forked from TrueCloudLab/restic
Move HashReader to backend
This commit is contained in:
parent
a564a454c4
commit
5f0cce8546
4 changed files with 100 additions and 86 deletions
53
backend/hashing_reader.go
Normal file
53
backend/hashing_reader.go
Normal file
|
@ -0,0 +1,53 @@
|
|||
package backend
|
||||
|
||||
import (
|
||||
"hash"
|
||||
"io"
|
||||
)
|
||||
|
||||
type HashReader struct {
|
||||
r io.Reader
|
||||
h hash.Hash
|
||||
sum []byte
|
||||
closed bool
|
||||
}
|
||||
|
||||
func NewHashReader(r io.Reader, h hash.Hash) *HashReader {
|
||||
return &HashReader{
|
||||
h: h,
|
||||
r: io.TeeReader(r, h),
|
||||
sum: make([]byte, 0, h.Size()),
|
||||
}
|
||||
}
|
||||
|
||||
func (h *HashReader) Read(p []byte) (n int, err error) {
|
||||
if !h.closed {
|
||||
n, err = h.r.Read(p)
|
||||
|
||||
if err == io.EOF {
|
||||
h.closed = true
|
||||
h.sum = h.h.Sum(h.sum)
|
||||
} else if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if h.closed {
|
||||
// output hash
|
||||
r := len(p) - n
|
||||
|
||||
if r > 0 {
|
||||
c := copy(p[n:], h.sum)
|
||||
h.sum = h.sum[c:]
|
||||
|
||||
n += c
|
||||
err = nil
|
||||
}
|
||||
|
||||
if len(h.sum) == 0 {
|
||||
err = io.EOF
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
}
|
46
backend/hashing_reader_test.go
Normal file
46
backend/hashing_reader_test.go
Normal file
|
@ -0,0 +1,46 @@
|
|||
package backend_test
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"io"
|
||||
"testing"
|
||||
|
||||
"github.com/restic/restic/backend"
|
||||
)
|
||||
|
||||
func TestHashReader(t *testing.T) {
|
||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||
|
||||
for _, size := range tests {
|
||||
data := make([]byte, size)
|
||||
_, err := io.ReadFull(rand.Reader, data)
|
||||
if err != nil {
|
||||
t.Fatalf("ReadFull: %v", err)
|
||||
}
|
||||
|
||||
expectedHash := sha256.Sum256(data)
|
||||
|
||||
rd := backend.NewHashReader(bytes.NewReader(data), sha256.New())
|
||||
|
||||
target := bytes.NewBuffer(nil)
|
||||
n, err := io.Copy(target, rd)
|
||||
ok(t, err)
|
||||
|
||||
assert(t, n == int64(size)+int64(len(expectedHash)),
|
||||
"HashReader: invalid number of bytes read: got %d, expected %d",
|
||||
n, size+len(expectedHash))
|
||||
|
||||
r := target.Bytes()
|
||||
resultingHash := r[len(r)-len(expectedHash):]
|
||||
assert(t, bytes.Equal(expectedHash[:], resultingHash),
|
||||
"HashReader: hashes do not match: expected %02x, got %02x",
|
||||
expectedHash, resultingHash)
|
||||
|
||||
// try to read again, must return io.EOF
|
||||
n2, err := rd.Read(make([]byte, 100))
|
||||
assert(t, n2 == 0, "HashReader returned %d additional bytes", n)
|
||||
assert(t, err == io.EOF, "HashReader returned %v instead of EOF", err)
|
||||
}
|
||||
}
|
50
key.go
50
key.go
|
@ -10,7 +10,6 @@ import (
|
|||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"hash"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
@ -318,53 +317,6 @@ func (k *Key) Encrypt(ciphertext, plaintext []byte) (int, error) {
|
|||
return k.encrypt(k.master, ciphertext, plaintext)
|
||||
}
|
||||
|
||||
type HashReader struct {
|
||||
r io.Reader
|
||||
h hash.Hash
|
||||
sum []byte
|
||||
closed bool
|
||||
}
|
||||
|
||||
func NewHashReader(r io.Reader, h hash.Hash) *HashReader {
|
||||
return &HashReader{
|
||||
h: h,
|
||||
r: io.TeeReader(r, h),
|
||||
sum: make([]byte, 0, h.Size()),
|
||||
}
|
||||
}
|
||||
|
||||
func (h *HashReader) Read(p []byte) (n int, err error) {
|
||||
if !h.closed {
|
||||
n, err = h.r.Read(p)
|
||||
|
||||
if err == io.EOF {
|
||||
h.closed = true
|
||||
h.sum = h.h.Sum(h.sum)
|
||||
} else if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if h.closed {
|
||||
// output hash
|
||||
r := len(p) - n
|
||||
|
||||
if r > 0 {
|
||||
c := copy(p[n:], h.sum)
|
||||
h.sum = h.sum[c:]
|
||||
|
||||
n += c
|
||||
err = nil
|
||||
}
|
||||
|
||||
if len(h.sum) == 0 {
|
||||
err = io.EOF
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// encryptFrom encrypts and signs data read from rd with ks. The returned
|
||||
// io.Reader reads IV || Ciphertext || HMAC. For the hash function, SHA256 is
|
||||
// used.
|
||||
|
@ -389,7 +341,7 @@ func (k *Key) encryptFrom(ks *keys, rd io.Reader) io.Reader {
|
|||
S: cipher.NewCTR(c, iv),
|
||||
}
|
||||
|
||||
return NewHashReader(io.MultiReader(ivReader, encryptReader),
|
||||
return backend.NewHashReader(io.MultiReader(ivReader, encryptReader),
|
||||
hmac.New(sha256.New, ks.Sign))
|
||||
}
|
||||
|
||||
|
|
37
key_test.go
37
key_test.go
|
@ -2,7 +2,6 @@ package restic_test
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/sha256"
|
||||
"flag"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
|
@ -234,42 +233,6 @@ func BenchmarkDecrypt(b *testing.B) {
|
|||
restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
|
||||
}
|
||||
|
||||
func TestHashReader(t *testing.T) {
|
||||
tests := []int{5, 23, 2<<18 + 23, 1 << 20}
|
||||
if *testLargeCrypto {
|
||||
tests = append(tests, 7<<20+123)
|
||||
}
|
||||
|
||||
for _, size := range tests {
|
||||
data := make([]byte, size)
|
||||
_, err := io.ReadFull(randomReader(42, size), data)
|
||||
ok(t, err)
|
||||
|
||||
expectedHash := sha256.Sum256(data)
|
||||
|
||||
rd := restic.NewHashReader(bytes.NewReader(data), sha256.New())
|
||||
|
||||
target := bytes.NewBuffer(nil)
|
||||
n, err := io.Copy(target, rd)
|
||||
ok(t, err)
|
||||
|
||||
assert(t, n == int64(size)+int64(len(expectedHash)),
|
||||
"HashReader: invalid number of bytes read: got %d, expected %d",
|
||||
n, size+len(expectedHash))
|
||||
|
||||
r := target.Bytes()
|
||||
resultingHash := r[len(r)-len(expectedHash):]
|
||||
assert(t, bytes.Equal(expectedHash[:], resultingHash),
|
||||
"HashReader: hashes do not match: expected %02x, got %02x",
|
||||
expectedHash, resultingHash)
|
||||
|
||||
// try to read again, must return io.EOF
|
||||
n2, err := rd.Read(make([]byte, 100))
|
||||
assert(t, n2 == 0, "HashReader returned %d additional bytes", n)
|
||||
assert(t, err == io.EOF, "HashReader returned %v instead of EOF", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncryptStreamReader(t *testing.T) {
|
||||
s := setupBackend(t)
|
||||
defer teardownBackend(t, s)
|
||||
|
|
Loading…
Reference in a new issue