| Age | Commit message (Collapse) | Author | 
|---|
|  |  | 
|  |  | 
|  | AEGIS is a new family of authenticated encryption algorithms that offers
stronger security, higher usage limits, and better performance than AES-GCM.
This pull request adds support for a new `-aegis` command-line flag, allowing
AEGIS-128X2 to be used as an alternative to AES-GCM on CPUs with AES acceleration.
It also introduces the ability to use ciphers with different key sizes.
More information on AEGIS is available here:
- https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html
- https://github.com/cfrg/draft-irtf-cfrg-aegis-aead
gocryptfs -speed speed on Apple M1:
AES-GCM-256-OpenSSL              3718.79 MB/s
AES-GCM-256-Go                   5083.43 MB/s   (selected in auto mode)
AES-SIV-512-Go                    625.20 MB/s
XChaCha20-Poly1305-OpenSSL       1358.63 MB/s   (selected in auto mode)
XChaCha20-Poly1305-Go             832.11 MB/s
Aegis128X2-Go                   11818.73 MB/s
gocryptfs -speed speed on AMD Zen 4:
AES-GCM-256-OpenSSL              5215.86 MB/s
AES-GCM-256-Go                   6918.01 MB/s   (selected in auto mode)
AES-SIV-512-Go                    449.61 MB/s
XChaCha20-Poly1305-OpenSSL       2643.48 MB/s
XChaCha20-Poly1305-Go            3727.46 MB/s   (selected in auto mode)
Aegis128X2-Go                   28109.92 MB/s | 
|  |  | 
|  | Both work with
	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
but break with
	golang.org/x/sys v0.30.0
https://github.com/rfjakob/gocryptfs/issues/893
https://github.com/rfjakob/gocryptfs/issues/892 | 
|  | I will add more tests for https://github.com/rfjakob/gocryptfs/issues/893
soon, these will also use DefaultPlainDir. | 
|  | https://github.com/rfjakob/gocryptfs/issues/893 | 
|  | Darwin does not have Stat_t.mtim:
+ go test -c -tags without_openssl -o /dev/null github.com/rfjakob/gocryptfs/v2/tests/reverse
Error: tests/reverse/correctness_test.go:407:15: name_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:407:37: long_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:410:15: name_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Error: tests/reverse/correctness_test.go:410:37: long_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Error: tests/reverse/correctness_test.go:424:16: diriv_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:424:42: workdirA_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:427:16: diriv_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Error: tests/reverse/correctness_test.go:427:42: workdirA_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Switch to os.Stat. | 
|  | This problem potentially causes extra disk usage for sparse files
but is otherwise harmless.
Skip the test for now. | 
|  | With inode number reuse and hard links, we could have returned
wrong data for gocryptfs.diriv and gocryptfs.xyz.longname files, respectively
(https://github.com/rfjakob/gocryptfs/issues/802).
Now that this is fixed, ensure that rsync and similar tools pick up the new
correct files by advancing mtime and ctime by 10 seconds, which should be more
than any filesytems' timestamp granularity (FAT32 has 2 seconds). | 
|  | Will be used in a new test in the next commit. | 
|  | This is not a real leak:
  fd leak in test process? before, after:
  [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll])]
  [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] 12rw=anon_inode:[pidfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll], pipe:[2460158])]
Ignore pidfd. | 
|  | Turns out at least the tests depended on the old
behavoir.
Fixes d5bd98eb3f4cbfb8dd9d0b2eb64dbff69c3c88b1 | 
|  | Now that https://github.com/hanwen/go-fuse/issues/399 has
landed we can report an inode number for the root node.
Fixes https://github.com/rfjakob/gocryptfs/issues/580 | 
|  | Looks like wget does not support it anymore
$ wget --version
GNU Wget2 2.1.0 - multithreaded metalink/file/website downloader
$ ./benchmark.bash
Testing gocryptfs   at /tmp/benchmark.bash.bmt: gocryptfs v2.4.0-38-g40abf96-dirty; go-fuse v2.5.0; 2024-09-03 go1.21.4 linux/amd64
/tmp/benchmark.bash.bmt.mnt is a mountpoint
Downloading linux-3.0.tar.gz
Unknown option 'show-progress' | 
|  | Detect and delete an orphaned socket file that collides with
the ctlsock we want to create.
Fixes https://github.com/rfjakob/gocryptfs/issues/776 | 
|  | https://github.com/rfjakob/gocryptfs/issues/809 | 
|  | ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802 | 
|  |  | 
|  | Regression test for https://github.com/rfjakob/gocryptfs/issues/802 .
Fails at the moment. | 
|  |  | 
|  | Report that exit code is wrong when the
exit code is wrong. | 
|  | This filesystem contains filenames with non-canonical base64
encodings of the same name "foo", leading to this mess:
$ ls mnt/
foo  foo  foo  foo | 
|  | finds out what happens if multiple
gocryptfs mounts write to one file concurrently
(usually, nothing good).
This use case is relevant for HPC clusters. | 
|  | I maybe should have noted that this is xfstests generic/013. | 
|  |  | 
|  |  | 
|  | This is in preparation of adding directmount capability.
It also check that FsName is set correctly, which is
in preparation for the next patch. | 
|  | Otherwise we fail like this on my Fedora 38 box:
	=== RUN   TestOverlay
	DetectQuirks: tmpfs detected, no extended attributes except acls will work.
	    root_test.go:379: No user xattrs! overlay mount will likely fail.
	15:15:57.957960 Unimplemented opcode OPCODE-51
	    root_test.go:398: mount: /tmp/gocryptfs-test-parent-0/3652394902/TestOverlay.2374697046.mnt/merged: wrong fs type, bad option, bad superblock on overlay, missing codepage or helper program, or other error.
	               dmesg(1) may have more information after failed mount system call.
	    root_test.go:399: exit status 32
	--- FAIL: TestOverlay (0.04s)
	FAIL
Also fix the messed-up DetectQuirks bit test. | 
|  | For the streaming read benchmark, we don't want to benchmark
the page cache. | 
|  | And add a test for it.
Fixes https://github.com/rfjakob/gocryptfs/issues/724 | 
|  | Run "make format" using
go version go1.19.4 linux/amd64 | 
|  | Fixes https://github.com/golang/go/issues/54715
Output was:
$ go test ./tests/matrix -run TestConcurrentReadWrite -race
test_helpers: warning: testParentDir "/tmp/gocryptfs-test-parent-1026" does not reside on ext4, we will miss failures caused by ino reuse
PASS
PASS
==================
WARNING: DATA RACE
Write at 0x00c00038a0e0 by goroutine 63:
  runtime.racewriterange()
      <autogenerated>:1 +0x29
  internal/poll.(*FD).Pread()
      /usr/local/go/src/internal/poll/fd_unix.go:193 +0x169
  os.(*File).pread()
      /usr/local/go/src/os/file_posix.go:40 +0x335
  os.(*File).ReadAt()
      /usr/local/go/src/os/file.go:136 +0x2de
  github.com/rfjakob/gocryptfs/v2/tests/matrix.TestConcurrentReadWrite.func1()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/matrix/concurrency_test.go:40 +0x14b
Previous write at 0x00c00038a0e0 by goroutine 61:
  runtime.racewriterange()
      <autogenerated>:1 +0x29
  internal/poll.(*FD).Pread()
      /usr/local/go/src/internal/poll/fd_unix.go:193 +0x169
  os.(*File).pread()
      /usr/local/go/src/os/file_posix.go:40 +0x335
  os.(*File).ReadAt()
      /usr/local/go/src/os/file.go:136 +0x2de
  github.com/rfjakob/gocryptfs/v2/tests/matrix.TestConcurrentReadWrite.func1()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/matrix/concurrency_test.go:40 +0x14b
Goroutine 63 (running) created at:
  github.com/rfjakob/gocryptfs/v2/tests/matrix.TestConcurrentReadWrite()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/matrix/concurrency_test.go:34 +0x31d
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:1446 +0x216
  testing.(*T).Run.func1()
      /usr/local/go/src/testing/testing.go:1493 +0x47
Goroutine 61 (running) created at:
  github.com/rfjakob/gocryptfs/v2/tests/matrix.TestConcurrentReadWrite()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/matrix/concurrency_test.go:34 +0x31d
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:1446 +0x216
  testing.(*T).Run.func1()
      /usr/local/go/src/testing/testing.go:1493 +0x47
==================
--- FAIL: TestConcurrentReadWrite (0.03s)
    testing.go:1319: race detected during execution of test
FAIL
TestMain: matrix[2] = matrix.testcaseMatrix{plaintextnames:false, openssl:"false", aessiv:false, raw64:false, extraArgs:[]string(nil)} failed
FAIL	github.com/rfjakob/gocryptfs/v2/tests/matrix	0.170s
FAIL | 
|  |  | 
|  | Fails right now as reported in https://github.com/rfjakob/gocryptfs/pull/655
--- FAIL: TestLongnamemax100Reverse (0.09s)
    longnamemax_test.go:104: l=64: should see a longname now
    longnamemax_test.go:104: l=65: should see a longname now
    longnamemax_test.go:104: l=66: should see a longname now
    longnamemax_test.go:104: l=67: should see a longname now
    longnamemax_test.go:104: l=68: should see a longname now
    longnamemax_test.go:104: l=69: should see a longname now
    longnamemax_test.go:104: l=70: should see a longname now
    longnamemax_test.go:104: l=71: should see a longname now
    longnamemax_test.go:104: l=72: should see a longname now
    longnamemax_test.go:104: l=73: should see a longname now
    longnamemax_test.go:104: l=74: should see a longname now
    longnamemax_test.go:104: l=75: should see a longname now
    longnamemax_test.go:104: l=76: should see a longname now
    longnamemax_test.go:104: l=77: should see a longname now
    longnamemax_test.go:104: l=78: should see a longname now
    longnamemax_test.go:104: l=79: should see a longname now
    longnamemax_test.go:104: l=80: should see a longname now
    longnamemax_test.go:104: l=81: should see a longname now
    longnamemax_test.go:104: l=82: should see a longname now
    longnamemax_test.go:104: l=83: should see a longname now
    longnamemax_test.go:104: l=84: should see a longname now
    longnamemax_test.go:104: l=85: should see a longname now
    longnamemax_test.go:104: l=86: should see a longname now
    longnamemax_test.go:104: l=87: should see a longname now
    longnamemax_test.go:104: l=88: should see a longname now
    longnamemax_test.go:104: l=89: should see a longname now
    longnamemax_test.go:104: l=90: should see a longname now
    longnamemax_test.go:104: l=91: should see a longname now
    longnamemax_test.go:104: l=92: should see a longname now
    longnamemax_test.go:104: l=93: should see a longname now
    longnamemax_test.go:104: l=94: should see a longname now
    longnamemax_test.go:104: l=95: should see a longname now
    longnamemax_test.go:104: l=96: should see a longname now
    longnamemax_test.go:104: l=97: should see a longname now
    longnamemax_test.go:104: l=98: should see a longname now
    longnamemax_test.go:104: l=99: should see a longname now
    longnamemax_test.go:104: l=100: should see a longname now
    longnamemax_test.go:104: l=101: should see a longname now
    longnamemax_test.go:104: l=102: should see a longname now
    longnamemax_test.go:104: l=103: should see a longname now
    longnamemax_test.go:104: l=104: should see a longname now
    longnamemax_test.go:104: l=105: should see a longname now
    longnamemax_test.go:104: l=106: should see a longname now
    longnamemax_test.go:104: l=107: should see a longname now
    longnamemax_test.go:104: l=108: should see a longname now
    longnamemax_test.go:104: l=109: should see a longname now
    longnamemax_test.go:104: l=110: should see a longname now
    longnamemax_test.go:104: l=111: should see a longname now
    longnamemax_test.go:104: l=112: should see a longname now
    longnamemax_test.go:104: l=113: should see a longname now
    longnamemax_test.go:104: l=114: should see a longname now
    longnamemax_test.go:104: l=115: should see a longname now
    longnamemax_test.go:104: l=116: should see a longname now
    longnamemax_test.go:104: l=117: should see a longname now
    longnamemax_test.go:104: l=118: should see a longname now
    longnamemax_test.go:104: l=119: should see a longname now
    longnamemax_test.go:104: l=120: should see a longname now
    longnamemax_test.go:104: l=121: should see a longname now
    longnamemax_test.go:104: l=122: should see a longname now
    longnamemax_test.go:104: l=123: should see a longname now
    longnamemax_test.go:104: l=124: should see a longname now
    longnamemax_test.go:104: l=125: should see a longname now
    longnamemax_test.go:104: l=126: should see a longname now
    longnamemax_test.go:104: l=127: should see a longname now
    longnamemax_test.go:104: l=128: should see a longname now
    longnamemax_test.go:104: l=129: should see a longname now
    longnamemax_test.go:104: l=130: should see a longname now
    longnamemax_test.go:104: l=131: should see a longname now
    longnamemax_test.go:104: l=132: should see a longname now
    longnamemax_test.go:104: l=133: should see a longname now
    longnamemax_test.go:104: l=134: should see a longname now
    longnamemax_test.go:104: l=135: should see a longname now
    longnamemax_test.go:104: l=136: should see a longname now
    longnamemax_test.go:104: l=137: should see a longname now
    longnamemax_test.go:104: l=138: should see a longname now
    longnamemax_test.go:104: l=139: should see a longname now
    longnamemax_test.go:104: l=140: should see a longname now
    longnamemax_test.go:104: l=141: should see a longname now
    longnamemax_test.go:104: l=142: should see a longname now
    longnamemax_test.go:104: l=143: should see a longname now
    longnamemax_test.go:104: l=144: should see a longname now
    longnamemax_test.go:104: l=145: should see a longname now
    longnamemax_test.go:104: l=146: should see a longname now
    longnamemax_test.go:104: l=147: should see a longname now
    longnamemax_test.go:104: l=148: should see a longname now
    longnamemax_test.go:104: l=149: should see a longname now
    longnamemax_test.go:104: l=150: should see a longname now
    longnamemax_test.go:104: l=151: should see a longname now
    longnamemax_test.go:104: l=152: should see a longname now
    longnamemax_test.go:104: l=153: should see a longname now
    longnamemax_test.go:104: l=154: should see a longname now
    longnamemax_test.go:104: l=155: should see a longname now
    longnamemax_test.go:104: l=156: should see a longname now
    longnamemax_test.go:104: l=157: should see a longname now
    longnamemax_test.go:104: l=158: should see a longname now
    longnamemax_test.go:104: l=159: should see a longname now
    longnamemax_test.go:104: l=160: should see a longname now
    longnamemax_test.go:104: l=161: should see a longname now
    longnamemax_test.go:104: l=162: should see a longname now
    longnamemax_test.go:104: l=163: should see a longname now
    longnamemax_test.go:104: l=164: should see a longname now
    longnamemax_test.go:104: l=165: should see a longname now
    longnamemax_test.go:104: l=166: should see a longname now
    longnamemax_test.go:104: l=167: should see a longname now
    longnamemax_test.go:104: l=168: should see a longname now
    longnamemax_test.go:104: l=169: should see a longname now
    longnamemax_test.go:104: l=170: should see a longname now
    longnamemax_test.go:104: l=171: should see a longname now
    longnamemax_test.go:104: l=172: should see a longname now
    longnamemax_test.go:104: l=173: should see a longname now
    longnamemax_test.go:104: l=174: should see a longname now
    longnamemax_test.go:104: l=175: should see a longname now
FAIL
https://github.com/rfjakob/gocryptfs/pull/655 | 
|  |  | 
|  | After running "make root_test" a few times df would look like this,
no good:
$ df
Filesystem                  1K-blocks       Used Available Use% Mounted on
[...]
/dev/loop11                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/4081611019/TestDiskFull.ext4.mnt
/dev/loop12                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/1959939106/TestDiskFull.ext4.mnt
/dev/loop13                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/2455888382/TestDiskFull.ext4.mnt
/dev/loop14                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/2002998275/TestDiskFull.ext4.mnt
/dev/loop15                      8729       8525         0 100% /var/tmp/gocryptfs-test-parent-0/806736609/TestDiskFull.ext4.mnt
/dev/loop16                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/4050106930/TestDiskFull.ext4.mnt
/dev/loop17                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/1661931756/TestDiskFull.ext4.mnt
/dev/loop18                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/617990718/TestDiskFull.ext4.mnt
/dev/loop19                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/3194420338/TestDiskFull.ext4.mnt
/dev/loop20                      8729       8525         0 100% /tmp/gocryptfs-test-parent-0/2180745159/TestDiskFull.ext4.mnt
Turns out the unmount failed with EBUSY, so use lazy
unmount. | 
|  |  | 
|  | These don't have os.ReadDir yet.
Error was:
	Error: vet: tests/defaults/overlayfs_test.go:104:15: ReadDir not declared by package os | 
|  | Looks like the FUSE protocol does support O_TMPFILE yet.
https://github.com/rfjakob/gocryptfs/issues/641 | 
|  | f | 
|  |  | 
|  | Fixes https://github.com/rfjakob/gocryptfs/issues/629 | 
|  | (1)
Create a 1 GiB file instead of 1 TiB, because
apparently, on MacOS, the file (sometimes?) is not
created sparse, and fills up users' disks:
https://github.com/rfjakob/gocryptfs/issues/625
(2)
On darwin, SEEK_DATA is not the same as on Linux
( https://github.com/golang/go/commit/2f8b555de27198775f9606e001ef19b76efdb415 )
so use the value provided by the unix package. | 
|  | This fails at the moment:
$ go test ./tests/cli/
--- FAIL: TestMountPasswordEmpty (0.01s)
    cli_test.go:430: socket file "/tmp/gocryptfs-test-parent-1026/3413782690/TestMountPasswordEmpty.753166857.sock" left behind
https://github.com/rfjakob/gocryptfs/issues/634 | 
|  | xattr names have fewer restrictions than file names,
relax the validation.
Fixes https://github.com/rfjakob/gocryptfs/issues/627 | 
|  | This does not work neither make sense on MacOS. | 
|  | Creat() is equivalent to Open(..., O_CREAT|O_WRONLY|O_TRUNC, ...)
and MacOS does not have syscall.Creat().
https://github.com/rfjakob/gocryptfs/issues/623 | 
|  | Fixes https://github.com/rfjakob/gocryptfs/issues/499 | 
|  | https://github.com/rfjakob/gocryptfs/issues/609
https://github.com/rfjakob/gocryptfs/pull/610 |