From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 5/7] add key fingerprint to manifest
Date: Tue, 17 Nov 2020 18:57:23 +0100 [thread overview]
Message-ID: <20201117175725.3634238-6-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20201117175725.3634238-1-f.gruenbichler@proxmox.com>
if the manifest is signed/the contained archives/blobs are encrypted.
stored in 'unprotected' area, since there is already a strong binding
between key and manifest via the signature, and this avoids breaking
backwards compatibility for a simple usability improvement.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/backup/manifest.rs | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/backup/manifest.rs b/src/backup/manifest.rs
index 51980a07..5922144d 100644
--- a/src/backup/manifest.rs
+++ b/src/backup/manifest.rs
@@ -223,12 +223,40 @@ impl BackupManifest {
if let Some(crypt_config) = crypt_config {
let sig = self.signature(crypt_config)?;
manifest["signature"] = proxmox::tools::digest_to_hex(&sig).into();
+ let fingerprint = crate::tools::format::as_fingerprint(&crypt_config.fingerprint());
+ manifest["unprotected"]["key-fingerprint"] = fingerprint.into();
}
let manifest = serde_json::to_string_pretty(&manifest).unwrap().into();
Ok(manifest)
}
+ fn check_fingerprint_value(value: &Value, crypt_config: &CryptConfig) -> Result<(), Error> {
+ let config_fp = crate::tools::format::as_fingerprint(&crypt_config.fingerprint());
+ if *value == config_fp {
+ Ok(())
+ } else {
+ bail!("wrong key - manifest fingerprint {} does not match key fingerprint '{}'",
+ value,
+ config_fp)
+ }
+ }
+
+ /// Checks if a BackupManifest and a CryptConfig share a valid fingerprint combination.
+ ///
+ /// An unsigned manifest is valid with any or no CryptConfig.
+ /// A signed manifest is only valid with a matching CryptConfig.
+ pub fn check_fingerprint(&self, crypt_config: Option<&CryptConfig>) -> Result<(), Error> {
+ match (&self.unprotected["key-fingerprint"], crypt_config) {
+ (Value::Null, _) => Ok(()),
+ (manifest_fp, None) => bail!("missing key - manifest was created with key {}",
+ manifest_fp),
+ (manifest_fp, Some(crypt_config)) => {
+ BackupManifest::check_fingerprint_value(manifest_fp, crypt_config)
+ },
+ }
+ }
+
/// Try to read the manifest. This verifies the signature if there is a crypt_config.
pub fn from_data(data: &[u8], crypt_config: Option<&CryptConfig>) -> Result<BackupManifest, Error> {
let json: Value = serde_json::from_slice(data)?;
--
2.20.1
next prev parent reply other threads:[~2020-11-17 17:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-17 17:57 [pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 1/7] crypt config: add fingerprint mechanism Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 2/7] key: add fingerprint to key config Fabian Grünbichler
2020-11-18 8:48 ` Wolfgang Bumiller
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 3/7] client: print key fingerprint and master key Fabian Grünbichler
2020-11-17 18:38 ` Thomas Lamprecht
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'key show' command Fabian Grünbichler
2020-11-17 17:57 ` Fabian Grünbichler [this message]
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 6/7] fix #3139: manifest: check fingerprint when loading with key Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 7/7] client: check fingerprint after downloading manifest Fabian Grünbichler
2020-11-18 5:27 ` [pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint Dietmar Maurer
2020-11-18 5:47 ` Dietmar Maurer
2020-11-18 6:47 ` Thomas Lamprecht
2020-11-18 8:27 ` Fabian Grünbichler
2020-11-18 8:54 ` Dietmar Maurer
2020-11-23 7:55 ` Dietmar Maurer
2020-11-23 8:16 ` Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201117175725.3634238-6-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal