mirror of
https://github.com/octoleo/restic.git
synced 2024-12-23 03:18:55 +00:00
Remove crypto reader/writer (unused)
This commit is contained in:
parent
11098d6eb0
commit
9afec53c55
@ -4,12 +4,12 @@ import (
|
||||
"bytes"
|
||||
"crypto/rand"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"testing"
|
||||
|
||||
"github.com/restic/chunker"
|
||||
"restic/crypto"
|
||||
. "restic/test"
|
||||
|
||||
"github.com/restic/chunker"
|
||||
)
|
||||
|
||||
const testLargeCrypto = false
|
||||
@ -128,25 +128,6 @@ func TestLargeEncrypt(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkEncryptWriter(b *testing.B) {
|
||||
size := 8 << 20 // 8MiB
|
||||
|
||||
k := crypto.NewRandomKey()
|
||||
|
||||
b.ResetTimer()
|
||||
b.SetBytes(int64(size))
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
rd := RandomLimitReader(23, size)
|
||||
wr := crypto.EncryptTo(k, ioutil.Discard)
|
||||
n, err := io.Copy(wr, rd)
|
||||
OK(b, err)
|
||||
OK(b, wr.Close())
|
||||
Assert(b, n == int64(size),
|
||||
"not enough bytes writter: want %d, got %d", size, n)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkEncrypt(b *testing.B) {
|
||||
size := 8 << 20 // 8MiB
|
||||
data := make([]byte, size)
|
||||
@ -163,55 +144,6 @@ func BenchmarkEncrypt(b *testing.B) {
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkDecryptReader(b *testing.B) {
|
||||
size := 8 << 20 // 8MiB
|
||||
buf := Random(23, size)
|
||||
k := crypto.NewRandomKey()
|
||||
|
||||
ciphertext := make([]byte, len(buf)+crypto.Extension)
|
||||
_, err := crypto.Encrypt(k, ciphertext, buf)
|
||||
OK(b, err)
|
||||
|
||||
rd := bytes.NewReader(ciphertext)
|
||||
|
||||
b.ResetTimer()
|
||||
b.SetBytes(int64(size))
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
rd.Seek(0, 0)
|
||||
decRd, err := crypto.DecryptFrom(k, rd)
|
||||
OK(b, err)
|
||||
|
||||
_, err = io.Copy(ioutil.Discard, decRd)
|
||||
OK(b, err)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkEncryptDecryptReader(b *testing.B) {
|
||||
k := crypto.NewRandomKey()
|
||||
|
||||
size := 8 << 20 // 8MiB
|
||||
|
||||
b.ResetTimer()
|
||||
b.SetBytes(int64(size))
|
||||
|
||||
buf := bytes.NewBuffer(nil)
|
||||
for i := 0; i < b.N; i++ {
|
||||
rd := RandomLimitReader(23, size)
|
||||
buf.Reset()
|
||||
wr := crypto.EncryptTo(k, buf)
|
||||
_, err := io.Copy(wr, rd)
|
||||
OK(b, err)
|
||||
OK(b, wr.Close())
|
||||
|
||||
r, err := crypto.DecryptFrom(k, buf)
|
||||
OK(b, err)
|
||||
|
||||
_, err = io.Copy(ioutil.Discard, r)
|
||||
OK(b, err)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkDecrypt(b *testing.B) {
|
||||
size := 8 << 20 // 8MiB
|
||||
data := make([]byte, size)
|
||||
@ -232,101 +164,3 @@ func BenchmarkDecrypt(b *testing.B) {
|
||||
OK(b, err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncryptStreamWriter(t *testing.T) {
|
||||
k := crypto.NewRandomKey()
|
||||
|
||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||
if testLargeCrypto {
|
||||
tests = append(tests, 7<<20+123)
|
||||
}
|
||||
|
||||
for _, size := range tests {
|
||||
data := Random(42, size)
|
||||
|
||||
ciphertext := bytes.NewBuffer(nil)
|
||||
wr := crypto.EncryptTo(k, ciphertext)
|
||||
|
||||
_, err := io.Copy(wr, bytes.NewReader(data))
|
||||
OK(t, err)
|
||||
OK(t, wr.Close())
|
||||
|
||||
l := len(data) + crypto.Extension
|
||||
Assert(t, len(ciphertext.Bytes()) == l,
|
||||
"wrong ciphertext length: expected %d, got %d",
|
||||
l, len(ciphertext.Bytes()))
|
||||
|
||||
// decrypt with default function
|
||||
plaintext, err := crypto.Decrypt(k, []byte{}, ciphertext.Bytes())
|
||||
OK(t, err)
|
||||
Assert(t, bytes.Equal(data, plaintext),
|
||||
"wrong plaintext after decryption: expected %02x, got %02x",
|
||||
data, plaintext)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecryptStreamReader(t *testing.T) {
|
||||
k := crypto.NewRandomKey()
|
||||
|
||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||
if testLargeCrypto {
|
||||
tests = append(tests, 7<<20+123)
|
||||
}
|
||||
|
||||
for _, size := range tests {
|
||||
data := Random(42, size)
|
||||
var err error
|
||||
ciphertext := make([]byte, size+crypto.Extension)
|
||||
|
||||
// encrypt with default function
|
||||
ciphertext, err = crypto.Encrypt(k, ciphertext, data)
|
||||
OK(t, err)
|
||||
Assert(t, len(ciphertext) == len(data)+crypto.Extension,
|
||||
"wrong number of bytes returned after encryption: expected %d, got %d",
|
||||
len(data)+crypto.Extension, len(ciphertext))
|
||||
|
||||
rd, err := crypto.DecryptFrom(k, bytes.NewReader(ciphertext))
|
||||
OK(t, err)
|
||||
|
||||
plaintext, err := ioutil.ReadAll(rd)
|
||||
OK(t, err)
|
||||
|
||||
Assert(t, bytes.Equal(data, plaintext),
|
||||
"wrong plaintext after decryption: expected %02x, got %02x",
|
||||
data, plaintext)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncryptWriter(t *testing.T) {
|
||||
k := crypto.NewRandomKey()
|
||||
|
||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||
if testLargeCrypto {
|
||||
tests = append(tests, 7<<20+123)
|
||||
}
|
||||
|
||||
for _, size := range tests {
|
||||
data := Random(42, size)
|
||||
|
||||
buf := bytes.NewBuffer(nil)
|
||||
wr := crypto.EncryptTo(k, buf)
|
||||
|
||||
_, err := io.Copy(wr, bytes.NewReader(data))
|
||||
OK(t, err)
|
||||
OK(t, wr.Close())
|
||||
|
||||
ciphertext := buf.Bytes()
|
||||
|
||||
l := len(data) + crypto.Extension
|
||||
Assert(t, len(ciphertext) == l,
|
||||
"wrong ciphertext length: expected %d, got %d",
|
||||
l, len(ciphertext))
|
||||
|
||||
// decrypt with default function
|
||||
plaintext, err := crypto.Decrypt(k, []byte{}, ciphertext)
|
||||
OK(t, err)
|
||||
Assert(t, bytes.Equal(data, plaintext),
|
||||
"wrong plaintext after decryption: expected %02x, got %02x",
|
||||
data, plaintext)
|
||||
}
|
||||
}
|
||||
|
@ -1,87 +0,0 @@
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"io"
|
||||
)
|
||||
|
||||
type decryptReader struct {
|
||||
buf []byte
|
||||
rd *bytes.Reader
|
||||
}
|
||||
|
||||
func (d *decryptReader) Read(dst []byte) (n int, err error) {
|
||||
if d.buf == nil {
|
||||
return 0, io.EOF
|
||||
}
|
||||
|
||||
n, err = d.rd.Read(dst)
|
||||
if err == io.EOF {
|
||||
d.free()
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func (d *decryptReader) free() {
|
||||
freeBuffer(d.buf)
|
||||
d.buf = nil
|
||||
}
|
||||
|
||||
func (d *decryptReader) Close() error {
|
||||
if d == nil || d.buf == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
d.free()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *decryptReader) ReadByte() (c byte, err error) {
|
||||
if d.buf == nil {
|
||||
return 0, io.EOF
|
||||
}
|
||||
|
||||
c, err = d.rd.ReadByte()
|
||||
if err == io.EOF {
|
||||
d.free()
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func (d *decryptReader) WriteTo(w io.Writer) (n int64, err error) {
|
||||
if d.buf == nil {
|
||||
return 0, errors.New("WriteTo() called on drained reader")
|
||||
}
|
||||
|
||||
n, err = d.rd.WriteTo(w)
|
||||
d.free()
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// DecryptFrom verifies and decrypts the ciphertext read from rd with ks and
|
||||
// makes it available on the returned Reader. Ciphertext must be in the form IV
|
||||
// || Ciphertext || MAC. In order to correctly verify the ciphertext, rd is
|
||||
// drained, locally buffered and made available on the returned Reader
|
||||
// afterwards. If a MAC verification failure is observed, it is returned
|
||||
// immediately.
|
||||
func DecryptFrom(ks *Key, rd io.Reader) (io.ReadCloser, error) {
|
||||
buf := bytes.NewBuffer(getBuffer()[:0])
|
||||
_, err := buf.ReadFrom(rd)
|
||||
if err != nil {
|
||||
return (*decryptReader)(nil), err
|
||||
}
|
||||
|
||||
ciphertext := buf.Bytes()
|
||||
|
||||
ciphertext, err = Decrypt(ks, ciphertext, ciphertext)
|
||||
if err != nil {
|
||||
freeBuffer(ciphertext)
|
||||
return (*decryptReader)(nil), err
|
||||
}
|
||||
|
||||
return &decryptReader{buf: ciphertext, rd: bytes.NewReader(ciphertext)}, nil
|
||||
}
|
@ -1,88 +0,0 @@
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
type encryptWriter struct {
|
||||
data []byte
|
||||
key *Key
|
||||
s cipher.Stream
|
||||
w io.Writer
|
||||
closed bool
|
||||
}
|
||||
|
||||
func (e *encryptWriter) Close() error {
|
||||
if e == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if e.closed {
|
||||
return errors.New("Close() called on already closed writer")
|
||||
}
|
||||
e.closed = true
|
||||
|
||||
// encrypt everything
|
||||
iv, c := e.data[:ivSize], e.data[ivSize:]
|
||||
e.s.XORKeyStream(c, c)
|
||||
|
||||
// compute mac
|
||||
mac := poly1305MAC(c, iv, &e.key.MAC)
|
||||
e.data = append(e.data, mac...)
|
||||
|
||||
// write everything
|
||||
n, err := e.w.Write(e.data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if n != len(e.data) {
|
||||
return errors.New("not all bytes written")
|
||||
}
|
||||
|
||||
// return buffer to pool
|
||||
freeBuffer(e.data)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *encryptWriter) Write(p []byte) (int, error) {
|
||||
// if e.data is too small, return it to the buffer and create new slice
|
||||
if cap(e.data) < len(e.data)+len(p) {
|
||||
b := make([]byte, len(e.data), len(e.data)*2)
|
||||
copy(b, e.data)
|
||||
freeBuffer(e.data)
|
||||
e.data = b
|
||||
}
|
||||
|
||||
// copy new data to e.data
|
||||
e.data = append(e.data, p...)
|
||||
return len(p), nil
|
||||
}
|
||||
|
||||
// EncryptTo buffers data written to the returned io.WriteCloser. When Close()
|
||||
// is called, the data is encrypted and written to the underlying writer.
|
||||
func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser {
|
||||
ew := &encryptWriter{
|
||||
data: getBuffer(),
|
||||
key: ks,
|
||||
}
|
||||
|
||||
// buffer iv for mac
|
||||
ew.data = ew.data[:ivSize]
|
||||
copy(ew.data, newIV())
|
||||
|
||||
c, err := aes.NewCipher(ks.Encrypt[:])
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("unable to create cipher: %v", err))
|
||||
}
|
||||
|
||||
ew.s = cipher.NewCTR(c, ew.data[:ivSize])
|
||||
ew.w = wr
|
||||
|
||||
return ew
|
||||
}
|
Loading…
Reference in New Issue
Block a user