forked from TrueCloudLab/restic
Remove EncryptFrom*() methods, add Tests for EncryptTo()
This commit is contained in:
parent
5c724b92b8
commit
3dbe02182b
2 changed files with 19 additions and 52 deletions
42
key.go
42
key.go
|
@ -334,48 +334,6 @@ func (k *Key) Encrypt(ciphertext, plaintext []byte) (int, error) {
|
||||||
return k.encrypt(k.master, ciphertext, plaintext)
|
return k.encrypt(k.master, ciphertext, plaintext)
|
||||||
}
|
}
|
||||||
|
|
||||||
// encryptFrom encrypts and signs data read from rd with ks. The returned
|
|
||||||
// io.Reader reads IV || Ciphertext || HMAC. For the hash function, SHA256 is
|
|
||||||
// used.
|
|
||||||
func (k *Key) encryptFrom(ks *keys, rd io.Reader) io.Reader {
|
|
||||||
// create IV
|
|
||||||
iv := make([]byte, ivSize)
|
|
||||||
|
|
||||||
_, err := io.ReadFull(rand.Reader, iv)
|
|
||||||
if err != nil {
|
|
||||||
panic(fmt.Sprintf("unable to generate new random iv: %v", err))
|
|
||||||
}
|
|
||||||
|
|
||||||
c, err := aes.NewCipher(ks.Encrypt)
|
|
||||||
if err != nil {
|
|
||||||
panic(fmt.Sprintf("unable to create cipher: %v", err))
|
|
||||||
}
|
|
||||||
|
|
||||||
ivReader := bytes.NewReader(iv)
|
|
||||||
|
|
||||||
encryptReader := cipher.StreamReader{
|
|
||||||
R: rd,
|
|
||||||
S: cipher.NewCTR(c, iv),
|
|
||||||
}
|
|
||||||
|
|
||||||
return backend.NewHashAppendReader(io.MultiReader(ivReader, encryptReader),
|
|
||||||
hmac.New(sha256.New, ks.Sign))
|
|
||||||
}
|
|
||||||
|
|
||||||
// EncryptFrom encrypts and signs data read from rd with the master key. The
|
|
||||||
// returned io.Reader reads IV || Ciphertext || HMAC. For the hash function,
|
|
||||||
// SHA256 is used.
|
|
||||||
func (k *Key) EncryptFrom(rd io.Reader) io.Reader {
|
|
||||||
return k.encryptFrom(k.master, rd)
|
|
||||||
}
|
|
||||||
|
|
||||||
// EncryptFrom encrypts and signs data read from rd with the user key. The
|
|
||||||
// returned io.Reader reads IV || Ciphertext || HMAC. For the hash function,
|
|
||||||
// SHA256 is used.
|
|
||||||
func (k *Key) EncryptUserFrom(rd io.Reader) io.Reader {
|
|
||||||
return k.encryptFrom(k.user, rd)
|
|
||||||
}
|
|
||||||
|
|
||||||
type encryptWriter struct {
|
type encryptWriter struct {
|
||||||
iv []byte
|
iv []byte
|
||||||
wroteIV bool
|
wroteIV bool
|
||||||
|
|
29
key_test.go
29
key_test.go
|
@ -126,7 +126,7 @@ func TestLargeEncrypt(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func BenchmarkEncryptReader(b *testing.B) {
|
func BenchmarkEncryptWriter(b *testing.B) {
|
||||||
size := 8 << 20 // 8MiB
|
size := 8 << 20 // 8MiB
|
||||||
rd := randomReader(23, size)
|
rd := randomReader(23, size)
|
||||||
|
|
||||||
|
@ -139,7 +139,8 @@ func BenchmarkEncryptReader(b *testing.B) {
|
||||||
|
|
||||||
for i := 0; i < b.N; i++ {
|
for i := 0; i < b.N; i++ {
|
||||||
rd.Seek(0, 0)
|
rd.Seek(0, 0)
|
||||||
_, err := io.Copy(ioutil.Discard, k.EncryptFrom(rd))
|
wr := k.EncryptTo(ioutil.Discard)
|
||||||
|
_, err := io.Copy(wr, rd)
|
||||||
ok(b, err)
|
ok(b, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -203,10 +204,16 @@ func BenchmarkEncryptDecryptReader(b *testing.B) {
|
||||||
|
|
||||||
for i := 0; i < b.N; i++ {
|
for i := 0; i < b.N; i++ {
|
||||||
rd.Seek(0, 0)
|
rd.Seek(0, 0)
|
||||||
decRd, err := k.DecryptFrom(k.EncryptFrom(rd))
|
buf := bytes.NewBuffer(nil)
|
||||||
|
wr := k.EncryptTo(buf)
|
||||||
|
_, err := io.Copy(wr, rd)
|
||||||
|
ok(b, err)
|
||||||
|
ok(b, wr.Close())
|
||||||
|
|
||||||
|
r, err := k.DecryptFrom(buf)
|
||||||
ok(b, err)
|
ok(b, err)
|
||||||
|
|
||||||
_, err = io.Copy(ioutil.Discard, decRd)
|
_, err = io.Copy(ioutil.Discard, r)
|
||||||
ok(b, err)
|
ok(b, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -233,7 +240,7 @@ func BenchmarkDecrypt(b *testing.B) {
|
||||||
restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
|
restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestEncryptStreamReader(t *testing.T) {
|
func TestEncryptStreamWriter(t *testing.T) {
|
||||||
s := setupBackend(t)
|
s := setupBackend(t)
|
||||||
defer teardownBackend(t, s)
|
defer teardownBackend(t, s)
|
||||||
k := setupKey(t, s, testPassword)
|
k := setupKey(t, s, testPassword)
|
||||||
|
@ -248,18 +255,20 @@ func TestEncryptStreamReader(t *testing.T) {
|
||||||
_, err := io.ReadFull(randomReader(42, size), data)
|
_, err := io.ReadFull(randomReader(42, size), data)
|
||||||
ok(t, err)
|
ok(t, err)
|
||||||
|
|
||||||
erd := k.EncryptFrom(bytes.NewReader(data))
|
ciphertext := bytes.NewBuffer(nil)
|
||||||
|
wr := k.EncryptTo(ciphertext)
|
||||||
|
|
||||||
ciphertext, err := ioutil.ReadAll(erd)
|
_, err = io.Copy(wr, bytes.NewReader(data))
|
||||||
ok(t, err)
|
ok(t, err)
|
||||||
|
ok(t, wr.Close())
|
||||||
|
|
||||||
l := len(data) + restic.CiphertextExtension
|
l := len(data) + restic.CiphertextExtension
|
||||||
assert(t, len(ciphertext) == l,
|
assert(t, len(ciphertext.Bytes()) == l,
|
||||||
"wrong ciphertext length: expected %d, got %d",
|
"wrong ciphertext length: expected %d, got %d",
|
||||||
l, len(ciphertext))
|
l, len(ciphertext.Bytes()))
|
||||||
|
|
||||||
// decrypt with default function
|
// decrypt with default function
|
||||||
plaintext, err := k.Decrypt(ciphertext)
|
plaintext, err := k.Decrypt(ciphertext.Bytes())
|
||||||
ok(t, err)
|
ok(t, err)
|
||||||
assert(t, bytes.Equal(data, plaintext),
|
assert(t, bytes.Equal(data, plaintext),
|
||||||
"wrong plaintext after decryption: expected %02x, got %02x",
|
"wrong plaintext after decryption: expected %02x, got %02x",
|
||||||
|
|
Loading…
Reference in a new issue