mirror of
https://github.com/octoleo/restic.git
synced 2024-11-16 01:57:10 +00:00
5a16a66973
% benchcmp /tmp/{before,after} benchmark old ns/op new ns/op delta BenchmarkChunkEncrypt 261144414 260252046 -0.34% BenchmarkChunkEncryptParallel 261201438 261267029 +0.03% BenchmarkArchiveDirectory 0.00 0.00 +0.00% BenchmarkEncryptWriter 88297245 87526529 -0.87% BenchmarkEncrypt 87406446 87917897 +0.59% BenchmarkDecryptReader 89948630 90042541 +0.10% BenchmarkEncryptDecryptReader 178374144 179477306 +0.62% BenchmarkDecrypt 88289705 87937073 -0.40% BenchmarkSaveJSON 213917 213571 -0.16% BenchmarkSaveFrom 74881361 75111148 +0.31% benchmark old MB/s new MB/s speedup BenchmarkChunkEncrypt 40.15 40.29 1.00x BenchmarkChunkEncryptParallel 40.14 40.13 1.00x BenchmarkEncryptWriter 95.00 95.84 1.01x BenchmarkEncrypt 95.97 95.41 0.99x BenchmarkDecryptReader 93.26 93.16 1.00x BenchmarkEncryptDecryptReader 47.03 46.74 0.99x BenchmarkDecrypt 95.01 95.39 1.00x BenchmarkSaveFrom 56.01 55.84 1.00x benchmark old allocs new allocs delta BenchmarkChunkEncrypt 113 112 -0.88% BenchmarkChunkEncryptParallel 104 103 -0.96% BenchmarkArchiveDirectory 0 0 +0.00% BenchmarkEncryptWriter 20 20 +0.00% BenchmarkEncrypt 14 14 +0.00% BenchmarkDecryptReader 18 18 +0.00% BenchmarkEncryptDecryptReader 40 45 +12.50% BenchmarkDecrypt 17 16 -5.88% BenchmarkSaveJSON 125 125 +0.00% BenchmarkSaveFrom 116 119 +2.59% benchmark old bytes new bytes delta BenchmarkChunkEncrypt 8515750 118956 -98.60% BenchmarkChunkEncryptParallel 8515766 118972 -98.60% BenchmarkArchiveDirectory 0 0 +0.00% BenchmarkEncryptWriter 28927 28927 +0.00% BenchmarkEncrypt 422313 2473 -99.41% BenchmarkDecryptReader 527827 527827 +0.00% BenchmarkEncryptDecryptReader 4100824 4100870 +0.00% BenchmarkDecrypt 8391127 2509 -99.97% BenchmarkSaveJSON 9208 9208 +0.00% BenchmarkSaveFrom 39694 40541 +2.13%
411 lines
8.9 KiB
Go
411 lines
8.9 KiB
Go
package restic
|
|
|
|
import (
|
|
"compress/zlib"
|
|
"crypto/sha256"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"sync"
|
|
|
|
"github.com/restic/restic/backend"
|
|
"github.com/restic/restic/debug"
|
|
)
|
|
|
|
type Server struct {
|
|
be backend.Backend
|
|
key *Key
|
|
}
|
|
|
|
func NewServer(be backend.Backend) Server {
|
|
return Server{be: be}
|
|
}
|
|
|
|
func NewServerWithKey(be backend.Backend, key *Key) Server {
|
|
return Server{be: be, key: key}
|
|
}
|
|
|
|
// Each lists all entries of type t in the backend and calls function f() with
|
|
// the id and data.
|
|
func (s Server) Each(t backend.Type, f func(id backend.ID, data []byte, err error)) error {
|
|
return backend.Each(s.be, t, f)
|
|
}
|
|
|
|
// Each lists all entries of type t in the backend and calls function f() with
|
|
// the id.
|
|
func (s Server) EachID(t backend.Type, f func(backend.ID)) error {
|
|
return backend.EachID(s.be, t, f)
|
|
}
|
|
|
|
// Find loads the list of all blobs of type t and searches for IDs which start
|
|
// with prefix. If none is found, nil and ErrNoIDPrefixFound is returned. If
|
|
// more than one is found, nil and ErrMultipleIDMatches is returned.
|
|
func (s Server) Find(t backend.Type, prefix string) (backend.ID, error) {
|
|
return backend.Find(s.be, t, prefix)
|
|
}
|
|
|
|
// FindSnapshot takes a string and tries to find a snapshot whose ID matches
|
|
// the string as closely as possible.
|
|
func (s Server) FindSnapshot(id string) (backend.ID, error) {
|
|
return backend.FindSnapshot(s.be, id)
|
|
}
|
|
|
|
// PrefixLength returns the number of bytes required so that all prefixes of
|
|
// all IDs of type t are unique.
|
|
func (s Server) PrefixLength(t backend.Type) (int, error) {
|
|
return backend.PrefixLength(s.be, t)
|
|
}
|
|
|
|
// Load tries to load and decrypt content identified by t and blob from the backend.
|
|
func (s Server) Load(t backend.Type, blob Blob) ([]byte, error) {
|
|
// load data
|
|
buf, err := s.Get(t, blob.Storage)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// check length
|
|
if len(buf) != int(blob.StorageSize) {
|
|
return nil, errors.New("Invalid storage length")
|
|
}
|
|
|
|
// decrypt
|
|
buf, err = s.Decrypt(buf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// check length
|
|
if len(buf) != int(blob.Size) {
|
|
return nil, errors.New("Invalid length")
|
|
}
|
|
|
|
// check SHA256 sum
|
|
id := backend.Hash(buf)
|
|
if !blob.ID.Equal(id) {
|
|
return nil, fmt.Errorf("load %v: expected plaintext hash %v, got %v", blob.Storage, blob.ID, id)
|
|
}
|
|
|
|
return buf, nil
|
|
}
|
|
|
|
// Load tries to load and decrypt content identified by t and id from the backend.
|
|
func (s Server) LoadID(t backend.Type, storageID backend.ID) ([]byte, error) {
|
|
// load data
|
|
buf, err := s.Get(t, storageID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// decrypt
|
|
buf, err = s.Decrypt(buf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return buf, nil
|
|
}
|
|
|
|
// LoadJSON calls Load() to get content from the backend and afterwards calls
|
|
// json.Unmarshal on the item.
|
|
func (s Server) LoadJSON(t backend.Type, blob Blob, item interface{}) error {
|
|
return s.LoadJSONID(t, blob.Storage, item)
|
|
}
|
|
|
|
// LoadJSONID calls Load() to get content from the backend and afterwards calls
|
|
// json.Unmarshal on the item.
|
|
func (s Server) LoadJSONID(t backend.Type, storageID backend.ID, item interface{}) error {
|
|
// read
|
|
rd, err := s.GetReader(t, storageID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// decrypt
|
|
decryptRd, err := s.key.DecryptFrom(rd)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// unzip
|
|
unzipRd, err := zlib.NewReader(decryptRd)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// decode
|
|
decoder := json.NewDecoder(unzipRd)
|
|
err = decoder.Decode(item)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Save encrypts data and stores it to the backend as type t.
|
|
func (s Server) Save(t backend.Type, data []byte, id backend.ID) (Blob, error) {
|
|
if id == nil {
|
|
// compute plaintext hash
|
|
id = backend.Hash(data)
|
|
}
|
|
|
|
// create a new blob
|
|
blob := Blob{
|
|
ID: id,
|
|
Size: uint64(len(data)),
|
|
}
|
|
|
|
var ciphertext []byte
|
|
|
|
// if the data is small enough, use a slice from the pool
|
|
if len(data) <= maxCiphertextSize-ivSize-hmacSize {
|
|
ciphertext = GetChunkBuf("ch.Save()")
|
|
defer FreeChunkBuf("ch.Save()", ciphertext)
|
|
} else {
|
|
l := len(data) + ivSize + hmacSize
|
|
|
|
debug.Log("Server.Save", "create large slice of %d bytes for ciphertext", l)
|
|
|
|
// use a new slice
|
|
ciphertext = make([]byte, l)
|
|
}
|
|
|
|
// encrypt blob
|
|
n, err := s.Encrypt(ciphertext, data)
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
ciphertext = ciphertext[:n]
|
|
|
|
// save blob
|
|
backendBlob, err := s.Create(t)
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
_, err = backendBlob.Write(ciphertext)
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
err = backendBlob.Close()
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
sid, err := backendBlob.ID()
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
blob.Storage = sid
|
|
blob.StorageSize = uint64(len(ciphertext))
|
|
|
|
return blob, nil
|
|
}
|
|
|
|
// SaveFrom encrypts data read from rd and stores it to the backend as type t.
|
|
func (s Server) SaveFrom(t backend.Type, id backend.ID, length uint, rd io.Reader) (Blob, error) {
|
|
if id == nil {
|
|
return Blob{}, errors.New("id is nil")
|
|
}
|
|
|
|
backendBlob, err := s.Create(t)
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
encWr := s.key.EncryptTo(backendBlob)
|
|
|
|
_, err = io.Copy(encWr, rd)
|
|
if err != nil {
|
|
return Blob{}, err
|
|
}
|
|
|
|
// finish encryption
|
|
err = encWr.Close()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("EncryptedWriter.Close(): %v", err)
|
|
}
|
|
|
|
// finish backend blob
|
|
err = backendBlob.Close()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("backend.Blob.Close(): %v", err)
|
|
}
|
|
|
|
storageID, err := backendBlob.ID()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("backend.Blob.ID(): %v", err)
|
|
}
|
|
|
|
return Blob{
|
|
ID: id,
|
|
Size: uint64(length),
|
|
Storage: storageID,
|
|
StorageSize: uint64(backendBlob.Size()),
|
|
}, nil
|
|
}
|
|
|
|
var zWriterPool = sync.Pool{
|
|
New: func() interface{} {
|
|
return zlib.NewWriter(nil)
|
|
},
|
|
}
|
|
|
|
// SaveJSON serialises item as JSON and encrypts and saves it in the backend as
|
|
// type t.
|
|
func (s Server) SaveJSON(t backend.Type, item interface{}) (Blob, error) {
|
|
backendBlob, err := s.Create(t)
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("Create: %v", err)
|
|
}
|
|
|
|
encWr := s.key.EncryptTo(backendBlob)
|
|
wr := zWriterPool.Get().(*zlib.Writer)
|
|
defer zWriterPool.Put(wr)
|
|
wr.Reset(encWr)
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("zlib.NewWriter: %v", err)
|
|
}
|
|
|
|
hw := backend.NewHashingWriter(wr, sha256.New())
|
|
|
|
enc := json.NewEncoder(hw)
|
|
err = enc.Encode(item)
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("json.NewEncoder: %v", err)
|
|
}
|
|
|
|
// flush zlib writer
|
|
err = wr.Close()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("zlib.Writer.Close(): %v", err)
|
|
}
|
|
|
|
// finish encryption
|
|
err = encWr.Close()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("EncryptedWriter.Close(): %v", err)
|
|
}
|
|
|
|
// finish backend blob
|
|
err = backendBlob.Close()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("backend.Blob.Close(): %v", err)
|
|
}
|
|
|
|
id := hw.Sum(nil)
|
|
storageID, err := backendBlob.ID()
|
|
if err != nil {
|
|
return Blob{}, fmt.Errorf("backend.Blob.ID(): %v", err)
|
|
}
|
|
|
|
return Blob{
|
|
ID: id,
|
|
Size: uint64(hw.Size()),
|
|
Storage: storageID,
|
|
StorageSize: uint64(backendBlob.Size()),
|
|
}, nil
|
|
}
|
|
|
|
// Returns the backend used for this server.
|
|
func (s Server) Backend() backend.Backend {
|
|
return s.be
|
|
}
|
|
|
|
func (s *Server) SearchKey(password string) error {
|
|
key, err := SearchKey(*s, password)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
s.key = key
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s Server) Decrypt(ciphertext []byte) ([]byte, error) {
|
|
if s.key == nil {
|
|
return nil, errors.New("key for server not set")
|
|
}
|
|
|
|
return s.key.Decrypt([]byte{}, ciphertext)
|
|
}
|
|
|
|
func (s Server) Encrypt(ciphertext, plaintext []byte) (int, error) {
|
|
if s.key == nil {
|
|
return 0, errors.New("key for server not set")
|
|
}
|
|
|
|
return s.key.Encrypt(ciphertext, plaintext)
|
|
}
|
|
|
|
func (s Server) Key() *Key {
|
|
return s.key
|
|
}
|
|
|
|
// Each calls Each() with the given parameters, Decrypt() on the ciphertext
|
|
// and, on successful decryption, f with the plaintext.
|
|
func (s Server) EachDecrypted(t backend.Type, f func(backend.ID, []byte, error)) error {
|
|
if s.key == nil {
|
|
return errors.New("key for server not set")
|
|
}
|
|
|
|
return s.Each(t, func(id backend.ID, data []byte, e error) {
|
|
if e != nil {
|
|
f(id, nil, e)
|
|
return
|
|
}
|
|
|
|
buf, err := s.key.Decrypt([]byte{}, data)
|
|
if err != nil {
|
|
f(id, nil, err)
|
|
return
|
|
}
|
|
|
|
f(id, buf, nil)
|
|
})
|
|
}
|
|
|
|
// Proxy methods to backend
|
|
|
|
func (s Server) List(t backend.Type) (backend.IDs, error) {
|
|
return s.be.List(t)
|
|
}
|
|
|
|
func (s Server) Get(t backend.Type, id backend.ID) ([]byte, error) {
|
|
return s.be.Get(t, id)
|
|
}
|
|
|
|
func (s Server) GetReader(t backend.Type, id backend.ID) (io.ReadCloser, error) {
|
|
return s.be.GetReader(t, id)
|
|
}
|
|
|
|
func (s Server) Create(t backend.Type) (backend.Blob, error) {
|
|
return s.be.Create(t)
|
|
}
|
|
|
|
func (s Server) Test(t backend.Type, id backend.ID) (bool, error) {
|
|
return s.be.Test(t, id)
|
|
}
|
|
|
|
func (s Server) Remove(t backend.Type, id backend.ID) error {
|
|
return s.be.Remove(t, id)
|
|
}
|
|
|
|
func (s Server) Close() error {
|
|
return s.be.Close()
|
|
}
|
|
|
|
func (s Server) Delete() error {
|
|
if b, ok := s.be.(backend.Deleter); ok {
|
|
return b.Delete()
|
|
}
|
|
|
|
return errors.New("Delete() called for backend that does not implement this method")
|
|
}
|