diff --git a/vfs/adiantum/adiantum.go b/vfs/adiantum/adiantum.go index 88d1c76..659b0e6 100644 --- a/vfs/adiantum/adiantum.go +++ b/vfs/adiantum/adiantum.go @@ -28,5 +28,5 @@ func (adiantumCreator) KDF(text string) []byte { n, _ := rand.Read(key) return key[:n] } - return argon2.IDKey([]byte(text), []byte(pepper), 1, 64*1024, 4, 32) + return argon2.IDKey([]byte(text), []byte(pepper), 3, 64*1024, 4, 32) } diff --git a/vfs/adiantum/adiantum_test.go b/vfs/adiantum/adiantum_test.go new file mode 100644 index 0000000..e13ff74 --- /dev/null +++ b/vfs/adiantum/adiantum_test.go @@ -0,0 +1,53 @@ +package adiantum_test + +import ( + "path/filepath" + "testing" + + "github.com/ncruces/go-sqlite3" + _ "github.com/ncruces/go-sqlite3/embed" + _ "github.com/ncruces/go-sqlite3/vfs/adiantum" +) + +func Benchmark_nokey(b *testing.B) { + tmp := filepath.Join(b.TempDir(), "test.db") + sqlite3.Initialize() + b.ResetTimer() + + for n := 0; n < b.N; n++ { + db, err := sqlite3.Open("file:" + filepath.ToSlash(tmp) + "?nolock=1") + if err != nil { + b.Fatal(err) + } + db.Close() + } +} +func Benchmark_hexkey(b *testing.B) { + tmp := filepath.Join(b.TempDir(), "test.db") + sqlite3.Initialize() + b.ResetTimer() + + for n := 0; n < b.N; n++ { + db, err := sqlite3.Open("file:" + filepath.ToSlash(tmp) + "?nolock=1" + + "&vfs=adiantum&hexkey=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") + if err != nil { + b.Fatal(err) + } + db.Close() + } +} + +func Benchmark_textkey(b *testing.B) { + tmp := filepath.Join(b.TempDir(), "test.db") + sqlite3.Initialize() + b.ResetTimer() + + for n := 0; n < b.N; n++ { + db, err := sqlite3.Open("file:" + filepath.ToSlash(tmp) + "?nolock=1" + + "&vfs=adiantum&textkey=correct+horse+battery+staple") + if err != nil { + b.Fatal(err) + } + db.Close() + } +} diff --git a/vfs/adiantum/api.go b/vfs/adiantum/api.go index 818eaf6..c484ec9 100644 --- a/vfs/adiantum/api.go +++ b/vfs/adiantum/api.go @@ -18,12 +18,18 @@ // However, this makes your key easily accessible to other parts of // your application (e.g. through [vfs.Filename.URIParameters]). // -// To avoid this, use any of the following PRAGMAs: +// To avoid this, invoke any of the following PRAGMAs +// immediately after opening a connection: // // PRAGMA key='D41d8cD98f00b204e9800998eCf8427e'; // PRAGMA hexkey='e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'; // PRAGMA textkey='your-secret-key'; // +// For an ATTACH-ed database, you must specify the schema name: +// +// ATTACH DATABASE 'demo.db' AS demo; +// PRAGMA demo.textkey='your-secret-key'; +// // [URI]: https://sqlite.org/uri.html package adiantum diff --git a/vfs/adiantum/hbsh.go b/vfs/adiantum/hbsh.go index d11b747..dfbaa5f 100644 --- a/vfs/adiantum/hbsh.go +++ b/vfs/adiantum/hbsh.go @@ -21,10 +21,10 @@ func (h *hbshVFS) Open(name string, flags vfs.OpenFlag) (vfs.File, vfs.OpenFlag, } func (h *hbshVFS) OpenFilename(name *vfs.Filename, flags vfs.OpenFlag) (file vfs.File, _ vfs.OpenFlag, err error) { - if h, ok := h.VFS.(vfs.VFSFilename); ok { - file, flags, err = h.OpenFilename(name, flags) + if hf, ok := h.VFS.(vfs.VFSFilename); ok { + file, flags, err = hf.OpenFilename(name, flags) } else { - file, flags, err = h.Open(name.String(), flags) + file, flags, err = h.VFS.Open(name.String(), flags) } // Encrypt everything except super journals and memory files.