New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for passing non-printable character as key #2851
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2851 +/- ##
==========================================
+ Coverage 9.9% 10.04% +0.14%
==========================================
Files 140 140
Lines 13522 13555 +33
==========================================
+ Hits 1339 1362 +23
- Misses 12016 12026 +10
Partials 167 167
Continue to review full report at Codecov.
|
cmd/head-main.go
Outdated
@@ -68,6 +68,10 @@ EXAMPLES: | |||
|
|||
2. Display only first line from server encrypted object on Amazon S3. | |||
$ {{.HelpName}} -n 1 --encrypt-key 's3/csv-data=32byteslongsecretkeymustbegiven1' s3/csv-data/population.csv | |||
|
|||
3. Display only first line from server encrypted object on Amazon S3. In case the encryption key contains non-printable characcter like tab, pass the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/characcter/character
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
cmd/cat-main.go
Outdated
@@ -69,6 +69,10 @@ EXAMPLES: | |||
|
|||
4. Save an encrypted object from Amazon S3 cloud storage to a local file. | |||
$ {{.HelpName}} --encrypt-key 's3/mysql-backups=32byteslongsecretkeymustbegiven1' s3/mysql-backups/backups-201810.gz > /mnt/data/recent.gz | |||
|
|||
5. Display the content of encrypted object. In case the encryption key contains non-printable characcter like tab, pass the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/characcter/character
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
cmd/cp-main.go
Outdated
|
||
if sseKeys != "" { | ||
sseKeys, err = getDecodedKey(sseKeys) | ||
fatalIf(err, "Unable to decrypt encryption keys.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Unable to decrypt encryption keys."
is incorrect as you are just trying to decode the base64 encoded key.
"Unable to parse encryption key"
is better
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
cmd/common-methods.go
Outdated
secretValue := encryptString[1] | ||
decodedString, e := base64.StdEncoding.DecodeString(secretValue) | ||
if e != nil { | ||
return "", probe.NewError(errors.New("key should be 32 bytes long or if the key is encoded; then decoded value must be of 32 bytes long")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return "", probe.NewError(errors.New("key should be 32 bytes long or if the key is encoded; then decoded value must be of 32 bytes long")) | |
return "", probe.NewError(errors.New("key should be 32 bytes long or if the key is base64 encoded; then decoded value must be 32 bytes long")) | |
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
cmd/common-methods.go
Outdated
} | ||
|
||
if len(decodedString) != 32 { | ||
keyString = keyString + sse |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't you be returning an error here because plain text key is not 32 bytes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is taken care in parseEncryptionKeys
.
cmd/common-methods_test.go
Outdated
err error | ||
status bool | ||
}{ | ||
//success scenerio the key contains non printable (tab) character as key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/scenerio/scenario across this test case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be fixed in more than one place. Please fix them everywhere
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
cmd/common-methods.go
Outdated
encryptString := strings.SplitN(sse, "=", 2) | ||
pre := encryptString[0] | ||
secretValue := encryptString[1] | ||
decodedString, e := base64.StdEncoding.DecodeString(secretValue) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is better to have this part in a function. Other than that, the first part should be to check if the length of secretValue
is 32
, then it is plain text
and use it as is. Only otherwise do you proceed to decode
and if the decode fails, you return error. Else check if the decoded length is 32
, then use that, else return error
Now, what will happen is that even if you encode a string of length 10
and pass it in command line, this code is going to use it as plain text as the decoded string length will be 10 and this code will assume that it is a plain text secret key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a function func parseKey(sseKeys string) (sse string, err *probe.Error)
to achieve this functionality.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix the code based on the comments made in this PR
132b819
to
a958194
Compare
cmd/common-methods.go
Outdated
return sseKeys, nil | ||
} | ||
decodedString, e := base64.StdEncoding.DecodeString(secretValue) | ||
if e != nil || len(decodedString) != 32 || len(secretValue) != 32 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if e != nil || len(decodedString) != 32 || len(secretValue) != 32 { | |
if e != nil || len(decodedString) != 32 { |
30e2bb4
to
65eb30f
Compare
cmd/common-methods.go
Outdated
} | ||
decodedString, e := base64.StdEncoding.DecodeString(secretValue) | ||
if e != nil || len(decodedString) != 32 { | ||
return "", probe.NewError(errors.New("key should be 32 bytes long or if the key is base64 encoded; then decoded value must be 32 bytes long")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return "", probe.NewError(errors.New("key should be 32 bytes long or if the key is base64 encoded; then decoded value must be 32 bytes long")) | |
return "", probe.NewError(errors.New("Encryption key should be 32 bytes plain text key or 64 bytes base64 encoded key")) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
cmd/common-methods_test.go
Outdated
// {"play/documents/=32byteslongsecretkeymustbegiven1,s3/documents/=MzJieXRlc2xvbmdzZWNyZWFiY2RlZmcJZ2l2ZW5uMjE=", "play/documents/=32byteslongsecretkeymustbegiven1,s3/documents/=32byteslongsecreabcdefg givenn21", nil, true}, | ||
// // decoded key less than 32 char and conatin non printable (tab) character | ||
// {"s3/documents/=MzJieXRlc2xvbmdzZWNyZWFiY2RlZmcJZ2l2ZW5uMjE", "", errors.New("key should be 32 bytes long or if the key is base64 encoded; then decoded value must be 32 bytes long"), false}, | ||
// // normal key less than 32 character |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like these tests need to be uncommented
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
65eb30f
to
7770235
Compare
@poornas @kannappanr PTAL |
cmd/cp-main_test.go
Outdated
@@ -28,11 +28,11 @@ func TestParseMetaData(t *testing.T) { | |||
err error | |||
status bool | |||
}{ | |||
// success scenerio using ; as delimitter | |||
// success scenario using ; as delimitter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please fix typo delimitter -> delimiter wherever they occur
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for pointing it out. Done with the change.
7770235
to
458b0a4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested. LGTM
46ae6fe
to
f634d77
Compare
This feature enables the users to pass non-printable character as encrytion-key by encoding it.
Example :
If the encryption keys contains a non printable character like tab :
--encrypt-key "play/test/=32byteslongsecretke mustbegiven1"
.The user need to encode using base64 and pass the encoded string as the key.
--encrypt-key "play/test=MzJieXRlc2xvbmdzZWNyZXRrZQltdXN0YmVnaXZlbjE="
Tested case:
Closes #2678