Skip to content

Commit

Permalink
Remove callhome & add support upload encryption
Browse files Browse the repository at this point in the history 
* Add `--enc` parameter to `mc support upload` to encrypt the file content.
* Add file size as zstd frame content size.
* Test opening the file before doing more.
* Uses same key as "mc support inspect".
  • Loading branch information
@klauspost
klauspost committed Jan 20, 2025
1 parent cc8758c commit 48fe489
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 3 deletions.
67 changes: 64 additions & 3 deletions cmd/subnet-file-uploader.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@
package cmd

import (
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"io"
"mime/multipart"
"net/http"
Expand All @@ -27,6 +31,7 @@ import (
"strings"

"github.com/klauspost/compress/zstd"
"github.com/minio/madmin-go/v3/estream"
)

// SubnetFileUploader - struct to upload files to SUBNET
Expand All @@ -39,6 +44,8 @@ type SubnetFileUploader struct {
Headers SubnetHeaders // headers to be sent in the request
AutoCompress bool // whether to compress (zst) the file before uploading
DeleteAfterUpload bool // whether to delete the file after successful upload
AutoEncrypt bool // Encrypt content.
PubKey []byte // Custom public encryption key.
}

// UploadFileToSubnet - uploads the file to SUBNET
Expand Down Expand Up @@ -80,6 +87,10 @@ func (i *SubnetFileUploader) updateParams() {
i.filename += ".zst"
i.Params.Add("auto-compression", "zstd")
}
if i.AutoEncrypt || len(i.PubKey) >= 0 {
i.Params.Add("encrypted", "true")
i.filename += ".enc"
}

i.Params.Add("filename", i.filename)
i.ReqURL += "?" + i.Params.Encode()
Expand All @@ -97,24 +108,62 @@ func (i *SubnetFileUploader) subnetUploadReq() (*http.Request, error) {
part io.Writer
e error
)
var errfn func(string) error
defer func() {
mwriter.Close()
w.CloseWithError(e)
if e != nil && errfn != nil {
errfn(e.Error())
}
}()

part, e = mwriter.CreateFormFile("file", i.filename)
file, e := os.Open(i.FilePath)
if e != nil {
return
}
defer file.Close()

file, e := os.Open(i.FilePath)
part, e = mwriter.CreateFormFile("file", i.filename)
if e != nil {
return
}
defer file.Close()
if i.AutoEncrypt || len(i.PubKey) > 0 {
sw := estream.NewWriter(part)
defer sw.Close()
errfn = sw.AddError
key := i.PubKey
if key == nil {
key, e = base64.StdEncoding.DecodeString(defaultPublicKey)
if e != nil {
return
}
}
pk, e := bytesToPublicKey(key)
if e != nil {
sw.AddError(e.Error())
return
}
e = sw.AddKeyEncrypted(pk)
if e != nil {
sw.AddError(e.Error())
return
}
wc, e := sw.AddEncryptedStream(strings.TrimSuffix(i.filename, ".enc"), nil)
if e != nil {
sw.AddError(e.Error())
return
}
defer wc.Close()
part = wc
}

if i.AutoCompress {
z, _ := zstd.NewWriter(part, zstd.WithEncoderConcurrency(2))
sz, err := file.Stat()
if err == nil {
// Set file size if we can.
z.ResetContentSize(part, sz.Size())
}
defer z.Close()
_, e = z.ReadFrom(file)
} else {
Expand All @@ -130,3 +179,15 @@ func (i *SubnetFileUploader) subnetUploadReq() (*http.Request, error) {

return req, nil
}

func bytesToPublicKey(pub []byte) (*rsa.PublicKey, error) {
block, _ := pem.Decode(pub)
if block != nil {
pub = block.Bytes
}
key, err := x509.ParsePKCS1PublicKey(pub)
if err != nil {
return nil, err
}
return key, nil
}
5 changes: 5 additions & 0 deletions cmd/support-upload.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ var (
Name: "comment",
Usage: "comment to be posted on the issue along with the file",
},
cli.BoolFlag{
Name: "enc",
Usage: "encrypt content with key only accessible to minio employees",
},
cli.BoolFlag{
Name: "dev",
Usage: "Development mode",
Expand Down Expand Up @@ -137,6 +141,7 @@ func execSupportUpload(ctx *cli.Context, alias, apiKey string) {
ReqURL: reqURL,
Headers: headers,
AutoCompress: true,
AutoEncrypt: ctx.Bool("enc"),
Params: params,
}).UploadFileToSubnet()
if e != nil {
Expand Down

0 comments on commit 48fe489

Please sign in to comment.