hmac protected CONFIG

api/api.go

@@ -14,6 +14,7 @@ import (
 )
 
 var lstore storage.Store
+var lconfig storage.Configuration
 var lrepository *repository.Repository
 
 type Item[T any] struct {
@@ -92,6 +93,7 @@ func TokenAuthMiddleware(token string) func(http.Handler) http.Handler {
 
 func SetupRoutes(server *http.ServeMux, repo *repository.Repository, token string) {
 	lstore = repo.Store()
+	lconfig = repo.Configuration()
 	lrepository = repo
 
 	authToken := TokenAuthMiddleware(token)

api/api_params_test.go

@@ -309,7 +309,7 @@
 
 	for _, c := range testCases {
 		t.Run(c.name, func(t *testing.T) {
 			lstore, err := storage.Create(c.location, *c.config)
 			require.NoError(t, err, "creating storage")
 
 			ctx := appcontext.NewAppContext()
@@ -317,7 +317,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *c.config, nil)
 			require.NoError(t, err, "creating repository")
 
 			req, err := http.NewRequest("GET", "/path/{id}", nil)

api/api_repository_test.go

@@ -25,7 +25,7 @@
 // XXX: re-add once we move to non-mocked state object.
 func _Test_RepositoryConfiguration(t *testing.T) {
 	config := ptesting.NewConfiguration()
 	lstore, err := storage.Create("/test/location", *config)
 	require.NoError(t, err, "creating storage")
 
 	ctx := appcontext.NewAppContext()
@@ -33,7 +33,7 @@
 	defer cache.Close()
 	ctx.SetCache(cache)
 	ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-	repo, err := repository.New(ctx, lstore, nil)
+	repo, err := repository.New(ctx, lstore, *config, nil)
 	require.NoError(t, err, "creating repository")
 
 	var noToken string
@@ -293,7 +293,7 @@
 
 	for _, c := range testCases {
 		t.Run(c.name, func(t *testing.T) {
 			lstore, err := storage.Create(c.location, *c.config)
 			require.NoError(t, err, "creating storage")
 
 			ctx := appcontext.NewAppContext()
@@ -301,7 +301,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *c.config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -381,7 +381,7 @@
 	for _, c := range testCases {
 		t.Run(c.name, func(t *testing.T) {
 			config := ptesting.NewConfiguration()
 			lstore, err := storage.Create(c.location, *config)
 			require.NoError(t, err, "creating storage")
 
 			ctx := appcontext.NewAppContext()
@@ -389,7 +389,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -444,7 +444,7 @@
 
 	for _, c := range testCases {
 		t.Run(c.name, func(t *testing.T) {
 			lstore, err := storage.Create(c.location, *c.config)
 			require.NoError(t, err, "creating storage")
 
 			ctx := appcontext.NewAppContext()
@@ -452,7 +452,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *c.config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -509,7 +509,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *c.config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -571,7 +571,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -621,7 +621,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *c.config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -675,7 +675,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -720,7 +720,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *c.config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -810,7 +810,7 @@
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string

api/api_snapshot_test.go

@@ -137,7 +137,7 @@ func _TestSnapshotHeader(t *testing.T) {
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -199,7 +199,7 @@ func TestSnapshotHeaderErrors(t *testing.T) {
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			var noToken string
@@ -246,7 +246,7 @@ func _TestSnapshotSign(t *testing.T) {
 			defer cache.Close()
 			ctx.SetCache(cache)
 			ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-			repo, err := repository.New(ctx, lstore, nil)
+			repo, err := repository.New(ctx, lstore, *config, nil)
 			require.NoError(t, err, "creating repository")
 
 			token := "test-token"

api/api_storage.go

@@ -10,8 +10,7 @@ import (
 )
 
 func storageConfiguration(w http.ResponseWriter, r *http.Request) error {
-	configuration := lstore.Configuration()
-	return json.NewEncoder(w).Encode(configuration)
+	return json.NewEncoder(w).Encode(lconfig)
 }
 
 func storageStates(w http.ResponseWriter, r *http.Request) error {

api/api_test.go

@@ -34,7 +34,7 @@ func TestAuthMiddleware(t *testing.T) {
 	defer cache.Close()
 	ctx.SetCache(cache)
 	ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-	repo, err := repository.New(ctx, lstore, nil)
+	repo, err := repository.New(ctx, lstore, *config, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -80,7 +80,7 @@ func Test_UnknownEndpoint(t *testing.T) {
 	defer cache.Close()
 	ctx.SetCache(cache)
 	ctx.SetLogger(logging.NewLogger(os.Stdout, os.Stderr))
-	repo, err := repository.New(ctx, lstore, nil)
+	repo, err := repository.New(ctx, lstore, *config, nil)
 	if err != nil {
 		t.Fatal(err)
 	}

cmd/plakar/plakar.go

@@ -259,21 +259,27 @@ func entryPoint() int {
 		skipPassphrase = true
 	}
 
-	store, err := storage.Open(repositoryPath)
+	store, serializedConfig, err := storage.Open(repositoryPath)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: %s\n", flag.CommandLine.Name(), err)
 		return 1
 	}
 
-	if store.Configuration().Version != versioning.FromString(storage.VERSION) {
+	storeConfig, err := storage.NewConfigurationFromWrappedBytes(serializedConfig)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%s: %s\n", flag.CommandLine.Name(), err)
+		return 1
+	}
+
+	if storeConfig.Version != versioning.FromString(storage.VERSION) {
 		fmt.Fprintf(os.Stderr, "%s: incompatible repository version: %s != %s\n",
-			flag.CommandLine.Name(), store.Configuration().Version, storage.VERSION)
+			flag.CommandLine.Name(), storeConfig.Version, storage.VERSION)
 		return 1
 	}
 
 	var secret []byte
 	if !skipPassphrase {
-		if store.Configuration().Encryption != nil {
+		if storeConfig.Encryption != nil {
 			derived := false
 			envPassphrase := os.Getenv("PLAKAR_PASSPHRASE")
 			if ctx.KeyFromFile == "" {
@@ -288,11 +294,11 @@ func entryPoint() int {
 						passphrase = []byte(envPassphrase)
 					}
 
-					key, err := encryption.DeriveKey(store.Configuration().Encryption.KDFParams, passphrase)
+					key, err := encryption.DeriveKey(storeConfig.Encryption.KDFParams, passphrase)
 					if err != nil {
 						continue
 					}
-					if !encryption.VerifyCanary(key, store.Configuration().Encryption.Canary) {
+					if !encryption.VerifyCanary(key, storeConfig.Encryption.Canary) {
 						if envPassphrase != "" {
 							break
 						}
@@ -303,9 +309,9 @@ func entryPoint() int {
 					break
 				}
 			} else {
-				key, err := encryption.DeriveKey(store.Configuration().Encryption.KDFParams, []byte(ctx.KeyFromFile))
+				key, err := encryption.DeriveKey(storeConfig.Encryption.KDFParams, []byte(ctx.KeyFromFile))
 				if err == nil {
-					if encryption.VerifyCanary(key, store.Configuration().Encryption.Canary) {
+					if encryption.VerifyCanary(key, storeConfig.Encryption.Canary) {
 						secret = key
 						derived = true
 					}
@@ -321,13 +327,13 @@ func entryPoint() int {
 
 	var repo *repository.Repository
 	if opt_agentless && command != "server" {
-		repo, err = repository.New(ctx, store, secret)
+		repo, err = repository.New(ctx, store, serializedConfig, secret)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "%s: %s\n", flag.CommandLine.Name(), err)
 			return 1
 		}
 	} else {
-		repo, err = repository.NewNoRebuild(ctx, store, secret)
+		repo, err = repository.NewNoRebuild(ctx, store, serializedConfig, secret)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "%s: %s\n", flag.CommandLine.Name(), err)
 			return 1

cmd/plakar/subcommands/agent/agent.go

@@ -575,14 +575,14 @@ func (cmd *Agent) ListenAndServe(ctx *appcontext.AppContext) error {
 			var repo *repository.Repository
 
 			if repositoryLocation != "" {
-				store, err := storage.Open(repositoryLocation)
+				store, serializedConfig, err := storage.Open(repositoryLocation)
 				if err != nil {
 					fmt.Fprintf(os.Stderr, "Failed to open storage: %s\n", err)
 					return
 				}
 				defer store.Close()
 
-				repo, err = repository.New(clientContext, store, clientContext.GetSecret())
+				repo, err = repository.New(clientContext, store, serializedConfig, clientContext.GetSecret())
 				if err != nil {
 					fmt.Fprintf(os.Stderr, "Failed to open repository: %s\n", err)
 					return

cmd/plakar/subcommands/clone/clone.go

@@ -64,10 +64,16 @@ func (cmd *Clone) Name() string {
 func (cmd *Clone) Execute(ctx *appcontext.AppContext, repo *repository.Repository) (int, error) {
 	sourceStore := repo.Store()
 
-	configuration := sourceStore.Configuration()
+	configuration := repo.Configuration()
 	configuration.RepositoryID = uuid.Must(uuid.NewRandom())
 
-	cloneStore, err := storage.Create(cmd.Dest, configuration)
+	serializedConfig, err := configuration.ToBytes()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to decode storage configuration: %s\n", err)
+		return 1, err
+	}
+
+	cloneStore, err := storage.Create(cmd.Dest, serializedConfig)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: could not create repository: %s\n", cmd.Dest, err)
 		return 1, err

cmd/plakar/subcommands/create/create.go

@@ -17,8 +17,11 @@
 package create
 
 import (
+	"bytes"
 	"flag"
 	"fmt"
+	"hash"
+	"io"
 	"os"
 	"path/filepath"
 
@@ -29,7 +32,9 @@ import (
 	"github.com/PlakarKorp/plakar/encryption"
 	"github.com/PlakarKorp/plakar/hashing"
 	"github.com/PlakarKorp/plakar/repository"
+	"github.com/PlakarKorp/plakar/resources"
 	"github.com/PlakarKorp/plakar/storage"
+	"github.com/PlakarKorp/plakar/versioning"
 	passwordvalidator "github.com/wagslane/go-password-validator"
 )
 
@@ -79,6 +84,7 @@ func (cmd *Create) Execute(ctx *appcontext.AppContext, repo *repository.Reposito
 	hashingConfiguration := hashing.DefaultConfiguration()
 	storageConfiguration.Hashing = *hashingConfiguration
 
+	var hasher hash.Hash
 	if !cmd.NoEncryption {
 		storageConfiguration.Encryption.Algorithm = encryption.DefaultConfiguration().Algorithm
 
@@ -132,18 +138,34 @@ func (cmd *Create) Execute(ctx *appcontext.AppContext, repo *repository.Reposito
 			return 1, err
 		}
 		storageConfiguration.Encryption.Canary = canary
+		hasher = hashing.GetHasherHMAC(storage.DEFAULT_HASHING_ALGORITHM, key)
 	} else {
 		storageConfiguration.Encryption = nil
+		hasher = hashing.GetHasher(storage.DEFAULT_HASHING_ALGORITHM)
+	}
+
+	serializedConfig, err := storageConfiguration.ToBytes()
+	if err != nil {
+		return 1, err
+	}
+
+	rd, err := storage.Serialize(hasher, resources.RT_CONFIG, versioning.GetCurrentVersion(resources.RT_CONFIG), bytes.NewReader(serializedConfig))
+	if err != nil {
+		return 1, err
+	}
+	wrappedConfig, err := io.ReadAll(rd)
+	if err != nil {
+		return 1, err
 	}
 
 	if cmd.Location == "" {
-		repo, err := storage.Create(filepath.Join(ctx.HomeDir, ".plakar"), *storageConfiguration)
+		repo, err := storage.Create(filepath.Join(ctx.HomeDir, ".plakar"), wrappedConfig)
 		if err != nil {
 			return 1, err
 		}
 		repo.Close()
 	} else {
-		repo, err := storage.Create(cmd.Location, *storageConfiguration)
+		repo, err := storage.Create(cmd.Location, wrappedConfig)
 		if err != nil {
 			return 1, err
 		}

cmd/plakar/subcommands/sync/sync.go

@@ -80,35 +80,41 @@ func (cmd *Sync) Execute(ctx *appcontext.AppContext, repo *repository.Repository
 		return 1, fmt.Errorf("usage: sync [snapshotID] to|from repository")
 	}
 
-	peerStore, err := storage.Open(peerRepositoryPath)
+	peerStore, peerStoreSerializedConfig, err := storage.Open(peerRepositoryPath)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: could not open repository: %s\n", peerRepositoryPath, err)
 		return 1, err
 	}
 
+	peerStoreConfig, err := storage.NewConfigurationFromWrappedBytes(peerStoreSerializedConfig)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%s: could not parse configuration: %s\n", peerStore.Location(), err)
+		return 1, err
+	}
+
 	var peerSecret []byte
-	if peerStore.Configuration().Encryption != nil {
+	if peerStoreConfig.Encryption != nil {
 		for {
 			passphrase, err := utils.GetPassphrase("destination repository")
 			if err != nil {
 				fmt.Fprintf(os.Stderr, "%s\n", err)
 				continue
 			}
 
-			key, err := encryption.DeriveKey(peerStore.Configuration().Encryption.KDFParams, passphrase)
+			key, err := encryption.DeriveKey(peerStoreConfig.Encryption.KDFParams, passphrase)
 			if err != nil {
 				fmt.Fprintf(os.Stderr, "%s\n", err)
 				continue
 			}
-			if !encryption.VerifyCanary(key, peerStore.Configuration().Encryption.Canary) {
+			if !encryption.VerifyCanary(key, peerStoreConfig.Encryption.Canary) {
 				fmt.Fprintf(os.Stderr, "invalid passphrase\n")
 				continue
 			}
 			peerSecret = key
 			break
 		}
 	}
-	peerRepository, err := repository.New(ctx, peerStore, peerSecret)
+	peerRepository, err := repository.New(ctx, peerStore, peerStoreSerializedConfig, peerSecret)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: could not open repository: %s\n", peerStore.Location(), err)
 		return 1, err