mirror of
https://github.com/octoleo/restic.git
synced 2024-12-23 03:18:55 +00:00
Add stream functions for decrypt
This commit is contained in:
parent
c6901af5aa
commit
a564a454c4
74
key.go
74
key.go
@ -12,6 +12,7 @@ import (
|
||||
"fmt"
|
||||
"hash"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/user"
|
||||
"time"
|
||||
@ -462,6 +463,79 @@ func (k *Key) DecryptUser(ciphertext []byte) ([]byte, error) {
|
||||
return k.decrypt(k.user, ciphertext)
|
||||
}
|
||||
|
||||
// decryptFrom verifies and decrypts the ciphertext read from rd with ks and
|
||||
// makes it available on the returned Reader. Ciphertext must be in the form IV
|
||||
// || Ciphertext || HMAC. In order to correctly verify the ciphertext, rd is
|
||||
// drained, locally buffered and made available on the returned Reader
|
||||
// afterwards. If an HMAC verification failure is observed, it is returned
|
||||
// immediately.
|
||||
func (k *Key) decryptFrom(ks *keys, rd io.Reader) (io.Reader, error) {
|
||||
ciphertext, err := ioutil.ReadAll(rd)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// check for plausible length
|
||||
if len(ciphertext) < ivSize+hmacSize {
|
||||
panic("trying to decryipt invalid data: ciphertext too small")
|
||||
}
|
||||
|
||||
hm := hmac.New(sha256.New, ks.Sign)
|
||||
|
||||
// extract hmac
|
||||
l := len(ciphertext) - hm.Size()
|
||||
ciphertext, mac := ciphertext[:l], ciphertext[l:]
|
||||
|
||||
// calculate new hmac
|
||||
n, err := hm.Write(ciphertext)
|
||||
if err != nil || n != len(ciphertext) {
|
||||
panic(fmt.Sprintf("unable to calculate hmac of ciphertext, err %v", err))
|
||||
}
|
||||
|
||||
// verify hmac
|
||||
mac2 := hm.Sum(nil)
|
||||
|
||||
if !hmac.Equal(mac, mac2) {
|
||||
return nil, ErrUnauthenticated
|
||||
}
|
||||
|
||||
// extract iv
|
||||
iv, ciphertext := ciphertext[:aes.BlockSize], ciphertext[aes.BlockSize:]
|
||||
|
||||
// decrypt data
|
||||
c, err := aes.NewCipher(ks.Encrypt)
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("unable to create cipher: %v", err))
|
||||
}
|
||||
|
||||
r := cipher.StreamReader{
|
||||
S: cipher.NewCTR(c, iv),
|
||||
R: bytes.NewReader(ciphertext),
|
||||
}
|
||||
|
||||
return r, nil
|
||||
}
|
||||
|
||||
// DecryptFrom verifies and decrypts the ciphertext read from rd and makes it
|
||||
// available on the returned Reader. Ciphertext must be in the form IV ||
|
||||
// Ciphertext || HMAC. In order to correctly verify the ciphertext, rd is
|
||||
// drained, locally buffered and made available on the returned Reader
|
||||
// afterwards. If an HMAC verification failure is observed, it is returned
|
||||
// immediately.
|
||||
func (k *Key) DecryptFrom(rd io.Reader) (io.Reader, error) {
|
||||
return k.decryptFrom(k.master, rd)
|
||||
}
|
||||
|
||||
// DecryptFrom verifies and decrypts the ciphertext read from rd with the user
|
||||
// key and makes it available on the returned Reader. Ciphertext must be in the
|
||||
// form IV || Ciphertext || HMAC. In order to correctly verify the ciphertext,
|
||||
// rd is drained, locally buffered and made available on the returned Reader
|
||||
// afterwards. If an HMAC verification failure is observed, it is returned
|
||||
// immediately.
|
||||
func (k *Key) DecryptUserFrom(rd io.Reader) (io.Reader, error) {
|
||||
return k.decryptFrom(k.user, rd)
|
||||
}
|
||||
|
||||
func (k *Key) String() string {
|
||||
if k == nil {
|
||||
return "<Key nil>"
|
||||
|
84
key_test.go
84
key_test.go
@ -164,6 +164,54 @@ func BenchmarkEncrypt(b *testing.B) {
|
||||
restic.FreeChunkBuf("BenchmarkEncrypt", buf)
|
||||
}
|
||||
|
||||
func BenchmarkDecryptReader(b *testing.B) {
|
||||
be := setupBackend(b)
|
||||
defer teardownBackend(b, be)
|
||||
k := setupKey(b, be, testPassword)
|
||||
|
||||
size := 8 << 20 // 8MiB
|
||||
buf := get_random(23, size)
|
||||
|
||||
ciphertext := make([]byte, len(buf)+restic.CiphertextExtension)
|
||||
_, err := k.Encrypt(ciphertext, buf)
|
||||
ok(b, err)
|
||||
|
||||
rd := bytes.NewReader(ciphertext)
|
||||
|
||||
b.ResetTimer()
|
||||
b.SetBytes(int64(size))
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
rd.Seek(0, 0)
|
||||
decRd, err := k.DecryptFrom(rd)
|
||||
ok(b, err)
|
||||
|
||||
_, err = io.Copy(ioutil.Discard, decRd)
|
||||
ok(b, err)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkEncryptDecryptReader(b *testing.B) {
|
||||
be := setupBackend(b)
|
||||
defer teardownBackend(b, be)
|
||||
k := setupKey(b, be, testPassword)
|
||||
|
||||
size := 8 << 20 // 8MiB
|
||||
rd := randomReader(23, size)
|
||||
|
||||
b.ResetTimer()
|
||||
b.SetBytes(int64(size))
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
rd.Seek(0, 0)
|
||||
decRd, err := k.DecryptFrom(k.EncryptFrom(rd))
|
||||
ok(b, err)
|
||||
|
||||
_, err = io.Copy(ioutil.Discard, decRd)
|
||||
ok(b, err)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkDecrypt(b *testing.B) {
|
||||
size := 8 << 20 // 8MiB
|
||||
data := make([]byte, size)
|
||||
@ -255,3 +303,39 @@ func TestEncryptStreamReader(t *testing.T) {
|
||||
data, plaintext)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecryptStreamReader(t *testing.T) {
|
||||
s := setupBackend(t)
|
||||
defer teardownBackend(t, s)
|
||||
k := setupKey(t, s, testPassword)
|
||||
|
||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||
if *testLargeCrypto {
|
||||
tests = append(tests, 7<<20+123)
|
||||
}
|
||||
|
||||
for _, size := range tests {
|
||||
data := make([]byte, size)
|
||||
_, err := io.ReadFull(randomReader(42, size), data)
|
||||
ok(t, err)
|
||||
|
||||
ciphertext := make([]byte, size+restic.CiphertextExtension)
|
||||
|
||||
// encrypt with default function
|
||||
n, err := k.Encrypt(ciphertext, data)
|
||||
ok(t, err)
|
||||
assert(t, n == len(data)+restic.CiphertextExtension,
|
||||
"wrong number of bytes returned after encryption: expected %d, got %d",
|
||||
len(data)+restic.CiphertextExtension, n)
|
||||
|
||||
rd, err := k.DecryptFrom(bytes.NewReader(ciphertext))
|
||||
ok(t, err)
|
||||
|
||||
plaintext, err := ioutil.ReadAll(rd)
|
||||
ok(t, err)
|
||||
|
||||
assert(t, bytes.Equal(data, plaintext),
|
||||
"wrong plaintext after decryption: expected %02x, got %02x",
|
||||
data, plaintext)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user