From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 85366607EF for ; Tue, 17 Nov 2020 18:58:12 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7841C13A70 for ; Tue, 17 Nov 2020 18:57:42 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 67B2B13A64 for ; Tue, 17 Nov 2020 18:57:41 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 3005D437E8 for ; Tue, 17 Nov 2020 18:57:41 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Tue, 17 Nov 2020 18:57:19 +0100 Message-Id: <20201117175725.3634238-2-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201117175725.3634238-1-f.gruenbichler@proxmox.com> References: <20201117175725.3634238-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.023 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 1/7] crypt config: add fingerprint mechanism X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 17:58:12 -0000 by computing the ID digest of a hash of a static string. Signed-off-by: Fabian Grünbichler --- Notes: obviously the input could be whatever, but sizeof(input) >= sizeof(output) seemed like a good idea and we use the same scheme for the magic header strings.. src/backup/crypt_config.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs index 4be728d9..01ab0942 100644 --- a/src/backup/crypt_config.rs +++ b/src/backup/crypt_config.rs @@ -17,6 +17,11 @@ use serde::{Deserialize, Serialize}; use proxmox::api::api; +// openssl::sha::sha256(b"Proxmox Backup Encryption Key Fingerprint") +const FINGERPRINT_INPUT: [u8; 32] = [ 110, 208, 239, 119, 71, 31, 255, 77, + 85, 199, 168, 254, 74, 157, 182, 33, + 97, 64, 127, 19, 76, 114, 93, 223, + 48, 153, 45, 37, 236, 69, 237, 38, ]; #[api(default: "encrypt")] #[derive(Copy, Clone, Debug, Eq, PartialEq, Deserialize, Serialize)] #[serde(rename_all = "kebab-case")] @@ -101,6 +106,10 @@ impl CryptConfig { tag } + pub fn fingerprint(&self) -> [u8; 32] { + self.compute_digest(&FINGERPRINT_INPUT) + } + pub fn data_crypter(&self, iv: &[u8; 16], mode: Mode) -> Result { let mut crypter = openssl::symm::Crypter::new(self.cipher, mode, &self.enc_key, Some(iv))?; crypter.aad_update(b"")?; //?? -- 2.20.1