gocryptfs icon indicating copy to clipboard operation
gocryptfs copied to clipboard

Published 20 hours ago verified publisher icon rfjakob

Build failure against riscv64

Open paralin opened this issue 2 years ago • 6 comments 

github.com/jacobsa/crypto/cmac
golang.org/x/sys/cpu
# github.com/jacobsa/crypto/cmac
vendor/github.com/jacobsa/crypto/cmac/hash.go:97:3: undefined: xorBlock

See: http://autobuild.buildroot.net/results/caa60874781c4077273884eb37281cc9e02ef9ac/build-end.log

paralin avatar Jun 25 '22 21:06 paralin

Riscv: https://github.com/jacobsa/crypto/issues/13 Fixed by this PR: https://github.com/jacobsa/crypto/pull/14

paralin avatar Jun 25 '22 21:06 paralin

https://github.com/skiffos/buildroot/commit/cc0e708c813e200b88855fb7161f8d8b5c8797f3#diff-b031f960e07162c6f96a4bc6e0828d68843d00803909417bc4c4d485858acfcd

paralin avatar Jun 25 '22 22:06 paralin

That jacobsa/crypto is unmaintained is a problem.

Does https://github.com/google/tink/blob/master/go/daead/subtle/aes_siv.go work on RISC-V ?

rfjakob avatar Jul 31 '22 19:07 rfjakob

Probably. I don't see why not. I can test it soon

paralin avatar Jul 31 '22 19:07 paralin

Looks like tink won't work as it only supports a single associated data string: https://github.com/google/tink/blob/214697ad4ad090947ffbfe7b5e9a1c7ee46c6058/go/daead/subtle/aes_siv.go#L114 gocryptfs uses two.

rfjakob avatar Sep 05 '22 18:09 rfjakob

For posterity: Speed of tink is a little slower but acceptable

gocryptfs/internal/speed $ go test -bench .
BenchmarkAESSIV-4                 	   64172	     18444 ns/op	 222.07 MB/s
BenchmarkTinkAESSIV-4             	   55764	     21730 ns/op	 188.50 MB/s

diff --git a/internal/speed/speed.go b/internal/speed/speed.go
index aef3ad6..75b21b3 100644
--- a/internal/speed/speed.go
+++ b/internal/speed/speed.go
@@ -14,6 +14,8 @@ import (
 
 	"golang.org/x/crypto/chacha20poly1305"
 
+	"github.com/google/tink/go/daead/subtle"
+
 	"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
 	"github.com/rfjakob/gocryptfs/v2/internal/siv_aead"
 	"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
@@ -97,7 +99,32 @@ func bEncrypt(b *testing.B, c cipher.AEAD) {
 		// Encrypt and append to nonce
 		c.Seal(dst, iv, in, authData)
 	}
+}
+
+func bTinkAESSIV(b *testing.B) {
+	c, err := subtle.NewAESSIV(randBytes(64))
+	if err != nil {
+		panic(err)
+	}
+
+	authData := randBytes(adLen)
+	iv := randBytes(16)
+	in := make([]byte, blockSize)
+	dst := make([]byte, len(in)+len(iv)+16)
+	copy(dst, iv)
 
+	b.SetBytes(int64(len(in)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		// Reset dst buffer
+		dst = dst[:len(iv)]
+		// Encrypt and append to nonce
+		o, err := c.EncryptDeterministically(in, authData)
+		if err != nil {
+			panic(err)
+		}
+		dst = append(dst, o...)
+	}
 }
 
 func bDecrypt(b *testing.B, c cipher.AEAD) {
diff --git a/internal/speed/speed_test.go b/internal/speed/speed_test.go
index 5f3001b..261af4f 100644
--- a/internal/speed/speed_test.go
+++ b/internal/speed/speed_test.go
@@ -82,3 +82,7 @@ func BenchmarkStupidChacha(b *testing.B) {
 func BenchmarkStupidChachaDecrypt(b *testing.B) {
 	bDecrypt(b, stupidgcm.NewChacha20poly1305(randBytes(32)))
 }
+
+func BenchmarkTinkAESSIV(b *testing.B) {
+	bTinkAESSIV(b)
+}

rfjakob avatar Sep 05 '22 18:09 rfjakob

Fixed via https://github.com/rfjakob/gocryptfs/commit/7ee4c8e9c3b0fb630b48c5940a7faa220ef5e63a .

rfjakob avatar Dec 21 '22 17:12 rfjakob