percona/percona-toolkit
1
0
Fork 0
mirror of https://github.com/percona/percona-toolkit.git synced 2025-09-19 10:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

PT-2347 Refactoring

Browse Source
This commit is contained in:
Artem Gavrilov
2024-12-18 15:27:16 +02:00
parent d661be484c
commit 91fec36bac
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/go/pt-secure-collect/collect.go
View File

@@ -3,7 +3,6 @@ package main
import ( import (
"archive/tar" "archive/tar"
"compress/gzip" "compress/gzip"
"crypto/sha256"
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
@@ -18,7 +17,6 @@ import (
shellwords "github.com/mattn/go-shellwords" shellwords "github.com/mattn/go-shellwords"
"github.com/pkg/errors" "github.com/pkg/errors"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"golang.org/x/crypto/hkdf"
"github.com/percona/percona-toolkit/src/go/pt-secure-collect/sanitize" "github.com/percona/percona-toolkit/src/go/pt-secure-collect/sanitize"
"github.com/percona/percona-toolkit/src/go/pt-secure-collect/sanitize/util" "github.com/percona/percona-toolkit/src/go/pt-secure-collect/sanitize/util"
@@ -50,10 +48,9 @@ func collectData(opts *cliOptions) error {
} }
if !*opts.NoEncrypt && *opts.EncryptPassword != "" { if !*opts.NoEncrypt && *opts.EncryptPassword != "" {
hkdf := hkdf.New(sha256.New, []byte(*opts.EncryptPassword), salt[:], hkdfInfo) key, err := deriveKey(*opts.EncryptPassword)
key := make([]byte, 32) if err != nil {
if _, err := io.ReadFull(hkdf, key); err != nil { return errors.WithStack(err)
return errors.Wrap(err, "Cannot derive key from password")
} }
encryptedFile := tarFile + ".aes" encryptedFile := tarFile + ".aes"

19
src/go/pt-secure-collect/encrypt.go
View File

@@ -15,7 +15,10 @@ import (
) )
var ( var (
// hkdfInfo used as the context info for HKDF.
hkdfInfo = []byte("Percona Toolkit") hkdfInfo = []byte("Percona Toolkit")
// salt is a random 256-byte array used as a salt for HKDF.
salt = [256]byte{ salt = [256]byte{
0x33, 0xc5, 0xc5, 0x5f, 0x3e, 0x81, 0xf6, 0x8d, 0x51, 0xd8, 0x18, 0xb9, 0xb7, 0x09, 0x70, 0x51, 0x33, 0xc5, 0xc5, 0x5f, 0x3e, 0x81, 0xf6, 0x8d, 0x51, 0xd8, 0x18, 0xb9, 0xb7, 0x09, 0x70, 0x51,
0xc3, 0x60, 0x66, 0xef, 0xd4, 0x97, 0x2e, 0xdf, 0x11, 0x59, 0x34, 0x94, 0x47, 0xab, 0xd4, 0x44, 0xc3, 0x60, 0x66, 0xef, 0xd4, 0x97, 0x2e, 0xdf, 0x11, 0x59, 0x34, 0x94, 0x47, 0xab, 0xd4, 0x44,
@@ -36,11 +39,21 @@ var (
} }
) )
func encryptorCmd(opts *cliOptions) (err error) { // deriveKey derives a cryptographically strong key from password.
hkdf := hkdf.New(sha256.New, []byte(*opts.EncryptPassword), salt[:], hkdfInfo) func deriveKey(password string) ([]byte, error) {
hkdf := hkdf.New(sha256.New, []byte(password), salt[:], hkdfInfo)
key := make([]byte, 32) key := make([]byte, 32)
if _, err := io.ReadFull(hkdf, key); err != nil { if _, err := io.ReadFull(hkdf, key); err != nil {
return errors.Wrap(err, "Cannot derive key from password") return nil, errors.Wrap(err, "Cannot derive key from password")
}
return key, nil
}
func encryptorCmd(opts *cliOptions) (err error) {
key, err := deriveKey(*opts.EncryptPassword)
if err != nil {
return errors.WithStack(err)
} }
switch opts.Command { switch opts.Command {