From 1213d87b1a032c65d5f59eff7e2012fb9cbb0f13 Mon Sep 17 00:00:00 2001 From: Alexander Neumann Date: Sun, 3 May 2015 18:04:13 +0200 Subject: [PATCH] server: Only save crypto.Key At the moment, the server doesn't need the full server.Key (master and user key), just the master key. --- archiver_test.go | 10 +++++----- cmd/restic/cmd_cat.go | 2 +- cmd/restic/cmd_key.go | 6 +++--- server/key.go | 4 ++-- server/server.go | 38 +++++++++++++++++++++++--------------- 5 files changed, 34 insertions(+), 26 deletions(-) diff --git a/archiver_test.go b/archiver_test.go index dce0e0b7e..deead2ba1 100644 --- a/archiver_test.go +++ b/archiver_test.go @@ -9,8 +9,8 @@ import ( "github.com/restic/restic" "github.com/restic/restic/backend" "github.com/restic/restic/chunker" + "github.com/restic/restic/crypto" "github.com/restic/restic/pack" - "github.com/restic/restic/server" . "github.com/restic/restic/test" ) @@ -24,7 +24,7 @@ type Rdr interface { io.ReaderAt } -func benchmarkChunkEncrypt(b testing.TB, buf, buf2 []byte, rd Rdr, key *server.Key) { +func benchmarkChunkEncrypt(b testing.TB, buf, buf2 []byte, rd Rdr, key *crypto.Key) { ch := restic.GetChunker("BenchmarkChunkEncrypt") rd.Seek(0, 0) ch.Reset(rd, testPol) @@ -44,7 +44,7 @@ func benchmarkChunkEncrypt(b testing.TB, buf, buf2 []byte, rd Rdr, key *server.K OK(b, err) Assert(b, uint(n) == chunk.Length, "invalid length: got %d, expected %d", n, chunk.Length) - _, err = key.Encrypt(buf2, buf) + _, err = crypto.Encrypt(key, buf2, buf) OK(b, err) } @@ -72,7 +72,7 @@ func BenchmarkChunkEncrypt(b *testing.B) { restic.FreeChunkBuf("BenchmarkChunkEncrypt", buf2) } -func benchmarkChunkEncryptP(b *testing.PB, buf []byte, rd Rdr, key *server.Key) { +func benchmarkChunkEncryptP(b *testing.PB, buf []byte, rd Rdr, key *crypto.Key) { ch := restic.GetChunker("BenchmarkChunkEncryptP") rd.Seek(0, 0) ch.Reset(rd, testPol) @@ -86,7 +86,7 @@ func benchmarkChunkEncryptP(b *testing.PB, buf []byte, rd Rdr, key *server.Key) // reduce length of chunkBuf buf = buf[:chunk.Length] io.ReadFull(chunk.Reader(rd), buf) - key.Encrypt(buf, buf) + crypto.Encrypt(key, buf, buf) } restic.FreeChunker("BenchmarkChunkEncryptP", ch) diff --git a/cmd/restic/cmd_cat.go b/cmd/restic/cmd_cat.go index b4914645d..8fa54ed27 100644 --- a/cmd/restic/cmd_cat.go +++ b/cmd/restic/cmd_cat.go @@ -121,7 +121,7 @@ func (cmd CmdCat) Execute(args []string) error { fmt.Println(string(buf)) return nil case "masterkey": - buf, err := json.MarshalIndent(s.Key().Master(), "", " ") + buf, err := json.MarshalIndent(s.Key(), "", " ") if err != nil { return err } diff --git a/cmd/restic/cmd_key.go b/cmd/restic/cmd_key.go index 9e87ff247..de58d50cb 100644 --- a/cmd/restic/cmd_key.go +++ b/cmd/restic/cmd_key.go @@ -42,7 +42,7 @@ func listKeys(s *server.Server) error { } var current string - if name == s.Key().Name() { + if name == s.KeyName() { current = "*" } else { current = " " @@ -75,7 +75,7 @@ func addKey(s *server.Server) error { } func deleteKey(s *server.Server, name string) error { - if name == s.Key().Name() { + if name == s.KeyName() { return errors.New("refusing to remove key currently used to access repository") } @@ -103,7 +103,7 @@ func changePassword(s *server.Server) error { } // remove old key - err = s.Remove(backend.Key, s.Key().Name()) + err = s.Remove(backend.Key, s.KeyName()) if err != nil { return err } diff --git a/server/key.go b/server/key.go index 097ff6051..121235dba 100644 --- a/server/key.go +++ b/server/key.go @@ -132,7 +132,7 @@ func LoadKey(s *Server, name string) (*Key, error) { } // AddKey adds a new key to an already existing repository. -func AddKey(s *Server, password string, template *Key) (*Key, error) { +func AddKey(s *Server, password string, template *crypto.Key) (*Key, error) { // fill meta data about key newkey := &Key{ Created: time.Now(), @@ -170,7 +170,7 @@ func AddKey(s *Server, password string, template *Key) (*Key, error) { newkey.master = crypto.NewRandomKey() } else { // copy master keys from old key - newkey.master = template.master + newkey.master = template } // encrypt master keys (as json) with user key diff --git a/server/server.go b/server/server.go index 22da63083..696dedee7 100644 --- a/server/server.go +++ b/server/server.go @@ -14,6 +14,7 @@ import ( "github.com/restic/restic/backend" "github.com/restic/restic/chunker" + "github.com/restic/restic/crypto" "github.com/restic/restic/debug" "github.com/restic/restic/pack" ) @@ -27,10 +28,11 @@ type Config struct { // Server is used to access a repository in a backend. type Server struct { - be backend.Backend - Config Config - key *Key - idx *Index + be backend.Backend + Config Config + key *crypto.Key + keyName string + idx *Index pm sync.Mutex packs []*pack.Packer @@ -158,7 +160,7 @@ func (s *Server) LoadJSONUnpacked(t backend.Type, id backend.ID, item interface{ defer rd.Close() // decrypt - decryptRd, err := s.key.DecryptFrom(rd) + decryptRd, err := crypto.DecryptFrom(s.key, rd) defer decryptRd.Close() if err != nil { return err @@ -191,7 +193,7 @@ func (s *Server) LoadJSONPack(t pack.BlobType, id backend.ID, item interface{}) defer rd.Close() // decrypt - decryptRd, err := s.key.DecryptFrom(rd) + decryptRd, err := crypto.DecryptFrom(s.key, rd) defer decryptRd.Close() if err != nil { return err @@ -236,7 +238,7 @@ func (s *Server) findPacker(size uint) (*pack.Packer, error) { return nil, err } debug.Log("Server.findPacker", "create new pack %p", blob) - return pack.NewPacker(s.key.Master(), blob), nil + return pack.NewPacker(s.key, blob), nil } // insertPacker appends p to s.packs. @@ -382,7 +384,7 @@ func (s *Server) SaveJSONUnpacked(t backend.Type, item interface{}) (backend.ID, hw := backend.NewHashingWriter(blob, sha256.New()) // encrypt blob - ewr := s.key.EncryptTo(hw) + ewr := crypto.EncryptTo(s.key, hw) enc := json.NewEncoder(ewr) err = enc.Encode(item) @@ -454,7 +456,7 @@ func (s *Server) SaveIndex() (backend.ID, error) { hw := backend.NewHashingWriter(blob, sha256.New()) // encrypt blob - ewr := s.key.EncryptTo(hw) + ewr := crypto.EncryptTo(s.key, hw) err = s.idx.Encode(ewr) if err != nil { @@ -507,7 +509,7 @@ func (s *Server) loadIndex(id string) error { } // decrypt - decryptRd, err := s.key.DecryptFrom(rd) + decryptRd, err := crypto.DecryptFrom(s.key, rd) defer decryptRd.Close() if err != nil { return err @@ -572,7 +574,8 @@ func (s *Server) SearchKey(password string) error { return err } - s.key = key + s.key = key.Master() + s.keyName = key.Name() return s.loadConfig(&s.Config) } @@ -592,7 +595,8 @@ func (s *Server) CreateMasterKey(password string) error { return err } - s.key = key + s.key = key.Master() + s.keyName = key.Name() return s.createConfig() } @@ -601,7 +605,7 @@ func (s *Server) Decrypt(ciphertext []byte) ([]byte, error) { return nil, errors.New("key for server not set") } - return s.key.Decrypt(nil, ciphertext) + return crypto.Decrypt(s.key, nil, ciphertext) } func (s *Server) Encrypt(ciphertext, plaintext []byte) ([]byte, error) { @@ -609,13 +613,17 @@ func (s *Server) Encrypt(ciphertext, plaintext []byte) ([]byte, error) { return nil, errors.New("key for server not set") } - return s.key.Encrypt(ciphertext, plaintext) + return crypto.Encrypt(s.key, ciphertext, plaintext) } -func (s *Server) Key() *Key { +func (s *Server) Key() *crypto.Key { return s.key } +func (s *Server) KeyName() string { + return s.keyName +} + // Count returns the number of blobs of a given type in the backend. func (s *Server) Count(t backend.Type) (n uint) { for _ = range s.be.List(t, nil) {