kenmirrors/ente
1
0
Fork 0
mirror of https://github.com/ente-io/ente.git synced 2025-08-08 07:28:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

[cli] Check for secret key length while reading from file

Browse Source
This commit is contained in:
Neeraj Gupta 2024-09-10 14:16:36 +05:30
parent 9e068bdc90
commit 821edd00f7
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cli/pkg/secrets/secret.go
View File

@ -22,6 +22,7 @@ func IsRunningInContainer() bool {
const (
secretService = "ente"
secretUser = "ente-cli-user"
keyLength = 32
)
func GetOrCreateClISecret() []byte {
@ -30,7 +31,6 @@ func GetOrCreateClISecret() []byte {
if err != nil {
if !errors.Is(err, keyring.ErrNotFound) {
if secretsFile := os.Getenv("ENTE_CLI_SECRETS_PATH"); secretsFile != "" {
return GetSecretFromSecretText(secretsFile)
}
@ -40,7 +40,7 @@ func GetOrCreateClISecret() []byte {
log.Fatal(fmt.Errorf("error getting password from keyring: %w", err))
}
}
key := make([]byte, 32)
key := make([]byte, keyLength)
_, err = rand.Read(key)
if err != nil {
log.Fatal(fmt.Errorf("error generating key: %w", err))
@ -54,13 +54,13 @@ func GetOrCreateClISecret() []byte {
}
// Try to decode the secret as base64
decodedSecret, err := base64.StdEncoding.DecodeString(secret)
if err == nil && len(decodedSecret) == 32 {
if err == nil && len(decodedSecret) == keyLength {
// If successful and the length is correct, return the decoded secret
return decodedSecret
}
// If decoding fails or the length is incorrect, treat it as a legacy key
legacySecret := []byte(secret)
if len(legacySecret) != 32 {
if len(legacySecret) != keyLength {
// See https://github.com/ente-io/ente/issues/1510#issuecomment-2331676096 for more information
log.Println("Warning: Existing key is not 32 bytes. Deleting it")
delErr := keyring.Delete(secretService, secretUser)
@ -71,12 +71,12 @@ func GetOrCreateClISecret() []byte {
return GetOrCreateClISecret()
}
}
// If it's a 32-byte legacy key, return it as-is
// If it's a keyLength-byte legacy key, return it as-is
return legacySecret
}
// GetSecretFromSecretText reads the scecret from the secret text file.
// If the file does not exist, it will be created and write random 32 byte secret to it.
// If the file does not exist, it will be created and write random keyLength bytes secret to it.
func GetSecretFromSecretText(secretFilePath string) []byte {
// Check if file exists
@ -86,7 +86,7 @@ func GetSecretFromSecretText(secretFilePath string) []byte {
log.Fatal(fmt.Errorf("error checking secret file: %w", err))
}
// File does not exist; create and write a random 32-byte secret
key := make([]byte, 32)
key := make([]byte, keyLength)
_, err := rand.Read(key)
if err != nil {
log.Fatal(fmt.Errorf("error generating key: %w", err))
@ -102,5 +102,8 @@ func GetSecretFromSecretText(secretFilePath string) []byte {
if err != nil {
log.Fatal(fmt.Errorf("error reading from secret file: %w", err))
}
if len(secret) != keyLength {
log.Fatal(fmt.Errorf("error reading from secret file: expected %d bytes, got %d", keyLength, len(secret)))
}
return secret
}