rebase: bump github.com/google/fscrypt from 0.3.3 to 0.3.4

Bumps [github.com/google/fscrypt](https://github.com/google/fscrypt) from 0.3.3 to 0.3.4.
- [Release notes](https://github.com/google/fscrypt/releases)
- [Changelog](https://github.com/google/fscrypt/blob/master/NEWS.md)
- [Commits](https://github.com/google/fscrypt/compare/v0.3.3...v0.3.4)

---
updated-dependencies:
- dependency-name: github.com/google/fscrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/csi-addons/spec v0.1.2-0.20221101132540-98eff76b0ff8
 	github.com/gemalto/kmip-go v0.0.8
 	github.com/golang/protobuf v1.5.2
-	github.com/google/fscrypt v0.3.3
+	github.com/google/fscrypt v0.3.4
 	github.com/google/uuid v1.3.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0

go.sum

@@ -67,6 +67,7 @@ github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRY
 github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@@ -220,6 +221,7 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
@@ -422,8 +424,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
-github.com/google/fscrypt v0.3.3 h1:qwx9OCR/xZE68VGr/r0/yugFhlGpIOGsH9JHrttP7vc=
-github.com/google/fscrypt v0.3.3/go.mod h1:H1JHtH8BVe0dYNhzx1Ztkn3azQ0OBdoOmM828vEWAXc=
+github.com/google/fscrypt v0.3.4 h1:XGSVMIsQFooj82aRRfYn3JpgU/4fOTnzXPnjhxC8uH8=
+github.com/google/fscrypt v0.3.4/go.mod h1:BRpw7vaeDitXGRvXa281i/ivQszAdBIiUYDWHjVTkcs=
 github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
 github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
 github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
@@ -1010,6 +1012,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad/go.mod h1:Hy8o65+MXnS6EwGElrSRjUzQDLXreJlzYLlWiHtt8hM=
 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
 github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
@@ -1114,6 +1117,7 @@ golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220408190544-5352b0902921/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
@@ -1128,6 +1132,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1343,7 +1348,6 @@ golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210422114643-f5beecf764ed/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
@@ -1395,7 +1399,6 @@ golang.org/x/tools v0.0.0-20190718200317-82a3ea8a504c/go.mod h1:jcCCGcm9btYwXyDq
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191025023517-2077df36852e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1440,6 +1443,7 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
+golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1673,6 +1677,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.3.0/go.mod h1:vlRD9XErLMGT+mDuofSr0mMMquscM/1nQqtRSsh6m70=
 k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ=
 k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
 k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=

vendor/github.com/google/fscrypt/actions/config.go

@@ -29,6 +29,7 @@ import (
 	"time"
 
 	"golang.org/x/sys/unix"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/filesystem"
@@ -186,11 +187,17 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 	log.Printf("Finding hashing costs that take %v\n", target)
 
 	// Start out with the minimal possible costs that use all the CPUs.
-	nCPUs := int64(runtime.NumCPU())
+	parallelism := int64(runtime.NumCPU())
+	// golang.org/x/crypto/argon2 only supports parallelism up to 255.
+	// For compatibility, don't use more than that amount.
+	if parallelism > metadata.MaxParallelism {
+		parallelism = metadata.MaxParallelism
+	}
 	costs := &metadata.HashingCosts{
-		Time:        1,
-		Memory:      8 * nCPUs,
-		Parallelism: nCPUs,
+		Time:            1,
+		Memory:          8 * parallelism,
+		Parallelism:     parallelism,
+		TruncationFixed: true,
 	}
 
 	// If even the minimal costs are not fast enough, just return the
@@ -210,7 +217,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 	memoryKiBLimit := memoryBytesLimit() / 1024
 	for {
 		// Store a copy of the previous costs
-		costsPrev := *costs
+		costsPrev := proto.Clone(costs).(*metadata.HashingCosts)
 		tPrev := t
 
 		// Double the memory up to the max, then double the time.
@@ -223,7 +230,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 		// If our hashing failed, return the last good set of costs.
 		if t, err = timeHashingCosts(costs); err != nil {
 			log.Printf("Hashing with costs={%v} failed: %v\n", costs, err)
-			return &costsPrev, nil
+			return costsPrev, nil
 		}
 		log.Printf("Costs={%v}\t-> %v\n", costs, t)
 
@@ -232,9 +239,10 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 		if t >= target {
 			f := float64(target-tPrev) / float64(t-tPrev)
 			return &metadata.HashingCosts{
-				Time:        betweenCosts(costsPrev.Time, costs.Time, f),
-				Memory:      betweenCosts(costsPrev.Memory, costs.Memory, f),
-				Parallelism: costs.Parallelism,
+				Time:            betweenCosts(costsPrev.Time, costs.Time, f),
+				Memory:          betweenCosts(costsPrev.Memory, costs.Memory, f),
+				Parallelism:     costs.Parallelism,
+				TruncationFixed: costs.TruncationFixed,
 			}, nil
 		}
 	}

vendor/github.com/google/fscrypt/actions/policy.go

@@ -25,8 +25,8 @@ import (
 	"os"
 	"os/user"
 
-	"github.com/golang/protobuf/proto"
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/filesystem"

vendor/github.com/google/fscrypt/actions/recovery.go

@@ -23,6 +23,8 @@ import (
 	"os"
 	"strconv"
 
+	"google.golang.org/protobuf/proto"
+
 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/util"
@@ -31,10 +33,10 @@ import (
 // modifiedContextWithSource returns a copy of ctx with the protector source
 // replaced by source.
 func modifiedContextWithSource(ctx *Context, source metadata.SourceType) *Context {
-	modifiedConfig := *ctx.Config
+	modifiedConfig := proto.Clone(ctx.Config).(*metadata.Config)
 	modifiedConfig.Source = source
 	modifiedCtx := *ctx
-	modifiedCtx.Config = &modifiedConfig
+	modifiedCtx.Config = modifiedConfig
 	return &modifiedCtx
 }
 

vendor/github.com/google/fscrypt/filesystem/filesystem.go

@@ -35,7 +35,6 @@ package filesystem
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/user"
@@ -45,9 +44,9 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/golang/protobuf/proto"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/util"
@@ -335,7 +334,7 @@ func (m *Mount) PolicyPath(descriptor string) string {
 // directory and returns a temporary Mount which represents this temporary
 // directory. The caller is responsible for removing this temporary directory.
 func (m *Mount) tempMount() (*Mount, error) {
-	tempDir, err := ioutil.TempDir(filepath.Dir(m.BaseDir()), tempPrefix)
+	tempDir, err := os.MkdirTemp(filepath.Dir(m.BaseDir()), tempPrefix)
 	return &Mount{Path: tempDir}, err
 }
 
@@ -393,7 +392,7 @@ func (m *Mount) isFscryptSetupAllowed() bool {
 		return true
 	}
 	switch m.FilesystemType {
-	case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs":
+	case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs", "lustre":
 		return true
 	default:
 		return false
@@ -635,7 +634,7 @@ func (m *Mount) writeData(path string, data []byte, owner *user.User, mode os.Fi
 	// Write the data to a temporary file, sync it, then rename into place
 	// so that the operation will be atomic.
 	dirPath := filepath.Dir(path)
-	tempFile, err := ioutil.TempFile(dirPath, tempPrefix)
+	tempFile, err := os.CreateTemp(dirPath, tempPrefix)
 	if err != nil {
 		log.Print(err)
 		if os.IsPermission(err) {
@@ -767,7 +766,7 @@ func readMetadataFileSafe(path string, trustedUser *user.User) ([]byte, int64, e
 	}
 	// Read the file contents, allowing at most maxMetadataFileSize bytes.
 	reader := &io.LimitedReader{R: file, N: maxMetadataFileSize + 1}
-	data, err := ioutil.ReadAll(reader)
+	data, err := io.ReadAll(reader)
 	if err != nil {
 		return nil, -1, err
 	}

vendor/github.com/google/fscrypt/filesystem/mountpoint.go

@@ -25,7 +25,6 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -537,11 +536,15 @@ func getMountFromLink(link string) (*Mount, error) {
 }
 
 func (mnt *Mount) getFilesystemUUID() (string, error) {
-	dirContents, err := ioutil.ReadDir(uuidDirectory)
+	dirEntries, err := os.ReadDir(uuidDirectory)
 	if err != nil {
 		return "", err
 	}
-	for _, fileInfo := range dirContents {
+	for _, dirEntry := range dirEntries {
+		fileInfo, err := dirEntry.Info()
+		if err != nil {
+			continue
+		}
 		if fileInfo.Mode()&os.ModeSymlink == 0 {
 			continue // Only interested in UUID symlinks
 		}

vendor/github.com/google/fscrypt/metadata/checks.go

@@ -20,8 +20,11 @@
 package metadata
 
 import (
-	"github.com/golang/protobuf/proto"
+	"log"
+	"math"
+
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/google/fscrypt/util"
 )
@@ -57,20 +60,37 @@ func (s SourceType) CheckValidity() error {
 	return nil
 }
 
+// MaxParallelism is the maximum allowed value for HashingCosts.Parallelism.
+const MaxParallelism = math.MaxUint8
+
 // CheckValidity ensures the hash costs will be accepted by Argon2.
 func (h *HashingCosts) CheckValidity() error {
 	if h == nil {
 		return errNotInitialized
 	}
-	if h.Time <= 0 {
-		return errors.Errorf("time=%d is not positive", h.Time)
+
+	minP := int64(1)
+	p := uint8(h.Parallelism)
+	if h.Parallelism < minP || h.Parallelism > MaxParallelism {
+		if h.TruncationFixed || p == 0 {
+			return errors.Errorf("parallelism cost %d is not in range [%d, %d]",
+				h.Parallelism, minP, MaxParallelism)
+		}
+		// Previously we unconditionally casted costs.Parallelism to a uint8,
+		// so we replicate this behavior for backwards compatibility.
+		log.Printf("WARNING: Truncating parallelism cost of %d to %d", h.Parallelism, p)
 	}
-	if h.Parallelism <= 0 {
-		return errors.Errorf("parallelism=%d is not positive", h.Parallelism)
+
+	minT := int64(1)
+	maxT := int64(math.MaxUint32)
+	if h.Time < minT || h.Time > maxT {
+		return errors.Errorf("time cost %d is not in range [%d, %d]", h.Time, minT, maxT)
 	}
-	minMemory := 8 * h.Parallelism
-	if h.Memory < minMemory {
-		return errors.Errorf("memory=%d is less than minimum (%d)", h.Memory, minMemory)
+
+	minM := 8 * int64(p)
+	maxM := int64(math.MaxUint32)
+	if h.Memory < minM || h.Memory > maxM {
+		return errors.Errorf("memory cost %d KiB is not in range [%d, %d]", h.Memory, minM, maxM)
 	}
 	return nil
 }

vendor/github.com/google/fscrypt/metadata/config.go

@@ -29,31 +29,39 @@ package metadata
 import (
 	"io"
 
-	"github.com/golang/protobuf/jsonpb"
+	"google.golang.org/protobuf/encoding/protojson"
 )
 
 // WriteConfig outputs the Config data as nicely formatted JSON
 func WriteConfig(config *Config, out io.Writer) error {
-	m := jsonpb.Marshaler{
-		EmitDefaults: true,
-		EnumsAsInts:  false,
-		Indent:       "\t",
-		OrigName:     true,
+	m := protojson.MarshalOptions{
+		Multiline:       true,
+		Indent:          "\t",
+		UseProtoNames:   true,
+		UseEnumNumbers:  false,
+		EmitUnpopulated: true,
 	}
-	if err := m.Marshal(out, config); err != nil {
+	bytes, err := m.Marshal(config)
+	if err != nil {
 		return err
 	}
-
-	_, err := out.Write([]byte{'\n'})
+	if _, err = out.Write(bytes); err != nil {
+		return err
+	}
+	_, err = out.Write([]byte{'\n'})
 	return err
 }
 
 // ReadConfig writes the JSON data into the config structure
 func ReadConfig(in io.Reader) (*Config, error) {
-	config := new(Config)
-	// Allow (and ignore) unknown fields for forwards compatibility.
-	u := jsonpb.Unmarshaler{
-		AllowUnknownFields: true,
+	bytes, err := io.ReadAll(in)
+	if err != nil {
+		return nil, err
 	}
-	return config, u.Unmarshal(in, config)
+	config := new(Config)
+	// Discard unknown fields for forwards compatibility.
+	u := protojson.UnmarshalOptions{
+		DiscardUnknown: true,
+	}
+	return config, u.Unmarshal(bytes, config)
 }

vendor/github.com/google/fscrypt/metadata/metadata.proto

@@ -19,15 +19,20 @@
  * the License.
  */
 
-// If you modify this file, be sure to run "go generate" on this package.
+// If the *.proto file is modified, be sure to run "make gen" (at the project
+// root) to recreate the *.pb.go file.
 syntax = "proto3";
 package metadata;
 
+option go_package = "github.com/google/fscrypt/metadata";
+
 // Cost parameters to be used in our hashing functions.
 message HashingCosts {
   int64 time = 2;
   int64 memory = 3;
   int64 parallelism = 4;
+  // If true, parallelism should no longer be truncated to 8 bits.
+  bool truncation_fixed = 5;
 }
 
 // This structure is used for our authenticated wrapping/unwrapping of keys.
@@ -73,6 +78,7 @@ message EncryptionOptions {
     AES_128_CBC = 5;
     AES_128_CTS = 6;
     Adiantum = 9;
+    AES_256_HCTR2 = 10;
   }
 
   Mode contents = 2;

vendor/github.com/google/fscrypt/metadata/policy.go

@@ -94,7 +94,7 @@ func (err *ErrNotEncrypted) Error() string {
 	return fmt.Sprintf("file or directory %q is not encrypted", err.Path)
 }
 
-func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
+func getPolicyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
 	_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), request, uintptr(arg))
 	if errno == 0 {
 		return nil
@@ -102,6 +102,19 @@ func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
 	return errno
 }
 
+func setPolicy(file *os.File, arg unsafe.Pointer) error {
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), unix.FS_IOC_SET_ENCRYPTION_POLICY, uintptr(arg))
+	if errno != 0 {
+		return errno
+	}
+
+	if err := file.Sync(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // Maps EncryptionOptions.Padding <-> FSCRYPT_POLICY_FLAGS
 var (
 	paddingArray = []int64{4, 8, 16, 32}
@@ -159,10 +172,10 @@ func GetPolicy(path string) (*PolicyData, error) {
 	var arg unix.FscryptGetPolicyExArg
 	arg.Size = uint64(unsafe.Sizeof(arg.Policy))
 	policyPtr := util.Ptr(arg.Policy[:])
-	err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
+	err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
 	if err == unix.ENOTTY {
 		// Fall back to the old version of the ioctl. This works for v1 policies only.
-		err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
+		err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
 		arg.Size = uint64(unsafe.Sizeof(unix.FscryptPolicyV1{}))
 	}
 	switch err {
@@ -235,7 +248,7 @@ func setV1Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
 	}
 	copy(policy.Master_key_descriptor[:], descriptorBytes)
 
-	return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
+	return setPolicy(file, unsafe.Pointer(&policy))
 }
 
 func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []byte) error {
@@ -252,7 +265,7 @@ func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
 	}
 	copy(policy.Master_key_identifier[:], descriptorBytes)
 
-	return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
+	return setPolicy(file, unsafe.Pointer(&policy))
 }
 
 // SetPolicy sets up the specified directory to be encrypted with the specified
@@ -332,7 +345,7 @@ func CheckSupport(path string) error {
 		Flags:                     math.MaxUint8,
 	}
 
-	err = policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&badPolicy))
+	err = setPolicy(file, unsafe.Pointer(&badPolicy))
 	switch err {
 	case nil:
 		log.Panicf(`FS_IOC_SET_ENCRYPTION_POLICY succeeded when it should have failed.

vendor/modules.txt

@@ -228,8 +228,8 @@ github.com/golang/protobuf/ptypes/wrappers
 # github.com/golang/snappy v0.0.4
 ## explicit
 github.com/golang/snappy
-# github.com/google/fscrypt v0.3.3
-## explicit; go 1.11
+# github.com/google/fscrypt v0.3.4
+## explicit; go 1.16
 github.com/google/fscrypt/actions
 github.com/google/fscrypt/crypto
 github.com/google/fscrypt/filesystem