start refactoring

utils/crypto/crypto_test.go

@@ -0,0 +1,52 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crypto
+
+import (
+	"bytes"
+	"io"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWriter(t *testing.T) {
+	// Empty key.
+	assert := assert.New(t)
+	key := ""
+	buffer := bytes.NewBuffer(nil)
+	_, err := NewWriter(buffer, []byte(key))
+	assert.NoError(err)
+}
+
+func TestCrypto(t *testing.T) {
+	assert := assert.New(t)
+
+	text := "1234567890abcdefghigklmnopqrstuvwxyzeeeeeeeeeeeeeeeeeeeeeewwwwwwwwwwwwwwwwwwwwwwwwwwzzzzzzzzzzzzzzzzzzzzzzzzdddddddddddddddddddddddddddddddddddddrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrllllllllllllllllllllllllllllllllllqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeewwwwwwwwwwwwwwwwwwwwww"
+	key := "123456"
+
+	buffer := bytes.NewBuffer(nil)
+	encWriter, err := NewWriter(buffer, []byte(key))
+	assert.NoError(err)
+
+	encWriter.Write([]byte(text))
+
+	decReader, err := NewReader(buffer, []byte(key))
+	assert.NoError(err)
+
+	c := bytes.NewBuffer(nil)
+	io.Copy(c, decReader)
+	assert.Equal(text, string(c.Bytes()))
+}

utils/crypto/decode.go

@@ -0,0 +1,75 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/sha1"
+	"io"
+
+	"golang.org/x/crypto/pbkdf2"
+)
+
+// NewReader returns a new Reader that decrypts bytes from r
+func NewReader(r io.Reader, key []byte) (*Reader, error) {
+	key = pbkdf2.Key(key, []byte(salt), 64, aes.BlockSize, sha1.New)
+
+	return &Reader{
+		r:   r,
+		key: key,
+	}, nil
+}
+
+// Reader is an io.Reader that can read encrypted bytes.
+// Now it only supports aes-128-cfb.
+type Reader struct {
+	r   io.Reader
+	dec *cipher.StreamReader
+	key []byte
+	iv  []byte
+	err error
+}
+
+// Read satisfies the io.Reader interface.
+func (r *Reader) Read(p []byte) (nRet int, errRet error) {
+	if r.err != nil {
+		return 0, r.err
+	}
+
+	if r.dec == nil {
+		iv := make([]byte, aes.BlockSize)
+		if _, errRet = io.ReadFull(r.r, iv); errRet != nil {
+			return
+		}
+		r.iv = iv
+
+		block, err := aes.NewCipher(r.key)
+		if err != nil {
+			errRet = err
+			return
+		}
+		r.dec = &cipher.StreamReader{
+			S: cipher.NewCFBDecrypter(block, iv),
+			R: r.r,
+		}
+	}
+
+	nRet, errRet = r.dec.Read(p)
+	if errRet != nil {
+		r.err = errRet
+	}
+	return
+}

utils/crypto/encode.go

@@ -0,0 +1,93 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha1"
+	"io"
+
+	"golang.org/x/crypto/pbkdf2"
+)
+
+const (
+	salt = "frp"
+)
+
+// NewWriter returns a new Writer that encrypts bytes to w.
+func NewWriter(w io.Writer, key []byte) (*Writer, error) {
+	key = pbkdf2.Key(key, []byte(salt), 64, aes.BlockSize, sha1.New)
+
+	// random iv
+	iv := make([]byte, aes.BlockSize)
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Writer{
+		w: w,
+		enc: &cipher.StreamWriter{
+			S: cipher.NewCFBEncrypter(block, iv),
+			W: w,
+		},
+		key: key,
+		iv:  iv,
+	}, nil
+}
+
+// Writer is an io.Writer that can write encrypted bytes.
+// Now it only support aes-128-cfb.
+type Writer struct {
+	w      io.Writer
+	enc    *cipher.StreamWriter
+	key    []byte
+	iv     []byte
+	ivSend bool
+	err    error
+}
+
+// Write satisfies the io.Writer interface.
+func (w *Writer) Write(p []byte) (nRet int, errRet error) {
+	return w.write(p)
+}
+
+func (w *Writer) write(p []byte) (nRet int, errRet error) {
+	if w.err != nil {
+		return 0, w.err
+	}
+
+	// When write is first called, iv will be written to w.w
+	if !w.ivSend {
+		w.ivSend = true
+		_, errRet = w.w.Write(w.iv)
+		if errRet != nil {
+			w.err = errRet
+			return
+		}
+	}
+
+	nRet, errRet = w.enc.Write(p)
+	if errRet != nil {
+		w.err = errRet
+	}
+	return
+}