rebase: bump github.com/google/fscrypt from 0.3.3 to 0.3.4

Bumps [github.com/google/fscrypt](https://github.com/google/fscrypt) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/google/fscrypt/releases) - [Changelog](https://github.com/google/fscrypt/blob/master/NEWS.md) - [Commits](https://github.com/google/fscrypt/compare/v0.3.3...v0.3.4) --- updated-dependencies: - dependency-name: github.com/google/fscrypt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 18:43:34 +00:00 · 2023-02-20 14:30:55 +00:00
parent 991c21f7fd
commit f84d43c6d1
13 changed files with 852 additions and 441 deletions
--- a/vendor/github.com/google/fscrypt/actions/config.go
+++ b/vendor/github.com/google/fscrypt/actions/config.go
@ -29,6 +29,7 @@ import (
 	"time"

 	"golang.org/x/sys/unix"
+	"google.golang.org/protobuf/proto"

 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/filesystem"
@ -186,11 +187,17 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 	log.Printf("Finding hashing costs that take %v\n", target)

 	// Start out with the minimal possible costs that use all the CPUs.
-	nCPUs := int64(runtime.NumCPU())
+	parallelism := int64(runtime.NumCPU())
+	// golang.org/x/crypto/argon2 only supports parallelism up to 255.
+	// For compatibility, don't use more than that amount.
+	if parallelism > metadata.MaxParallelism {
+		parallelism = metadata.MaxParallelism
+	}
 	costs := &metadata.HashingCosts{
-		Time:        1,
-		Memory:      8 * nCPUs,
-		Parallelism: nCPUs,
+		Time:            1,
+		Memory:          8 * parallelism,
+		Parallelism:     parallelism,
+		TruncationFixed: true,
 	}

 	// If even the minimal costs are not fast enough, just return the
@ -210,7 +217,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 	memoryKiBLimit := memoryBytesLimit() / 1024
 	for {
 		// Store a copy of the previous costs
-		costsPrev := *costs
+		costsPrev := proto.Clone(costs).(*metadata.HashingCosts)
 		tPrev := t

 		// Double the memory up to the max, then double the time.
@ -223,7 +230,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 		// If our hashing failed, return the last good set of costs.
 		if t, err = timeHashingCosts(costs); err != nil {
 			log.Printf("Hashing with costs={%v} failed: %v\n", costs, err)
-			return &costsPrev, nil
+			return costsPrev, nil
 		}
 		log.Printf("Costs={%v}\t-> %v\n", costs, t)

@ -232,9 +239,10 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
 		if t >= target {
 			f := float64(target-tPrev) / float64(t-tPrev)
 			return &metadata.HashingCosts{
-				Time:        betweenCosts(costsPrev.Time, costs.Time, f),
-				Memory:      betweenCosts(costsPrev.Memory, costs.Memory, f),
-				Parallelism: costs.Parallelism,
+				Time:            betweenCosts(costsPrev.Time, costs.Time, f),
+				Memory:          betweenCosts(costsPrev.Memory, costs.Memory, f),
+				Parallelism:     costs.Parallelism,
+				TruncationFixed: costs.TruncationFixed,
 			}, nil
 		}
 	}
--- a/vendor/github.com/google/fscrypt/actions/policy.go
+++ b/vendor/github.com/google/fscrypt/actions/policy.go
@ -25,8 +25,8 @@ import (
 	"os"
 	"os/user"

-	"github.com/golang/protobuf/proto"
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/proto"

 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/filesystem"
--- a/vendor/github.com/google/fscrypt/actions/recovery.go
+++ b/vendor/github.com/google/fscrypt/actions/recovery.go
@ -23,6 +23,8 @@ import (
 	"os"
 	"strconv"

+	"google.golang.org/protobuf/proto"
+
 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/util"
@ -31,10 +33,10 @@ import (
 // modifiedContextWithSource returns a copy of ctx with the protector source
 // replaced by source.
 func modifiedContextWithSource(ctx *Context, source metadata.SourceType) *Context {
-	modifiedConfig := *ctx.Config
+	modifiedConfig := proto.Clone(ctx.Config).(*metadata.Config)
 	modifiedConfig.Source = source
 	modifiedCtx := *ctx
-	modifiedCtx.Config = &modifiedConfig
+	modifiedCtx.Config = modifiedConfig
 	return &modifiedCtx
 }

--- a/vendor/github.com/google/fscrypt/filesystem/filesystem.go
+++ b/vendor/github.com/google/fscrypt/filesystem/filesystem.go
@ -35,7 +35,6 @@ package filesystem
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/user"
@ -45,9 +44,9 @@ import (
 	"syscall"
 	"time"

-	"github.com/golang/protobuf/proto"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
+	"google.golang.org/protobuf/proto"

 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/util"
@ -335,7 +334,7 @@ func (m *Mount) PolicyPath(descriptor string) string {
 // directory and returns a temporary Mount which represents this temporary
 // directory. The caller is responsible for removing this temporary directory.
 func (m *Mount) tempMount() (*Mount, error) {
-	tempDir, err := ioutil.TempDir(filepath.Dir(m.BaseDir()), tempPrefix)
+	tempDir, err := os.MkdirTemp(filepath.Dir(m.BaseDir()), tempPrefix)
 	return &Mount{Path: tempDir}, err
 }

@ -393,7 +392,7 @@ func (m *Mount) isFscryptSetupAllowed() bool {
 		return true
 	}
 	switch m.FilesystemType {
-	case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs":
+	case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs", "lustre":
 		return true
 	default:
 		return false
@ -635,7 +634,7 @@ func (m *Mount) writeData(path string, data []byte, owner *user.User, mode os.Fi
 	// Write the data to a temporary file, sync it, then rename into place
 	// so that the operation will be atomic.
 	dirPath := filepath.Dir(path)
-	tempFile, err := ioutil.TempFile(dirPath, tempPrefix)
+	tempFile, err := os.CreateTemp(dirPath, tempPrefix)
 	if err != nil {
 		log.Print(err)
 		if os.IsPermission(err) {
@ -767,7 +766,7 @@ func readMetadataFileSafe(path string, trustedUser *user.User) ([]byte, int64, e
 	}
 	// Read the file contents, allowing at most maxMetadataFileSize bytes.
 	reader := &io.LimitedReader{R: file, N: maxMetadataFileSize + 1}
-	data, err := ioutil.ReadAll(reader)
+	data, err := io.ReadAll(reader)
 	if err != nil {
 		return nil, -1, err
 	}
--- a/vendor/github.com/google/fscrypt/filesystem/mountpoint.go
+++ b/vendor/github.com/google/fscrypt/filesystem/mountpoint.go
@ -25,7 +25,6 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@ -537,11 +536,15 @@ func getMountFromLink(link string) (*Mount, error) {
 }

 func (mnt *Mount) getFilesystemUUID() (string, error) {
-	dirContents, err := ioutil.ReadDir(uuidDirectory)
+	dirEntries, err := os.ReadDir(uuidDirectory)
 	if err != nil {
 		return "", err
 	}
-	for _, fileInfo := range dirContents {
+	for _, dirEntry := range dirEntries {
+		fileInfo, err := dirEntry.Info()
+		if err != nil {
+			continue
+		}
 		if fileInfo.Mode()&os.ModeSymlink == 0 {
 			continue // Only interested in UUID symlinks
 		}
--- a/vendor/github.com/google/fscrypt/metadata/checks.go
+++ b/vendor/github.com/google/fscrypt/metadata/checks.go
@ -20,8 +20,11 @@
 package metadata

 import (
-	"github.com/golang/protobuf/proto"
+	"log"
+	"math"
+
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/proto"

 	"github.com/google/fscrypt/util"
 )
@ -57,20 +60,37 @@ func (s SourceType) CheckValidity() error {
 	return nil
 }

+// MaxParallelism is the maximum allowed value for HashingCosts.Parallelism.
+const MaxParallelism = math.MaxUint8
+
 // CheckValidity ensures the hash costs will be accepted by Argon2.
 func (h *HashingCosts) CheckValidity() error {
 	if h == nil {
 		return errNotInitialized
 	}
-	if h.Time <= 0 {
-		return errors.Errorf("time=%d is not positive", h.Time)
+
+	minP := int64(1)
+	p := uint8(h.Parallelism)
+	if h.Parallelism < minP || h.Parallelism > MaxParallelism {
+		if h.TruncationFixed || p == 0 {
+			return errors.Errorf("parallelism cost %d is not in range [%d, %d]",
+				h.Parallelism, minP, MaxParallelism)
+		}
+		// Previously we unconditionally casted costs.Parallelism to a uint8,
+		// so we replicate this behavior for backwards compatibility.
+		log.Printf("WARNING: Truncating parallelism cost of %d to %d", h.Parallelism, p)
 	}
-	if h.Parallelism <= 0 {
-		return errors.Errorf("parallelism=%d is not positive", h.Parallelism)
+
+	minT := int64(1)
+	maxT := int64(math.MaxUint32)
+	if h.Time < minT || h.Time > maxT {
+		return errors.Errorf("time cost %d is not in range [%d, %d]", h.Time, minT, maxT)
 	}
-	minMemory := 8 * h.Parallelism
-	if h.Memory < minMemory {
-		return errors.Errorf("memory=%d is less than minimum (%d)", h.Memory, minMemory)
+
+	minM := 8 * int64(p)
+	maxM := int64(math.MaxUint32)
+	if h.Memory < minM || h.Memory > maxM {
+		return errors.Errorf("memory cost %d KiB is not in range [%d, %d]", h.Memory, minM, maxM)
 	}
 	return nil
 }
--- a/vendor/github.com/google/fscrypt/metadata/config.go
+++ b/vendor/github.com/google/fscrypt/metadata/config.go
@ -29,31 +29,39 @@ package metadata
 import (
 	"io"

-	"github.com/golang/protobuf/jsonpb"
+	"google.golang.org/protobuf/encoding/protojson"
 )

 // WriteConfig outputs the Config data as nicely formatted JSON
 func WriteConfig(config *Config, out io.Writer) error {
-	m := jsonpb.Marshaler{
-		EmitDefaults: true,
-		EnumsAsInts:  false,
-		Indent:       "\t",
-		OrigName:     true,
+	m := protojson.MarshalOptions{
+		Multiline:       true,
+		Indent:          "\t",
+		UseProtoNames:   true,
+		UseEnumNumbers:  false,
+		EmitUnpopulated: true,
 	}
-	if err := m.Marshal(out, config); err != nil {
+	bytes, err := m.Marshal(config)
+	if err != nil {
 		return err
 	}
-
-	_, err := out.Write([]byte{'\n'})
+	if _, err = out.Write(bytes); err != nil {
+		return err
+	}
+	_, err = out.Write([]byte{'\n'})
 	return err
 }

 // ReadConfig writes the JSON data into the config structure
 func ReadConfig(in io.Reader) (*Config, error) {
-	config := new(Config)
-	// Allow (and ignore) unknown fields for forwards compatibility.
-	u := jsonpb.Unmarshaler{
-		AllowUnknownFields: true,
+	bytes, err := io.ReadAll(in)
+	if err != nil {
+		return nil, err
 	}
-	return config, u.Unmarshal(in, config)
+	config := new(Config)
+	// Discard unknown fields for forwards compatibility.
+	u := protojson.UnmarshalOptions{
+		DiscardUnknown: true,
+	}
+	return config, u.Unmarshal(bytes, config)
 }
--- a/vendor/github.com/google/fscrypt/metadata/metadata.pb.go
+++ b/vendor/github.com/google/fscrypt/metadata/metadata.pb.go
--- a/vendor/github.com/google/fscrypt/metadata/metadata.proto
+++ b/vendor/github.com/google/fscrypt/metadata/metadata.proto
@ -19,15 +19,20 @@
 * the License.
 */

-// If you modify this file, be sure to run "go generate" on this package.
+// If the *.proto file is modified, be sure to run "make gen" (at the project
+// root) to recreate the *.pb.go file.
 syntax = "proto3";
 package metadata;

+option go_package = "github.com/google/fscrypt/metadata";
+
 // Cost parameters to be used in our hashing functions.
 message HashingCosts {
  int64 time = 2;
  int64 memory = 3;
  int64 parallelism = 4;
+  // If true, parallelism should no longer be truncated to 8 bits.
+  bool truncation_fixed = 5;
 }

 // This structure is used for our authenticated wrapping/unwrapping of keys.
@ -73,6 +78,7 @@ message EncryptionOptions {
    AES_128_CBC = 5;
    AES_128_CTS = 6;
    Adiantum = 9;
+    AES_256_HCTR2 = 10;
  }

  Mode contents = 2;
--- a/vendor/github.com/google/fscrypt/metadata/policy.go
+++ b/vendor/github.com/google/fscrypt/metadata/policy.go
@ -94,7 +94,7 @@ func (err *ErrNotEncrypted) Error() string {
 	return fmt.Sprintf("file or directory %q is not encrypted", err.Path)
 }

-func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
+func getPolicyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
 	_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), request, uintptr(arg))
 	if errno == 0 {
 		return nil
@ -102,6 +102,19 @@ func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
 	return errno
 }

+func setPolicy(file *os.File, arg unsafe.Pointer) error {
+	_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), unix.FS_IOC_SET_ENCRYPTION_POLICY, uintptr(arg))
+	if errno != 0 {
+		return errno
+	}
+
+	if err := file.Sync(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // Maps EncryptionOptions.Padding <-> FSCRYPT_POLICY_FLAGS
 var (
 	paddingArray = []int64{4, 8, 16, 32}
@ -159,10 +172,10 @@ func GetPolicy(path string) (*PolicyData, error) {
 	var arg unix.FscryptGetPolicyExArg
 	arg.Size = uint64(unsafe.Sizeof(arg.Policy))
 	policyPtr := util.Ptr(arg.Policy[:])
-	err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
+	err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
 	if err == unix.ENOTTY {
 		// Fall back to the old version of the ioctl. This works for v1 policies only.
-		err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
+		err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
 		arg.Size = uint64(unsafe.Sizeof(unix.FscryptPolicyV1{}))
 	}
 	switch err {
@ -235,7 +248,7 @@ func setV1Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
 	}
 	copy(policy.Master_key_descriptor[:], descriptorBytes)

-	return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
+	return setPolicy(file, unsafe.Pointer(&policy))
 }

 func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []byte) error {
@ -252,7 +265,7 @@ func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
 	}
 	copy(policy.Master_key_identifier[:], descriptorBytes)

-	return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
+	return setPolicy(file, unsafe.Pointer(&policy))
 }

 // SetPolicy sets up the specified directory to be encrypted with the specified
@ -332,7 +345,7 @@ func CheckSupport(path string) error {
 		Flags:                     math.MaxUint8,
 	}

-	err = policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&badPolicy))
+	err = setPolicy(file, unsafe.Pointer(&badPolicy))
 	switch err {
 	case nil:
 		log.Panicf(`FS_IOC_SET_ENCRYPTION_POLICY succeeded when it should have failed.