From eaaca9cb5962a28e6f546e8c0ce1049f5db5d46b Mon Sep 17 00:00:00 2001
From: jingxiaolu <lujingxiao@huawei.com>
Date: Wed, 15 Dec 2021 16:42:12 +0800
Subject: [PATCH 4/4] utils: remove unused PBKDF2 and AES related

Fixes: #I4MO1B

Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
---
 util/cipher.go      | 103 --------------------------------------------
 util/cipher_test.go |  75 --------------------------------
 2 files changed, 178 deletions(-)

diff --git a/util/cipher.go b/util/cipher.go
index 67cb52bb..fa0559ae 100644
--- a/util/cipher.go
+++ b/util/cipher.go
@@ -16,8 +16,6 @@ package util
 import (
 	"bufio"
 	"crypto"
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
@@ -32,117 +30,16 @@ import (
 	"path/filepath"
 
 	"github.com/pkg/errors"
-	"golang.org/x/crypto/pbkdf2"
-
 	constant "isula.org/isula-build"
 )
 
 const (
-	// CryptoKeyLen is secure key length for aes encryption and decryption(AES-256)
-	CryptoKeyLen = 32
-	// iteration is iteration count to hash
-	iteration           = 409600
-	aesKeyLenUpperBound = 32
-	aesKeyLenLowerBound = 16
 	// DefaultRSAKeySize is secure key length for RSA
 	DefaultRSAKeySize = 2048
 	// DefaultRSAKeyPath is the default directory to store rsa public key
 	DefaultRSAKeyPath = "/etc/isula-build/isula-build.pub"
 )
 
-var (
-	errGenCryptoKey = errors.New("generate crypto key failed")
-)
-
-// GenerateCryptoKey generates a random key with length s
-// if used with AES, the input length can only be 16, 24, 32,
-// which stands for AES-128, AES-192, or AES-256.
-func GenerateCryptoKey(s int) ([]byte, error) {
-	var size int
-	if s >= aesKeyLenLowerBound && s <= aesKeyLenUpperBound {
-		size = s
-	} else {
-		size = aesKeyLenLowerBound
-	}
-	key := make([]byte, size)
-	if _, err := io.ReadFull(rand.Reader, key); err != nil {
-		return nil, errGenCryptoKey
-	}
-
-	return key, nil
-}
-
-// PBKDF2 is key derivation function to generate one way hash data
-// if used with AES, the keyLen can only be 16, 24, 32
-// which stands for AES-128, AES-192 or AES-256
-// iteration is pre-set to 409600 and salt is generated by random key generator
-func PBKDF2(password []byte, keyLen int, h func() hash.Hash) (string, error) {
-	if len(password) == 0 {
-		return "", errors.New("encrypt empty string failed")
-	}
-	salt, err := GenerateCryptoKey(CryptoKeyLen)
-	if err != nil {
-		return "", err
-	}
-
-	df := pbkdf2.Key(password, salt, iteration, keyLen, h)
-
-	return hex.EncodeToString(df), nil
-}
-
-// EncryptAES encrypts plain text with AES encrypt algorithm(CFB)
-func EncryptAES(data string, aeskey string) (string, error) {
-	plainText := []byte(data)
-	key, err := hex.DecodeString(aeskey)
-	if err != nil {
-		return "", err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return "", err
-	}
-
-	iv, err := GenerateCryptoKey(block.BlockSize())
-	if err != nil {
-		return "", errors.Errorf("generate rand data for iv failed: %v", err)
-	}
-	mode := cipher.NewCFBEncrypter(block, iv)
-	encryptData := make([]byte, len(plainText))
-	mode.XORKeyStream(encryptData, plainText)
-	encryptData = append(iv, encryptData...)
-
-	return hex.EncodeToString(encryptData), nil
-}
-
-// DecryptAES decrypts text with AES decrypt algorithm(CFB)
-func DecryptAES(data string, aeskey string) (string, error) {
-	key, err := hex.DecodeString(aeskey)
-	if err != nil {
-		return "", err
-	}
-
-	cipherText, err := hex.DecodeString(data)
-	if err != nil {
-		return "", err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return "", err
-	}
-
-	if len(cipherText) <= block.BlockSize() {
-		return "", errors.Errorf("invalid cipher text length %v, it must larger than %v", len(cipherText), block.BlockSize())
-	}
-
-	decrypter := cipher.NewCFBDecrypter(block, cipherText[:block.BlockSize()])
-	decryptData := make([]byte, len(cipherText)-block.BlockSize())
-	decrypter.XORKeyStream(decryptData, cipherText[block.BlockSize():])
-
-	return string(decryptData), nil
-}
-
 // GenerateRSAKey generates a RAS key pair with key size s
 // the recommend key size is 4096 and which will be use when
 // key size is less than it
diff --git a/util/cipher_test.go b/util/cipher_test.go
index 4bbe894b..834c297c 100644
--- a/util/cipher_test.go
+++ b/util/cipher_test.go
@@ -40,81 +40,6 @@ const (
 	maxRepeatTime = 1000000
 )
 
-func TestAES(t *testing.T) {
-	var testcases = []struct {
-		name    string
-		length  int
-		wantErr bool
-		text    string
-		hash    func() hash.Hash
-	}{
-		{
-			name:    "TC1 - normal case with key length 16",
-			length:  16,
-			text:    "abcdefghijklmnopqrstuvwxyz",
-			hash:    sha256.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC2 - normal case with key length 24",
-			length:  24,
-			text:    "1234567890",
-			hash:    sha256.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC3 - normal case with key length 32",
-			length:  32,
-			text:    "!@#$%^&*()_+:><?",
-			hash:    sha256.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC4 - normal case with sha1",
-			length:  32,
-			text:    "1234567890",
-			hash:    sha1.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC5 - normal case with sha256",
-			length:  32,
-			text:    "abcdefghijklmnopqrstuvwxyz",
-			hash:    sha512.New,
-			wantErr: false,
-		},
-		{
-			name:    "TC6 - abnormal case with invalid key length 0",
-			length:  0,
-			text:    "!@#$%^&*()_+:><?",
-			hash:    sha256.New,
-			wantErr: true,
-		},
-		{
-			name:    "TC7 - abnormal case with invalid ken length 63",
-			length:  63,
-			text:    "This is test 7",
-			hash:    sha256.New,
-			wantErr: true,
-		},
-	}
-	for _, tt := range testcases {
-		t.Run(tt.name, func(t *testing.T) {
-			oriKey, err := GenerateCryptoKey(tt.length)
-			key, err := PBKDF2(oriKey, tt.length, tt.hash)
-			encryptData, err := EncryptAES(tt.text, key)
-			decryptData, err := DecryptAES(encryptData, key)
-			if err == nil {
-				assert.Equal(t, tt.text, decryptData)
-				assert.Assert(t, string(oriKey) != key)
-			}
-			if (err != nil) != tt.wantErr {
-				t.Errorf("%s error = %v, wantErr %v", tt.name, err, tt.wantErr)
-			}
-		})
-	}
-}
-
 func TestRSA(t *testing.T) {
 	type args struct {
 		data string
-- 
2.27.0