From 2f8481b9d428f09e9d668ab2a6fe2ef1f6ffb44b Mon Sep 17 00:00:00 2001 From: Jarek Kowalski Date: Wed, 17 Oct 2018 17:58:35 -0700 Subject: [PATCH] repo: removed TESTONLY_MD5 algorithm everywhere --- repo/block/block_formatter.go | 15 +-------------- repo/block/block_manager_test.go | 18 +++++++++++------- repo/manifest/manifest_manager_test.go | 2 +- repo/object/object_manager_test.go | 25 ++++++++++++------------- 4 files changed, 25 insertions(+), 35 deletions(-) diff --git a/repo/block/block_formatter.go b/repo/block/block_formatter.go index d6896f6c3..80692fdf6 100644 --- a/repo/block/block_formatter.go +++ b/repo/block/block_formatter.go @@ -3,8 +3,7 @@ import ( "crypto/aes" "crypto/cipher" - "crypto/hmac" - "crypto/md5" //nolint:gas + "crypto/hmac" //nolint:gas "crypto/sha256" "fmt" "hash" @@ -88,9 +87,6 @@ func symmetricEncrypt(createCipher func(key []byte) (cipher.Block, error), key [ func init() { FormatterFactories = map[string]func(f FormattingOptions) (Formatter, error){ - "TESTONLY_MD5": func(f FormattingOptions) (Formatter, error) { - return &unencryptedFormat{computeHash(md5.New, md5.Size)}, nil - }, "UNENCRYPTED_HMAC_SHA256": func(f FormattingOptions) (Formatter, error) { return &unencryptedFormat{computeHMAC(sha256.New, f.HMACSecret, sha256.Size)}, nil }, @@ -117,15 +113,6 @@ func init() { // DefaultFormat is the block format that should be used by default when creating new repositories. const DefaultFormat = "ENCRYPTED_HMAC_SHA256_AES256_SIV" -// computeHash returns a digestFunction that computes a hash of a given block of bytes and truncates results to the given size. -func computeHash(hf func() hash.Hash, truncate int) digestFunction { - return func(b []byte) []byte { - h := hf() - h.Write(b) // nolint:errcheck - return h.Sum(nil)[0:truncate] - } -} - // computeHMAC returns a digestFunction that computes HMAC(hash, secret) of a given block of bytes and truncates results to the given size. func computeHMAC(hf func() hash.Hash, secret []byte, truncate int) digestFunction { return func(b []byte) []byte { diff --git a/repo/block/block_manager_test.go b/repo/block/block_manager_test.go index 94c4c0532..8af96569a 100644 --- a/repo/block/block_manager_test.go +++ b/repo/block/block_manager_test.go @@ -3,7 +3,8 @@ import ( "bytes" "context" - "crypto/md5" + "crypto/hmac" + "crypto/sha256" "encoding/hex" "errors" "fmt" @@ -25,6 +26,7 @@ ) var fakeTime = time.Date(2017, 1, 1, 0, 0, 0, 0, time.UTC) +var hmacSecret = []byte{1, 2, 3} func init() { logging.SetLevel(logging.INFO, "") @@ -142,7 +144,7 @@ func TestBlockManagerEmpty(t *testing.T) { keyTime := map[string]time.Time{} bm := newTestBlockManager(data, keyTime, nil) - noSuchBlockID := string(md5hash([]byte("foo"))) + noSuchBlockID := string(hashValue([]byte("foo"))) b, err := bm.GetBlock(ctx, noSuchBlockID) if err != storage.ErrBlockNotFound { @@ -697,7 +699,8 @@ func newTestBlockManager(data map[string][]byte, keyTime map[string]time.Time, t } st := storagetesting.NewMapStorage(data, keyTime, timeFunc) bm, err := newManagerWithOptions(context.Background(), st, FormattingOptions{ - BlockFormat: "TESTONLY_MD5", + BlockFormat: "UNENCRYPTED_HMAC_SHA256", + HMACSecret: hmacSecret, MaxPackSize: maxPackSize, }, CachingOptions{}, timeFunc) if err != nil { @@ -774,7 +777,7 @@ func writeBlockAndVerify(ctx context.Context, t *testing.T, bm *Manager, b []byt t.Errorf("err: %v", err) } - if got, want := blockID, string(md5hash(b)); got != want { + if got, want := blockID, string(hashValue(b)); got != want { t.Errorf("invalid block ID for %x, got %v, want %v", b, got, want) } @@ -790,9 +793,10 @@ func seededRandomData(seed int, length int) []byte { return b } -func md5hash(b []byte) string { - h := md5.Sum(b) - return hex.EncodeToString(h[:]) +func hashValue(b []byte) string { + h := hmac.New(sha256.New, hmacSecret) + h.Write(b) + return hex.EncodeToString(h.Sum(nil)) } func dumpBlockManagerData(t *testing.T, data map[string][]byte) { diff --git a/repo/manifest/manifest_manager_test.go b/repo/manifest/manifest_manager_test.go index c7b6f0e1a..ecb64cd61 100644 --- a/repo/manifest/manifest_manager_test.go +++ b/repo/manifest/manifest_manager_test.go @@ -182,7 +182,7 @@ func newManagerForTesting(ctx context.Context, t *testing.T, data map[string][]b st := storagetesting.NewMapStorage(data, nil, nil) bm, err := block.NewManager(ctx, st, block.FormattingOptions{ - BlockFormat: "TESTONLY_MD5", + BlockFormat: "UNENCRYPTED_HMAC_SHA256_128", MaxPackSize: 100000, }, block.CachingOptions{}) if err != nil { diff --git a/repo/object/object_manager_test.go b/repo/object/object_manager_test.go index aae6c1d03..3d9ce6c5a 100644 --- a/repo/object/object_manager_test.go +++ b/repo/object/object_manager_test.go @@ -3,8 +3,8 @@ import ( "bytes" "context" - "crypto/md5" cryptorand "crypto/rand" + "crypto/sha256" "encoding/hex" "fmt" "io" @@ -39,7 +39,7 @@ func (f *fakeBlockManager) GetBlock(ctx context.Context, blockID string) ([]byte } func (f *fakeBlockManager) WriteBlock(ctx context.Context, data []byte, prefix string) (string, error) { - h := md5.New() + h := sha256.New() h.Write(data) blockID := prefix + string(hex.EncodeToString(h.Sum(nil))) @@ -74,7 +74,7 @@ func setupTestWithData(t *testing.T, data map[string][]byte, opts ManagerOptions FormattingOptions: block.FormattingOptions{ Version: 1, }, - MaxBlockSize: 200, + MaxBlockSize: 400, Splitter: "FIXED", }, opts) if err != nil { @@ -92,9 +92,9 @@ func TestWriters(t *testing.T) { }{ { []byte("the quick brown fox jumps over the lazy dog"), - "77add1d5f41223d5582fca736a5cb335", + "05c6e08f1d9fdafa03147fcb8f82f124c76d2f70e3d989dc8aadb5e7d7450bec", }, - {make([]byte, 100), "6d0bb00954ceb7fbee436bb55a8397a9"}, // 100 zero bytes + {make([]byte, 100), "cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3"}, // 100 zero bytes } for _, c := range cases { @@ -142,7 +142,7 @@ func TestWriterCompleteChunkInTwoWrites(t *testing.T) { writer.Write(bytes[0:50]) writer.Write(bytes[0:50]) result, err := writer.Result() - if !objectIDsEqual(result, "6d0bb00954ceb7fbee436bb55a8397a9") { + if !objectIDsEqual(result, "cd00e292c5970d3c5e2f0ffa5171e555bc46bfc4faddfb4a418b6840b86e79a3") { t.Errorf("unexpected result: %v err: %v", result, err) } } @@ -182,12 +182,11 @@ func TestIndirection(t *testing.T) { expectedIndirection int }{ {dataLength: 200, expectedBlockCount: 1, expectedIndirection: 0}, - {dataLength: 250, expectedBlockCount: 3, expectedIndirection: 1}, - {dataLength: 1400, expectedBlockCount: 7, expectedIndirection: 3}, - {dataLength: 2000, expectedBlockCount: 8, expectedIndirection: 3}, - {dataLength: 3000, expectedBlockCount: 9, expectedIndirection: 3}, - {dataLength: 4000, expectedBlockCount: 14, expectedIndirection: 4}, - {dataLength: 10000, expectedBlockCount: 24, expectedIndirection: 4}, + {dataLength: 1400, expectedBlockCount: 3, expectedIndirection: 1}, + {dataLength: 2000, expectedBlockCount: 4, expectedIndirection: 2}, + {dataLength: 3000, expectedBlockCount: 5, expectedIndirection: 2}, + {dataLength: 4000, expectedBlockCount: 5, expectedIndirection: 2}, + {dataLength: 10000, expectedBlockCount: 10, expectedIndirection: 3}, } for _, c := range cases { @@ -247,7 +246,7 @@ func TestHMAC(t *testing.T) { w := om.NewWriter(ctx, WriterOptions{}) w.Write(content) result, err := w.Result() - if result.String() != "999732b72ceff665b3f7608411db66a4" { + if result.String() != "cad29ff89951a3c085c86cb7ed22b82b51f7bdfda24f932c7f9601f51d5975ba" { t.Errorf("unexpected result: %v err: %v", result.String(), err) } }