isula-build/patch/0098-utils-remove-unused-PBKDF2-and-AES-related.patch

From eaaca9cb5962a28e6f546e8c0ce1049f5db5d46b Mon Sep 17 00:00:00 2001
From: jingxiaolu <lujingxiao@huawei.com>
Date: Wed, 15 Dec 2021 16:42:12 +0800
Subject: [PATCH 4/4] utils: remove unused PBKDF2 and AES related

Fixes: #I4MO1B

Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
---
 util/cipher.go      | 103 --------------------------------------------
 util/cipher_test.go |  75 --------------------------------
 2 files changed, 178 deletions(-)

diff --git a/util/cipher.go b/util/cipher.go
index 67cb52bb..fa0559ae 100644
--- a/util/cipher.go
+++ b/util/cipher.go
@@ -16,8 +16,6 @@ package util
 import (
 	"bufio"
 	"crypto"
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
@@ -32,117 +30,16 @@ import (
 	"path/filepath"
 
 	"github.com/pkg/errors"
-	"golang.org/x/crypto/pbkdf2"
-
 	constant "isula.org/isula-build"
 )
 
 const (
-	// CryptoKeyLen is secure key length for aes encryption and decryption(AES-256)
-	CryptoKeyLen = 32
-	// iteration is iteration count to hash
-	iteration           = 409600
-	aesKeyLenUpperBound = 32
-	aesKeyLenLowerBound = 16
 	// DefaultRSAKeySize is secure key length for RSA
 	DefaultRSAKeySize = 2048
 	// DefaultRSAKeyPath is the default directory to store rsa public key
 	DefaultRSAKeyPath = "/etc/isula-build/isula-build.pub"
 )
 
-var (
-	errGenCryptoKey = errors.New("generate crypto key failed")
-)
-
-// GenerateCryptoKey generates a random key with length s
-// if used with AES, the input length can only be 16, 24, 32,
-// which stands for AES-128, AES-192, or AES-256.
-func GenerateCryptoKey(s int) ([]byte, error) {
-	var size int
-	if s >= aesKeyLenLowerBound && s <= aesKeyLenUpperBound {
-		size = s
-	} else {
-		size = aesKeyLenLowerBound
-	}
-	key := make([]byte, size)
-	if _, err := io.ReadFull(rand.Reader, key); err != nil {
-		return nil, errGenCryptoKey
-	}
-
-	return key, nil
-}
-
-// PBKDF2 is key derivation function to generate one way hash data
-// if used with AES, the keyLen can only be 16, 24, 32
-// which stands for AES-128, AES-192 or AES-256
-// iteration is pre-set to 409600 and salt is generated by random key generator
-func PBKDF2(password []byte, keyLen int, h func() hash.Hash) (string, error) {
-	if len(password) == 0 {
-		return "", errors.New("encrypt empty string failed")
-	}
-	salt, err := GenerateCryptoKey(CryptoKeyLen)
-	if err != nil {
-		return "", err
-	}
-
-	df := pbkdf2.Key(password, salt, iteration, keyLen, h)
-
-	return hex.EncodeToString(df), nil
-}
-
-// EncryptAES encrypts plain text with AES encrypt algorithm(CFB)
-func EncryptAES(data string, aeskey string) (string, error) {
-	plainText := []byte(data)
-	key, err := hex.DecodeString(aeskey)
-	if err != nil {
-		return "", err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return "", err
-	}
-
-	iv, err := GenerateCryptoKey(block.BlockSize())
-	if err != nil {
-		return "", errors.Errorf("generate rand data for iv failed: %v", err)
-	}
-	mode := cipher.NewCFBEncrypter(block, iv)
-	encryptData := make([]byte, len(plainText))
-	mode.XORKeyStream(encryptData, plainText)
-	encryptData = append(iv, encryptData...)
-
-	return hex.EncodeToString(encryptData), nil
-}
-
-// DecryptAES decrypts text with AES decrypt algorithm(CFB)
-func DecryptAES(data string, aeskey string) (string, error) {
-	key, err := hex.DecodeString(aeskey)
-	if err != nil {
-		return "", err
-	}
-
-	cipherText, err := hex.DecodeString(data)
-	if err != nil {
-		return "", err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return "", err
-	}
-
-	if len(cipherText) <= block.BlockSize() {
-		return "", errors.Errorf("invalid cipher text length %v, it must larger than %v", len(cipherText), block.BlockSize())
-	}
-
-	decrypter := cipher.NewCFBDecrypter(block, cipherText[:block.BlockSize()])
-	decryptData := make([]byte, len(cipherText)-block.BlockSize())
-	decrypter.XORKeyStream(decryptData, cipherText[block.BlockSize():])
-
-	return string(decryptData), nil
-}
-
 // GenerateRSAKey generates a RAS key pair with key size s
 // the recommend key size is 4096 and which will be use when
 // key size is less than it
diff --git a/util/cipher_test.go b/util/cipher_test.go
index 4bbe894b..834c297c 100644
--- a/util/cipher_test.go
+++ b/util/cipher_test.go
@@ -40,81 +40,6 @@ const (
 	maxRepeatTime = 1000000
 )
 
-func TestAES(t *testing.T) {
-	var testcases = []struct {
-		name    string
-		length  int
-		wantErr bool
-		text    string
-		hash    func() hash.Hash
-	}{
-		{
-			name:    "TC1 - normal case with key length 16",
-			length:  16,
-			text:    "abcdefghijklmnopqrstuvwxyz",
-			hash:    sha256.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC2 - normal case with key length 24",
-			length:  24,
-			text:    "1234567890",
-			hash:    sha256.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC3 - normal case with key length 32",
-			length:  32,
-			text:    "!@#$%^&*()_+:><?",
-			hash:    sha256.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC4 - normal case with sha1",
-			length:  32,
-			text:    "1234567890",
-			hash:    sha1.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC5 - normal case with sha256",
-			length:  32,
-			text:    "abcdefghijklmnopqrstuvwxyz",
-			hash:    sha512.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC6 - abnormal case with invalid key length 0",
-			length:  0,
-			text:    "!@#$%^&*()_+:><?",
-			hash:    sha256.New,
-			wantErr: true,
-		},
-		{
-			name:    "TC7 - abnormal case with invalid ken length 63",
-			length:  63,
-			text:    "This is test 7",
-			hash:    sha256.New,
-			wantErr: true,
-		},
-	}
-	for _, tt := range testcases {
-		t.Run(tt.name, func(t *testing.T) {
-			oriKey, err := GenerateCryptoKey(tt.length)
-			key, err := PBKDF2(oriKey, tt.length, tt.hash)
-			encryptData, err := EncryptAES(tt.text, key)
-			decryptData, err := DecryptAES(encryptData, key)
-			if err == nil {
-				assert.Equal(t, tt.text, decryptData)
-				assert.Assert(t, string(oriKey) != key)
-			}
-			if (err != nil) != tt.wantErr {
-				t.Errorf("%s error = %v, wantErr %v", tt.name, err, tt.wantErr)
-			}
-		})
-	}
-}
-
 func TestRSA(t *testing.T) {
 	type args struct {
 		data string
-- 
2.27.0
isula-build: sync upstream patches Signed-off-by: DCCooper <1866858@gmail.com> 2021-12-23 20:45:38 +08:00			`From eaaca9cb5962a28e6f546e8c0ce1049f5db5d46b Mon Sep 17 00:00:00 2001`
			`From: jingxiaolu <lujingxiao@huawei.com>`
			`Date: Wed, 15 Dec 2021 16:42:12 +0800`
			`Subject: [PATCH 4/4] utils: remove unused PBKDF2 and AES related`

			`Fixes: #I4MO1B`

			`Signed-off-by: jingxiaolu <lujingxiao@huawei.com>`
			`---`
			`util/cipher.go \| 103 --------------------------------------------`
			`util/cipher_test.go \| 75 --------------------------------`
			`2 files changed, 178 deletions(-)`

			`diff --git a/util/cipher.go b/util/cipher.go`
			`index 67cb52bb..fa0559ae 100644`
			`--- a/util/cipher.go`
			`+++ b/util/cipher.go`
			`@@ -16,8 +16,6 @@ package util`
			`import (`
			`"bufio"`
			`"crypto"`
			`- "crypto/aes"`
			`- "crypto/cipher"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/sha256"`
			`@@ -32,117 +30,16 @@ import (`
			`"path/filepath"`

			`"github.com/pkg/errors"`
			`- "golang.org/x/crypto/pbkdf2"`
			`-`
			`constant "isula.org/isula-build"`
			`)`

			`const (`
			`- // CryptoKeyLen is secure key length for aes encryption and decryption(AES-256)`
			`- CryptoKeyLen = 32`
			`- // iteration is iteration count to hash`
			`- iteration = 409600`
			`- aesKeyLenUpperBound = 32`
			`- aesKeyLenLowerBound = 16`
			`// DefaultRSAKeySize is secure key length for RSA`
			`DefaultRSAKeySize = 2048`
			`// DefaultRSAKeyPath is the default directory to store rsa public key`
			`DefaultRSAKeyPath = "/etc/isula-build/isula-build.pub"`
			`)`

			`-var (`
			`- errGenCryptoKey = errors.New("generate crypto key failed")`
			`-)`
			`-`
			`-// GenerateCryptoKey generates a random key with length s`
			`-// if used with AES, the input length can only be 16, 24, 32,`
			`-// which stands for AES-128, AES-192, or AES-256.`
			`-func GenerateCryptoKey(s int) ([]byte, error) {`
			`- var size int`
			`- if s >= aesKeyLenLowerBound && s <= aesKeyLenUpperBound {`
			`- size = s`
			`- } else {`
			`- size = aesKeyLenLowerBound`
			`- }`
			`- key := make([]byte, size)`
			`- if _, err := io.ReadFull(rand.Reader, key); err != nil {`
			`- return nil, errGenCryptoKey`
			`- }`
			`-`
			`- return key, nil`
			`-}`
			`-`
			`-// PBKDF2 is key derivation function to generate one way hash data`
			`-// if used with AES, the keyLen can only be 16, 24, 32`
			`-// which stands for AES-128, AES-192 or AES-256`
			`-// iteration is pre-set to 409600 and salt is generated by random key generator`
			`-func PBKDF2(password []byte, keyLen int, h func() hash.Hash) (string, error) {`
			`- if len(password) == 0 {`
			`- return "", errors.New("encrypt empty string failed")`
			`- }`
			`- salt, err := GenerateCryptoKey(CryptoKeyLen)`
			`- if err != nil {`
			`- return "", err`
			`- }`
			`-`
			`- df := pbkdf2.Key(password, salt, iteration, keyLen, h)`
			`-`
			`- return hex.EncodeToString(df), nil`
			`-}`
			`-`
			`-// EncryptAES encrypts plain text with AES encrypt algorithm(CFB)`
			`-func EncryptAES(data string, aeskey string) (string, error) {`
			`- plainText := []byte(data)`
			`- key, err := hex.DecodeString(aeskey)`
			`- if err != nil {`
			`- return "", err`
			`- }`
			`-`
			`- block, err := aes.NewCipher(key)`
			`- if err != nil {`
			`- return "", err`
			`- }`
			`-`
			`- iv, err := GenerateCryptoKey(block.BlockSize())`
			`- if err != nil {`
			`- return "", errors.Errorf("generate rand data for iv failed: %v", err)`
			`- }`
			`- mode := cipher.NewCFBEncrypter(block, iv)`
			`- encryptData := make([]byte, len(plainText))`
			`- mode.XORKeyStream(encryptData, plainText)`
			`- encryptData = append(iv, encryptData...)`
			`-`
			`- return hex.EncodeToString(encryptData), nil`
			`-}`
			`-`
			`-// DecryptAES decrypts text with AES decrypt algorithm(CFB)`
			`-func DecryptAES(data string, aeskey string) (string, error) {`
			`- key, err := hex.DecodeString(aeskey)`
			`- if err != nil {`
			`- return "", err`
			`- }`
			`-`
			`- cipherText, err := hex.DecodeString(data)`
			`- if err != nil {`
			`- return "", err`
			`- }`
			`-`
			`- block, err := aes.NewCipher(key)`
			`- if err != nil {`
			`- return "", err`
			`- }`
			`-`
			`- if len(cipherText) <= block.BlockSize() {`
			`- return "", errors.Errorf("invalid cipher text length %v, it must larger than %v", len(cipherText), block.BlockSize())`
			`- }`
			`-`
			`- decrypter := cipher.NewCFBDecrypter(block, cipherText[:block.BlockSize()])`
			`- decryptData := make([]byte, len(cipherText)-block.BlockSize())`
			`- decrypter.XORKeyStream(decryptData, cipherText[block.BlockSize():])`
			`-`
			`- return string(decryptData), nil`
			`-}`
			`-`
			`// GenerateRSAKey generates a RAS key pair with key size s`
			`// the recommend key size is 4096 and which will be use when`
			`// key size is less than it`
			`diff --git a/util/cipher_test.go b/util/cipher_test.go`
			`index 4bbe894b..834c297c 100644`
			`--- a/util/cipher_test.go`
			`+++ b/util/cipher_test.go`
			`@@ -40,81 +40,6 @@ const (`
			`maxRepeatTime = 1000000`
			`)`

			`-func TestAES(t *testing.T) {`
			`- var testcases = []struct {`
			`- name string`
			`- length int`
			`- wantErr bool`
			`- text string`
			`- hash func() hash.Hash`
			`- }{`
			`- {`
			`- name: "TC1 - normal case with key length 16",`
			`- length: 16,`
			`- text: "abcdefghijklmnopqrstuvwxyz",`
			`- hash: sha256.New,`
			`- wantErr: false,`
			`- },`
			`- {`
			`- name: "TC2 - normal case with key length 24",`
			`- length: 24,`
			`- text: "1234567890",`
			`- hash: sha256.New,`
			`- wantErr: false,`
			`- },`
			`- {`
			`- name: "TC3 - normal case with key length 32",`
			`- length: 32,`
			`- text: "!@#$%^&*()_+:><?",`
			`- hash: sha256.New,`
			`- wantErr: false,`
			`- },`
			`- {`
			`- name: "TC4 - normal case with sha1",`
			`- length: 32,`
			`- text: "1234567890",`
			`- hash: sha1.New,`
			`- wantErr: false,`
			`- },`
			`- {`
			`- name: "TC5 - normal case with sha256",`
			`- length: 32,`
			`- text: "abcdefghijklmnopqrstuvwxyz",`
			`- hash: sha512.New,`
			`- wantErr: false,`
			`- },`
			`- {`
			`- name: "TC6 - abnormal case with invalid key length 0",`
			`- length: 0,`
			`- text: "!@#$%^&*()_+:><?",`
			`- hash: sha256.New,`
			`- wantErr: true,`
			`- },`
			`- {`
			`- name: "TC7 - abnormal case with invalid ken length 63",`
			`- length: 63,`
			`- text: "This is test 7",`
			`- hash: sha256.New,`
			`- wantErr: true,`
			`- },`
			`- }`
			`- for _, tt := range testcases {`
			`- t.Run(tt.name, func(t *testing.T) {`
			`- oriKey, err := GenerateCryptoKey(tt.length)`
			`- key, err := PBKDF2(oriKey, tt.length, tt.hash)`
			`- encryptData, err := EncryptAES(tt.text, key)`
			`- decryptData, err := DecryptAES(encryptData, key)`
			`- if err == nil {`
			`- assert.Equal(t, tt.text, decryptData)`
			`- assert.Assert(t, string(oriKey) != key)`
			`- }`
			`- if (err != nil) != tt.wantErr {`
			`- t.Errorf("%s error = %v, wantErr %v", tt.name, err, tt.wantErr)`
			`- }`
			`- })`
			`- }`
			`-}`
			`-`
			`func TestRSA(t *testing.T) {`
			`type args struct {`
			`data string`
			`--`
			`2.27.0`