From 019108005ae1728bb6099c0a39e5ae262874aff1 Mon Sep 17 00:00:00 2001 From: Felicitas Pojtinger Date: Sat, 4 Dec 2021 21:00:42 +0100 Subject: [PATCH] feat: Enable signing headers everywhere they can be encrypted --- cmd/stbak/cmd/delete.go | 26 +++++++++++++++++++++++++- cmd/stbak/cmd/move.go | 26 +++++++++++++++++++++++++- cmd/stbak/cmd/update.go | 8 ++++++++ 3 files changed, 58 insertions(+), 2 deletions(-) diff --git a/cmd/stbak/cmd/delete.go b/cmd/stbak/cmd/delete.go index 10ae79a..a87002a 100644 --- a/cmd/stbak/cmd/delete.go +++ b/cmd/stbak/cmd/delete.go @@ -31,7 +31,11 @@ var deleteCmd = &cobra.Command{ return err } - return checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(recipientFlag)) + if err := checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(recipientFlag)); err != nil { + return err + } + + return checkKeyAccessible(viper.GetString(signatureFlag), viper.GetString(identityFlag)) }, RunE: func(cmd *cobra.Command, args []string) error { if err := viper.BindPFlags(cmd.PersistentFlags()); err != nil { @@ -52,12 +56,24 @@ var deleteCmd = &cobra.Command{ return err } + privkey, err := readKey(viper.GetString(signatureFlag), viper.GetString(identityFlag)) + if err != nil { + return err + } + + identity, err := parseSignerIdentity(viper.GetString(signatureFlag), privkey, viper.GetString(passwordFlag)) + if err != nil { + return err + } + return delete( viper.GetString(driveFlag), viper.GetString(metadataFlag), viper.GetString(nameFlag), viper.GetString(encryptionFlag), recipient, + viper.GetString(signatureFlag), + identity, ) }, } @@ -68,6 +84,8 @@ func delete( name string, encryptionFormat string, recipient interface{}, + signatureFormat string, + identity interface{}, ) error { dirty := false tw, _, cleanup, err := openTapeWriter(tape) @@ -118,6 +136,10 @@ func delete( hdr.PAXRecords[pax.STFSRecordVersion] = pax.STFSRecordVersion1 hdr.PAXRecords[pax.STFSRecordAction] = pax.STFSRecordActionDelete + if err := signHeader(hdr, signatureFormat, identity); err != nil { + return err + } + if err := encryptHeader(hdr, encryptionFormat, recipient); err != nil { return err } @@ -207,6 +229,8 @@ func init() { deleteCmd.PersistentFlags().IntP(recordSizeFlag, "z", 20, "Amount of 512-bit blocks per record") deleteCmd.PersistentFlags().StringP(nameFlag, "n", "", "Name of the file to remove") deleteCmd.PersistentFlags().StringP(recipientFlag, "r", "", "Path to public key of recipient to encrypt for") + deleteCmd.PersistentFlags().StringP(identityFlag, "i", "", "Path to private key to sign with") + deleteCmd.PersistentFlags().StringP(passwordFlag, "p", "", "Password for the private key") viper.AutomaticEnv() diff --git a/cmd/stbak/cmd/move.go b/cmd/stbak/cmd/move.go index 8d5551f..37a6958 100644 --- a/cmd/stbak/cmd/move.go +++ b/cmd/stbak/cmd/move.go @@ -24,7 +24,11 @@ var moveCmd = &cobra.Command{ return err } - return checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(recipientFlag)) + if err := checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(recipientFlag)); err != nil { + return err + } + + return checkKeyAccessible(viper.GetString(signatureFlag), viper.GetString(identityFlag)) }, RunE: func(cmd *cobra.Command, args []string) error { if err := viper.BindPFlags(cmd.PersistentFlags()); err != nil { @@ -45,6 +49,16 @@ var moveCmd = &cobra.Command{ return err } + privkey, err := readKey(viper.GetString(signatureFlag), viper.GetString(identityFlag)) + if err != nil { + return err + } + + identity, err := parseSignerIdentity(viper.GetString(signatureFlag), privkey, viper.GetString(passwordFlag)) + if err != nil { + return err + } + return move( viper.GetString(driveFlag), viper.GetString(metadataFlag), @@ -52,6 +66,8 @@ var moveCmd = &cobra.Command{ viper.GetString(toFlag), viper.GetString(encryptionFlag), recipient, + viper.GetString(signatureFlag), + identity, ) }, } @@ -63,6 +79,8 @@ func move( dst string, encryptionFormat string, recipient interface{}, + signatureFormat string, + identity interface{}, ) error { dirty := false tw, _, cleanup, err := openTapeWriter(tape) @@ -115,6 +133,10 @@ func move( hdr.PAXRecords[pax.STFSRecordAction] = pax.STFSRecordActionUpdate hdr.PAXRecords[pax.STFSRecordReplacesName] = dbhdr.Name + if err := signHeader(hdr, signatureFormat, identity); err != nil { + return err + } + if err := encryptHeader(hdr, encryptionFormat, recipient); err != nil { return err } @@ -138,6 +160,8 @@ func init() { moveCmd.PersistentFlags().StringP(fromFlag, "f", "", "Current path of the file or directory to move") moveCmd.PersistentFlags().StringP(toFlag, "t", "", "Path to move the file or directory to") moveCmd.PersistentFlags().StringP(recipientFlag, "r", "", "Path to public key of recipient to encrypt for") + moveCmd.PersistentFlags().StringP(identityFlag, "i", "", "Path to private key to sign with") + moveCmd.PersistentFlags().StringP(passwordFlag, "p", "", "Password for the private key") viper.AutomaticEnv() diff --git a/cmd/stbak/cmd/update.go b/cmd/stbak/cmd/update.go index 9a5cdf1..2f09c1a 100644 --- a/cmd/stbak/cmd/update.go +++ b/cmd/stbak/cmd/update.go @@ -260,6 +260,10 @@ func update( hdrToAppend := *hdr headers = append(headers, &hdrToAppend) + if err := signHeader(hdr, signatureFormat, identity); err != nil { + return err + } + if err := encryptHeader(hdr, encryptionFormat, recipient); err != nil { return err } @@ -330,6 +334,10 @@ func update( hdrToAppend := *hdr headers = append(headers, &hdrToAppend) + if err := signHeader(hdr, signatureFormat, identity); err != nil { + return err + } + if err := encryptHeader(hdr, encryptionFormat, recipient); err != nil { return err }