mirror of
https://github.com/octoleo/restic.git
synced 2024-12-23 11:28:54 +00:00
Add stream functions for decrypt
This commit is contained in:
parent
c6901af5aa
commit
a564a454c4
74
key.go
74
key.go
@ -12,6 +12,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"hash"
|
"hash"
|
||||||
"io"
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/user"
|
"os/user"
|
||||||
"time"
|
"time"
|
||||||
@ -462,6 +463,79 @@ func (k *Key) DecryptUser(ciphertext []byte) ([]byte, error) {
|
|||||||
return k.decrypt(k.user, ciphertext)
|
return k.decrypt(k.user, ciphertext)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// decryptFrom verifies and decrypts the ciphertext read from rd with ks and
|
||||||
|
// makes it available on the returned Reader. Ciphertext must be in the form IV
|
||||||
|
// || Ciphertext || HMAC. In order to correctly verify the ciphertext, rd is
|
||||||
|
// drained, locally buffered and made available on the returned Reader
|
||||||
|
// afterwards. If an HMAC verification failure is observed, it is returned
|
||||||
|
// immediately.
|
||||||
|
func (k *Key) decryptFrom(ks *keys, rd io.Reader) (io.Reader, error) {
|
||||||
|
ciphertext, err := ioutil.ReadAll(rd)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// check for plausible length
|
||||||
|
if len(ciphertext) < ivSize+hmacSize {
|
||||||
|
panic("trying to decryipt invalid data: ciphertext too small")
|
||||||
|
}
|
||||||
|
|
||||||
|
hm := hmac.New(sha256.New, ks.Sign)
|
||||||
|
|
||||||
|
// extract hmac
|
||||||
|
l := len(ciphertext) - hm.Size()
|
||||||
|
ciphertext, mac := ciphertext[:l], ciphertext[l:]
|
||||||
|
|
||||||
|
// calculate new hmac
|
||||||
|
n, err := hm.Write(ciphertext)
|
||||||
|
if err != nil || n != len(ciphertext) {
|
||||||
|
panic(fmt.Sprintf("unable to calculate hmac of ciphertext, err %v", err))
|
||||||
|
}
|
||||||
|
|
||||||
|
// verify hmac
|
||||||
|
mac2 := hm.Sum(nil)
|
||||||
|
|
||||||
|
if !hmac.Equal(mac, mac2) {
|
||||||
|
return nil, ErrUnauthenticated
|
||||||
|
}
|
||||||
|
|
||||||
|
// extract iv
|
||||||
|
iv, ciphertext := ciphertext[:aes.BlockSize], ciphertext[aes.BlockSize:]
|
||||||
|
|
||||||
|
// decrypt data
|
||||||
|
c, err := aes.NewCipher(ks.Encrypt)
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Sprintf("unable to create cipher: %v", err))
|
||||||
|
}
|
||||||
|
|
||||||
|
r := cipher.StreamReader{
|
||||||
|
S: cipher.NewCTR(c, iv),
|
||||||
|
R: bytes.NewReader(ciphertext),
|
||||||
|
}
|
||||||
|
|
||||||
|
return r, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecryptFrom verifies and decrypts the ciphertext read from rd and makes it
|
||||||
|
// available on the returned Reader. Ciphertext must be in the form IV ||
|
||||||
|
// Ciphertext || HMAC. In order to correctly verify the ciphertext, rd is
|
||||||
|
// drained, locally buffered and made available on the returned Reader
|
||||||
|
// afterwards. If an HMAC verification failure is observed, it is returned
|
||||||
|
// immediately.
|
||||||
|
func (k *Key) DecryptFrom(rd io.Reader) (io.Reader, error) {
|
||||||
|
return k.decryptFrom(k.master, rd)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecryptFrom verifies and decrypts the ciphertext read from rd with the user
|
||||||
|
// key and makes it available on the returned Reader. Ciphertext must be in the
|
||||||
|
// form IV || Ciphertext || HMAC. In order to correctly verify the ciphertext,
|
||||||
|
// rd is drained, locally buffered and made available on the returned Reader
|
||||||
|
// afterwards. If an HMAC verification failure is observed, it is returned
|
||||||
|
// immediately.
|
||||||
|
func (k *Key) DecryptUserFrom(rd io.Reader) (io.Reader, error) {
|
||||||
|
return k.decryptFrom(k.user, rd)
|
||||||
|
}
|
||||||
|
|
||||||
func (k *Key) String() string {
|
func (k *Key) String() string {
|
||||||
if k == nil {
|
if k == nil {
|
||||||
return "<Key nil>"
|
return "<Key nil>"
|
||||||
|
84
key_test.go
84
key_test.go
@ -164,6 +164,54 @@ func BenchmarkEncrypt(b *testing.B) {
|
|||||||
restic.FreeChunkBuf("BenchmarkEncrypt", buf)
|
restic.FreeChunkBuf("BenchmarkEncrypt", buf)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func BenchmarkDecryptReader(b *testing.B) {
|
||||||
|
be := setupBackend(b)
|
||||||
|
defer teardownBackend(b, be)
|
||||||
|
k := setupKey(b, be, testPassword)
|
||||||
|
|
||||||
|
size := 8 << 20 // 8MiB
|
||||||
|
buf := get_random(23, size)
|
||||||
|
|
||||||
|
ciphertext := make([]byte, len(buf)+restic.CiphertextExtension)
|
||||||
|
_, err := k.Encrypt(ciphertext, buf)
|
||||||
|
ok(b, err)
|
||||||
|
|
||||||
|
rd := bytes.NewReader(ciphertext)
|
||||||
|
|
||||||
|
b.ResetTimer()
|
||||||
|
b.SetBytes(int64(size))
|
||||||
|
|
||||||
|
for i := 0; i < b.N; i++ {
|
||||||
|
rd.Seek(0, 0)
|
||||||
|
decRd, err := k.DecryptFrom(rd)
|
||||||
|
ok(b, err)
|
||||||
|
|
||||||
|
_, err = io.Copy(ioutil.Discard, decRd)
|
||||||
|
ok(b, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func BenchmarkEncryptDecryptReader(b *testing.B) {
|
||||||
|
be := setupBackend(b)
|
||||||
|
defer teardownBackend(b, be)
|
||||||
|
k := setupKey(b, be, testPassword)
|
||||||
|
|
||||||
|
size := 8 << 20 // 8MiB
|
||||||
|
rd := randomReader(23, size)
|
||||||
|
|
||||||
|
b.ResetTimer()
|
||||||
|
b.SetBytes(int64(size))
|
||||||
|
|
||||||
|
for i := 0; i < b.N; i++ {
|
||||||
|
rd.Seek(0, 0)
|
||||||
|
decRd, err := k.DecryptFrom(k.EncryptFrom(rd))
|
||||||
|
ok(b, err)
|
||||||
|
|
||||||
|
_, err = io.Copy(ioutil.Discard, decRd)
|
||||||
|
ok(b, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func BenchmarkDecrypt(b *testing.B) {
|
func BenchmarkDecrypt(b *testing.B) {
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
data := make([]byte, size)
|
data := make([]byte, size)
|
||||||
@ -255,3 +303,39 @@ func TestEncryptStreamReader(t *testing.T) {
|
|||||||
data, plaintext)
|
data, plaintext)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDecryptStreamReader(t *testing.T) {
|
||||||
|
s := setupBackend(t)
|
||||||
|
defer teardownBackend(t, s)
|
||||||
|
k := setupKey(t, s, testPassword)
|
||||||
|
|
||||||
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||||
|
if *testLargeCrypto {
|
||||||
|
tests = append(tests, 7<<20+123)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, size := range tests {
|
||||||
|
data := make([]byte, size)
|
||||||
|
_, err := io.ReadFull(randomReader(42, size), data)
|
||||||
|
ok(t, err)
|
||||||
|
|
||||||
|
ciphertext := make([]byte, size+restic.CiphertextExtension)
|
||||||
|
|
||||||
|
// encrypt with default function
|
||||||
|
n, err := k.Encrypt(ciphertext, data)
|
||||||
|
ok(t, err)
|
||||||
|
assert(t, n == len(data)+restic.CiphertextExtension,
|
||||||
|
"wrong number of bytes returned after encryption: expected %d, got %d",
|
||||||
|
len(data)+restic.CiphertextExtension, n)
|
||||||
|
|
||||||
|
rd, err := k.DecryptFrom(bytes.NewReader(ciphertext))
|
||||||
|
ok(t, err)
|
||||||
|
|
||||||
|
plaintext, err := ioutil.ReadAll(rd)
|
||||||
|
ok(t, err)
|
||||||
|
|
||||||
|
assert(t, bytes.Equal(data, plaintext),
|
||||||
|
"wrong plaintext after decryption: expected %02x, got %02x",
|
||||||
|
data, plaintext)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user