From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint
Date: Wed, 16 Dec 2020 14:41:11 +0100 [thread overview]
Message-ID: <20201216134111.445581-8-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20201216134111.445581-1-f.gruenbichler@proxmox.com>
and warn if stored and calculated fingerprint don't match.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
should not happen in practice, but when it does, it's probably not a good idea
to display/use the wrong fingerprint..
calculating the fingerprint should be cheap anyway:
- derive ID key
- calculate single digest with it
src/backup/key_derivation.rs | 34 +++++++++++++++++++++++++++-------
1 file changed, 27 insertions(+), 7 deletions(-)
diff --git a/src/backup/key_derivation.rs b/src/backup/key_derivation.rs
index a91b21ca..7e8480d3 100644
--- a/src/backup/key_derivation.rs
+++ b/src/backup/key_derivation.rs
@@ -235,13 +235,16 @@ pub fn decrypt_key(
let mut result = [0u8; 32];
result.copy_from_slice(&key);
- let fingerprint = match key_config.fingerprint {
- Some(fingerprint) => fingerprint,
- None => {
- let crypt_config = CryptConfig::new(result.clone())?;
- crypt_config.fingerprint()
- },
- };
+ let crypt_config = CryptConfig::new(result.clone())?;
+ let fingerprint = crypt_config.fingerprint();
+ if let Some(stored_fingerprint) = key_config.fingerprint {
+ if fingerprint != stored_fingerprint {
+ eprintln!(
+ "KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}",
+ stored_fingerprint, fingerprint
+ );
+ }
+ }
Ok((result, created, fingerprint))
}
@@ -313,5 +316,22 @@ fn encrypt_decrypt_test() -> Result<(), Error> {
assert_eq!(key.data, decrypted);
assert_eq!(key.fingerprint, Some(fingerprint));
+ let key = KeyConfig {
+ kdf: None,
+ created: proxmox::tools::time::epoch_i64(),
+ modified: proxmox::tools::time::epoch_i64(),
+ data: (0u8..32u8).collect(),
+ fingerprint: Some(Fingerprint::new([0u8; 32])), // wrong FP
+ };
+ let encrypted = rsa_encrypt_key_config(public.clone(), &key).expect("encryption failed");
+ let (decrypted, created, fingerprint) =
+ rsa_decrypt_key_config(private.clone(), &encrypted, &passphrase)
+ .expect("decryption failed");
+
+ assert_eq!(key.created, created);
+ assert_eq!(key.data, decrypted);
+ // wrong FP update by round-trip through encrypt/decrypt
+ assert_ne!(key.fingerprint, Some(fingerprint));
+
Ok(())
}
--
2.20.1
next prev parent reply other threads:[~2020-12-16 13:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-16 13:41 [pbs-devel] [PATCH proxmox-backup 0/7] master key improvements Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 1/7] master key: store blob name in constant Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 2/7] fix #3197: skip fingerprint check when restoring key Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 3/7] key: move RSA-encryption to KeyConfig Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'import-with-master-key' command Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 5/7] docs: replace openssl command with client Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 6/7] KeyConfig: add encrypt/decrypt test Fabian Grünbichler
2020-12-16 13:41 ` Fabian Grünbichler [this message]
2020-12-17 5:55 ` [pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint Dietmar Maurer
2020-12-17 10:37 ` [pbs-devel] applied: " Fabian Grünbichler
2020-12-17 5:53 ` [pbs-devel] applied: [PATCH proxmox-backup 0/7] master key improvements Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201216134111.445581-8-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox