mirrors/stfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Enable verifying headers everywhere that they can be decrypted

Browse Source
This commit is contained in:
Felicitas Pojtinger
2021-12-04 21:25:16 +01:00
parent 019108005a
commit 24bbfcc45b
4 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/stbak/cmd/archive.go
View File

@@ -160,6 +160,9 @@ var archiveCmd = &cobra.Command{
return nil
},
0,
func(hdr *tar.Header) error {
return nil // We sign above, no need to verify
},
)
},
}

31
cmd/stbak/cmd/recovery_index.go
View File

@@ -31,7 +31,11 @@ var recoveryIndexCmd = &cobra.Command{
return err
}
return checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(identityFlag))
if err := checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(identityFlag)); err != nil {
return err
}
return checkKeyAccessible(viper.GetString(signatureFlag), viper.GetString(recipientFlag))
},
RunE: func(cmd *cobra.Command, args []string) error {
if err := viper.BindPFlags(cmd.PersistentFlags()); err != nil {
@@ -42,6 +46,16 @@ var recoveryIndexCmd = &cobra.Command{
boil.DebugMode = true
}
pubkey, err := readKey(viper.GetString(signatureFlag), viper.GetString(recipientFlag))
if err != nil {
return err
}
recipient, err := parseSignerRecipient(viper.GetString(signatureFlag), pubkey)
if err != nil {
return err
}
privkey, err := readKey(viper.GetString(encryptionFlag), viper.GetString(identityFlag))
if err != nil {
return err
@@ -65,6 +79,9 @@ var recoveryIndexCmd = &cobra.Command{
return decryptHeader(hdr, viper.GetString(encryptionFlag), identity)
},
0,
func(hdr *tar.Header) error {
return verifyHeader(hdr, viper.GetString(signatureFlag), recipient)
},
)
},
}
@@ -83,6 +100,9 @@ func index(
i int,
) error,
offset int,
verifyHeader func(
hdr *tar.Header,
) error,
) error {
if overwrite {
f, err := os.OpenFile(metadata, os.O_WRONLY|os.O_CREATE, 0600)
@@ -176,6 +196,10 @@ func index(
return err
}
if err := verifyHeader(hdr); err != nil {
return err
}
if err := indexHeader(record, block, hdr, metadataPersister, compressionFormat, encryptionFormat); err != nil {
return nil
}
@@ -258,6 +282,10 @@ func index(
return err
}
if err := verifyHeader(hdr); err != nil {
return err
}
if err := indexHeader(record, block, hdr, metadataPersister, compressionFormat, encryptionFormat); err != nil {
return nil
}
@@ -466,6 +494,7 @@ func init() {
recoveryIndexCmd.PersistentFlags().BoolP(overwriteFlag, "o", false, "Remove the old index before starting to index")
recoveryIndexCmd.PersistentFlags().StringP(identityFlag, "i", "", "Path to private key of recipient that has been encrypted for")
recoveryIndexCmd.PersistentFlags().StringP(passwordFlag, "p", "", "Password for the private key")
recoveryIndexCmd.PersistentFlags().StringP(recipientFlag, "r", "", "Path to the public key to verify with")
viper.AutomaticEnv()

29
cmd/stbak/cmd/recovery_query.go
View File

@@ -23,7 +23,11 @@ var recoveryQueryCmd = &cobra.Command{
return err
}
return checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(identityFlag))
if err := checkKeyAccessible(viper.GetString(encryptionFlag), viper.GetString(identityFlag)); err != nil {
return err
}
return checkKeyAccessible(viper.GetString(signatureFlag), viper.GetString(recipientFlag))
},
RunE: func(cmd *cobra.Command, args []string) error {
if err := viper.BindPFlags(cmd.PersistentFlags()); err != nil {
@@ -34,6 +38,16 @@ var recoveryQueryCmd = &cobra.Command{
boil.DebugMode = true
}
pubkey, err := readKey(viper.GetString(signatureFlag), viper.GetString(recipientFlag))
if err != nil {
return err
}
recipient, err := parseSignerRecipient(viper.GetString(signatureFlag), pubkey)
if err != nil {
return err
}
privkey, err := readKey(viper.GetString(encryptionFlag), viper.GetString(identityFlag))
if err != nil {
return err
@@ -51,6 +65,8 @@ var recoveryQueryCmd = &cobra.Command{
viper.GetInt(recordSizeFlag),
viper.GetString(encryptionFlag),
identity,
viper.GetString(signatureFlag),
recipient,
)
},
}
@@ -62,6 +78,8 @@ func query(
recordSize int,
encryptionFormat string,
identity interface{},
signatureFormat string,
recipient interface{},
) error {
f, isRegular, err := openTapeReadOnly(tape)
if err != nil {
@@ -133,6 +151,10 @@ func query(
return err
}
if err := verifyHeader(hdr, signatureFormat, recipient); err != nil {
return err
}
if record == 0 && block == 0 {
if err := formatting.PrintCSV(formatting.TARHeaderCSV); err != nil {
return err
@@ -216,6 +238,10 @@ func query(
return err
}
if err := verifyHeader(hdr, signatureFormat, recipient); err != nil {
return err
}
if record == 0 && block == 0 {
if err := formatting.PrintCSV(formatting.TARHeaderCSV); err != nil {
return err
@@ -252,6 +278,7 @@ func init() {
recoveryQueryCmd.PersistentFlags().IntP(blockFlag, "b", 0, "Block in record to seek too before counting")
recoveryQueryCmd.PersistentFlags().StringP(identityFlag, "i", "", "Path to private key of recipient that has been encrypted for")
recoveryQueryCmd.PersistentFlags().StringP(passwordFlag, "p", "", "Password for the private key")
recoveryQueryCmd.PersistentFlags().StringP(recipientFlag, "r", "", "Path to the public key to verify with")
viper.AutomaticEnv()

3
cmd/stbak/cmd/update.go
View File

@@ -114,6 +114,9 @@ var updateCmd = &cobra.Command{
return nil
},
1,
func(hdr *tar.Header) error {
return nil // We sign above, no need to verify
},
)
},
}