From 5a16a66973451163912a8b9e0fbc62319e217597 Mon Sep 17 00:00:00 2001
From: Alexander Neumann <alexander@bumpern.de>
Date: Tue, 17 Feb 2015 21:09:54 +0100
Subject: [PATCH] Add 'plaintext' parameter to key.Decrypt()

    % benchcmp /tmp/{before,after}
    benchmark                         old ns/op     new ns/op     delta
    BenchmarkChunkEncrypt             261144414     260252046     -0.34%
    BenchmarkChunkEncryptParallel     261201438     261267029     +0.03%
    BenchmarkArchiveDirectory         0.00          0.00          +0.00%
    BenchmarkEncryptWriter            88297245      87526529      -0.87%
    BenchmarkEncrypt                  87406446      87917897      +0.59%
    BenchmarkDecryptReader            89948630      90042541      +0.10%
    BenchmarkEncryptDecryptReader     178374144     179477306     +0.62%
    BenchmarkDecrypt                  88289705      87937073      -0.40%
    BenchmarkSaveJSON                 213917        213571        -0.16%
    BenchmarkSaveFrom                 74881361      75111148      +0.31%

    benchmark                         old MB/s     new MB/s     speedup
    BenchmarkChunkEncrypt             40.15        40.29        1.00x
    BenchmarkChunkEncryptParallel     40.14        40.13        1.00x
    BenchmarkEncryptWriter            95.00        95.84        1.01x
    BenchmarkEncrypt                  95.97        95.41        0.99x
    BenchmarkDecryptReader            93.26        93.16        1.00x
    BenchmarkEncryptDecryptReader     47.03        46.74        0.99x
    BenchmarkDecrypt                  95.01        95.39        1.00x
    BenchmarkSaveFrom                 56.01        55.84        1.00x

    benchmark                         old allocs     new allocs     delta
    BenchmarkChunkEncrypt             113            112            -0.88%
    BenchmarkChunkEncryptParallel     104            103            -0.96%
    BenchmarkArchiveDirectory         0              0              +0.00%
    BenchmarkEncryptWriter            20             20             +0.00%
    BenchmarkEncrypt                  14             14             +0.00%
    BenchmarkDecryptReader            18             18             +0.00%
    BenchmarkEncryptDecryptReader     40             45             +12.50%
    BenchmarkDecrypt                  17             16             -5.88%
    BenchmarkSaveJSON                 125            125            +0.00%
    BenchmarkSaveFrom                 116            119            +2.59%

    benchmark                         old bytes     new bytes     delta
    BenchmarkChunkEncrypt             8515750       118956        -98.60%
    BenchmarkChunkEncryptParallel     8515766       118972        -98.60%
    BenchmarkArchiveDirectory         0             0             +0.00%
    BenchmarkEncryptWriter            28927         28927         +0.00%
    BenchmarkEncrypt                  422313        2473          -99.41%
    BenchmarkDecryptReader            527827        527827        +0.00%
    BenchmarkEncryptDecryptReader     4100824       4100870       +0.00%
    BenchmarkDecrypt                  8391127       2509          -99.97%
    BenchmarkSaveJSON                 9208          9208          +0.00%
    BenchmarkSaveFrom                 39694         40541         +2.13%
---
 key.go          | 24 ++++++++++++++----------
 key_int_test.go |  6 +++---
 key_test.go     | 20 +++++++++++++-------
 server.go       |  4 ++--
 4 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/key.go b/key.go
index a7f4d7c4e..436206171 100644
--- a/key.go
+++ b/key.go
@@ -109,7 +109,7 @@ func OpenKey(s Server, id backend.ID, password string) (*Key, error) {
 	}
 
 	// decrypt master keys
-	buf, err := k.DecryptUser(k.Data)
+	buf, err := k.DecryptUser([]byte{}, k.Data)
 	if err != nil {
 		return nil, err
 	}
@@ -447,10 +447,15 @@ func (k *Key) EncryptUserTo(wr io.Writer) io.WriteCloser {
 
 // Decrypt verifes and decrypts the ciphertext. Ciphertext must be in the form
 // IV || Ciphertext || HMAC.
-func (k *Key) decrypt(ks *keys, ciphertext []byte) ([]byte, error) {
+func (k *Key) decrypt(ks *keys, plaintext, ciphertext []byte) ([]byte, error) {
 	// check for plausible length
 	if len(ciphertext) < ivSize+hmacSize {
-		panic("trying to decryipt invalid data: ciphertext too small")
+		panic("trying to decrypt invalid data: ciphertext too small")
+	}
+
+	if cap(plaintext) < len(ciphertext) {
+		// extend plaintext
+		plaintext = append(plaintext, make([]byte, len(ciphertext)-cap(plaintext))...)
 	}
 
 	hm := hmac.New(sha256.New, ks.Sign)
@@ -483,22 +488,22 @@ func (k *Key) decrypt(ks *keys, ciphertext []byte) ([]byte, error) {
 
 	// decrypt
 	e := cipher.NewCTR(c, iv)
-	plaintext := make([]byte, len(ciphertext))
 	e.XORKeyStream(plaintext, ciphertext)
+	plaintext = plaintext[:len(ciphertext)]
 
 	return plaintext, nil
 }
 
 // Decrypt verifes and decrypts the ciphertext with the master key. Ciphertext
 // must be in the form IV || Ciphertext || HMAC.
-func (k *Key) Decrypt(ciphertext []byte) ([]byte, error) {
-	return k.decrypt(k.master, ciphertext)
+func (k *Key) Decrypt(plaintext, ciphertext []byte) ([]byte, error) {
+	return k.decrypt(k.master, plaintext, ciphertext)
 }
 
 // DecryptUser verifes and decrypts the ciphertext with the user key. Ciphertext
 // must be in the form IV || Ciphertext || HMAC.
-func (k *Key) DecryptUser(ciphertext []byte) ([]byte, error) {
-	return k.decrypt(k.user, ciphertext)
+func (k *Key) DecryptUser(plaintext, ciphertext []byte) ([]byte, error) {
+	return k.decrypt(k.user, plaintext, ciphertext)
 }
 
 type decryptReader struct {
@@ -518,8 +523,7 @@ func (d *decryptReader) Read(dst []byte) (int, error) {
 	remaining := len(d.buf) - d.pos
 	if len(dst) >= remaining {
 		n := copy(dst, d.buf[d.pos:])
-		FreeChunkBuf("decryptReader", d.buf)
-		d.buf = nil
+		d.Close()
 		return n, io.EOF
 	}
 
diff --git a/key_int_test.go b/key_int_test.go
index db62a86a3..a1fb8fd5e 100644
--- a/key_int_test.go
+++ b/key_int_test.go
@@ -56,7 +56,7 @@ func TestCrypto(t *testing.T) {
 		msg = msg[:n]
 
 		// decrypt message
-		_, err = r.decrypt(r.master, msg)
+		_, err = r.decrypt(r.master, []byte{}, msg)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -64,12 +64,12 @@ func TestCrypto(t *testing.T) {
 		// change hmac, this must fail
 		msg[len(msg)-8] ^= 0x23
 
-		if _, err = r.decrypt(r.master, msg); err != ErrUnauthenticated {
+		if _, err = r.decrypt(r.master, []byte{}, msg); err != ErrUnauthenticated {
 			t.Fatal("wrong HMAC value not detected")
 		}
 
 		// test decryption
-		p, err := r.decrypt(r.master, tv.ciphertext)
+		p, err := r.decrypt(r.master, []byte{}, tv.ciphertext)
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/key_test.go b/key_test.go
index 182aa2fe4..920cb2dd0 100644
--- a/key_test.go
+++ b/key_test.go
@@ -69,7 +69,7 @@ func TestEncryptDecrypt(t *testing.T) {
 		n, err := k.Encrypt(ciphertext, data)
 		ok(t, err)
 
-		plaintext, err := k.Decrypt(ciphertext[:n])
+		plaintext, err := k.Decrypt(nil, ciphertext[:n])
 		ok(t, err)
 
 		restic.FreeChunkBuf("TestEncryptDecrypt", ciphertext)
@@ -119,7 +119,7 @@ func TestLargeEncrypt(t *testing.T) {
 		n, err := k.Encrypt(ciphertext, data)
 		ok(t, err)
 
-		plaintext, err := k.Decrypt(ciphertext[:n])
+		plaintext, err := k.Decrypt([]byte{}, ciphertext[:n])
 		ok(t, err)
 
 		equals(t, plaintext, data)
@@ -153,10 +153,11 @@ func BenchmarkEncrypt(b *testing.B) {
 	defer teardownBackend(b, be)
 	k := setupKey(b, be, testPassword)
 
+	buf := make([]byte, len(data)+restic.CiphertextExtension)
+
 	b.ResetTimer()
 	b.SetBytes(int64(size))
 
-	buf := make([]byte, len(data)+restic.CiphertextExtension)
 	for i := 0; i < b.N; i++ {
 		_, err := k.Encrypt(buf, data)
 		ok(b, err)
@@ -216,6 +217,8 @@ func BenchmarkEncryptDecryptReader(b *testing.B) {
 		_, err = io.Copy(ioutil.Discard, r)
 		ok(b, err)
 	}
+
+	restic.PoolAlloc()
 }
 
 func BenchmarkDecrypt(b *testing.B) {
@@ -227,6 +230,10 @@ func BenchmarkDecrypt(b *testing.B) {
 	k := setupKey(b, s, testPassword)
 
 	ciphertext := restic.GetChunkBuf("BenchmarkDecrypt")
+	defer restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
+	plaintext := restic.GetChunkBuf("BenchmarkDecrypt")
+	defer restic.FreeChunkBuf("BenchmarkDecrypt", plaintext)
+
 	n, err := k.Encrypt(ciphertext, data)
 	ok(b, err)
 
@@ -234,10 +241,9 @@ func BenchmarkDecrypt(b *testing.B) {
 	b.SetBytes(int64(size))
 
 	for i := 0; i < b.N; i++ {
-		_, err := k.Decrypt(ciphertext[:n])
+		plaintext, err = k.Decrypt(plaintext, ciphertext[:n])
 		ok(b, err)
 	}
-	restic.FreeChunkBuf("BenchmarkDecrypt", ciphertext)
 }
 
 func TestEncryptStreamWriter(t *testing.T) {
@@ -268,7 +274,7 @@ func TestEncryptStreamWriter(t *testing.T) {
 			l, len(ciphertext.Bytes()))
 
 		// decrypt with default function
-		plaintext, err := k.Decrypt(ciphertext.Bytes())
+		plaintext, err := k.Decrypt([]byte{}, ciphertext.Bytes())
 		ok(t, err)
 		assert(t, bytes.Equal(data, plaintext),
 			"wrong plaintext after decryption: expected %02x, got %02x",
@@ -342,7 +348,7 @@ func TestEncryptWriter(t *testing.T) {
 			l, len(ciphertext))
 
 		// decrypt with default function
-		plaintext, err := k.Decrypt(ciphertext)
+		plaintext, err := k.Decrypt([]byte{}, ciphertext)
 		ok(t, err)
 		assert(t, bytes.Equal(data, plaintext),
 			"wrong plaintext after decryption: expected %02x, got %02x",
diff --git a/server.go b/server.go
index 2dc6b1435..ce6b3c287 100644
--- a/server.go
+++ b/server.go
@@ -333,7 +333,7 @@ func (s Server) Decrypt(ciphertext []byte) ([]byte, error) {
 		return nil, errors.New("key for server not set")
 	}
 
-	return s.key.Decrypt(ciphertext)
+	return s.key.Decrypt([]byte{}, ciphertext)
 }
 
 func (s Server) Encrypt(ciphertext, plaintext []byte) (int, error) {
@@ -361,7 +361,7 @@ func (s Server) EachDecrypted(t backend.Type, f func(backend.ID, []byte, error))
 			return
 		}
 
-		buf, err := s.key.Decrypt(data)
+		buf, err := s.key.Decrypt([]byte{}, data)
 		if err != nil {
 			f(id, nil, err)
 			return