mirror of
https://github.com/octoleo/restic.git
synced 2024-11-17 02:25:12 +00:00
662e07d17a
HMAC-SHA256 calls SHA256() twice which is very expensive. Therefore, this commit uses Poly1305-AES instead of HMAC-SHA256. benchcmp: benchmark old ns/op new ns/op delta BenchmarkChunkEncrypt 261033772 195114818 -25.25% BenchmarkChunkEncryptParallel 260973195 195787368 -24.98% BenchmarkArchiveDirectory 1050500651 1002615884 -4.56% BenchmarkPreload 23544286 24994508 +6.16% BenchmarkLoadTree 350065 427665 +22.17% BenchmarkEncryptWriter 87789753 31069126 -64.61% BenchmarkEncrypt 88283197 38259043 -56.66% BenchmarkDecryptReader 90478843 40714818 -55.00% BenchmarkEncryptDecryptReader 179917626 81231730 -54.85% BenchmarkDecrypt 87871591 37784207 -57.00% BenchmarkSaveJSON 52481 56861 +8.35% BenchmarkSaveFrom 75404085 51108596 -32.22% BenchmarkLoadJSONID 90545437 82696805 -8.67% benchmark old MB/s new MB/s speedup BenchmarkChunkEncrypt 40.17 53.74 1.34x BenchmarkChunkEncryptParallel 40.18 53.56 1.33x BenchmarkEncryptWriter 95.55 270.00 2.83x BenchmarkEncrypt 95.02 219.26 2.31x BenchmarkDecryptReader 92.71 206.03 2.22x BenchmarkEncryptDecryptReader 46.62 103.27 2.22x BenchmarkDecrypt 95.46 222.01 2.33x BenchmarkSaveFrom 55.62 82.07 1.48x benchmark old allocs new allocs delta BenchmarkChunkEncrypt 112 110 -1.79% BenchmarkChunkEncryptParallel 103 100 -2.91% BenchmarkArchiveDirectory 383704 392083 +2.18% BenchmarkPreload 21765 21874 +0.50% BenchmarkLoadTree 341 436 +27.86% BenchmarkEncryptWriter 20 17 -15.00% BenchmarkEncrypt 14 13 -7.14% BenchmarkDecryptReader 18 15 -16.67% BenchmarkEncryptDecryptReader 46 39 -15.22% BenchmarkDecrypt 16 12 -25.00% BenchmarkSaveJSON 81 86 +6.17% BenchmarkSaveFrom 117 121 +3.42% BenchmarkLoadJSONID 80525 80264 -0.32% benchmark old bytes new bytes delta BenchmarkChunkEncrypt 118956 64697 -45.61% BenchmarkChunkEncryptParallel 118972 64681 -45.63% BenchmarkArchiveDirectory 160236600 177498232 +10.77% BenchmarkPreload 2772488 3302992 +19.13% BenchmarkLoadTree 49102 46484 -5.33% BenchmarkEncryptWriter 28927 8388146 +28897.64% BenchmarkEncrypt 2473 1950 -21.15% BenchmarkDecryptReader 527827 2774 -99.47% BenchmarkEncryptDecryptReader 4100875 1528036 -62.74% BenchmarkDecrypt 2509 2154 -14.15% BenchmarkSaveJSON 4971 5892 +18.53% BenchmarkSaveFrom 40117 31742 -20.88% BenchmarkLoadJSONID 9444217 9442106 -0.02% This closes #102.
319 lines
6.9 KiB
Go
319 lines
6.9 KiB
Go
package restic_test
|
|
|
|
import (
|
|
"bytes"
|
|
"io"
|
|
"io/ioutil"
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/restic/restic"
|
|
"github.com/restic/restic/chunker"
|
|
)
|
|
|
|
func TestEncryptDecrypt(t *testing.T) {
|
|
s := setupBackend(t)
|
|
defer teardownBackend(t, s)
|
|
k := setupKey(t, s, testPassword)
|
|
|
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
|
if *testLargeCrypto {
|
|
tests = append(tests, 7<<20+123)
|
|
}
|
|
|
|
for _, size := range tests {
|
|
data := make([]byte, size)
|
|
_, err := io.ReadFull(randomReader(42, size), data)
|
|
ok(t, err)
|
|
|
|
ciphertext := restic.GetChunkBuf("TestEncryptDecrypt")
|
|
n, err := k.Encrypt(ciphertext, data)
|
|
ok(t, err)
|
|
|
|
plaintext, err := k.Decrypt(nil, ciphertext[:n])
|
|
ok(t, err)
|
|
|
|
restic.FreeChunkBuf("TestEncryptDecrypt", ciphertext)
|
|
|
|
equals(t, plaintext, data)
|
|
}
|
|
}
|
|
|
|
func TestSmallBuffer(t *testing.T) {
|
|
s := setupBackend(t)
|
|
defer teardownBackend(t, s)
|
|
k := setupKey(t, s, testPassword)
|
|
|
|
size := 600
|
|
data := make([]byte, size)
|
|
f, err := os.Open("/dev/urandom")
|
|
ok(t, err)
|
|
|
|
_, err = io.ReadFull(f, data)
|
|
ok(t, err)
|
|
|
|
ciphertext := make([]byte, size/2)
|
|
_, err = k.Encrypt(ciphertext, data)
|
|
// this must throw an error, since the target slice is too small
|
|
assert(t, err != nil && err == restic.ErrBufferTooSmall,
|
|
"expected restic.ErrBufferTooSmall, got %#v", err)
|
|
}
|
|
|
|
func TestLargeEncrypt(t *testing.T) {
|
|
if !*testLargeCrypto {
|
|
t.SkipNow()
|
|
}
|
|
|
|
s := setupBackend(t)
|
|
defer teardownBackend(t, s)
|
|
k := setupKey(t, s, testPassword)
|
|
|
|
for _, size := range []int{chunker.MaxSize, chunker.MaxSize + 1, chunker.MaxSize + 1<<20} {
|
|
data := make([]byte, size)
|
|
f, err := os.Open("/dev/urandom")
|
|
ok(t, err)
|
|
|
|
_, err = io.ReadFull(f, data)
|
|
ok(t, err)
|
|
|
|
ciphertext := make([]byte, size+restic.CiphertextExtension)
|
|
n, err := k.Encrypt(ciphertext, data)
|
|
ok(t, err)
|
|
|
|
plaintext, err := k.Decrypt([]byte{}, ciphertext[:n])
|
|
ok(t, err)
|
|
|
|
equals(t, plaintext, data)
|
|
}
|
|
}
|
|
|
|
func BenchmarkEncryptWriter(b *testing.B) {
|
|
size := 8 << 20 // 8MiB
|
|
rd := randomReader(23, size)
|
|
|
|
be := setupBackend(b)
|
|
defer teardownBackend(b, be)
|
|
k := setupKey(b, be, testPassword)
|
|
|
|
b.ResetTimer()
|
|
b.SetBytes(int64(size))
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
rd.Seek(0, 0)
|
|
wr := k.EncryptTo(ioutil.Discard)
|
|
_, err := io.Copy(wr, rd)
|
|
ok(b, err)
|
|
}
|
|
}
|
|
|
|
func BenchmarkEncrypt(b *testing.B) {
|
|
size := 8 << 20 // 8MiB
|
|
data := make([]byte, size)
|
|
|
|
be := setupBackend(b)
|
|
defer teardownBackend(b, be)
|
|
k := setupKey(b, be, testPassword)
|
|
|
|
buf := make([]byte, len(data)+restic.CiphertextExtension)
|
|
|
|
b.ResetTimer()
|
|
b.SetBytes(int64(size))
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
_, err := k.Encrypt(buf, data)
|
|
ok(b, err)
|
|
}
|
|
}
|
|
|
|
func BenchmarkDecryptReader(b *testing.B) {
|
|
be := setupBackend(b)
|
|
defer teardownBackend(b, be)
|
|
k := setupKey(b, be, testPassword)
|
|
|
|
size := 8 << 20 // 8MiB
|
|
buf := get_random(23, size)
|
|
|
|
ciphertext := make([]byte, len(buf)+restic.CiphertextExtension)
|
|
_, err := k.Encrypt(ciphertext, buf)
|
|
ok(b, err)
|
|
|
|
rd := bytes.NewReader(ciphertext)
|
|
|
|
b.ResetTimer()
|
|
b.SetBytes(int64(size))
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
rd.Seek(0, 0)
|
|
decRd, err := k.DecryptFrom(rd)
|
|
ok(b, err)
|
|
|
|
_, err = io.Copy(ioutil.Discard, decRd)
|
|
ok(b, err)
|
|
}
|
|
}
|
|
|
|
func BenchmarkEncryptDecryptReader(b *testing.B) {
|
|
be := setupBackend(b)
|
|
defer teardownBackend(b, be)
|
|
k := setupKey(b, be, testPassword)
|
|
|
|
size := 8 << 20 // 8MiB
|
|
rd := randomReader(23, size)
|
|
|
|
b.ResetTimer()
|
|
b.SetBytes(int64(size))
|
|
|
|
buf := bytes.NewBuffer(nil)
|
|
for i := 0; i < b.N; i++ {
|
|
rd.Seek(0, 0)
|
|
buf.Reset()
|
|
wr := k.EncryptTo(buf)
|
|
_, err := io.Copy(wr, rd)
|
|
ok(b, err)
|
|
ok(b, wr.Close())
|
|
|
|
r, err := k.DecryptFrom(buf)
|
|
ok(b, err)
|
|
|
|
_, err = io.Copy(ioutil.Discard, r)
|
|
ok(b, err)
|
|
}
|
|
|
|
restic.PoolAlloc()
|
|
}
|
|
|
|
func BenchmarkDecrypt(b *testing.B) {
|
|
size := 8 << 20 // 8MiB
|
|
data := make([]byte, size)
|
|
|
|
s := setupBackend(b)
|
|
defer teardownBackend(b, s)
|
|
k := setupKey(b, s, testPassword)
|
|
|
|
ciphertext := restic.GetChunkBuf("BenchmarkDecrypt")
|
|
defer restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
|
|
plaintext := restic.GetChunkBuf("BenchmarkDecrypt")
|
|
defer restic.FreeChunkBuf("BenchmarkDecrypt", plaintext)
|
|
|
|
n, err := k.Encrypt(ciphertext, data)
|
|
ok(b, err)
|
|
|
|
b.ResetTimer()
|
|
b.SetBytes(int64(size))
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
plaintext, err = k.Decrypt(plaintext, ciphertext[:n])
|
|
ok(b, err)
|
|
}
|
|
}
|
|
|
|
func TestEncryptStreamWriter(t *testing.T) {
|
|
s := setupBackend(t)
|
|
defer teardownBackend(t, s)
|
|
k := setupKey(t, s, testPassword)
|
|
|
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
|
if *testLargeCrypto {
|
|
tests = append(tests, 7<<20+123)
|
|
}
|
|
|
|
for _, size := range tests {
|
|
data := make([]byte, size)
|
|
_, err := io.ReadFull(randomReader(42, size), data)
|
|
ok(t, err)
|
|
|
|
ciphertext := bytes.NewBuffer(nil)
|
|
wr := k.EncryptTo(ciphertext)
|
|
|
|
_, err = io.Copy(wr, bytes.NewReader(data))
|
|
ok(t, err)
|
|
ok(t, wr.Close())
|
|
|
|
l := len(data) + restic.CiphertextExtension
|
|
assert(t, len(ciphertext.Bytes()) == l,
|
|
"wrong ciphertext length: expected %d, got %d",
|
|
l, len(ciphertext.Bytes()))
|
|
|
|
// decrypt with default function
|
|
plaintext, err := k.Decrypt([]byte{}, ciphertext.Bytes())
|
|
ok(t, err)
|
|
assert(t, bytes.Equal(data, plaintext),
|
|
"wrong plaintext after decryption: expected %02x, got %02x",
|
|
data, plaintext)
|
|
}
|
|
}
|
|
|
|
func TestDecryptStreamReader(t *testing.T) {
|
|
s := setupBackend(t)
|
|
defer teardownBackend(t, s)
|
|
k := setupKey(t, s, testPassword)
|
|
|
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
|
if *testLargeCrypto {
|
|
tests = append(tests, 7<<20+123)
|
|
}
|
|
|
|
for _, size := range tests {
|
|
data := make([]byte, size)
|
|
_, err := io.ReadFull(randomReader(42, size), data)
|
|
ok(t, err)
|
|
|
|
ciphertext := make([]byte, size+restic.CiphertextExtension)
|
|
|
|
// encrypt with default function
|
|
n, err := k.Encrypt(ciphertext, data)
|
|
ok(t, err)
|
|
assert(t, n == len(data)+restic.CiphertextExtension,
|
|
"wrong number of bytes returned after encryption: expected %d, got %d",
|
|
len(data)+restic.CiphertextExtension, n)
|
|
|
|
rd, err := k.DecryptFrom(bytes.NewReader(ciphertext))
|
|
ok(t, err)
|
|
|
|
plaintext, err := ioutil.ReadAll(rd)
|
|
ok(t, err)
|
|
|
|
assert(t, bytes.Equal(data, plaintext),
|
|
"wrong plaintext after decryption: expected %02x, got %02x",
|
|
data, plaintext)
|
|
}
|
|
}
|
|
|
|
func TestEncryptWriter(t *testing.T) {
|
|
s := setupBackend(t)
|
|
defer teardownBackend(t, s)
|
|
k := setupKey(t, s, testPassword)
|
|
|
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
|
if *testLargeCrypto {
|
|
tests = append(tests, 7<<20+123)
|
|
}
|
|
|
|
for _, size := range tests {
|
|
data := make([]byte, size)
|
|
_, err := io.ReadFull(randomReader(42, size), data)
|
|
ok(t, err)
|
|
|
|
buf := bytes.NewBuffer(nil)
|
|
wr := k.EncryptTo(buf)
|
|
|
|
_, err = io.Copy(wr, bytes.NewReader(data))
|
|
ok(t, err)
|
|
ok(t, wr.Close())
|
|
|
|
ciphertext := buf.Bytes()
|
|
|
|
l := len(data) + restic.CiphertextExtension
|
|
assert(t, len(ciphertext) == l,
|
|
"wrong ciphertext length: expected %d, got %d",
|
|
l, len(ciphertext))
|
|
|
|
// decrypt with default function
|
|
plaintext, err := k.Decrypt([]byte{}, ciphertext)
|
|
ok(t, err)
|
|
assert(t, bytes.Equal(data, plaintext),
|
|
"wrong plaintext after decryption: expected %02x, got %02x",
|
|
data, plaintext)
|
|
}
|
|
}
|