From 10bb492926932fe6259d4acf0dc7703ec8379682 Mon Sep 17 00:00:00 2001 From: Jarek Kowalski Date: Tue, 24 Mar 2020 23:19:20 -0700 Subject: [PATCH] repo: deprecated NONE algorithm, will not be available for new repositories (#395) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * repo: deprecated NONE algorithm, will not be available for new repositories Co-authored-by: Julio López --- cli/command_benchmark_crypto.go | 6 ------ internal/repotesting/repotesting.go | 2 +- repo/encryption/encryption.go | 4 ++-- repo/encryption/encryption_test.go | 4 ++-- repo/encryption/null_encryptor.go | 2 +- repo/initialize.go | 8 +------- repo/manifest/manifest_manager_test.go | 9 +++++---- repo/repository_test.go | 10 +++++----- 8 files changed, 17 insertions(+), 28 deletions(-) diff --git a/cli/command_benchmark_crypto.go b/cli/command_benchmark_crypto.go index dfe16f355..66baab9f5 100644 --- a/cli/command_benchmark_crypto.go +++ b/cli/command_benchmark_crypto.go @@ -15,7 +15,6 @@ var ( benchmarkCryptoCommand = benchmarkCommands.Command("crypto", "Run hash and encryption benchmarks") benchmarkCryptoBlockSize = benchmarkCryptoCommand.Flag("block-size", "Size of a block to encrypt").Default("1MB").Bytes() - benchmarkCryptoEncryption = benchmarkCryptoCommand.Flag("encryption", "Test encrypted formats").Default("true").Bool() benchmarkCryptoRepeat = benchmarkCryptoCommand.Flag("repeat", "Number of repetitions").Default("100").Int() benchmarkCryptoDeprecatedAlgorithms = benchmarkCryptoCommand.Flag("deprecated", "Include deprecated algorithms").Bool() ) @@ -42,11 +41,6 @@ type benchResult struct { for _, ha := range hashing.SupportedAlgorithms() { for _, ea := range encryption.SupportedAlgorithms(*benchmarkCryptoDeprecatedAlgorithms) { - isEncrypted := ea != encryption.NoneAlgorithm - if *benchmarkCryptoEncryption != isEncrypted { - continue - } - h, e, err := content.CreateHashAndEncryptor(&content.FormattingOptions{ Encryption: ea, Hash: ha, diff --git a/internal/repotesting/repotesting.go b/internal/repotesting/repotesting.go index f989098b7..601a4a985 100644 --- a/internal/repotesting/repotesting.go +++ b/internal/repotesting/repotesting.go @@ -48,7 +48,7 @@ func (e *Environment) Setup(t *testing.T, opts ...func(*repo.NewRepositoryOption BlockFormat: content.FormattingOptions{ HMACSecret: []byte{}, Hash: "HMAC-SHA256", - Encryption: encryption.NoneAlgorithm, + Encryption: encryption.DefaultAlgorithm, }, ObjectFormat: object.Format{ Splitter: "FIXED-1M", diff --git a/repo/encryption/encryption.go b/repo/encryption/encryption.go index 47799cff9..967b63b4d 100644 --- a/repo/encryption/encryption.go +++ b/repo/encryption/encryption.go @@ -56,8 +56,8 @@ func CreateEncryptor(p Parameters) (Encryptor, error) { // DefaultAlgorithm is the name of the default encryption algorithm. const DefaultAlgorithm = "AES256-GCM-HMAC-SHA256" -// NoneAlgorithm is the name of the algorithm that does not encrypt. -const NoneAlgorithm = "NONE" +// DeprecatedNoneAlgorithm is the name of the algorithm that does not encrypt. +const DeprecatedNoneAlgorithm = "NONE" // SupportedAlgorithms returns the names of the supported encryption // methods diff --git a/repo/encryption/encryption_test.go b/repo/encryption/encryption_test.go index 23806ce53..141e96934 100644 --- a/repo/encryption/encryption_test.go +++ b/repo/encryption/encryption_test.go @@ -45,7 +45,7 @@ func TestRoundTrip(t *testing.T) { t.Errorf("invalid response from Encrypt: %v %v", cipherText1, err) } - if !e.IsDeprecated() && encryptionAlgo != encryption.NoneAlgorithm { + if !e.IsDeprecated() && encryptionAlgo != encryption.DeprecatedNoneAlgorithm { cipherText1b, err2 := e.Encrypt(nil, data, contentID1) if err2 != nil || cipherText1b == nil { t.Errorf("invalid response from Encrypt: %v %v", cipherText1, err2) @@ -90,7 +90,7 @@ func TestRoundTrip(t *testing.T) { t.Errorf("Encrypt()/Decrypt() does not round-trip: %x %x", plainText2, data) } - if encryptionAlgo != encryption.NoneAlgorithm { + if encryptionAlgo != encryption.DeprecatedNoneAlgorithm { if bytes.Equal(cipherText1, cipherText2) { t.Errorf("ciphertexts should be different, were %x", cipherText1) } diff --git a/repo/encryption/null_encryptor.go b/repo/encryption/null_encryptor.go index 204833c31..7dbc56443 100644 --- a/repo/encryption/null_encryptor.go +++ b/repo/encryption/null_encryptor.go @@ -25,7 +25,7 @@ func (fi nullEncryptor) MaxOverhead() int { } func init() { - Register(NoneAlgorithm, "No encryption", false, func(p Parameters) (Encryptor, error) { + Register(DeprecatedNoneAlgorithm, "No encryption", true, func(p Parameters) (Encryptor, error) { return nullEncryptor{}, nil }) } diff --git a/repo/initialize.go b/repo/initialize.go index f845b0ae7..20b53cc9a 100644 --- a/repo/initialize.go +++ b/repo/initialize.go @@ -74,7 +74,7 @@ func Initialize(ctx context.Context, st blob.Storage, opt *NewRepositoryOptions, } func formatBlobFromOptions(opt *NewRepositoryOptions) *formatBlob { - f := &formatBlob{ + return &formatBlob{ Tool: "https://github.com/kopia/kopia", BuildInfo: BuildInfo, KeyDerivationAlgorithm: defaultKeyDerivationAlgorithm, @@ -82,12 +82,6 @@ func formatBlobFromOptions(opt *NewRepositoryOptions) *formatBlob { Version: "1", EncryptionAlgorithm: defaultFormatEncryption, } - - if opt.BlockFormat.Encryption == encryption.NoneAlgorithm { - f.EncryptionAlgorithm = encryption.NoneAlgorithm - } - - return f } func repositoryObjectFormatFromOptions(opt *NewRepositoryOptions) *repositoryObjectFormat { diff --git a/repo/manifest/manifest_manager_test.go b/repo/manifest/manifest_manager_test.go index f251478d8..01923f568 100644 --- a/repo/manifest/manifest_manager_test.go +++ b/repo/manifest/manifest_manager_test.go @@ -12,6 +12,7 @@ "github.com/kopia/kopia/internal/testlogging" "github.com/kopia/kopia/repo/content" "github.com/kopia/kopia/repo/encryption" + "github.com/kopia/kopia/repo/hashing" ) //nolint:funlen @@ -139,8 +140,8 @@ func TestManifestInitCorruptedBlock(t *testing.T) { st := blobtesting.NewMapStorage(data, nil, nil) f := &content.FormattingOptions{ - Hash: "HMAC-SHA256-128", - Encryption: encryption.NoneAlgorithm, + Hash: hashing.DefaultAlgorithm, + Encryption: encryption.DefaultAlgorithm, MaxPackSize: 100000, Version: 1, } @@ -292,8 +293,8 @@ func newManagerForTesting(ctx context.Context, t *testing.T, data blobtesting.Da st := blobtesting.NewMapStorage(data, nil, nil) bm, err := content.NewManager(ctx, st, &content.FormattingOptions{ - Hash: "HMAC-SHA256-128", - Encryption: encryption.NoneAlgorithm, + Hash: hashing.DefaultAlgorithm, + Encryption: encryption.DefaultAlgorithm, MaxPackSize: 100000, Version: 1, }, content.CachingOptions{}, content.ManagerOptions{}) diff --git a/repo/repository_test.go b/repo/repository_test.go index 5bea2ea8c..c77fa6f72 100644 --- a/repo/repository_test.go +++ b/repo/repository_test.go @@ -249,10 +249,10 @@ func verify(ctx context.Context, t *testing.T, rep *repo.Repository, objectID ob func TestFormats(t *testing.T) { ctx := testlogging.Context(t) - makeFormat := func(hash, encryption string) func(*repo.NewRepositoryOptions) { + + makeFormat := func(hashAlgo string) func(*repo.NewRepositoryOptions) { return func(n *repo.NewRepositoryOptions) { - n.BlockFormat.Hash = hash - n.BlockFormat.Encryption = encryption + n.BlockFormat.Hash = hashAlgo n.BlockFormat.HMACSecret = []byte("key") n.ObjectFormat.Splitter = "FIXED-1M" } @@ -271,13 +271,13 @@ func TestFormats(t *testing.T) { }, }, { - format: makeFormat("HMAC-SHA256", "NONE"), + format: makeFormat("HMAC-SHA256"), oids: map[string]object.ID{ "The quick brown fox jumps over the lazy dog": "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8", }, }, { - format: makeFormat("HMAC-SHA256-128", "NONE"), + format: makeFormat("HMAC-SHA256-128"), oids: map[string]object.ID{ "The quick brown fox jumps over the lazy dog": "f7bc83f430538424b13298e6aa6fb143", },