Skip to content

Commit

Permalink
pkg/object: support chacha20 cipher
Browse files Browse the repository at this point in the history
  • Loading branch information
@qingyunha
qingyunha committed Jul 3, 2022
1 parent e3bd513 commit ab50cd8
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 19 deletions.
14 changes: 9 additions & 5 deletions cmd/format.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,10 @@ Details: https://juicefs.com/docs/community/quick_start_guide`,
Name: "encrypt-rsa-key",
Usage: "a path to RSA private key (PEM)",
},
&cli.BoolFlag{
Name: "chacha20",
Usage: "encrypt use chacha20 instead of aes",
&cli.StringFlag{
Name: "encrypt-algo",
Usage: "encrypt algorithm (aes256gcm-rsa, chacha20-rsa)",
Value: object.AES256GCM_RSA,
},
&cli.IntFlag{
Name: "trash-days",
Expand Down Expand Up @@ -241,7 +242,10 @@ func createStorage(format meta.Format) (object.ObjectStorage, error) {
if err != nil {
return nil, fmt.Errorf("incorrect passphrase: %s", err)
}
encryptor := object.NewDataEncryptor(object.NewRSAEncryptor(privKey), format.ChaCha20)
encryptor, err := object.NewDataEncryptor(object.NewRSAEncryptor(privKey), format.EncryptAglo)
if err != nil {
return nil, err
}
blob = object.NewEncrypted(blob, encryptor)
}
return blob, nil
Expand Down Expand Up @@ -396,7 +400,7 @@ func format(c *cli.Context) error {
SecretKey: c.String("secret-key"),
SessionToken: c.String("session-token"),
EncryptKey: loadEncrypt(c.String("encrypt-rsa-key")),
ChaCha20: c.Bool("chacha20"),
EncryptAglo: c.String("encrypt-aglo"),
Shards: c.Int("shards"),
HashPrefix: c.Bool("hash-prefix"),
Capacity: c.Uint64("capacity") << 30,
Expand Down
2 changes: 1 addition & 1 deletion pkg/meta/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ type Format struct {
Capacity uint64 `json:",omitempty"`
Inodes uint64 `json:",omitempty"`
EncryptKey string `json:",omitempty"`
EncryptAglo string `json:",omitempty"`
KeyEncrypted bool `json:",omitempty"`
ChaCha20 bool `json:",omitempty"`
TrashDays int `json:",omitempty"`
MetaVersion int `json:",omitempty"`
MinClientVersion string `json:",omitempty"`
Expand Down
28 changes: 18 additions & 10 deletions pkg/object/encrypt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,18 +122,26 @@ type dataEncryptor struct {
aead func(key []byte) (cipher.AEAD, error)
}

func NewDataEncryptor(keyEncryptor Encryptor, chacha20 bool) Encryptor {
if chacha20 {
return &dataEncryptor{keyEncryptor, chacha20poly1305.KeySize, chacha20poly1305.New}
}
aead := func(key []byte) (cipher.AEAD, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
const (
AES256GCM_RSA = "aes256gcm-rsa"
CHACHA20_RSA = "chacha20-rsa"
)

func NewDataEncryptor(keyEncryptor Encryptor, algo string) (Encryptor, error) {
switch algo {
case "", AES256GCM_RSA:
aead := func(key []byte) (cipher.AEAD, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
return cipher.NewGCM(block)
}
return cipher.NewGCM(block)
return &dataEncryptor{keyEncryptor, 32, aead}, nil
case CHACHA20_RSA:
return &dataEncryptor{keyEncryptor, chacha20poly1305.KeySize, chacha20poly1305.New}, nil
}
return &dataEncryptor{keyEncryptor, 32, aead} // AES-256-GCM
return nil, fmt.Errorf("unsupport cipher: %s", algo)
}

func (e *dataEncryptor) Encrypt(plaintext []byte) ([]byte, error) {
Expand Down
4 changes: 2 additions & 2 deletions pkg/object/encrypt_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ func BenchmarkRSA4096Decrypt(b *testing.B) {

func TestAESGCM(t *testing.T) {
kc := NewRSAEncryptor(testkey)
dc := NewDataEncryptor(kc, false)
dc := NewDataEncryptor(kc, AES256GCM_RSA)
data := []byte("hello")
ciphertext, _ := dc.Encrypt(data)
plaintext, _ := dc.Decrypt(ciphertext)
Expand All @@ -139,7 +139,7 @@ func TestAESGCM(t *testing.T) {
func TestEncryptedStore(t *testing.T) {
s, _ := CreateStorage("mem", "", "", "", "")
kc := NewRSAEncryptor(testkey)
dc := NewDataEncryptor(kc, false)
dc := NewDataEncryptor(kc, AES256GCM_RSA)
es := NewEncrypted(s, dc)
_ = es.Put("a", bytes.NewReader([]byte("hello")))
r, err := es.Get("a", 1, 2)
Expand Down
2 changes: 1 addition & 1 deletion pkg/object/object_storage_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -527,7 +527,7 @@ func TestEncrypted(t *testing.T) {
s, _ := CreateStorage("mem", "", "", "", "")
privkey, _ := rsa.GenerateKey(rand.Reader, 2048)
kc := NewRSAEncryptor(privkey)
dc := NewDataEncryptor(kc, false)
dc := NewDataEncryptor(kc, AES256GCM_RSA)
es := NewEncrypted(s, dc)
testStorage(t, es)
}
Expand Down

0 comments on commit ab50cd8

Please sign in to comment.