percona/percona-toolkit
1
0
Fork 0
mirror of https://github.com/percona/percona-toolkit.git synced 2025-09-19 10:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

PT-2347 Refactoring

Browse Source
This commit is contained in:
Artem Gavrilov
2024-12-18 15:27:16 +02:00
parent d661be484c
commit 91fec36bac
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/go/pt-secure-collect/collect.go
View File

@@ -3,7 +3,6 @@ package main
import (
"archive/tar"
"compress/gzip"
"crypto/sha256"
"fmt"
"io"
"io/ioutil"
@@ -18,7 +17,6 @@ import (
shellwords "github.com/mattn/go-shellwords"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
"golang.org/x/crypto/hkdf"
"github.com/percona/percona-toolkit/src/go/pt-secure-collect/sanitize"
"github.com/percona/percona-toolkit/src/go/pt-secure-collect/sanitize/util"
@@ -50,10 +48,9 @@ func collectData(opts *cliOptions) error {
}
if !*opts.NoEncrypt && *opts.EncryptPassword != "" {
hkdf := hkdf.New(sha256.New, []byte(*opts.EncryptPassword), salt[:], hkdfInfo)
key := make([]byte, 32)
if _, err := io.ReadFull(hkdf, key); err != nil {
return errors.Wrap(err, "Cannot derive key from password")
key, err := deriveKey(*opts.EncryptPassword)
if err != nil {
return errors.WithStack(err)
}
encryptedFile := tarFile + ".aes"

21
src/go/pt-secure-collect/encrypt.go
View File

@@ -15,8 +15,11 @@ import (
)
var (
// hkdfInfo used as the context info for HKDF.
hkdfInfo = []byte("Percona Toolkit")
salt = [256]byte{
// salt is a random 256-byte array used as a salt for HKDF.
salt = [256]byte{
0x33, 0xc5, 0xc5, 0x5f, 0x3e, 0x81, 0xf6, 0x8d, 0x51, 0xd8, 0x18, 0xb9, 0xb7, 0x09, 0x70, 0x51,
0xc3, 0x60, 0x66, 0xef, 0xd4, 0x97, 0x2e, 0xdf, 0x11, 0x59, 0x34, 0x94, 0x47, 0xab, 0xd4, 0x44,
0xac, 0x2e, 0x89, 0x81, 0x85, 0xd5, 0x83, 0xbd, 0x2d, 0xb5, 0x43, 0xdd, 0xd7, 0x6c, 0x1b, 0xa7,
@@ -36,11 +39,21 @@ var (
}
)
func encryptorCmd(opts *cliOptions) (err error) {
hkdf := hkdf.New(sha256.New, []byte(*opts.EncryptPassword), salt[:], hkdfInfo)
// deriveKey derives a cryptographically strong key from password.
func deriveKey(password string) ([]byte, error) {
hkdf := hkdf.New(sha256.New, []byte(password), salt[:], hkdfInfo)
key := make([]byte, 32)
if _, err := io.ReadFull(hkdf, key); err != nil {
return errors.Wrap(err, "Cannot derive key from password")
return nil, errors.Wrap(err, "Cannot derive key from password")
}
return key, nil
}
func encryptorCmd(opts *cliOptions) (err error) {
key, err := deriveKey(*opts.EncryptPassword)
if err != nil {
return errors.WithStack(err)
}
switch opts.Command {