forked from TrueCloudLab/restic
crypto: Rename exported funcs and structs, cleanup
This commit is contained in:
parent
21dc6dd3db
commit
64f7d4d611
4 changed files with 39 additions and 39 deletions
|
@ -42,17 +42,17 @@ var (
|
||||||
// structure. For the master key, the secret random polynomial used for content
|
// structure. For the master key, the secret random polynomial used for content
|
||||||
// defined chunking is included.
|
// defined chunking is included.
|
||||||
type Key struct {
|
type Key struct {
|
||||||
Sign MACKey `json:"sign"`
|
Sign SigningKey `json:"sign"`
|
||||||
Encrypt AESKey `json:"encrypt"`
|
Encrypt EncryptionKey `json:"encrypt"`
|
||||||
ChunkerPolynomial chunker.Pol `json:"chunker_polynomial,omitempty"`
|
ChunkerPolynomial chunker.Pol `json:"chunker_polynomial,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AESKey [32]byte
|
type EncryptionKey [32]byte
|
||||||
type MACKey struct {
|
type SigningKey struct {
|
||||||
K [16]byte // for AES128
|
K [16]byte `json:"k"` // for AES128
|
||||||
R [16]byte // for Poly1305
|
R [16]byte `json:"r"` // for Poly1305
|
||||||
}
|
}
|
||||||
type IV [ivSize]byte
|
type iv [ivSize]byte
|
||||||
|
|
||||||
// mask for key, (cf. http://cr.yp.to/mac/poly1305-20050329.pdf)
|
// mask for key, (cf. http://cr.yp.to/mac/poly1305-20050329.pdf)
|
||||||
var poly1305KeyMask = [16]byte{
|
var poly1305KeyMask = [16]byte{
|
||||||
|
@ -75,7 +75,7 @@ var poly1305KeyMask = [16]byte{
|
||||||
}
|
}
|
||||||
|
|
||||||
// key is a [32]byte, in the form k||r
|
// key is a [32]byte, in the form k||r
|
||||||
func poly1305_sign(msg []byte, nonce []byte, key *MACKey) []byte {
|
func poly1305_sign(msg []byte, nonce []byte, key *SigningKey) []byte {
|
||||||
// prepare key for low-level poly1305.Sum(): r||n
|
// prepare key for low-level poly1305.Sum(): r||n
|
||||||
var k [32]byte
|
var k [32]byte
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ func poly1305_sign(msg []byte, nonce []byte, key *MACKey) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
// mask poly1305 key
|
// mask poly1305 key
|
||||||
func maskKey(k *MACKey) {
|
func maskKey(k *SigningKey) {
|
||||||
if k == nil {
|
if k == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -110,14 +110,14 @@ func maskKey(k *MACKey) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// construct mac key from slice (k||r), with masking
|
// construct mac key from slice (k||r), with masking
|
||||||
func macKeyFromSlice(mk *MACKey, data []byte) {
|
func macKeyFromSlice(mk *SigningKey, data []byte) {
|
||||||
copy(mk.K[:], data[:16])
|
copy(mk.K[:], data[:16])
|
||||||
copy(mk.R[:], data[16:32])
|
copy(mk.R[:], data[16:32])
|
||||||
maskKey(mk)
|
maskKey(mk)
|
||||||
}
|
}
|
||||||
|
|
||||||
// key: k||r
|
// key: k||r
|
||||||
func poly1305_verify(msg []byte, nonce []byte, key *MACKey, mac []byte) bool {
|
func poly1305_verify(msg []byte, nonce []byte, key *SigningKey, mac []byte) bool {
|
||||||
// prepare key for low-level poly1305.Sum(): r||n
|
// prepare key for low-level poly1305.Sum(): r||n
|
||||||
var k [32]byte
|
var k [32]byte
|
||||||
|
|
||||||
|
@ -141,8 +141,8 @@ func poly1305_verify(msg []byte, nonce []byte, key *MACKey, mac []byte) bool {
|
||||||
return poly1305.Verify(&m, msg, &k)
|
return poly1305.Verify(&m, msg, &k)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateKey returns new encryption and signing keys.
|
// NewKey returns new encryption and signing keys.
|
||||||
func GenerateKey() (k *Key) {
|
func NewKey() (k *Key) {
|
||||||
k = &Key{}
|
k = &Key{}
|
||||||
n, err := rand.Read(k.Encrypt[:])
|
n, err := rand.Read(k.Encrypt[:])
|
||||||
if n != aesKeySize || err != nil {
|
if n != aesKeySize || err != nil {
|
||||||
|
@ -164,7 +164,7 @@ func GenerateKey() (k *Key) {
|
||||||
return k
|
return k
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateRandomIV() (iv IV) {
|
func newIV() (iv iv) {
|
||||||
n, err := rand.Read(iv[:])
|
n, err := rand.Read(iv[:])
|
||||||
if n != ivSize || err != nil {
|
if n != ivSize || err != nil {
|
||||||
panic("unable to read enough random bytes for iv")
|
panic("unable to read enough random bytes for iv")
|
||||||
|
@ -177,11 +177,11 @@ type jsonMACKey struct {
|
||||||
R []byte `json:"r"`
|
R []byte `json:"r"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *MACKey) MarshalJSON() ([]byte, error) {
|
func (m *SigningKey) MarshalJSON() ([]byte, error) {
|
||||||
return json.Marshal(jsonMACKey{K: m.K[:], R: m.R[:]})
|
return json.Marshal(jsonMACKey{K: m.K[:], R: m.R[:]})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *MACKey) UnmarshalJSON(data []byte) error {
|
func (m *SigningKey) UnmarshalJSON(data []byte) error {
|
||||||
j := jsonMACKey{}
|
j := jsonMACKey{}
|
||||||
err := json.Unmarshal(data, &j)
|
err := json.Unmarshal(data, &j)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -193,11 +193,11 @@ func (m *MACKey) UnmarshalJSON(data []byte) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *AESKey) MarshalJSON() ([]byte, error) {
|
func (k *EncryptionKey) MarshalJSON() ([]byte, error) {
|
||||||
return json.Marshal(k[:])
|
return json.Marshal(k[:])
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *AESKey) UnmarshalJSON(data []byte) error {
|
func (k *EncryptionKey) UnmarshalJSON(data []byte) error {
|
||||||
d := make([]byte, aesKeySize)
|
d := make([]byte, aesKeySize)
|
||||||
err := json.Unmarshal(data, &d)
|
err := json.Unmarshal(data, &d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -215,7 +215,7 @@ func Encrypt(ks *Key, ciphertext, plaintext []byte) (int, error) {
|
||||||
return 0, ErrBufferTooSmall
|
return 0, ErrBufferTooSmall
|
||||||
}
|
}
|
||||||
|
|
||||||
iv := generateRandomIV()
|
iv := newIV()
|
||||||
copy(ciphertext, iv[:])
|
copy(ciphertext, iv[:])
|
||||||
|
|
||||||
c, err := aes.NewCipher(ks.Encrypt[:])
|
c, err := aes.NewCipher(ks.Encrypt[:])
|
||||||
|
@ -302,7 +302,7 @@ func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
type encryptWriter struct {
|
type encryptWriter struct {
|
||||||
iv IV
|
iv iv
|
||||||
wroteIV bool
|
wroteIV bool
|
||||||
data *bytes.Buffer
|
data *bytes.Buffer
|
||||||
key *Key
|
key *Key
|
||||||
|
@ -378,7 +378,7 @@ func (e *encryptWriter) Write(p []byte) (int, error) {
|
||||||
// is called, the data is encrypted an written to the underlying writer.
|
// is called, the data is encrypted an written to the underlying writer.
|
||||||
func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser {
|
func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser {
|
||||||
ew := &encryptWriter{
|
ew := &encryptWriter{
|
||||||
iv: generateRandomIV(),
|
iv: newIV(),
|
||||||
data: bytes.NewBuffer(getBuffer()[:0]),
|
data: bytes.NewBuffer(getBuffer()[:0]),
|
||||||
key: ks,
|
key: ks,
|
||||||
origWr: wr,
|
origWr: wr,
|
||||||
|
|
|
@ -45,7 +45,7 @@ var poly1305_tests = []struct {
|
||||||
|
|
||||||
func TestPoly1305(t *testing.T) {
|
func TestPoly1305(t *testing.T) {
|
||||||
for _, test := range poly1305_tests {
|
for _, test := range poly1305_tests {
|
||||||
key := &MACKey{}
|
key := &SigningKey{}
|
||||||
copy(key.K[:], test.k)
|
copy(key.K[:], test.k)
|
||||||
copy(key.R[:], test.r)
|
copy(key.R[:], test.r)
|
||||||
mac := poly1305_sign(test.msg, test.nonce, key)
|
mac := poly1305_sign(test.msg, test.nonce, key)
|
||||||
|
@ -61,16 +61,16 @@ func TestPoly1305(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
var test_values = []struct {
|
var test_values = []struct {
|
||||||
ekey AESKey
|
ekey EncryptionKey
|
||||||
skey MACKey
|
skey SigningKey
|
||||||
ciphertext []byte
|
ciphertext []byte
|
||||||
plaintext []byte
|
plaintext []byte
|
||||||
should_panic bool
|
should_panic bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
ekey: AESKey([...]byte{0x30, 0x3e, 0x86, 0x87, 0xb1, 0xd7, 0xdb, 0x18, 0x42, 0x1b, 0xdc, 0x6b, 0xb8, 0x58, 0x8c, 0xca,
|
ekey: EncryptionKey([...]byte{0x30, 0x3e, 0x86, 0x87, 0xb1, 0xd7, 0xdb, 0x18, 0x42, 0x1b, 0xdc, 0x6b, 0xb8, 0x58, 0x8c, 0xca,
|
||||||
0xda, 0xc4, 0xd5, 0x9e, 0xe8, 0x7b, 0x8f, 0xf7, 0x0c, 0x44, 0xe6, 0x35, 0x79, 0x0c, 0xaf, 0xef}),
|
0xda, 0xc4, 0xd5, 0x9e, 0xe8, 0x7b, 0x8f, 0xf7, 0x0c, 0x44, 0xe6, 0x35, 0x79, 0x0c, 0xaf, 0xef}),
|
||||||
skey: MACKey{
|
skey: SigningKey{
|
||||||
K: [...]byte{0xef, 0x4d, 0x88, 0x24, 0xcb, 0x80, 0xb2, 0xbc, 0xc5, 0xfb, 0xff, 0x8a, 0x9b, 0x12, 0xa4, 0x2c},
|
K: [...]byte{0xef, 0x4d, 0x88, 0x24, 0xcb, 0x80, 0xb2, 0xbc, 0xc5, 0xfb, 0xff, 0x8a, 0x9b, 0x12, 0xa4, 0x2c},
|
||||||
R: [...]byte{0xcc, 0x8d, 0x4b, 0x94, 0x8e, 0xe0, 0xeb, 0xfe, 0x1d, 0x41, 0x5d, 0xe9, 0x21, 0xd1, 0x03, 0x53},
|
R: [...]byte{0xcc, 0x8d, 0x4b, 0x94, 0x8e, 0xe0, 0xeb, 0xfe, 0x1d, 0x41, 0x5d, 0xe9, 0x21, 0xd1, 0x03, 0x53},
|
||||||
},
|
},
|
||||||
|
|
|
@ -17,7 +17,7 @@ import (
|
||||||
var testLargeCrypto = flag.Bool("test.largecrypto", false, "also test crypto functions with large payloads")
|
var testLargeCrypto = flag.Bool("test.largecrypto", false, "also test crypto functions with large payloads")
|
||||||
|
|
||||||
func TestEncryptDecrypt(t *testing.T) {
|
func TestEncryptDecrypt(t *testing.T) {
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||||
if *testLargeCrypto {
|
if *testLargeCrypto {
|
||||||
|
@ -43,7 +43,7 @@ func TestEncryptDecrypt(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSmallBuffer(t *testing.T) {
|
func TestSmallBuffer(t *testing.T) {
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
size := 600
|
size := 600
|
||||||
data := make([]byte, size)
|
data := make([]byte, size)
|
||||||
|
@ -65,7 +65,7 @@ func TestLargeEncrypt(t *testing.T) {
|
||||||
t.SkipNow()
|
t.SkipNow()
|
||||||
}
|
}
|
||||||
|
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
for _, size := range []int{chunker.MaxSize, chunker.MaxSize + 1, chunker.MaxSize + 1<<20} {
|
for _, size := range []int{chunker.MaxSize, chunker.MaxSize + 1, chunker.MaxSize + 1<<20} {
|
||||||
data := make([]byte, size)
|
data := make([]byte, size)
|
||||||
|
@ -90,7 +90,7 @@ func BenchmarkEncryptWriter(b *testing.B) {
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
rd := RandomReader(23, size)
|
rd := RandomReader(23, size)
|
||||||
|
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
b.ResetTimer()
|
b.ResetTimer()
|
||||||
b.SetBytes(int64(size))
|
b.SetBytes(int64(size))
|
||||||
|
@ -108,7 +108,7 @@ func BenchmarkEncrypt(b *testing.B) {
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
data := make([]byte, size)
|
data := make([]byte, size)
|
||||||
|
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
buf := make([]byte, len(data)+crypto.Extension)
|
buf := make([]byte, len(data)+crypto.Extension)
|
||||||
|
|
||||||
b.ResetTimer()
|
b.ResetTimer()
|
||||||
|
@ -123,7 +123,7 @@ func BenchmarkEncrypt(b *testing.B) {
|
||||||
func BenchmarkDecryptReader(b *testing.B) {
|
func BenchmarkDecryptReader(b *testing.B) {
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
buf := Random(23, size)
|
buf := Random(23, size)
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
ciphertext := make([]byte, len(buf)+crypto.Extension)
|
ciphertext := make([]byte, len(buf)+crypto.Extension)
|
||||||
_, err := crypto.Encrypt(k, ciphertext, buf)
|
_, err := crypto.Encrypt(k, ciphertext, buf)
|
||||||
|
@ -145,7 +145,7 @@ func BenchmarkDecryptReader(b *testing.B) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func BenchmarkEncryptDecryptReader(b *testing.B) {
|
func BenchmarkEncryptDecryptReader(b *testing.B) {
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
rd := RandomReader(23, size)
|
rd := RandomReader(23, size)
|
||||||
|
@ -176,7 +176,7 @@ func BenchmarkDecrypt(b *testing.B) {
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
data := make([]byte, size)
|
data := make([]byte, size)
|
||||||
|
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
ciphertext := restic.GetChunkBuf("BenchmarkDecrypt")
|
ciphertext := restic.GetChunkBuf("BenchmarkDecrypt")
|
||||||
defer restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
|
defer restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
|
||||||
|
@ -196,7 +196,7 @@ func BenchmarkDecrypt(b *testing.B) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestEncryptStreamWriter(t *testing.T) {
|
func TestEncryptStreamWriter(t *testing.T) {
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||||
if *testLargeCrypto {
|
if *testLargeCrypto {
|
||||||
|
@ -230,7 +230,7 @@ func TestEncryptStreamWriter(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDecryptStreamReader(t *testing.T) {
|
func TestDecryptStreamReader(t *testing.T) {
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||||
if *testLargeCrypto {
|
if *testLargeCrypto {
|
||||||
|
@ -264,7 +264,7 @@ func TestDecryptStreamReader(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestEncryptWriter(t *testing.T) {
|
func TestEncryptWriter(t *testing.T) {
|
||||||
k := crypto.GenerateKey()
|
k := crypto.NewKey()
|
||||||
|
|
||||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||||
if *testLargeCrypto {
|
if *testLargeCrypto {
|
||||||
|
|
2
key.go
2
key.go
|
@ -176,7 +176,7 @@ func AddKey(s Server, password string, template *Key) (*Key, error) {
|
||||||
|
|
||||||
if template == nil {
|
if template == nil {
|
||||||
// generate new random master keys
|
// generate new random master keys
|
||||||
newkey.master = crypto.GenerateKey()
|
newkey.master = crypto.NewKey()
|
||||||
// generate random polynomial for cdc
|
// generate random polynomial for cdc
|
||||||
p, err := chunker.RandomPolynomial()
|
p, err := chunker.RandomPolynomial()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue