KurlesHS/restic
1
0
Fork 0
forked from TrueCloudLab/restic
Code Pull requests Activity

Rename keys to MasterKeys

Browse source
This commit is contained in:
Alexander Neumann 2015-03-22 19:19:33 +01:00
parent 664a12c950
commit 65a653693e
3 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
crypto.go
View file

@ -117,8 +117,8 @@ func poly1305_verify(msg []byte, nonce []byte, key *MACKey, mac []byte) bool {
} }
// returns new encryption and mac keys. k.MACKey.R is already masked. // returns new encryption and mac keys. k.MACKey.R is already masked.
func generateRandomKeys() (k *keys) { func generateRandomKeys() (k *MasterKeys) {
k = &keys{} k = &MasterKeys{}
n, err := rand.Read(k.Encrypt[:]) n, err := rand.Read(k.Encrypt[:])
if n != AESKeySize || err != nil { if n != AESKeySize || err != nil {
panic("unable to read enough random bytes for encryption key") panic("unable to read enough random bytes for encryption key")
@ -149,7 +149,7 @@ func generateRandomIV() (iv IV) {
// Encrypt encrypts and signs data. Stored in ciphertext is IV || Ciphertext || // Encrypt encrypts and signs data. Stored in ciphertext is IV || Ciphertext ||
// MAC. Encrypt returns the ciphertext's length. // MAC. Encrypt returns the ciphertext's length.
func Encrypt(ks *keys, ciphertext, plaintext []byte) (int, error) { func Encrypt(ks *MasterKeys, ciphertext, plaintext []byte) (int, error) {
if cap(ciphertext) < len(plaintext)+ivSize+macSize { if cap(ciphertext) < len(plaintext)+ivSize+macSize {
return 0, ErrBufferTooSmall return 0, ErrBufferTooSmall
} }
@ -175,7 +175,7 @@ func Encrypt(ks *keys, ciphertext, plaintext []byte) (int, error) {
// Decrypt verifies and decrypts the ciphertext. Ciphertext must be in the form // Decrypt verifies and decrypts the ciphertext. Ciphertext must be in the form
// IV || Ciphertext || MAC. // IV || Ciphertext || MAC.
func Decrypt(ks *keys, plaintext, ciphertext []byte) ([]byte, error) { func Decrypt(ks *MasterKeys, plaintext, ciphertext []byte) ([]byte, error) {
// check for plausible length // check for plausible length
if len(ciphertext) < ivSize+macSize { if len(ciphertext) < ivSize+macSize {
panic("trying to decrypt invalid data: ciphertext too small") panic("trying to decrypt invalid data: ciphertext too small")
@ -213,12 +213,12 @@ func Decrypt(ks *keys, plaintext, ciphertext []byte) ([]byte, error) {
} }
// runs scrypt(password) // runs scrypt(password)
func kdf(k *Key, password string) (*keys, error) { func kdf(k *Key, password string) (*MasterKeys, error) {
if len(k.Salt) == 0 { if len(k.Salt) == 0 {
return nil, fmt.Errorf("scrypt() called with empty salt") return nil, fmt.Errorf("scrypt() called with empty salt")
} }
derKeys := &keys{} derKeys := &MasterKeys{}
keybytes := MACKeySize + AESKeySize keybytes := MACKeySize + AESKeySize
scryptKeys, err := scrypt.Key([]byte(password), k.Salt, k.N, k.R, k.P, keybytes) scryptKeys, err := scrypt.Key([]byte(password), k.Salt, k.N, k.R, k.P, keybytes)
@ -243,7 +243,7 @@ type encryptWriter struct {
iv IV iv IV
wroteIV bool wroteIV bool
data *bytes.Buffer data *bytes.Buffer
key *keys key *MasterKeys
s cipher.Stream s cipher.Stream
w io.Writer w io.Writer
origWr io.Writer origWr io.Writer
@ -314,7 +314,7 @@ func (e *encryptWriter) Write(p []byte) (int, error) {
// EncryptTo buffers data written to the returned io.WriteCloser. When Close() // EncryptTo buffers data written to the returned io.WriteCloser. When Close()
// is called, the data is encrypted an written to the underlying writer. // is called, the data is encrypted an written to the underlying writer.
func EncryptTo(ks *keys, wr io.Writer) io.WriteCloser { func EncryptTo(ks *MasterKeys, wr io.Writer) io.WriteCloser {
ew := &encryptWriter{ ew := &encryptWriter{
iv: generateRandomIV(), iv: generateRandomIV(),
data: bytes.NewBuffer(GetChunkBuf("EncryptWriter")[:0]), data: bytes.NewBuffer(GetChunkBuf("EncryptWriter")[:0]),
@ -400,7 +400,7 @@ func (d *decryptReader) Close() error {
// drained, locally buffered and made available on the returned Reader // drained, locally buffered and made available on the returned Reader
// afterwards. If a MAC verification failure is observed, it is returned // afterwards. If a MAC verification failure is observed, it is returned
// immediately. // immediately.
func DecryptFrom(ks *keys, rd io.Reader) (io.ReadCloser, error) { func DecryptFrom(ks *MasterKeys, rd io.Reader) (io.ReadCloser, error) {
ciphertext := GetChunkBuf("decryptReader") ciphertext := GetChunkBuf("decryptReader")
ciphertext = ciphertext[0:cap(ciphertext)] ciphertext = ciphertext[0:cap(ciphertext)]

2
crypto_int_test.go
View file

@ -102,7 +102,7 @@ func TestCrypto(t *testing.T) {
for _, tv := range test_values { for _, tv := range test_values {
// test encryption // test encryption
r.master = &keys{ r.master = &MasterKeys{
Encrypt: tv.ekey, Encrypt: tv.ekey,
Sign: tv.skey, Sign: tv.skey,
} }

8
key.go
View file

@ -54,8 +54,8 @@ type Key struct {
Salt []byte `json:"salt"` Salt []byte `json:"salt"`
Data []byte `json:"data"` Data []byte `json:"data"`
user *keys user *MasterKeys
master *keys master *MasterKeys
id backend.ID id backend.ID
} }
@ -63,7 +63,7 @@ type Key struct {
// MasterKeys holds signing and encryption keys for a repository. It is stored // MasterKeys holds signing and encryption keys for a repository. It is stored
// encrypted and signed as a JSON data structure in the Data field of the Key // encrypted and signed as a JSON data structure in the Data field of the Key
// structure. // structure.
type keys struct { type MasterKeys struct {
Sign MACKey Sign MACKey
Encrypt AESKey Encrypt AESKey
} }
@ -99,7 +99,7 @@ func OpenKey(s Server, id backend.ID, password string) (*Key, error) {
} }
// restore json // restore json
k.master = &keys{} k.master = &MasterKeys{}
err = json.Unmarshal(buf, k.master) err = json.Unmarshal(buf, k.master)
if err != nil { if err != nil {
return nil, err return nil, err