| 
									
										
										
										
											2015-04-12 09:36:14 +02:00
										 |  |  | package crypto_test | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"bytes" | 
					
						
							| 
									
										
										
										
											2015-08-16 23:09:39 +02:00
										 |  |  | 	"crypto/rand" | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 	"io" | 
					
						
							|  |  |  | 	"testing" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-07-23 14:21:03 +02:00
										 |  |  | 	"github.com/restic/restic/internal/crypto" | 
					
						
							|  |  |  | 	. "github.com/restic/restic/internal/test" | 
					
						
							| 
									
										
										
										
											2016-08-21 11:33:53 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	"github.com/restic/chunker" | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-28 13:15:35 +02:00
										 |  |  | const testLargeCrypto = false | 
					
						
							| 
									
										
										
										
											2015-04-12 09:36:14 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | func TestEncryptDecrypt(t *testing.T) { | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	tests := []int{5, 23, 2<<18 + 23, 1 << 20} | 
					
						
							| 
									
										
										
										
											2015-06-28 13:15:35 +02:00
										 |  |  | 	if testLargeCrypto { | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 		tests = append(tests, 7<<20+123) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for _, size := range tests { | 
					
						
							| 
									
										
										
										
											2016-01-24 17:46:18 +01:00
										 |  |  | 		data := Random(42, size) | 
					
						
							| 
									
										
										
										
											2015-05-05 00:14:07 +02:00
										 |  |  | 		buf := make([]byte, size+crypto.Extension) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 		ciphertext, err := k.Encrypt(buf, data) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(t, err) | 
					
						
							| 
									
										
										
										
											2015-04-19 13:34:42 +02:00
										 |  |  | 		Assert(t, len(ciphertext) == len(data)+crypto.Extension, | 
					
						
							|  |  |  | 			"ciphertext length does not match: want %d, got %d", | 
					
						
							|  |  |  | 			len(data)+crypto.Extension, len(ciphertext)) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-03 13:34:04 +02:00
										 |  |  | 		plaintext := make([]byte, len(ciphertext)) | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 		n, err := k.Decrypt(plaintext, ciphertext) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(t, err) | 
					
						
							| 
									
										
										
										
											2016-09-03 13:34:04 +02:00
										 |  |  | 		plaintext = plaintext[:n] | 
					
						
							| 
									
										
										
										
											2015-04-19 13:34:42 +02:00
										 |  |  | 		Assert(t, len(plaintext) == len(data), | 
					
						
							|  |  |  | 			"plaintext length does not match: want %d, got %d", | 
					
						
							|  |  |  | 			len(data), len(plaintext)) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		Equals(t, plaintext, data) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func TestSmallBuffer(t *testing.T) { | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	size := 600 | 
					
						
							|  |  |  | 	data := make([]byte, size) | 
					
						
							| 
									
										
										
										
											2015-08-16 23:09:39 +02:00
										 |  |  | 	_, err := io.ReadFull(rand.Reader, data) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	ciphertext := make([]byte, size/2) | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	ciphertext, err = k.Encrypt(ciphertext, data) | 
					
						
							| 
									
										
										
										
											2015-04-19 13:34:42 +02:00
										 |  |  | 	// this must extend the slice | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	Assert(t, cap(ciphertext) > size/2, | 
					
						
							|  |  |  | 		"expected extended slice, but capacity is only %d bytes", | 
					
						
							|  |  |  | 		cap(ciphertext)) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// check for the correct plaintext | 
					
						
							| 
									
										
										
										
											2016-09-03 13:34:04 +02:00
										 |  |  | 	plaintext := make([]byte, len(ciphertext)) | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	n, err := k.Decrypt(plaintext, ciphertext) | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							| 
									
										
										
										
											2016-09-03 13:34:04 +02:00
										 |  |  | 	plaintext = plaintext[:n] | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	Assert(t, bytes.Equal(plaintext, data), | 
					
						
							|  |  |  | 		"wrong plaintext returned") | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func TestSameBuffer(t *testing.T) { | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	size := 600 | 
					
						
							|  |  |  | 	data := make([]byte, size) | 
					
						
							| 
									
										
										
										
											2015-08-16 23:09:39 +02:00
										 |  |  | 	_, err := io.ReadFull(rand.Reader, data) | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-19 13:34:42 +02:00
										 |  |  | 	ciphertext := make([]byte, 0, size+crypto.Extension) | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	ciphertext, err = k.Encrypt(ciphertext, data) | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-19 13:34:42 +02:00
										 |  |  | 	// use the same buffer for decryption | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	n, err := k.Decrypt(ciphertext, ciphertext) | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							| 
									
										
										
										
											2016-09-03 13:34:04 +02:00
										 |  |  | 	ciphertext = ciphertext[:n] | 
					
						
							| 
									
										
										
										
											2015-04-12 20:58:41 +02:00
										 |  |  | 	Assert(t, bytes.Equal(ciphertext, data), | 
					
						
							|  |  |  | 		"wrong plaintext returned") | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-19 14:06:55 +02:00
										 |  |  | func TestCornerCases(t *testing.T) { | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-04-19 14:06:55 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	// nil plaintext should encrypt to the empty string | 
					
						
							|  |  |  | 	// nil ciphertext should allocate a new slice for the ciphertext | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	c, err := k.Encrypt(nil, nil) | 
					
						
							| 
									
										
										
										
											2015-04-19 14:06:55 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	Assert(t, len(c) == crypto.Extension, | 
					
						
							|  |  |  | 		"wrong length returned for ciphertext, expected 0, got %d", | 
					
						
							|  |  |  | 		len(c)) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-05-05 00:07:57 +02:00
										 |  |  | 	// this should decrypt to nil | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	n, err := k.Decrypt(nil, c) | 
					
						
							| 
									
										
										
										
											2015-04-19 14:06:55 +02:00
										 |  |  | 	OK(t, err) | 
					
						
							| 
									
										
										
										
											2016-09-03 13:34:04 +02:00
										 |  |  | 	Equals(t, 0, n) | 
					
						
							| 
									
										
										
										
											2015-04-19 14:06:55 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	// test encryption for same slice, this should return an error | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	_, err = k.Encrypt(c, c) | 
					
						
							| 
									
										
										
										
											2015-04-19 14:06:55 +02:00
										 |  |  | 	Equals(t, crypto.ErrInvalidCiphertext, err) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | func TestLargeEncrypt(t *testing.T) { | 
					
						
							| 
									
										
										
										
											2015-06-28 13:15:35 +02:00
										 |  |  | 	if !testLargeCrypto { | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 		t.SkipNow() | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	for _, size := range []int{chunker.MaxSize, chunker.MaxSize + 1, chunker.MaxSize + 1<<20} { | 
					
						
							|  |  |  | 		data := make([]byte, size) | 
					
						
							| 
									
										
										
										
											2015-08-16 23:09:39 +02:00
										 |  |  | 		_, err := io.ReadFull(rand.Reader, data) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(t, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 		ciphertext, err := k.Encrypt(make([]byte, size+crypto.Extension), data) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(t, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 		plaintext, err := k.Decrypt([]byte{}, ciphertext) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(t, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		Equals(t, plaintext, data) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func BenchmarkEncrypt(b *testing.B) { | 
					
						
							|  |  |  | 	size := 8 << 20 // 8MiB | 
					
						
							|  |  |  | 	data := make([]byte, size) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-04-12 09:41:47 +02:00
										 |  |  | 	buf := make([]byte, len(data)+crypto.Extension) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	b.ResetTimer() | 
					
						
							|  |  |  | 	b.SetBytes(int64(size)) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for i := 0; i < b.N; i++ { | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 		_, err := k.Encrypt(buf, data) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(b, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func BenchmarkDecrypt(b *testing.B) { | 
					
						
							|  |  |  | 	size := 8 << 20 // 8MiB | 
					
						
							|  |  |  | 	data := make([]byte, size) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-04-29 22:28:34 -04:00
										 |  |  | 	k := crypto.NewRandomKey() | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-05-05 00:14:07 +02:00
										 |  |  | 	plaintext := make([]byte, size) | 
					
						
							|  |  |  | 	ciphertext := make([]byte, size+crypto.Extension) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 	ciphertext, err := k.Encrypt(ciphertext, data) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 	OK(b, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	b.ResetTimer() | 
					
						
							|  |  |  | 	b.SetBytes(int64(size)) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for i := 0; i < b.N; i++ { | 
					
						
							| 
									
										
										
										
											2017-06-19 21:12:53 +02:00
										 |  |  | 		_, err = k.Decrypt(plaintext, ciphertext) | 
					
						
							| 
									
										
										
										
											2015-04-09 21:15:48 +02:00
										 |  |  | 		OK(b, err) | 
					
						
							| 
									
										
										
										
											2015-03-14 19:53:51 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } |