This commit introduces the `Enchantrix` library to add support for the `.trix` encrypted file format. The main changes are: - The `matrix` format has been renamed to `tim` (Terminal Isolation Matrix). - The `.tim` format is now a specialized `.trix` file. - A new `decode` command has been added to decode `.trix` and `.tim` files. - The `collect` commands now support the `trix` and `tim` formats. - A `--password` flag has been added to the `collect` commands for encryption. - A `--i-am-in-isolation` flag has been added to the `decode` command for safely decoding `.tim` files. - The decryption functionality is currently disabled due to a bug in the `Enchantrix` library. A follow-up PR will be created to re-enable it. - Path traversal vulnerability in `pkg/tim/run.go` has been fixed. - File descriptor leak in `pkg/tim/run.go` has been fixed. - Improved error handling in `pkg/trix/trix.go`.
51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package trix
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/Snider/Borg/pkg/datanode"
|
|
"github.com/Snider/Enchantrix/pkg/crypt"
|
|
"github.com/Snider/Enchantrix/pkg/trix"
|
|
)
|
|
|
|
// ToTrix converts a DataNode to the Trix format.
|
|
func ToTrix(dn *datanode.DataNode, password string) ([]byte, error) {
|
|
// Convert the DataNode to a tarball.
|
|
tarball, err := dn.ToTar()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Encrypt the tarball if a password is provided.
|
|
if password != "" {
|
|
tarball, err = crypt.NewService().SymmetricallyEncryptPGP([]byte(password), tarball)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// Create a Trix struct.
|
|
t := &trix.Trix{
|
|
Header: make(map[string]interface{}),
|
|
Payload: tarball,
|
|
}
|
|
|
|
// Encode the Trix struct.
|
|
return trix.Encode(t, "TRIX", nil)
|
|
}
|
|
|
|
// FromTrix converts a Trix byte slice back to a DataNode.
|
|
func FromTrix(data []byte, password string) (*datanode.DataNode, error) {
|
|
// Decode the Trix byte slice.
|
|
t, err := trix.Decode(data, "TRIX", nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Decrypt the payload if a password is provided.
|
|
if password != "" {
|
|
return nil, fmt.Errorf("decryption disabled: cannot accept encrypted payloads")
|
|
}
|
|
|
|
// Convert the tarball back to a DataNode.
|
|
return datanode.FromTar(t.Payload)
|
|
}
|