[pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint
Date: Wed, 16 Dec 2020 14:41:11 +0100	[thread overview]
Message-ID: <20201216134111.445581-8-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20201216134111.445581-1-f.gruenbichler@proxmox.com>

and warn if stored and calculated fingerprint don't match.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

Notes:
    should not happen in practice, but when it does, it's probably not a good idea
    to display/use the wrong fingerprint..
    
    calculating the fingerprint should be cheap anyway:
    - derive ID key
    - calculate single digest with it

 src/backup/key_derivation.rs | 34 +++++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/src/backup/key_derivation.rs b/src/backup/key_derivation.rs
index a91b21ca..7e8480d3 100644
--- a/src/backup/key_derivation.rs
+++ b/src/backup/key_derivation.rs
@@ -235,13 +235,16 @@ pub fn decrypt_key(
     let mut result = [0u8; 32];
     result.copy_from_slice(&key);
 
-    let fingerprint = match key_config.fingerprint {
-        Some(fingerprint) => fingerprint,
-        None => {
-            let crypt_config = CryptConfig::new(result.clone())?;
-            crypt_config.fingerprint()
-        },
-    };
+    let crypt_config = CryptConfig::new(result.clone())?;
+    let fingerprint = crypt_config.fingerprint();
+    if let Some(stored_fingerprint) = key_config.fingerprint {
+        if fingerprint != stored_fingerprint {
+            eprintln!(
+                "KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}",
+                stored_fingerprint, fingerprint
+            );
+        }
+    }
 
     Ok((result, created, fingerprint))
 }
@@ -313,5 +316,22 @@ fn encrypt_decrypt_test() -> Result<(), Error> {
     assert_eq!(key.data, decrypted);
     assert_eq!(key.fingerprint, Some(fingerprint));
 
+    let key = KeyConfig {
+        kdf: None,
+        created: proxmox::tools::time::epoch_i64(),
+        modified: proxmox::tools::time::epoch_i64(),
+        data: (0u8..32u8).collect(),
+        fingerprint: Some(Fingerprint::new([0u8; 32])), // wrong FP
+    };
+    let encrypted = rsa_encrypt_key_config(public.clone(), &key).expect("encryption failed");
+    let (decrypted, created, fingerprint) =
+        rsa_decrypt_key_config(private.clone(), &encrypted, &passphrase)
+            .expect("decryption failed");
+
+    assert_eq!(key.created, created);
+    assert_eq!(key.data, decrypted);
+    // wrong FP update by round-trip through encrypt/decrypt
+    assert_ne!(key.fingerprint, Some(fingerprint));
+
     Ok(())
 }
-- 
2.20.1

next prev parent reply	other threads:[~2020-12-16 13:42 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-16 13:41 [pbs-devel] [PATCH proxmox-backup 0/7] master key improvements Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 1/7] master key: store blob name in constant Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 2/7] fix #3197: skip fingerprint check when restoring key Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 3/7] key: move RSA-encryption to KeyConfig Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'import-with-master-key' command Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 5/7] docs: replace openssl command with client Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 6/7] KeyConfig: add encrypt/decrypt test Fabian Grünbichler
2020-12-16 13:41 ` Fabian Grünbichler [this message]
2020-12-17  5:55   ` [pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint Dietmar Maurer
2020-12-17 10:37     ` [pbs-devel] applied: " Fabian Grünbichler
2020-12-17  5:53 ` [pbs-devel] applied: [PATCH proxmox-backup 0/7] master key improvements Dietmar Maurer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201216134111.445581-8-f.gruenbichler@proxmox.com \
    --to=f.gruenbichler@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal