From bbfde631a9762d357ef273f0c785a24e74ca381e Mon Sep 17 00:00:00 2001
From: Felicitas Pojtinger <felicitas@pojtinger.com>
Date: Sun, 5 Dec 2021 22:44:56 +0100
Subject: [PATCH] refactor: Block usage of minisign on tape

---
 cmd/stbak/cmd/archive.go        | 21 +++++++++++++++++----
 cmd/stbak/cmd/delete.go         |  4 ++--
 cmd/stbak/cmd/move.go           |  4 ++--
 cmd/stbak/cmd/recovery_fetch.go | 17 ++++++++++++++---
 cmd/stbak/cmd/recovery_index.go |  9 +++++----
 cmd/stbak/cmd/recovery_query.go |  4 ++--
 cmd/stbak/cmd/update.go         |  8 ++++----
 7 files changed, 46 insertions(+), 21 deletions(-)

diff --git a/cmd/stbak/cmd/archive.go b/cmd/stbak/cmd/archive.go
index a20f7f9..b456fd6 100644
--- a/cmd/stbak/cmd/archive.go
+++ b/cmd/stbak/cmd/archive.go
@@ -68,6 +68,8 @@ var (
 	errCompressionFormatRequiresLargerRecordSize = errors.New("this compression format requires a larger record size")
 
 	errCompressionFormatOnlyRegularSupport = errors.New("this compression format only supports regular files, not i.e. tape drives")
+
+	errSignatureFormatOnlyRegularSupport = errors.New("this signature format only supports regular files, not i.e. tape drives")
 )
 
 var archiveCmd = &cobra.Command{
@@ -166,7 +168,7 @@ var archiveCmd = &cobra.Command{
 				return nil
 			},
 			0,
-			func(hdr *tar.Header) error {
+			func(hdr *tar.Header, isRegular bool) error {
 				return nil // We sign above, no need to verify
 			},
 		)
@@ -296,7 +298,7 @@ func archive(
 				return err
 			}
 
-			signer, sign, err := sign(file, signatureFormat, identity)
+			signer, sign, err := sign(file, isRegular, signatureFormat, identity)
 			if err != nil {
 				return err
 			}
@@ -363,7 +365,7 @@ func archive(
 		hdrToAppend := *hdr
 		headers = append(headers, &hdrToAppend)
 
-		if err := signHeader(hdr, signatureFormat, identity); err != nil {
+		if err := signHeader(hdr, isRegular, signatureFormat, identity); err != nil {
 			return err
 		}
 
@@ -502,6 +504,7 @@ func encryptHeader(
 
 func signHeader(
 	hdr *tar.Header,
+	isRegular bool,
 	signatureFormat string,
 	identity interface{},
 ) error {
@@ -521,7 +524,7 @@ func signHeader(
 	}
 
 	newHdr.PAXRecords[pax.STFSRecordEmbeddedHeader] = string(wrappedHeader)
-	newHdr.PAXRecords[pax.STFSRecordSignature], err = signString(newHdr.PAXRecords[pax.STFSRecordEmbeddedHeader], signatureFormat, identity)
+	newHdr.PAXRecords[pax.STFSRecordSignature], err = signString(newHdr.PAXRecords[pax.STFSRecordEmbeddedHeader], isRegular, signatureFormat, identity)
 	if err != nil {
 		return err
 	}
@@ -627,11 +630,16 @@ func parseSignerIdentity(
 
 func sign(
 	src io.Reader,
+	isRegular bool,
 	signatureFormat string,
 	identity interface{},
 ) (io.Reader, func() (string, error), error) {
 	switch signatureFormat {
 	case signatureFormatMinisignKey:
+		if !isRegular {
+			return nil, nil, errSignatureFormatOnlyRegularSupport
+		}
+
 		identity, ok := identity.(minisign.PrivateKey)
 		if !ok {
 			return nil, nil, errIdentityUnparsable
@@ -748,11 +756,16 @@ func encryptString(
 
 func signString(
 	src string,
+	isRegular bool,
 	signatureFormat string,
 	identity interface{},
 ) (string, error) {
 	switch signatureFormat {
 	case signatureFormatMinisignKey:
+		if !isRegular {
+			return "", errSignatureFormatOnlyRegularSupport
+		}
+
 		identity, ok := identity.(minisign.PrivateKey)
 		if !ok {
 			return "", errIdentityUnparsable
diff --git a/cmd/stbak/cmd/delete.go b/cmd/stbak/cmd/delete.go
index c9f2b49..86be5f4 100644
--- a/cmd/stbak/cmd/delete.go
+++ b/cmd/stbak/cmd/delete.go
@@ -90,7 +90,7 @@ func delete(
 	identity interface{},
 ) error {
 	dirty := false
-	tw, _, cleanup, err := openTapeWriter(tape, recordSize, false)
+	tw, isRegular, cleanup, err := openTapeWriter(tape, recordSize, false)
 	if err != nil {
 		return err
 	}
@@ -138,7 +138,7 @@ func delete(
 		hdr.PAXRecords[pax.STFSRecordVersion] = pax.STFSRecordVersion1
 		hdr.PAXRecords[pax.STFSRecordAction] = pax.STFSRecordActionDelete
 
-		if err := signHeader(hdr, signatureFormat, identity); err != nil {
+		if err := signHeader(hdr, isRegular, signatureFormat, identity); err != nil {
 			return err
 		}
 
diff --git a/cmd/stbak/cmd/move.go b/cmd/stbak/cmd/move.go
index c3ad29c..84735bc 100644
--- a/cmd/stbak/cmd/move.go
+++ b/cmd/stbak/cmd/move.go
@@ -85,7 +85,7 @@ func move(
 	identity interface{},
 ) error {
 	dirty := false
-	tw, _, cleanup, err := openTapeWriter(tape, recordSize, false)
+	tw, isRegular, cleanup, err := openTapeWriter(tape, recordSize, false)
 	if err != nil {
 		return err
 	}
@@ -135,7 +135,7 @@ func move(
 		hdr.PAXRecords[pax.STFSRecordAction] = pax.STFSRecordActionUpdate
 		hdr.PAXRecords[pax.STFSRecordReplacesName] = dbhdr.Name
 
-		if err := signHeader(hdr, signatureFormat, identity); err != nil {
+		if err := signHeader(hdr, isRegular, signatureFormat, identity); err != nil {
 			return err
 		}
 
diff --git a/cmd/stbak/cmd/recovery_fetch.go b/cmd/stbak/cmd/recovery_fetch.go
index 2202fa7..2d008e8 100644
--- a/cmd/stbak/cmd/recovery_fetch.go
+++ b/cmd/stbak/cmd/recovery_fetch.go
@@ -160,7 +160,7 @@ func restoreFromRecordAndBlock(
 		return err
 	}
 
-	if err := verifyHeader(hdr, signatureFormat, recipient); err != nil {
+	if err := verifyHeader(hdr, isRegular, signatureFormat, recipient); err != nil {
 		return err
 	}
 
@@ -218,7 +218,7 @@ func restoreFromRecordAndBlock(
 			}
 		}
 
-		verifier, verify, err := verify(decompressor, signatureFormat, recipient, signature)
+		verifier, verify, err := verify(decompressor, isRegular, signatureFormat, recipient, signature)
 		if err != nil {
 			return err
 		}
@@ -326,6 +326,7 @@ func decryptHeader(
 
 func verifyHeader(
 	hdr *tar.Header,
+	isRegular bool,
 	signatureFormat string,
 	recipient interface{},
 ) error {
@@ -347,7 +348,7 @@ func verifyHeader(
 		return errSignatureMissing
 	}
 
-	if err := verifyString(embeddedHeader, signatureFormat, recipient, signature); err != nil {
+	if err := verifyString(embeddedHeader, isRegular, signatureFormat, recipient, signature); err != nil {
 		return err
 	}
 
@@ -537,12 +538,17 @@ func parseSignerRecipient(
 
 func verify(
 	src io.Reader,
+	isRegular bool,
 	signatureFormat string,
 	recipient interface{},
 	signature string,
 ) (io.Reader, func() error, error) {
 	switch signatureFormat {
 	case signatureFormatMinisignKey:
+		if !isRegular {
+			return nil, nil, errSignatureFormatOnlyRegularSupport
+		}
+
 		recipient, ok := recipient.(minisign.PublicKey)
 		if !ok {
 			return nil, nil, errRecipientUnparsable
@@ -606,12 +612,17 @@ func verify(
 
 func verifyString(
 	src string,
+	isRegular bool,
 	signatureFormat string,
 	recipient interface{},
 	signature string,
 ) error {
 	switch signatureFormat {
 	case signatureFormatMinisignKey:
+		if !isRegular {
+			return errSignatureFormatOnlyRegularSupport
+		}
+
 		recipient, ok := recipient.(minisign.PublicKey)
 		if !ok {
 			return errRecipientUnparsable
diff --git a/cmd/stbak/cmd/recovery_index.go b/cmd/stbak/cmd/recovery_index.go
index 30efbc7..3a2bbc2 100644
--- a/cmd/stbak/cmd/recovery_index.go
+++ b/cmd/stbak/cmd/recovery_index.go
@@ -79,8 +79,8 @@ var recoveryIndexCmd = &cobra.Command{
 				return decryptHeader(hdr, viper.GetString(encryptionFlag), identity)
 			},
 			0,
-			func(hdr *tar.Header) error {
-				return verifyHeader(hdr, viper.GetString(signatureFlag), recipient)
+			func(hdr *tar.Header, isRegular bool) error {
+				return verifyHeader(hdr, isRegular, viper.GetString(signatureFlag), recipient)
 			},
 		)
 	},
@@ -102,6 +102,7 @@ func index(
 	offset int,
 	verifyHeader func(
 		hdr *tar.Header,
+		isRegular bool,
 	) error,
 ) error {
 	if overwrite {
@@ -196,7 +197,7 @@ func index(
 					return err
 				}
 
-				if err := verifyHeader(hdr); err != nil {
+				if err := verifyHeader(hdr, isRegular); err != nil {
 					return err
 				}
 
@@ -282,7 +283,7 @@ func index(
 					return err
 				}
 
-				if err := verifyHeader(hdr); err != nil {
+				if err := verifyHeader(hdr, isRegular); err != nil {
 					return err
 				}
 
diff --git a/cmd/stbak/cmd/recovery_query.go b/cmd/stbak/cmd/recovery_query.go
index 80023ff..499b814 100644
--- a/cmd/stbak/cmd/recovery_query.go
+++ b/cmd/stbak/cmd/recovery_query.go
@@ -151,7 +151,7 @@ func query(
 				return err
 			}
 
-			if err := verifyHeader(hdr, signatureFormat, recipient); err != nil {
+			if err := verifyHeader(hdr, isRegular, signatureFormat, recipient); err != nil {
 				return err
 			}
 
@@ -238,7 +238,7 @@ func query(
 				return err
 			}
 
-			if err := verifyHeader(hdr, signatureFormat, recipient); err != nil {
+			if err := verifyHeader(hdr, isRegular, signatureFormat, recipient); err != nil {
 				return err
 			}
 
diff --git a/cmd/stbak/cmd/update.go b/cmd/stbak/cmd/update.go
index 3e3c662..42c3981 100644
--- a/cmd/stbak/cmd/update.go
+++ b/cmd/stbak/cmd/update.go
@@ -114,7 +114,7 @@ var updateCmd = &cobra.Command{
 				return nil
 			},
 			1,
-			func(hdr *tar.Header) error {
+			func(hdr *tar.Header, isRegular bool) error {
 				return nil // We sign above, no need to verify
 			},
 		)
@@ -198,7 +198,7 @@ func update(
 				return err
 			}
 
-			signer, sign, err := sign(file, signatureFormat, identity)
+			signer, sign, err := sign(file, isRegular, signatureFormat, identity)
 			if err != nil {
 				return err
 			}
@@ -268,7 +268,7 @@ func update(
 			hdrToAppend := *hdr
 			headers = append(headers, &hdrToAppend)
 
-			if err := signHeader(hdr, signatureFormat, identity); err != nil {
+			if err := signHeader(hdr, isRegular, signatureFormat, identity); err != nil {
 				return err
 			}
 
@@ -342,7 +342,7 @@ func update(
 			hdrToAppend := *hdr
 			headers = append(headers, &hdrToAppend)
 
-			if err := signHeader(hdr, signatureFormat, identity); err != nil {
+			if err := signHeader(hdr, isRegular, signatureFormat, identity); err != nil {
 				return err
 			}