4801130633

Committed 25 Apr 2023 06:54PM UTC coverage: 90.273% (-0.2%) from 90.484%

Build Type

push

github

Committed by Bartłomiej Święcki

Commit Message

Fix validation of release docker images

Run Details

1717 of 1902 relevant lines covered (90.27%)

1.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.29

/pkg/blenc/datastore_static.go

/*
Copyright © 2022 Bartłomiej Święcki (byo)

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package blenc

import (
        "bytes"
        "context"
        "crypto/sha256"
        "errors"
        "io"

        "github.com/cinode/go/pkg/common"
        "github.com/cinode/go/pkg/internal/blobtypes"
        "github.com/cinode/go/pkg/internal/utilities/cipherfactory"
        "github.com/cinode/go/pkg/internal/utilities/validatingreader"
)

var (
        ErrCanNotUpdateStaticBlob = errors.New("blob update is not supported for static blobs")
)

func (be *beDatastore) openStatic(ctx context.Context, name common.BlobName, key cipherfactory.Key) (io.ReadCloser, error) {

        rc, err := be.ds.Open(ctx, name)
        if err != nil {
                return nil, err
        }

        scr, err := cipherfactory.StreamCipherReader(key, key.DefaultIV(), rc)
        if err != nil {
                return nil, err
        }

        keyGenerator := cipherfactory.NewKeyGenerator(blobtypes.Static)

        return &struct {
                io.Reader
                io.Closer
        }{
                Reader: validatingreader.CheckOnEOF(
                        io.TeeReader(scr, keyGenerator),
                        func() error {
                                if !bytes.Equal(key, keyGenerator.Generate()) {
                                        return blobtypes.ErrValidationFailed
                                }
                                return nil
                        },
                ),
                Closer: rc,
        }, nil
}

func (be *beDatastore) createStatic(
        ctx context.Context,
        r io.Reader,
) (
        common.BlobName,
        cipherfactory.Key,
        AuthInfo,
        error,
) {
        tempWriteBufferPlain, err := be.newSecureFifo()
        if err != nil {
                return nil, nil, nil, err
        }
        defer tempWriteBufferPlain.Close()

        tempWriteBufferEncrypted, err := be.newSecureFifo()
        if err != nil {
                return nil, nil, nil, err
        }
        defer tempWriteBufferEncrypted.Close()

        keyGenerator := cipherfactory.NewKeyGenerator(blobtypes.Static)
        _, err = io.Copy(tempWriteBufferPlain, io.TeeReader(r, keyGenerator))
        if err != nil {
                return nil, nil, nil, err
        }

        key := keyGenerator.Generate()
        iv := key.DefaultIV() // We can use this since each blob will have different key

        rClone, err := tempWriteBufferPlain.Done() // rClone will allow re-reading the source data
        if err != nil {
                return nil, nil, nil, err
        }
        defer rClone.Close()

        // Encrypt data with calculated key, hash encrypted data to generate blob name
        blobNameHasher := sha256.New()
        encWriter, err := cipherfactory.StreamCipherWriter(
                key, iv,
                io.MultiWriter(
                        tempWriteBufferEncrypted, // Stream out encrypted data to temporary fifo
                        blobNameHasher,           // Also hash the output to avoid re-reading the fifo again to build blob name
                ),
        )
        if err != nil {
                return nil, nil, nil, err
        }

        _, err = io.Copy(encWriter, rClone)
        if err != nil {
                return nil, nil, nil, err
        }

        encReader, err := tempWriteBufferEncrypted.Done()
        if err != nil {
                return nil, nil, nil, err
        }
        defer encReader.Close()

        // Generate blob name from the encrypted data
        name, err := common.BlobNameFromHashAndType(blobNameHasher.Sum(nil), blobtypes.Static)
        if err != nil {
                return nil, nil, nil, err
        }

        // Send encrypted blob into the datastore
        err = be.ds.Update(ctx, name, encReader)
        if err != nil {
                return nil, nil, nil, err
        }

        return name, key, nil, nil
}

func (be *beDatastore) updateStatic(
        ctx context.Context,
        name common.BlobName,
        authInfo AuthInfo,
        key cipherfactory.Key,
        r io.Reader,
) error {
        return ErrCanNotUpdateStaticBlob
}

1	/*
2	Copyright © 2022 Bartłomiej Święcki (byo)
3
4	Licensed under the Apache License, Version 2.0 (the "License");
5	you may not use this file except in compliance with the License.
6	You may obtain a copy of the License at
7
8	http://www.apache.org/licenses/LICENSE-2.0
9
10	Unless required by applicable law or agreed to in writing, software
11	distributed under the License is distributed on an "AS IS" BASIS,
12	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	See the License for the specific language governing permissions and
14	limitations under the License.
15	*/
16
17	package blenc
18
19	import (
20	"bytes"
21	"context"
22	"crypto/sha256"
23	"errors"
24	"io"
25
26	"github.com/cinode/go/pkg/common"
27	"github.com/cinode/go/pkg/internal/blobtypes"
28	"github.com/cinode/go/pkg/internal/utilities/cipherfactory"
29	"github.com/cinode/go/pkg/internal/utilities/validatingreader"
30	)
31
32	var (
33	ErrCanNotUpdateStaticBlob = errors.New("blob update is not supported for static blobs")
34	)
35
36	func (be *beDatastore) openStatic(ctx context.Context, name common.BlobName, key cipherfactory.Key) (io.ReadCloser, error) {	1✔
37		1✔
38	rc, err := be.ds.Open(ctx, name)	1✔
39	if err != nil {	2✔
40	return nil, err	1✔
41	}	1✔
42
43	scr, err := cipherfactory.StreamCipherReader(key, key.DefaultIV(), rc)	1✔
44	if err != nil {	2✔
45	return nil, err	1✔
46	}	1✔
47
48	keyGenerator := cipherfactory.NewKeyGenerator(blobtypes.Static)	1✔
49		1✔
50	return &struct {	1✔
51	io.Reader	1✔
52	io.Closer	1✔
53	}{	1✔
54	Reader: validatingreader.CheckOnEOF(	1✔
55	io.TeeReader(scr, keyGenerator),	1✔
56	func() error {	2✔
57	if !bytes.Equal(key, keyGenerator.Generate()) {	2✔
58	return blobtypes.ErrValidationFailed	1✔
59	}	1✔
60	return nil	1✔
61	},
62	),
63	Closer: rc,
64	}, nil
65	}
66
67	func (be *beDatastore) createStatic(
68	ctx context.Context,
69	r io.Reader,
70	) (
71	common.BlobName,
72	cipherfactory.Key,
73	AuthInfo,
74	error,
75	) {	1✔
76	tempWriteBufferPlain, err := be.newSecureFifo()	1✔
77	if err != nil {	2✔
78	return nil, nil, nil, err	1✔
79	}	1✔
80	defer tempWriteBufferPlain.Close()	1✔
81		1✔
82	tempWriteBufferEncrypted, err := be.newSecureFifo()	1✔
83	if err != nil {	2✔
84	return nil, nil, nil, err	1✔
85	}	1✔
86	defer tempWriteBufferEncrypted.Close()	1✔
87		1✔
88	keyGenerator := cipherfactory.NewKeyGenerator(blobtypes.Static)	1✔
89	_, err = io.Copy(tempWriteBufferPlain, io.TeeReader(r, keyGenerator))	1✔
90	if err != nil {	2✔
91	return nil, nil, nil, err	1✔
92	}	1✔
93
94	key := keyGenerator.Generate()	1✔
95	iv := key.DefaultIV() // We can use this since each blob will have different key	1✔
96		1✔
97	rClone, err := tempWriteBufferPlain.Done() // rClone will allow re-reading the source data	1✔
98	if err != nil {	2✔
99	return nil, nil, nil, err	1✔
100	}	1✔
101	defer rClone.Close()	1✔
102		1✔
103	// Encrypt data with calculated key, hash encrypted data to generate blob name	1✔
104	blobNameHasher := sha256.New()	1✔
105	encWriter, err := cipherfactory.StreamCipherWriter(	1✔
106	key, iv,	1✔
107	io.MultiWriter(	1✔
108	tempWriteBufferEncrypted, // Stream out encrypted data to temporary fifo	1✔
109	blobNameHasher, // Also hash the output to avoid re-reading the fifo again to build blob name	1✔
110	),	1✔
111	)	1✔
112	if err != nil {	1✔
113	return nil, nil, nil, err	×
114	}	×
115
116	_, err = io.Copy(encWriter, rClone)	1✔
117	if err != nil {	2✔
118	return nil, nil, nil, err	1✔
119	}	1✔
120
121	encReader, err := tempWriteBufferEncrypted.Done()	1✔
122	if err != nil {	2✔
123	return nil, nil, nil, err	1✔
124	}	1✔
125	defer encReader.Close()	1✔
126		1✔
127	// Generate blob name from the encrypted data	1✔
128	name, err := common.BlobNameFromHashAndType(blobNameHasher.Sum(nil), blobtypes.Static)	1✔
129	if err != nil {	1✔
130	return nil, nil, nil, err	×
131	}	×
132
133	// Send encrypted blob into the datastore
134	err = be.ds.Update(ctx, name, encReader)	1✔
135	if err != nil {	2✔
136	return nil, nil, nil, err	1✔
137	}	1✔
138
139	return name, key, nil, nil	1✔
140	}
141
142	func (be *beDatastore) updateStatic(
143	ctx context.Context,
144	name common.BlobName,
145	authInfo AuthInfo,
146	key cipherfactory.Key,
147	r io.Reader,
148	) error {	1✔
149	return ErrCanNotUpdateStaticBlob	1✔
150	}	1✔

cinode / go / 4801130633

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous