TrueCloudLab/restic
16
0
Fork 2
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions 1

Remove crypto reader/writer (unused)

Browse source
This commit is contained in:
Alexander Neumann 2016-08-21 11:33:53 +02:00
parent 11098d6eb0
commit 9afec53c55
3 changed files with 2 additions and 343 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

170
src/restic/crypto/crypto_test.go
View file

@ -4,12 +4,12 @@ import (
"bytes"
"crypto/rand"
"io"
"io/ioutil"
"testing"
"github.com/restic/chunker"
"restic/crypto"
. "restic/test"
"github.com/restic/chunker"
)
const testLargeCrypto = false
@ -128,25 +128,6 @@ func TestLargeEncrypt(t *testing.T) {
}
}
func BenchmarkEncryptWriter(b *testing.B) {
size := 8 << 20 // 8MiB
k := crypto.NewRandomKey()
b.ResetTimer()
b.SetBytes(int64(size))
for i := 0; i < b.N; i++ {
rd := RandomLimitReader(23, size)
wr := crypto.EncryptTo(k, ioutil.Discard)
n, err := io.Copy(wr, rd)
OK(b, err)
OK(b, wr.Close())
Assert(b, n == int64(size),
"not enough bytes writter: want %d, got %d", size, n)
}
}
func BenchmarkEncrypt(b *testing.B) {
size := 8 << 20 // 8MiB
data := make([]byte, size)
@ -163,55 +144,6 @@ func BenchmarkEncrypt(b *testing.B) {
}
}
func BenchmarkDecryptReader(b *testing.B) {
size := 8 << 20 // 8MiB
buf := Random(23, size)
k := crypto.NewRandomKey()
ciphertext := make([]byte, len(buf)+crypto.Extension)
_, err := crypto.Encrypt(k, ciphertext, buf)
OK(b, err)
rd := bytes.NewReader(ciphertext)
b.ResetTimer()
b.SetBytes(int64(size))
for i := 0; i < b.N; i++ {
rd.Seek(0, 0)
decRd, err := crypto.DecryptFrom(k, rd)
OK(b, err)
_, err = io.Copy(ioutil.Discard, decRd)
OK(b, err)
}
}
func BenchmarkEncryptDecryptReader(b *testing.B) {
k := crypto.NewRandomKey()
size := 8 << 20 // 8MiB
b.ResetTimer()
b.SetBytes(int64(size))
buf := bytes.NewBuffer(nil)
for i := 0; i < b.N; i++ {
rd := RandomLimitReader(23, size)
buf.Reset()
wr := crypto.EncryptTo(k, buf)
_, err := io.Copy(wr, rd)
OK(b, err)
OK(b, wr.Close())
r, err := crypto.DecryptFrom(k, buf)
OK(b, err)
_, err = io.Copy(ioutil.Discard, r)
OK(b, err)
}
}
func BenchmarkDecrypt(b *testing.B) {
size := 8 << 20 // 8MiB
data := make([]byte, size)
@ -232,101 +164,3 @@ func BenchmarkDecrypt(b *testing.B) {
OK(b, err)
}
}
func TestEncryptStreamWriter(t *testing.T) {
k := crypto.NewRandomKey()
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
if testLargeCrypto {
tests = append(tests, 7<<20+123)
}
for _, size := range tests {
data := Random(42, size)
ciphertext := bytes.NewBuffer(nil)
wr := crypto.EncryptTo(k, ciphertext)
_, err := io.Copy(wr, bytes.NewReader(data))
OK(t, err)
OK(t, wr.Close())
l := len(data) + crypto.Extension
Assert(t, len(ciphertext.Bytes()) == l,
"wrong ciphertext length: expected %d, got %d",
l, len(ciphertext.Bytes()))
// decrypt with default function
plaintext, err := crypto.Decrypt(k, []byte{}, ciphertext.Bytes())
OK(t, err)
Assert(t, bytes.Equal(data, plaintext),
"wrong plaintext after decryption: expected %02x, got %02x",
data, plaintext)
}
}
func TestDecryptStreamReader(t *testing.T) {
k := crypto.NewRandomKey()
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
if testLargeCrypto {
tests = append(tests, 7<<20+123)
}
for _, size := range tests {
data := Random(42, size)
var err error
ciphertext := make([]byte, size+crypto.Extension)
// encrypt with default function
ciphertext, err = crypto.Encrypt(k, ciphertext, data)
OK(t, err)
Assert(t, len(ciphertext) == len(data)+crypto.Extension,
"wrong number of bytes returned after encryption: expected %d, got %d",
len(data)+crypto.Extension, len(ciphertext))
rd, err := crypto.DecryptFrom(k, bytes.NewReader(ciphertext))
OK(t, err)
plaintext, err := ioutil.ReadAll(rd)
OK(t, err)
Assert(t, bytes.Equal(data, plaintext),
"wrong plaintext after decryption: expected %02x, got %02x",
data, plaintext)
}
}
func TestEncryptWriter(t *testing.T) {
k := crypto.NewRandomKey()
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
if testLargeCrypto {
tests = append(tests, 7<<20+123)
}
for _, size := range tests {
data := Random(42, size)
buf := bytes.NewBuffer(nil)
wr := crypto.EncryptTo(k, buf)
_, err := io.Copy(wr, bytes.NewReader(data))
OK(t, err)
OK(t, wr.Close())
ciphertext := buf.Bytes()
l := len(data) + crypto.Extension
Assert(t, len(ciphertext) == l,
"wrong ciphertext length: expected %d, got %d",
l, len(ciphertext))
// decrypt with default function
plaintext, err := crypto.Decrypt(k, []byte{}, ciphertext)
OK(t, err)
Assert(t, bytes.Equal(data, plaintext),
"wrong plaintext after decryption: expected %02x, got %02x",
data, plaintext)
}
}

87
src/restic/crypto/reader.go
View file

@ -1,87 +0,0 @@
package crypto
import (
"bytes"
"errors"
"io"
)
type decryptReader struct {
buf []byte
rd *bytes.Reader
}
func (d *decryptReader) Read(dst []byte) (n int, err error) {
if d.buf == nil {
return 0, io.EOF
}
n, err = d.rd.Read(dst)
if err == io.EOF {
d.free()
}
return
}
func (d *decryptReader) free() {
freeBuffer(d.buf)
d.buf = nil
}
func (d *decryptReader) Close() error {
if d == nil || d.buf == nil {
return nil
}
d.free()
return nil
}
func (d *decryptReader) ReadByte() (c byte, err error) {
if d.buf == nil {
return 0, io.EOF
}
c, err = d.rd.ReadByte()
if err == io.EOF {
d.free()
}
return
}
func (d *decryptReader) WriteTo(w io.Writer) (n int64, err error) {
if d.buf == nil {
return 0, errors.New("WriteTo() called on drained reader")
}
n, err = d.rd.WriteTo(w)
d.free()
return
}
// DecryptFrom verifies and decrypts the ciphertext read from rd with ks and
// makes it available on the returned Reader. Ciphertext must be in the form IV
// || Ciphertext || MAC. In order to correctly verify the ciphertext, rd is
// drained, locally buffered and made available on the returned Reader
// afterwards. If a MAC verification failure is observed, it is returned
// immediately.
func DecryptFrom(ks *Key, rd io.Reader) (io.ReadCloser, error) {
buf := bytes.NewBuffer(getBuffer()[:0])
_, err := buf.ReadFrom(rd)
if err != nil {
return (*decryptReader)(nil), err
}
ciphertext := buf.Bytes()
ciphertext, err = Decrypt(ks, ciphertext, ciphertext)
if err != nil {
freeBuffer(ciphertext)
return (*decryptReader)(nil), err
}
return &decryptReader{buf: ciphertext, rd: bytes.NewReader(ciphertext)}, nil
}

88
src/restic/crypto/writer.go
View file

@ -1,88 +0,0 @@
package crypto
import (
"crypto/aes"
"crypto/cipher"
"errors"
"fmt"
"io"
)
type encryptWriter struct {
data []byte
key *Key
s cipher.Stream
w io.Writer
closed bool
}
func (e *encryptWriter) Close() error {
if e == nil {
return nil
}
if e.closed {
return errors.New("Close() called on already closed writer")
}
e.closed = true
// encrypt everything
iv, c := e.data[:ivSize], e.data[ivSize:]
e.s.XORKeyStream(c, c)
// compute mac
mac := poly1305MAC(c, iv, &e.key.MAC)
e.data = append(e.data, mac...)
// write everything
n, err := e.w.Write(e.data)
if err != nil {
return err
}
if n != len(e.data) {
return errors.New("not all bytes written")
}
// return buffer to pool
freeBuffer(e.data)
return nil
}
func (e *encryptWriter) Write(p []byte) (int, error) {
// if e.data is too small, return it to the buffer and create new slice
if cap(e.data) < len(e.data)+len(p) {
b := make([]byte, len(e.data), len(e.data)*2)
copy(b, e.data)
freeBuffer(e.data)
e.data = b
}
// copy new data to e.data
e.data = append(e.data, p...)
return len(p), nil
}
// EncryptTo buffers data written to the returned io.WriteCloser. When Close()
// is called, the data is encrypted and written to the underlying writer.
func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser {
ew := &encryptWriter{
data: getBuffer(),
key: ks,
}
// buffer iv for mac
ew.data = ew.data[:ivSize]
copy(ew.data, newIV())
c, err := aes.NewCipher(ks.Encrypt[:])
if err != nil {
panic(fmt.Sprintf("unable to create cipher: %v", err))
}
ew.s = cipher.NewCTR(c, ew.data[:ivSize])
ew.w = wr
return ew
}