From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id DE3526121F
 for <pbs-devel@lists.proxmox.com>; Wed, 16 Dec 2020 14:42:08 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id D5D431CA0B
 for <pbs-devel@lists.proxmox.com>; Wed, 16 Dec 2020 14:41:38 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 4742E1CA01
 for <pbs-devel@lists.proxmox.com>; Wed, 16 Dec 2020 14:41:37 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 1086D451FF
 for <pbs-devel@lists.proxmox.com>; Wed, 16 Dec 2020 14:41:37 +0100 (CET)
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed, 16 Dec 2020 14:41:10 +0100
Message-Id: <20201216134111.445581-7-f.gruenbichler@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20201216134111.445581-1-f.gruenbichler@proxmox.com>
References: <20201216134111.445581-1-f.gruenbichler@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.101 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LOTSOFHASH           0.25 Emails with lots of hash-like gibberish
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox-backup 6/7] KeyConfig: add
 encrypt/decrypt test
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 13:42:08 -0000

the RSA key and the encryption key itself are hard-coded to avoid
stalling the test runs because of lack of entropy, they have no special
significance otherwise.

Signed-off-by: Fabian Gr=C3=BCnbichler <f.gruenbichler@proxmox.com>
---
 src/backup/key_derivation.rs | 44 ++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/src/backup/key_derivation.rs b/src/backup/key_derivation.rs
index 8289b86c..a91b21ca 100644
--- a/src/backup/key_derivation.rs
+++ b/src/backup/key_derivation.rs
@@ -271,3 +271,47 @@ pub fn rsa_decrypt_key_config(
         .map_err(|err| format_err!("failed to decrypt KeyConfig using RSA =
- {}", err))?;
     decrypt_key(&mut buffer[..decrypted], passphrase)
 }
+
+#[test]
+fn encrypt_decrypt_test() -> Result<(), Error> {
+    use openssl::bn::BigNum;
+
+    // hard-coded RSA key to avoid RNG load
+    let n =3D BigNum::from_dec_str("76329777550304728527024919547525539081=
877335887320639580436773939207319506670203730066453850728766051178877352096=
005202049002050013153209684883784034180826320823843284077160945617566929918=
358573729771009981439862831682292039769081169739053146055677018592017171720=
525504526118469902893940833868522731136028056122304802993499221359116403348=
574083498771904344806690667476159142202894393496114068734787390037933560482=
328857673203839269878599913061467005444488917240666968764873843245736249641=
806710085383696544851492177895425524815480529469530454485764039704314923560=
532119544366056059121539646087907807970759886652598181019561323950690601967=
815990570066236579405921118235749597467862010138884193462914695967485907605=
334822954083823689675274525173430273750377574429382824743436930746782689191=
852644239031005522665546683586231940622174075271825875212927711459327932622=
779969803605842526199990425811133327638000745814491927876394446994224233899=
923416114718858557993479457396983414147248767364277864617013425979013081146=
118484874314713719863934169754836317963904299135882366905729775320609686533=
230384514992037906517782674871000631327274713364227406114667736774092339735=
8666767242901746171920401890395722806446280380164886804469750825832083").ex=
pect("converting to bignum failed");
+    let e =3D BigNum::from_dec_str("65537").expect("converting to bignum f=
ailed");
+    let d =3D BigNum::from_dec_str("19834537920284564853674022001226176519=
590018312725185651690468898251379391772488358073023011091610629897253174637=
151053464371346136136825929376853412608136964518211867003891708559549030570=
664609466682947037305962494828103719078802086159819263581307957743290849968=
728341884428605863043529798446388179368090663224786773806846388143274064254=
180335413340334940446739125488182098535411927937482988091512111514808559058=
456451259207186517021416246081401087976557460070014777577029793101223558164=
090029643622447657946212243306210181845486266030884899215596710196751196243=
890657122549917370139613045651724521564033154854414253451612565268626314358=
200247667906740226693180923631251719053819020017537699856142036238058103150=
388959616397059243552685604990510867544536282659146915388522812398795915840=
913802745825670833498941795568293354230962683054249223513028733221781409833=
526268687556063636480230666207346771664323325175723577540510559973905170578=
206847160551684632855673373061549848844186260938182413805301541655002820734=
307939021848604620517318497220269398148326924299176570233223593669359192722=
153811016413065311904503101005564780859010942238851216519088762587394817890=
851764597501374473176420295837906296738426781972820833509964922715585").exp=
ect("converting to bignum failed");
+    let p =3D BigNum::from_dec_str("29509637001892646371585718218450720181=
675215968655693119622290166463846337874978909899277049204111617901784460858=
811114760264767076166751445502024396748257412446297522757119324882999179307=
561418697097464139952930737249422485899639568595470472222197161276683797577=
982497955467948265299386993875583089675892019886767032750524889582030672594=
405810531152141432362873209548569385820623081973262550874468619670422387868=
884561012170536839449407663630232422905779693831681822257822783504983493794=
208329832510955061326579888576047912149807967610736616238778237407615015312=
695567289456675371922184276823263863231190560557676339").expect("converting=
 to bignum failed");
+    let q =3D BigNum::from_dec_str("25866050993920799422553175902510303878=
636288340476152724026122959148470649546748310678170203350410878157245623372=
422271950639190884394436256045773535202161325882791039345330048364703416719=
823181485853395688815455066122599160191671526435061804017559815713791273329=
637690511813515454721229797045837580571003198471014420883727461348135261877=
384657284061678787895040009197824032371314493780688519536250146270701914875=
469190776765810821706480996720025323321483843112182646061748043938180130013=
308823672610860230340094502643614566152670758944502783858455501528490806234=
504795239898001698524105646533910560293336400403204897").expect("converting=
 to bignum failed");
+    let dmp1 =3D BigNum::from_dec_str("21607770579166338313924278588690558=
922108583912962897316392792781303188398339022047518905458553289108745759383=
366535358272664077428797321640702979183532285223743426240475893650342331272=
664468275332046219832278884297711602396407401980831582724583041600551528176=
116883960387063733484217876666037528133838392148714866050744345765006980605=
100330287254053877398358630385580919903058731105447806937933747350668236714=
360621211130384969129674812319182867594036995223272269821421615266717078107=
026511273509659211002684589097654567453625356436054504001404801715927134738=
465685565147724902539753143706245247513141254140715042985").expect("convert=
ing to bignum failed");
+    let dmq1 =3D BigNum::from_dec_str("29482490947798704805906926467758971=
264081827655119529555590756138492618788182890562699838475827024316009982880=
905747039301657804889821999608261276577804926240802058236402278935759087923=
294792127454617218639158254015889622003850006302160598085968410489247603767=
607976188736629226306783585849814975773511969405462330854937126224311544685=
631637607750116840951764033884478652596520090829385193591549168956870491982=
257313403894355952643262189762347771360485143401139509645861308556726460712=
452418773034225418606381205415986053803067038553689585393811535864689843343=
8472543479930479076991585011794266310458811393428158049").expect("convertin=
g to bignum failed");
+    let iqmp =3D BigNum::from_dec_str("19428066064824171668277167138275898=
936765006396600005071379051329779053619544399695639107933588871625444213173=
194462077344726482973273922001955114108600584475883837715007613468112455972=
196002915686862701860412263935895363086514864873592142686096117947515832613=
228762197577036084559813332497101195090727973644165586960538914545531208630=
624795512138060798977135902359295307626262953373309121954863020224150277262=
533638440848025788447039555055470985052690506486164836957350781708784380677=
438638580158751807723730202286612196281022183410822668814233870246463721184=
575820166925259871133457423401827024362448849298618281053").expect("convert=
ing to bignum failed");
+    let public =3D
+        openssl::rsa::Rsa::from_public_components(n.to_owned().unwrap(), e=
.to_owned().unwrap())
+            .expect("creating hard-coded RSA public key instance failed");
+    let private =3D openssl::rsa::Rsa::from_private_components(n, e, d, p,=
 q, dmp1, dmq1, iqmp)
+        .expect("creating hard-coded RSA key instance failed");
+
+    let passphrase =3D || -> Result<Vec<u8>, Error> { Ok(Vec::new()) };
+
+    let key =3D KeyConfig {
+        kdf: None,
+        created: proxmox::tools::time::epoch_i64(),
+        modified: proxmox::tools::time::epoch_i64(),
+        data: (0u8..32u8).collect(),
+        fingerprint: Some(Fingerprint::new([
+            14, 171, 212, 70, 11, 110, 185, 202, 52, 80, 35, 222, 226, 183=
, 120, 199, 144, 229, 74,
+            22, 131, 185, 101, 156, 10, 87, 174, 25, 144, 144, 21, 155,
+        ])),
+    };
+
+    let encrypted =3D rsa_encrypt_key_config(public.clone(), &key).expect(=
"encryption failed");
+    let (decrypted, created, fingerprint) =3D
+        rsa_decrypt_key_config(private.clone(), &encrypted, &passphrase)
+            .expect("decryption failed");
+
+    assert_eq!(key.created, created);
+    assert_eq!(key.data, decrypted);
+    assert_eq!(key.fingerprint, Some(fingerprint));
+
+    Ok(())
+}
--=20
2.20.1