| Age | Commit message (Collapse) | Author |
|---|
|
Run "make format" using
go version go1.19.4 linux/amd64
|
|
Replace dependency jacobsa/crypto with a fork with support for riscv64.
Issue: https://github.com/rfjakob/gocryptfs/issues/666
Upstream PR: https://github.com/jacobsa/crypto/issues/13
Unaddressed on jacobsa/crypto:
https://github.com/jacobsa/crypto/pull/14#issuecomment-1182744229
Signed-off-by: Christian Stewart <christian@paral.in>
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/681
Fixes 2a25c3a8fda1f0918fd76687561b1a9c615298b9
|
|
|
|
|
|
|
|
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
|
|
|
|
Unlike the FUSE implementation on Linux, macFUSE doesn't cache the file
attributes from the `LOOKUP` call, so it calls `GETATTR` prior to
accessing a file.
In the case of the `VirtualConfNode` (reverse config file passthrough),
this resulted in the default `GETATTR` implementation returning an empty
result, ultimately resulting in a "permission denied" error.
14:44:14.095207 rx 3: GETATTR n2
14:44:14.095229 tx 3: OK, {tA=1s {M0100000 SZ=0 L=0 0:0 0 0:8954996 A 0.000000 M 0.000000 C 0.000000}}
14:44:14.099943 rx 4: ACCESS n2 {u=501 g=20 r}
14:44:14.099990 tx 4: 13=permission denied
By impementing `Getattr` (from `fs.NodeGetattrer`) on `VirtualConfNode`
this solves the issue.
|
|
|
|
$ ./crossbuild.bash
[...]
+ GOOS=darwin
+ GOARCH=amd64
+ build
+ go build -tags without_openssl -o /dev/null
internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_EXCHANGE (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_WHITEOUT (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
internal/fusefrontend/node.go:399:38: duplicate case syscallcompat.RENAME_NOREPLACE | syscallcompat.RENAME_WHITEOUT (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
|
|
Both new internal test and xfstests generic/013 are happy.
https://github.com/rfjakob/gocryptfs/issues/641
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/629
|
|
This allows cleanups to happen in the caller, like removing
the control socket.
Fixes https://github.com/rfjakob/gocryptfs/issues/634
|
|
|
|
xattr names have fewer restrictions than file names,
relax the validation.
Fixes https://github.com/rfjakob/gocryptfs/issues/627
|
|
This
gocryptfs -init /does/not/exist 2> err.log
used to write escape codes into err.log. Stop doing that.
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/617
|
|
Running the tests we have lots of these:
Openat: O_NOFOLLOW missing: flags = 0x4
-wpanic turns this warning into a panic: Openat: O_NOFOLLOW missing: flags = 0x4
panic: -wpanic turns this warning into a panic: Openat: O_NOFOLLOW missing: flags = 0x4
goroutine 114 [running]:
log.(*Logger).Panic(0x14000118280, {0x14000313ca8, 0x1, 0x1})
log/log.go:224 +0x90
github.com/rfjakob/gocryptfs/v2/internal/tlog.(*toggledLogger).Printf(0x14000076780, {0x1009dc2e8, 0x27}, {0x14000313d18, 0x1, 0x1})
github.com/rfjakob/gocryptfs/v2/internal/tlog/log.go:78 +0x168
github.com/rfjakob/gocryptfs/v2/internal/syscallcompat.Openat(0x9, {0x1009d0747, 0x1}, 0x4, 0x0)
github.com/rfjakob/gocryptfs/v2/internal/syscallcompat/sys_common.go:59 +0xf0
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).getXAttr(0x14000142000, {0x1400001c140, 0x3a})
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node_xattr_darwin.go:30 +0x8c
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).Getxattr(0x14000142000, {0x100a7eba0, 0x1400000c2e8}, {0x14000016348, 0x14}, {0x14000326000, 0x20, 0x4000})
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node_xattr.go:65 +0x1ac
github.com/hanwen/go-fuse/v2/fs.(*rawBridge).GetXAttr(0x1400008e140, 0x140001901e0, 0x140001133c0, {0x14000016348, 0x14}, {0x14000326000, 0x20, 0x4000})
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fs/bridge.go:685 +0x114
github.com/hanwen/go-fuse/v2/fuse.doGetXAttr(0x14000144000, 0x14000113200)
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/opcode.go:270 +0x224
github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0x14000144000, 0x14000113200)
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/server.go:499 +0x214
created by github.com/hanwen/go-fuse/v2/fuse.(*Server).loop
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/server.go:470 +0xac
https://github.com/rfjakob/gocryptfs/issues/625
|
|
Quoting fusefrontend_reverse/node_helpers.go :
// File names are padded to 16-byte multiples, encrypted and
// base64-encoded. We can encode at most 176 bytes to stay below the 255
// bytes limit:
// * base64(176 bytes) = 235 bytes
// * base64(192 bytes) = 256 bytes (over 255!)
// But the PKCS#7 padding is at least one byte. This means we can only use
// 175 bytes for the file name.
Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
|
|
Failure is:
# github.com/rfjakob/gocryptfs/v2/internal/nametransform
internal/nametransform/names.go:47:33: undefined: math.MaxInt
math.MaxInt was only introduced in Go 1.17. Use MaxInt32 instead,
which is good enough, even on amd64. It only has to be larger than
any name we might encounter.
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/499
|
|
Feature flag + numeric paramater
https://github.com/rfjakob/gocryptfs/issues/499
|
|
Determines when to start hashing long names instead
of hardcoded 255. Will be used to alleviate "name too long"
issues some users see on cloud storage.
https://github.com/rfjakob/gocryptfs/issues/499
|
|
Because switch only matches once, we could have missed invalid
cases.
Replace the switch statements with a straight if rake.
|
|
|
|
Reported by codacity:
internal/cryptocore/cryptocore.go
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendAESSIV; it will be inferred from the right-hand side
var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize}
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305; it will be inferred from the right-hand side
var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX}
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305OpenSSL; it will be inferred from the right-hand side
var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX}
Found 2 possible new issues
internal/cryptocore/cryptocore.go
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendOpenSSL; it will be inferred from the right-hand side
var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16}
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendGoGCM; it will be inferred from the right-hand side
var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16}
|
|
Used in gocryptfs-xray, and will also be used in -info.
|
|
When somebody posts "gocryptfs -speed" results, they are
most helpful together with the CPU model. Add the cpu model
to the output.
Example:
$ ./gocryptfs -speed
gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL 862.79 MB/s
AES-GCM-256-Go 997.71 MB/s (selected in auto mode)
AES-SIV-512-Go 159.58 MB/s
XChaCha20-Poly1305-OpenSSL 729.65 MB/s
XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
|
|
Makes the code clearer, and will be used in the next commit.
|
|
|
|
We used to have "first Translate() wins". This is not deterministic,
as the LOOKUP for the root directory does not seem to reach us, so
the first user LOOKUP would win, which may be on a mountpoint.
|
|
The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
|
|
|
|
Now that stupidgcm supports xchacha, make it available
on mount.
|
|
Add PreferOpenSSLXchacha20poly1305,
rename PreferOpenSSL -> PreferOpenSSLAES256GCM.
|
|
New() -> NewAES256GCM()
Also add missing NewChacha20poly1305
constructor in without_openssl.go.
|
|
Maybe interesting for people following
https://github.com/rfjakob/gocryptfs/issues/452
|
|
No need to have it exported.
|
|
We used to panic in this case because it is useless.
But Go stdlib supports it, so we should as well.
|
|
We missed some "// +build" lines
|
|
I noticed that growslice() shows up in the cpuprofile.
Avoiding slice append for the private jey copy gives a 0.6% speedup:
gocryptfs/internal/speed$ benchstat old new
name old time/op new time/op delta
StupidXchacha-4 5.68µs ± 0% 5.65µs ± 0% -0.63% (p=0.008 n=5+5)
name old speed new speed delta
StupidXchacha-4 721MB/s ± 0% 725MB/s ± 0% +0.63% (p=0.008 n=5+5)
|
|
Verifies that we don't corrupt data when called concurrently.
|
|
2% performance improvement, almost for free.
gocryptfs/internal/speed$ benchstat old new
name old time/op new time/op delta
StupidXchacha-4 5.82µs ± 0% 5.68µs ± 0% -2.37% (p=0.008 n=5+5)
name old speed new speed delta
StupidXchacha-4 704MB/s ± 0% 721MB/s ± 0% +2.43% (p=0.008 n=5+5)
|
|
gocryptfs/internal/stupidgcm$ go test -bench .
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/stupidgcm
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkCCall-4 15864030 78.60 ns/op
PASS
ok github.com/rfjakob/gocryptfs/v2/internal/stupidgcm 1.898s
|
|
gocryptfs/internal/speed$ go test -bench .
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/speed
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkStupidGCM-4 249396 4722 ns/op 867.50 MB/s
BenchmarkStupidGCMDecrypt-4 257872 4616 ns/op 887.35 MB/s
BenchmarkGoGCM-4 290952 4097 ns/op 999.83 MB/s
BenchmarkGoGCMDecrypt-4 294106 4060 ns/op 1008.84 MB/s
BenchmarkAESSIV-4 46520 25532 ns/op 160.42 MB/s
BenchmarkAESSIVDecrypt-4 46974 25478 ns/op 160.76 MB/s
BenchmarkXchacha-4 244108 4881 ns/op 839.14 MB/s
BenchmarkXchachaDecrypt-4 249658 4786 ns/op 855.86 MB/s
BenchmarkStupidXchacha-4 205339 5768 ns/op 710.11 MB/s
BenchmarkStupidXchachaDecrypt-4 204577 5836 ns/op 701.84 MB/s
BenchmarkStupidChacha-4 227510 5224 ns/op 784.06 MB/s
BenchmarkStupidChachaDecrypt-4 222787 5359 ns/op 764.34 MB/s
PASS
ok github.com/rfjakob/gocryptfs/v2/internal/speed 15.328s
|
|
|
|
$ ./build-without-openssl.bash
internal/speed/speed.go:152:14: undefined: stupidgcm.NewXchacha20poly1305
|
|
Nice deduplication and brings the GCM decrypt speed up to par.
internal/speed$ benchstat old new
name old time/op new time/op delta
StupidGCM-4 4.71µs ± 0% 4.66µs ± 0% -0.99% (p=0.008 n=5+5)
StupidGCMDecrypt-4 5.77µs ± 1% 4.51µs ± 0% -21.80% (p=0.008 n=5+5)
name old speed new speed delta
StupidGCM-4 870MB/s ± 0% 879MB/s ± 0% +1.01% (p=0.008 n=5+5)
StupidGCMDecrypt-4 710MB/s ± 1% 908MB/s ± 0% +27.87% (p=0.008 n=5+5)
|
|
Gets the decryption speed to the same level as the
encryption speed.
internal/speed$ benchstat old.txt new.txt
name old time/op new time/op delta
StupidXchacha-4 732MB/s ± 0% 740MB/s ± 0% ~ (p=1.000 n=1+1)
StupidXchachaDecrypt-4 602MB/s ± 0% 741MB/s ± 0% ~ (p=1.000 n=1+1)
|
