3760981038

Committed 22 Dec 2022 08:35PM UTC coverage: 79.498%. First build

Build Type

push

github

Committed by Bartek

Commit Message

Basic test for the static_datastore binary

Run Details

919 of 1156 relevant lines covered (79.5%)

0.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.01

/internal/utilities/securefifo/secure_fifo.go

package securefifo

import (
        "crypto/cipher"
        "crypto/rand"
        "io"
        "os"

        "golang.org/x/crypto/chacha20"
)

type closingStreamReader struct {
        cipher.StreamReader
}

func (r *closingStreamReader) Close() error {
        if c, ok := r.R.(io.Closer); ok {
                return c.Close()
        }
        return nil
}

type SecureFifoReader interface {
        io.ReadCloser

        // Reset closes current reader and opens a new one that starts at the beginning of the data
        Reset() (SecureFifoReader, error)
}

type SecureFifoWriter interface {
        io.WriteCloser

        // Done closes current writer and opens SecureFifoReader stream for reading
        Done() (SecureFifoReader, error)
}

type secureFifo struct {
        fl *os.File

        key   []byte
        nonce []byte
}

func (f *secureFifo) Close() error {
        return f.fl.Close()
}

func (f *secureFifo) getStream() cipher.Stream {
        stream, _ := chacha20.NewUnauthenticatedCipher(f.key, f.nonce)
        return stream
}

func (f *secureFifo) openReader() (*secureFifoReader, error) {
        _, err := f.fl.Seek(0, os.SEEK_SET)
        if err != nil {
                return nil, err
        }

        return &secureFifoReader{
                sf: f,
                r:  cipher.StreamReader{S: f.getStream(), R: f.fl},
        }, nil
}

type secureFifoWriter struct {
        sf *secureFifo
        w  io.Writer
}

func (w *secureFifoWriter) Write(b []byte) (int, error) {
        return w.w.Write(b)
}

func (w *secureFifoWriter) Close() error {
        if w.sf == nil {
                return nil
        }
        defer func() { w.sf = nil; w.w = nil }()
        return w.sf.Close()
}

func (w *secureFifoWriter) Done() (SecureFifoReader, error) {
        ret, err := w.sf.openReader()
        if err != nil {
                return nil, err
        }

        w.sf = nil
        w.w = nil

        return ret, nil
}

type secureFifoReader struct {
        sf *secureFifo
        r  io.Reader
}

func (r *secureFifoReader) Read(b []byte) (int, error) {
        return r.r.Read(b)
}

func (r *secureFifoReader) Close() error {
        if r.sf == nil {
                return nil
        }
        defer func() { r.sf = nil; r.r = nil }()
        return r.sf.Close()
}

func (r *secureFifoReader) Reset() (SecureFifoReader, error) {
        ret, err := r.sf.openReader()
        if err != nil {
                return nil, err
        }

        r.sf = nil
        r.r = nil

        return ret, nil
}

// New creates new secure fifo pipe. That pipe may handle large amounts of data by using a temporary storage
// but ensures that even if the data can be accessed from disk, it can not be decrypted.
func New() (wr SecureFifoWriter, err error) {

        var randData [chacha20.KeySize + chacha20.NonceSize]byte
        _, err = rand.Read(randData[:])
        if err != nil {
                return nil, err
        }

        tempFile, err := os.CreateTemp("", "secure-fifo")
        if err != nil {
                return nil, err
        }
        defer func() {
                if err != nil {
                        tempFile.Close()
                        os.Remove(tempFile.Name())
                }
        }()

        // Supported on Linux (to check on Mac OSX) - unlinking already opened file
        // will still allow reading / writing that file by using already opened handles
        err = os.Remove(tempFile.Name())
        if err != nil {
                return nil, err
        }

        sf := &secureFifo{
                key:   randData[:chacha20.KeySize],
                nonce: randData[chacha20.KeySize:],
                fl:    tempFile,
        }

        return &secureFifoWriter{
                sf: sf,
                w:  cipher.StreamWriter{S: sf.getStream(), W: tempFile},
        }, nil
}

1	package securefifo
2
3	import (
4	"crypto/cipher"
5	"crypto/rand"
6	"io"
7	"os"
8
9	"golang.org/x/crypto/chacha20"
10	)
11
12	type closingStreamReader struct {
13	cipher.StreamReader
14	}
15
16	func (r *closingStreamReader) Close() error {	×
17	if c, ok := r.R.(io.Closer); ok {	×
18	return c.Close()	×
19	}	×
20	return nil	×
21	}
22
23	type SecureFifoReader interface {
24	io.ReadCloser
25
26	// Reset closes current reader and opens a new one that starts at the beginning of the data
27	Reset() (SecureFifoReader, error)
28	}
29
30	type SecureFifoWriter interface {
31	io.WriteCloser
32
33	// Done closes current writer and opens SecureFifoReader stream for reading
34	Done() (SecureFifoReader, error)
35	}
36
37	type secureFifo struct {
38	fl *os.File
39
40	key []byte
41	nonce []byte
42	}
43
44	func (f *secureFifo) Close() error {	1✔
45	return f.fl.Close()	1✔
46	}	1✔
47
48	func (f *secureFifo) getStream() cipher.Stream {	1✔
49	stream, _ := chacha20.NewUnauthenticatedCipher(f.key, f.nonce)	1✔
50	return stream	1✔
51	}	1✔
52
53	func (f secureFifo) openReader() (secureFifoReader, error) {	1✔
54	_, err := f.fl.Seek(0, os.SEEK_SET)	1✔
55	if err != nil {	1✔
56	return nil, err	×
57	}	×
58
59	return &secureFifoReader{	1✔
60	sf: f,	1✔
61	r: cipher.StreamReader{S: f.getStream(), R: f.fl},	1✔
62	}, nil	1✔
63	}
64
65	type secureFifoWriter struct {
66	sf *secureFifo
67	w io.Writer
68	}
69
70	func (w *secureFifoWriter) Write(b []byte) (int, error) {	1✔
71	return w.w.Write(b)	1✔
72	}	1✔
73
74	func (w *secureFifoWriter) Close() error {	1✔
75	if w.sf == nil {	2✔
76	return nil	1✔
77	}	1✔
78	defer func() { w.sf = nil; w.w = nil }()	2✔
79	return w.sf.Close()	1✔
80	}
81
82	func (w *secureFifoWriter) Done() (SecureFifoReader, error) {	1✔
83	ret, err := w.sf.openReader()	1✔
84	if err != nil {	1✔
85	return nil, err	×
86	}	×
87
88	w.sf = nil	1✔
89	w.w = nil	1✔
90		1✔
91	return ret, nil	1✔
92	}
93
94	type secureFifoReader struct {
95	sf *secureFifo
96	r io.Reader
97	}
98
99	func (r *secureFifoReader) Read(b []byte) (int, error) {	1✔
100	return r.r.Read(b)	1✔
101	}	1✔
102
103	func (r *secureFifoReader) Close() error {	1✔
104	if r.sf == nil {	2✔
105	return nil	1✔
106	}	1✔
107	defer func() { r.sf = nil; r.r = nil }()	2✔
108	return r.sf.Close()	1✔
109	}
110
111	func (r *secureFifoReader) Reset() (SecureFifoReader, error) {	1✔
112	ret, err := r.sf.openReader()	1✔
113	if err != nil {	1✔
114	return nil, err	×
115	}	×
116
117	r.sf = nil	1✔
118	r.r = nil	1✔
119		1✔
120	return ret, nil	1✔
121	}
122
123	// New creates new secure fifo pipe. That pipe may handle large amounts of data by using a temporary storage
124	// but ensures that even if the data can be accessed from disk, it can not be decrypted.
125	func New() (wr SecureFifoWriter, err error) {	1✔
126		1✔
127	var randData [chacha20.KeySize + chacha20.NonceSize]byte	1✔
128	_, err = rand.Read(randData[:])	1✔
129	if err != nil {	1✔
130	return nil, err	×
131	}	×
132
133	tempFile, err := os.CreateTemp("", "secure-fifo")	1✔
134	if err != nil {	1✔
135	return nil, err	×
136	}	×
137	defer func() {	2✔
138	if err != nil {	1✔
139	tempFile.Close()	×
140	os.Remove(tempFile.Name())	×
141	}	×
142	}()
143
144	// Supported on Linux (to check on Mac OSX) - unlinking already opened file
145	// will still allow reading / writing that file by using already opened handles
146	err = os.Remove(tempFile.Name())	1✔
147	if err != nil {	1✔
148	return nil, err	×
149	}	×
150
151	sf := &secureFifo{	1✔
152	key: randData[:chacha20.KeySize],	1✔
153	nonce: randData[chacha20.KeySize:],	1✔
154	fl: tempFile,	1✔
155	}	1✔
156		1✔
157	return &secureFifoWriter{	1✔
158	sf: sf,	1✔
159	w: cipher.StreamWriter{S: sf.getStream(), W: tempFile},	1✔
160	}, nil	1✔
161	}

cinode / go / 3760981038

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous