github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/internal/config/crypto_test.go (about) 1 // Copyright (c) 2015-2021 MinIO, Inc. 2 // 3 // This file is part of MinIO Object Storage stack 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package config 19 20 import ( 21 "bytes" 22 "encoding/hex" 23 "io" 24 "testing" 25 26 "github.com/minio/minio/internal/kms" 27 ) 28 29 var encryptDecryptTests = []struct { 30 Data []byte 31 Context kms.Context 32 }{ 33 { 34 Data: nil, 35 Context: nil, 36 }, 37 { 38 Data: []byte{1}, 39 Context: nil, 40 }, 41 { 42 Data: []byte{1}, 43 Context: kms.Context{"key": "value"}, 44 }, 45 { 46 Data: make([]byte, 1<<20), 47 Context: kms.Context{"key": "value", "a": "b"}, 48 }, 49 } 50 51 func TestEncryptDecrypt(t *testing.T) { 52 key, err := hex.DecodeString("ddedadb867afa3f73bd33c25499a723ed7f9f51172ee7b1b679e08dc795debcc") 53 if err != nil { 54 t.Fatalf("Failed to decode master key: %v", err) 55 } 56 KMS, err := kms.New("my-key", key) 57 if err != nil { 58 t.Fatalf("Failed to create KMS: %v", err) 59 } 60 61 for i, test := range encryptDecryptTests { 62 ciphertext, err := Encrypt(KMS, bytes.NewReader(test.Data), test.Context) 63 if err != nil { 64 t.Fatalf("Test %d: failed to encrypt stream: %v", i, err) 65 } 66 data, err := io.ReadAll(ciphertext) 67 if err != nil { 68 t.Fatalf("Test %d: failed to encrypt stream: %v", i, err) 69 } 70 71 plaintext, err := Decrypt(KMS, bytes.NewReader(data), test.Context) 72 if err != nil { 73 t.Fatalf("Test %d: failed to decrypt stream: %v", i, err) 74 } 75 data, err = io.ReadAll(plaintext) 76 if err != nil { 77 t.Fatalf("Test %d: failed to decrypt stream: %v", i, err) 78 } 79 80 if !bytes.Equal(data, test.Data) { 81 t.Fatalf("Test %d: decrypted data does not match original data", i) 82 } 83 } 84 } 85 86 func BenchmarkEncrypt(b *testing.B) { 87 key, err := hex.DecodeString("ddedadb867afa3f73bd33c25499a723ed7f9f51172ee7b1b679e08dc795debcc") 88 if err != nil { 89 b.Fatalf("Failed to decode master key: %v", err) 90 } 91 KMS, err := kms.New("my-key", key) 92 if err != nil { 93 b.Fatalf("Failed to create KMS: %v", err) 94 } 95 96 benchmarkEncrypt := func(size int, b *testing.B) { 97 var ( 98 data = make([]byte, size) 99 plaintext = bytes.NewReader(data) 100 context = kms.Context{"key": "value"} 101 ) 102 b.SetBytes(int64(size)) 103 for i := 0; i < b.N; i++ { 104 ciphertext, err := Encrypt(KMS, plaintext, context) 105 if err != nil { 106 b.Fatal(err) 107 } 108 if _, err = io.Copy(io.Discard, ciphertext); err != nil { 109 b.Fatal(err) 110 } 111 plaintext.Reset(data) 112 } 113 } 114 b.Run("1KB", func(b *testing.B) { benchmarkEncrypt(1*1024, b) }) 115 b.Run("512KB", func(b *testing.B) { benchmarkEncrypt(512*1024, b) }) 116 b.Run("1MB", func(b *testing.B) { benchmarkEncrypt(1024*1024, b) }) 117 b.Run("10MB", func(b *testing.B) { benchmarkEncrypt(10*1024*1024, b) }) 118 }