From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id AD3D0611B7 for ; Wed, 16 Dec 2020 14:42:09 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A4CD91CA16 for ; Wed, 16 Dec 2020 14:41:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 328C51CA0C for ; Wed, 16 Dec 2020 14:41:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id F072B451FF for ; Wed, 16 Dec 2020 14:41:38 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Wed, 16 Dec 2020 14:41:11 +0100 Message-Id: <20201216134111.445581-8-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201216134111.445581-1-f.gruenbichler@proxmox.com> References: <20201216134111.445581-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.025 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2020 13:42:09 -0000 and warn if stored and calculated fingerprint don't match. Signed-off-by: Fabian Grünbichler --- Notes: should not happen in practice, but when it does, it's probably not a good idea to display/use the wrong fingerprint.. calculating the fingerprint should be cheap anyway: - derive ID key - calculate single digest with it src/backup/key_derivation.rs | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/src/backup/key_derivation.rs b/src/backup/key_derivation.rs index a91b21ca..7e8480d3 100644 --- a/src/backup/key_derivation.rs +++ b/src/backup/key_derivation.rs @@ -235,13 +235,16 @@ pub fn decrypt_key( let mut result = [0u8; 32]; result.copy_from_slice(&key); - let fingerprint = match key_config.fingerprint { - Some(fingerprint) => fingerprint, - None => { - let crypt_config = CryptConfig::new(result.clone())?; - crypt_config.fingerprint() - }, - }; + let crypt_config = CryptConfig::new(result.clone())?; + let fingerprint = crypt_config.fingerprint(); + if let Some(stored_fingerprint) = key_config.fingerprint { + if fingerprint != stored_fingerprint { + eprintln!( + "KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}", + stored_fingerprint, fingerprint + ); + } + } Ok((result, created, fingerprint)) } @@ -313,5 +316,22 @@ fn encrypt_decrypt_test() -> Result<(), Error> { assert_eq!(key.data, decrypted); assert_eq!(key.fingerprint, Some(fingerprint)); + let key = KeyConfig { + kdf: None, + created: proxmox::tools::time::epoch_i64(), + modified: proxmox::tools::time::epoch_i64(), + data: (0u8..32u8).collect(), + fingerprint: Some(Fingerprint::new([0u8; 32])), // wrong FP + }; + let encrypted = rsa_encrypt_key_config(public.clone(), &key).expect("encryption failed"); + let (decrypted, created, fingerprint) = + rsa_decrypt_key_config(private.clone(), &encrypted, &passphrase) + .expect("decryption failed"); + + assert_eq!(key.created, created); + assert_eq!(key.data, decrypted); + // wrong FP update by round-trip through encrypt/decrypt + assert_ne!(key.fingerprint, Some(fingerprint)); + Ok(()) } -- 2.20.1