From 9afec53c55d3b6f8bd1184e7d75993208e3a8b2b Mon Sep 17 00:00:00 2001 From: Alexander Neumann Date: Sun, 21 Aug 2016 11:33:53 +0200 Subject: [PATCH] Remove crypto reader/writer (unused) --- src/restic/crypto/crypto_test.go | 170 +------------------------------ src/restic/crypto/reader.go | 87 ---------------- src/restic/crypto/writer.go | 88 ---------------- 3 files changed, 2 insertions(+), 343 deletions(-) delete mode 100644 src/restic/crypto/reader.go delete mode 100644 src/restic/crypto/writer.go diff --git a/src/restic/crypto/crypto_test.go b/src/restic/crypto/crypto_test.go index f5e175f33..fe799da77 100644 --- a/src/restic/crypto/crypto_test.go +++ b/src/restic/crypto/crypto_test.go @@ -4,12 +4,12 @@ import ( "bytes" "crypto/rand" "io" - "io/ioutil" "testing" - "github.com/restic/chunker" "restic/crypto" . "restic/test" + + "github.com/restic/chunker" ) const testLargeCrypto = false @@ -128,25 +128,6 @@ func TestLargeEncrypt(t *testing.T) { } } -func BenchmarkEncryptWriter(b *testing.B) { - size := 8 << 20 // 8MiB - - k := crypto.NewRandomKey() - - b.ResetTimer() - b.SetBytes(int64(size)) - - for i := 0; i < b.N; i++ { - rd := RandomLimitReader(23, size) - wr := crypto.EncryptTo(k, ioutil.Discard) - n, err := io.Copy(wr, rd) - OK(b, err) - OK(b, wr.Close()) - Assert(b, n == int64(size), - "not enough bytes writter: want %d, got %d", size, n) - } -} - func BenchmarkEncrypt(b *testing.B) { size := 8 << 20 // 8MiB data := make([]byte, size) @@ -163,55 +144,6 @@ func BenchmarkEncrypt(b *testing.B) { } } -func BenchmarkDecryptReader(b *testing.B) { - size := 8 << 20 // 8MiB - buf := Random(23, size) - k := crypto.NewRandomKey() - - ciphertext := make([]byte, len(buf)+crypto.Extension) - _, err := crypto.Encrypt(k, ciphertext, buf) - OK(b, err) - - rd := bytes.NewReader(ciphertext) - - b.ResetTimer() - b.SetBytes(int64(size)) - - for i := 0; i < b.N; i++ { - rd.Seek(0, 0) - decRd, err := crypto.DecryptFrom(k, rd) - OK(b, err) - - _, err = io.Copy(ioutil.Discard, decRd) - OK(b, err) - } -} - -func BenchmarkEncryptDecryptReader(b *testing.B) { - k := crypto.NewRandomKey() - - size := 8 << 20 // 8MiB - - b.ResetTimer() - b.SetBytes(int64(size)) - - buf := bytes.NewBuffer(nil) - for i := 0; i < b.N; i++ { - rd := RandomLimitReader(23, size) - buf.Reset() - wr := crypto.EncryptTo(k, buf) - _, err := io.Copy(wr, rd) - OK(b, err) - OK(b, wr.Close()) - - r, err := crypto.DecryptFrom(k, buf) - OK(b, err) - - _, err = io.Copy(ioutil.Discard, r) - OK(b, err) - } -} - func BenchmarkDecrypt(b *testing.B) { size := 8 << 20 // 8MiB data := make([]byte, size) @@ -232,101 +164,3 @@ func BenchmarkDecrypt(b *testing.B) { OK(b, err) } } - -func TestEncryptStreamWriter(t *testing.T) { - k := crypto.NewRandomKey() - - tests := []int{5, 23, 2<<18 + 23, 1 << 20} - if testLargeCrypto { - tests = append(tests, 7<<20+123) - } - - for _, size := range tests { - data := Random(42, size) - - ciphertext := bytes.NewBuffer(nil) - wr := crypto.EncryptTo(k, ciphertext) - - _, err := io.Copy(wr, bytes.NewReader(data)) - OK(t, err) - OK(t, wr.Close()) - - l := len(data) + crypto.Extension - Assert(t, len(ciphertext.Bytes()) == l, - "wrong ciphertext length: expected %d, got %d", - l, len(ciphertext.Bytes())) - - // decrypt with default function - plaintext, err := crypto.Decrypt(k, []byte{}, ciphertext.Bytes()) - OK(t, err) - Assert(t, bytes.Equal(data, plaintext), - "wrong plaintext after decryption: expected %02x, got %02x", - data, plaintext) - } -} - -func TestDecryptStreamReader(t *testing.T) { - k := crypto.NewRandomKey() - - tests := []int{5, 23, 2<<18 + 23, 1 << 20} - if testLargeCrypto { - tests = append(tests, 7<<20+123) - } - - for _, size := range tests { - data := Random(42, size) - var err error - ciphertext := make([]byte, size+crypto.Extension) - - // encrypt with default function - ciphertext, err = crypto.Encrypt(k, ciphertext, data) - OK(t, err) - Assert(t, len(ciphertext) == len(data)+crypto.Extension, - "wrong number of bytes returned after encryption: expected %d, got %d", - len(data)+crypto.Extension, len(ciphertext)) - - rd, err := crypto.DecryptFrom(k, bytes.NewReader(ciphertext)) - OK(t, err) - - plaintext, err := ioutil.ReadAll(rd) - OK(t, err) - - Assert(t, bytes.Equal(data, plaintext), - "wrong plaintext after decryption: expected %02x, got %02x", - data, plaintext) - } -} - -func TestEncryptWriter(t *testing.T) { - k := crypto.NewRandomKey() - - tests := []int{5, 23, 2<<18 + 23, 1 << 20} - if testLargeCrypto { - tests = append(tests, 7<<20+123) - } - - for _, size := range tests { - data := Random(42, size) - - buf := bytes.NewBuffer(nil) - wr := crypto.EncryptTo(k, buf) - - _, err := io.Copy(wr, bytes.NewReader(data)) - OK(t, err) - OK(t, wr.Close()) - - ciphertext := buf.Bytes() - - l := len(data) + crypto.Extension - Assert(t, len(ciphertext) == l, - "wrong ciphertext length: expected %d, got %d", - l, len(ciphertext)) - - // decrypt with default function - plaintext, err := crypto.Decrypt(k, []byte{}, ciphertext) - OK(t, err) - Assert(t, bytes.Equal(data, plaintext), - "wrong plaintext after decryption: expected %02x, got %02x", - data, plaintext) - } -} diff --git a/src/restic/crypto/reader.go b/src/restic/crypto/reader.go deleted file mode 100644 index 20c451cf3..000000000 --- a/src/restic/crypto/reader.go +++ /dev/null @@ -1,87 +0,0 @@ -package crypto - -import ( - "bytes" - "errors" - "io" -) - -type decryptReader struct { - buf []byte - rd *bytes.Reader -} - -func (d *decryptReader) Read(dst []byte) (n int, err error) { - if d.buf == nil { - return 0, io.EOF - } - - n, err = d.rd.Read(dst) - if err == io.EOF { - d.free() - } - - return -} - -func (d *decryptReader) free() { - freeBuffer(d.buf) - d.buf = nil -} - -func (d *decryptReader) Close() error { - if d == nil || d.buf == nil { - return nil - } - - d.free() - return nil -} - -func (d *decryptReader) ReadByte() (c byte, err error) { - if d.buf == nil { - return 0, io.EOF - } - - c, err = d.rd.ReadByte() - if err == io.EOF { - d.free() - } - - return -} - -func (d *decryptReader) WriteTo(w io.Writer) (n int64, err error) { - if d.buf == nil { - return 0, errors.New("WriteTo() called on drained reader") - } - - n, err = d.rd.WriteTo(w) - d.free() - - return -} - -// DecryptFrom verifies and decrypts the ciphertext read from rd with ks and -// makes it available on the returned Reader. Ciphertext must be in the form IV -// || Ciphertext || MAC. In order to correctly verify the ciphertext, rd is -// drained, locally buffered and made available on the returned Reader -// afterwards. If a MAC verification failure is observed, it is returned -// immediately. -func DecryptFrom(ks *Key, rd io.Reader) (io.ReadCloser, error) { - buf := bytes.NewBuffer(getBuffer()[:0]) - _, err := buf.ReadFrom(rd) - if err != nil { - return (*decryptReader)(nil), err - } - - ciphertext := buf.Bytes() - - ciphertext, err = Decrypt(ks, ciphertext, ciphertext) - if err != nil { - freeBuffer(ciphertext) - return (*decryptReader)(nil), err - } - - return &decryptReader{buf: ciphertext, rd: bytes.NewReader(ciphertext)}, nil -} diff --git a/src/restic/crypto/writer.go b/src/restic/crypto/writer.go deleted file mode 100644 index 63a09438e..000000000 --- a/src/restic/crypto/writer.go +++ /dev/null @@ -1,88 +0,0 @@ -package crypto - -import ( - "crypto/aes" - "crypto/cipher" - "errors" - "fmt" - "io" -) - -type encryptWriter struct { - data []byte - key *Key - s cipher.Stream - w io.Writer - closed bool -} - -func (e *encryptWriter) Close() error { - if e == nil { - return nil - } - - if e.closed { - return errors.New("Close() called on already closed writer") - } - e.closed = true - - // encrypt everything - iv, c := e.data[:ivSize], e.data[ivSize:] - e.s.XORKeyStream(c, c) - - // compute mac - mac := poly1305MAC(c, iv, &e.key.MAC) - e.data = append(e.data, mac...) - - // write everything - n, err := e.w.Write(e.data) - if err != nil { - return err - } - - if n != len(e.data) { - return errors.New("not all bytes written") - } - - // return buffer to pool - freeBuffer(e.data) - - return nil -} - -func (e *encryptWriter) Write(p []byte) (int, error) { - // if e.data is too small, return it to the buffer and create new slice - if cap(e.data) < len(e.data)+len(p) { - b := make([]byte, len(e.data), len(e.data)*2) - copy(b, e.data) - freeBuffer(e.data) - e.data = b - } - - // copy new data to e.data - e.data = append(e.data, p...) - return len(p), nil -} - -// EncryptTo buffers data written to the returned io.WriteCloser. When Close() -// is called, the data is encrypted and written to the underlying writer. -func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser { - ew := &encryptWriter{ - data: getBuffer(), - key: ks, - } - - // buffer iv for mac - ew.data = ew.data[:ivSize] - copy(ew.data, newIV()) - - c, err := aes.NewCipher(ks.Encrypt[:]) - if err != nil { - panic(fmt.Sprintf("unable to create cipher: %v", err)) - } - - ew.s = cipher.NewCTR(c, ew.data[:ivSize]) - ew.w = wr - - return ew -}