repo: deprecated NONE algorithm, will not be available for new repositories (#395)

* repo: deprecated NONE algorithm, will not be available for new repositories Co-authored-by: Julio López <julio+gh@kasten.io>
2026-05-24 22:54:55 -04:00 · 2020-03-24 23:19:20 -07:00
parent 60977812f0
commit 10bb492926
8 changed files with 17 additions and 28 deletions
--- a/cli/command_benchmark_crypto.go
+++ b/cli/command_benchmark_crypto.go
@@ -15,7 +15,6 @@
 var (
 	benchmarkCryptoCommand              = benchmarkCommands.Command("crypto", "Run hash and encryption benchmarks")
 	benchmarkCryptoBlockSize            = benchmarkCryptoCommand.Flag("block-size", "Size of a block to encrypt").Default("1MB").Bytes()
-	benchmarkCryptoEncryption           = benchmarkCryptoCommand.Flag("encryption", "Test encrypted formats").Default("true").Bool()
 	benchmarkCryptoRepeat               = benchmarkCryptoCommand.Flag("repeat", "Number of repetitions").Default("100").Int()
 	benchmarkCryptoDeprecatedAlgorithms = benchmarkCryptoCommand.Flag("deprecated", "Include deprecated algorithms").Bool()
 )
@@ -42,11 +41,6 @@ type benchResult struct {

 	for _, ha := range hashing.SupportedAlgorithms() {
 		for _, ea := range encryption.SupportedAlgorithms(*benchmarkCryptoDeprecatedAlgorithms) {
-			isEncrypted := ea != encryption.NoneAlgorithm
-			if *benchmarkCryptoEncryption != isEncrypted {
-				continue
-			}
-
 			h, e, err := content.CreateHashAndEncryptor(&content.FormattingOptions{
 				Encryption: ea,
 				Hash:       ha,
--- a/internal/repotesting/repotesting.go
+++ b/internal/repotesting/repotesting.go
@@ -48,7 +48,7 @@ func (e *Environment) Setup(t *testing.T, opts ...func(*repo.NewRepositoryOption
 		BlockFormat: content.FormattingOptions{
 			HMACSecret: []byte{},
 			Hash:       "HMAC-SHA256",
-			Encryption: encryption.NoneAlgorithm,
+			Encryption: encryption.DefaultAlgorithm,
 		},
 		ObjectFormat: object.Format{
 			Splitter: "FIXED-1M",
--- a/repo/encryption/encryption.go
+++ b/repo/encryption/encryption.go
@@ -56,8 +56,8 @@ func CreateEncryptor(p Parameters) (Encryptor, error) {
 // DefaultAlgorithm is the name of the default encryption algorithm.
 const DefaultAlgorithm = "AES256-GCM-HMAC-SHA256"

-// NoneAlgorithm is the name of the algorithm that does not encrypt.
-const NoneAlgorithm = "NONE"
+// DeprecatedNoneAlgorithm is the name of the algorithm that does not encrypt.
+const DeprecatedNoneAlgorithm = "NONE"

 // SupportedAlgorithms returns the names of the supported encryption
 // methods
--- a/repo/encryption/encryption_test.go
+++ b/repo/encryption/encryption_test.go
@@ -45,7 +45,7 @@ func TestRoundTrip(t *testing.T) {
 				t.Errorf("invalid response from Encrypt: %v %v", cipherText1, err)
 			}

-			if !e.IsDeprecated() && encryptionAlgo != encryption.NoneAlgorithm {
+			if !e.IsDeprecated() && encryptionAlgo != encryption.DeprecatedNoneAlgorithm {
 				cipherText1b, err2 := e.Encrypt(nil, data, contentID1)
 				if err2 != nil || cipherText1b == nil {
 					t.Errorf("invalid response from Encrypt: %v %v", cipherText1, err2)
@@ -90,7 +90,7 @@ func TestRoundTrip(t *testing.T) {
 				t.Errorf("Encrypt()/Decrypt() does not round-trip: %x %x", plainText2, data)
 			}

-			if encryptionAlgo != encryption.NoneAlgorithm {
+			if encryptionAlgo != encryption.DeprecatedNoneAlgorithm {
 				if bytes.Equal(cipherText1, cipherText2) {
 					t.Errorf("ciphertexts should be different, were %x", cipherText1)
 				}
--- a/repo/encryption/null_encryptor.go
+++ b/repo/encryption/null_encryptor.go
@@ -25,7 +25,7 @@ func (fi nullEncryptor) MaxOverhead() int {
 }

 func init() {
-	Register(NoneAlgorithm, "No encryption", false, func(p Parameters) (Encryptor, error) {
+	Register(DeprecatedNoneAlgorithm, "No encryption", true, func(p Parameters) (Encryptor, error) {
 		return nullEncryptor{}, nil
 	})
 }
--- a/repo/initialize.go
+++ b/repo/initialize.go
@@ -74,7 +74,7 @@ func Initialize(ctx context.Context, st blob.Storage, opt *NewRepositoryOptions,
 }

 func formatBlobFromOptions(opt *NewRepositoryOptions) *formatBlob {
-	f := &formatBlob{
+	return &formatBlob{
 		Tool:                   "https://github.com/kopia/kopia",
 		BuildInfo:              BuildInfo,
 		KeyDerivationAlgorithm: defaultKeyDerivationAlgorithm,
@@ -82,12 +82,6 @@ func formatBlobFromOptions(opt *NewRepositoryOptions) *formatBlob {
 		Version:                "1",
 		EncryptionAlgorithm:    defaultFormatEncryption,
 	}
-
-	if opt.BlockFormat.Encryption == encryption.NoneAlgorithm {
-		f.EncryptionAlgorithm = encryption.NoneAlgorithm
-	}
-
-	return f
 }

 func repositoryObjectFormatFromOptions(opt *NewRepositoryOptions) *repositoryObjectFormat {
--- a/repo/manifest/manifest_manager_test.go
+++ b/repo/manifest/manifest_manager_test.go
@@ -12,6 +12,7 @@
 	"github.com/kopia/kopia/internal/testlogging"
 	"github.com/kopia/kopia/repo/content"
 	"github.com/kopia/kopia/repo/encryption"
+	"github.com/kopia/kopia/repo/hashing"
 )

 //nolint:funlen
@@ -139,8 +140,8 @@ func TestManifestInitCorruptedBlock(t *testing.T) {
 	st := blobtesting.NewMapStorage(data, nil, nil)

 	f := &content.FormattingOptions{
-		Hash:        "HMAC-SHA256-128",
-		Encryption:  encryption.NoneAlgorithm,
+		Hash:        hashing.DefaultAlgorithm,
+		Encryption:  encryption.DefaultAlgorithm,
 		MaxPackSize: 100000,
 		Version:     1,
 	}
@@ -292,8 +293,8 @@ func newManagerForTesting(ctx context.Context, t *testing.T, data blobtesting.Da
 	st := blobtesting.NewMapStorage(data, nil, nil)

 	bm, err := content.NewManager(ctx, st, &content.FormattingOptions{
-		Hash:        "HMAC-SHA256-128",
-		Encryption:  encryption.NoneAlgorithm,
+		Hash:        hashing.DefaultAlgorithm,
+		Encryption:  encryption.DefaultAlgorithm,
 		MaxPackSize: 100000,
 		Version:     1,
 	}, content.CachingOptions{}, content.ManagerOptions{})
--- a/repo/repository_test.go
+++ b/repo/repository_test.go
@@ -249,10 +249,10 @@ func verify(ctx context.Context, t *testing.T, rep *repo.Repository, objectID ob

 func TestFormats(t *testing.T) {
 	ctx := testlogging.Context(t)
-	makeFormat := func(hash, encryption string) func(*repo.NewRepositoryOptions) {
+
+	makeFormat := func(hashAlgo string) func(*repo.NewRepositoryOptions) {
 		return func(n *repo.NewRepositoryOptions) {
-			n.BlockFormat.Hash = hash
-			n.BlockFormat.Encryption = encryption
+			n.BlockFormat.Hash = hashAlgo
 			n.BlockFormat.HMACSecret = []byte("key")
 			n.ObjectFormat.Splitter = "FIXED-1M"
 		}
@@ -271,13 +271,13 @@ func TestFormats(t *testing.T) {
 			},
 		},
 		{
-			format: makeFormat("HMAC-SHA256", "NONE"),
+			format: makeFormat("HMAC-SHA256"),
 			oids: map[string]object.ID{
 				"The quick brown fox jumps over the lazy dog": "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8",
 			},
 		},
 		{
-			format: makeFormat("HMAC-SHA256-128", "NONE"),
+			format: makeFormat("HMAC-SHA256-128"),
 			oids: map[string]object.ID{
 				"The quick brown fox jumps over the lazy dog": "f7bc83f430538424b13298e6aa6fb143",
 			},