Unterwurzacher
"stupidChacha20poly1305". XChaCha will build upon this.
2021-08-30fusefrontend: remove leftover PrintfJakob Unterwurzacher
Commit b83ca9c921019fc3b790dabb6198bb77ef2f9a34 inadveredly added a leftover debug Printf. Delete it.
2021-08-30Unbreak hyperlinks broken by go mod v2 conversionJakob Unterwurzacher
Commit 69d88505fd7f4cb0d9e4f1918de296342fe05858 go mod: declare module version v2 translated all instances of "github.com/rfjakob/gocryptfs/" to "github.com/rfjakob/gocryptfs/v2/". Unfortunately, this included hyperlinks. Unbreak the hyperlinks like this: find . -name \*.go | xargs sed -i s%https://github.com/rfjakob/gocryptfs/v2/%https://github.com/rfjakob/gocryptfs/v2/%
2021-08-30Reimplement -serialize_reads flag using new SyncRead mount flagJakob Unterwurzacher
Let the kernel do the work for us. See https://github.com/hanwen/go-fuse/commit/15a8bb029a4e1a51e10043c370970596b1fbb737 for more info.
2021-08-30Remove serialize_reads packageJakob Unterwurzacher
Will be replaced by go-fuse's new SyncRead flag. More info: https://github.com/hanwen/go-fuse/issues/395 SyncRead commit: https://github.com/hanwen/go-fuse/commit/15a8bb029a4e1a51e10043c370970596b1fbb737
2021-08-25-devrandom: make flag a no-opJakob Unterwurzacher
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
2021-08-24-speed: note that -xchacha is selectableJakob Unterwurzacher
2021-08-23contentenc: remove unused NonceMode constantsJakob Unterwurzacher
Looks like these are part of an abandoned plan.
2021-08-23speed: use algo names from cryptocoreJakob Unterwurzacher
2021-08-23cryptocore: add NonceSize to AEADTypeEnumJakob Unterwurzacher
Have the information in one centralized place, and access it from main as needed.
2021-08-23configfile: add Validate() function, support FlagXChaCha20Poly1305Jakob Unterwurzacher
We used to do validation using lists of mandatory feature flags. With the introduction of XChaCha20Poly1305, this became too simplistic, as it uses a different IV length, hence disabling GCMIV128. Add a dedicated function, Validate(), with open-coded validation logic. The validation and creation logic also gets XChaCha20Poly1305 support, and gocryptfs -init -xchacha now writes the flag into gocryptfs.conf.