[refactor] simplify en/decrypted size computation (#5658)

This commit replaces the en/decrypted size computation
with functions from the `sio` package.

Fixes #5657

vendor/github.com/minio/sio/sio.go

@@ -48,6 +48,9 @@ const (
 	maxPayloadSize = 1 << 16
 	tagSize        = 16
 	maxPackageSize = headerSize + maxPayloadSize + tagSize
+
+	maxDecryptedSize = 1 << 48
+	maxEncryptedSize = maxDecryptedSize + ((headerSize + tagSize) * 1 << 32)
 )
 
 var newAesGcm = func(key []byte) (cipher.AEAD, error) {
@@ -68,6 +71,7 @@ var (
 	errUnsupportedCipher  = errors.New("sio: unsupported cipher suite")
 	errInvalidPayloadSize = errors.New("sio: invalid payload size")
 	errTagMismatch        = errors.New("sio: authentication failed")
+	errUnexpectedSize     = errors.New("sio: size is too large for DARE")
 
 	// Version 1.0 specific
 	errPackageOutOfOrder = errors.New("sio: sequence number mismatch")
@@ -115,6 +119,41 @@ type Config struct {
 	PayloadSize int
 }
 
+// EncryptedSize computes the size of an encrypted data stream
+// from the plaintext size. It is the inverse of DecryptedSize().
+//
+// EncryptedSize returns an error if the provided size is to large.
+func EncryptedSize(size uint64) (uint64, error) {
+	if size > maxDecryptedSize {
+		return 0, errUnexpectedSize
+	}
+
+	encSize := (size / maxPayloadSize) * maxPackageSize
+	if mod := size % maxPayloadSize; mod > 0 {
+		encSize += mod + (headerSize + tagSize)
+	}
+	return encSize, nil
+}
+
+// DecryptedSize computes the size of a decrypted data stream
+// from the encrypted stream size. It is the inverse of EncryptedSize().
+//
+// DecryptedSize returns an error if the provided size is to large
+// or if the provided size is an invalid encrypted stream size.
+func DecryptedSize(size uint64) (uint64, error) {
+	if size > maxEncryptedSize {
+		return 0, errUnexpectedSize
+	}
+	decSize := (size / maxPackageSize) * maxPayloadSize
+	if mod := size % maxPackageSize; mod > 0 {
+		if mod <= headerSize+tagSize {
+			return 0, errors.New("sio: size is not valid") // last package is not valid
+		}
+		decSize += mod - (headerSize + tagSize)
+	}
+	return decSize, nil
+}
+
 // Encrypt reads from src until it encounters an io.EOF and encrypts all received
 // data. The encrypted data is written to dst. It returns the number of bytes
 // encrypted and the first error encountered while encrypting, if any.

vendor/github.com/minio/sio/writer-v1.go

@@ -192,7 +192,7 @@ func flush(w io.Writer, p []byte) error {
 	if err != nil {
 		return err
 	}
-	if n != len(p) { // not neccasary if the w follows the io.Writer doc *precisly*
+	if n != len(p) { // not neccasary if the w follows the io.Writer doc *precisely*
 		return io.ErrShortWrite
 	}
 	return nil

vendor/github.com/minio/sio/writer-v2.go

@@ -80,7 +80,7 @@ func (w *encWriterV20) Write(p []byte) (n int, err error) {
 }
 
 func (w *encWriterV20) Close() error {
-	if w.offset > 0 { // true if at least one Write call happend
+	if w.offset > 0 { // true if at least one Write call happened
 		w.SealFinal(w.buffer, w.buffer[headerSize:headerSize+w.offset])
 		if err := flush(w.dst, w.buffer[:headerSize+w.offset+tagSize]); err != nil { // write to underlying io.Writer
 			return err