From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup 2/2] pull: decrypt: re-order encryption key/state checks
Date: Fri, 24 Apr 2026 14:46:09 +0200 [thread overview]
Message-ID: <20260424124615.654666-2-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20260424124615.654666-1-f.gruenbichler@proxmox.com>
make the full sequence of checks:
- is source encrypted? if not -> regular pull
- if a local snapshot exists
-- is it encrypted or signed using the same key -> regular pull
-- is it encrypted using a different key -> abort
-- if it is signed, we either abort later or log + regular pull
- find decryption key
-- if none is found, but a local snapshot exists and the source is full
encrypted -> abort
-- if none is found, and no local snapshot exists -> regular pull
-- only proceed for plain snapshots or signed-with-same key, since those could
be the result of a decrypting pull
- check signature -> abort if it doesn't match
- if a local snapshot exists, check change-detection fingerprint, and abort if
it doesn't match or doesn't exist, otherwise assume we can proceed with a
decrypting sync
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
still not super happy with this, but AFAICT this should at least handle
one case better (the final bail) and deduplicate some code..
IMHO the encrypted = part should move to BackupManifest itself, since we
have it in quite a few places already, but unfortunately ENOTIME right
now ;)
src/server/pull.rs | 80 ++++++++++++++++++++++++----------------------
1 file changed, 42 insertions(+), 38 deletions(-)
diff --git a/src/server/pull.rs b/src/server/pull.rs
index 3dc5770f9..b4882718e 100644
--- a/src/server/pull.rs
+++ b/src/server/pull.rs
@@ -930,32 +930,43 @@ async fn optionally_use_decryption_key(
return Ok((None, false)); // no fingerprint on source, regular pull
};
+ // check if source is encrypted or contents signed
+ let encrypted = manifest
+ .files()
+ .iter()
+ .all(|f| f.chunk_crypt_mode() == CryptMode::Encrypt);
+
+ if let Some(existing_manifest) = existing_target_manifest {
+ if let Some(existing_fingerprint) = existing_manifest.fingerprint()? {
+ if existing_fingerprint == key_fp {
+ let target_encrypted = existing_manifest
+ .files()
+ .iter()
+ .all(|f| f.chunk_crypt_mode() == CryptMode::Encrypt);
+ if encrypted == target_encrypted {
+ // both sides are signed or encrypted with the same key, just resync
+ return Ok((None, false));
+ }
+ } else {
+ // pre-existing local manifest for encrypted snapshot with key mismatch
+ bail!("Local encrypted or signed snapshot with different key detected, refuse to sync");
+ }
+ }
+ };
+
// source got key fingerprint, expect contents to be signed or encrypted
let Some((key_id, config)) = params
.crypt_configs
.iter()
.find(|(_id, crypt_conf)| crypt_conf.fingerprint() == *key_fp.bytes())
else {
- // no matching key found in list of configured ones
- if let Some(existing_target_manifest) = existing_target_manifest {
- if let Some(existing_fingerprint) = existing_target_manifest
- .fingerprint()
- .with_context(|| prefix.clone())?
- {
- if existing_fingerprint != key_fp {
- // pre-existing local manifest for encrypted snapshot with key mismatch
- bail!(
- "Local encrypted or signed snapshot with different key detected, refuse to sync"
- );
- }
- } else {
- // pre-existing local manifest without key-fingerprint was previously decrypted,
- // never overwrite with encrypted
- bail!(
- "local snapshot was previously decrypted but no matching decryption key is configured, refuse to sync"
- );
- }
- } else if !params.crypt_configs.is_empty() {
+ // all the other cases are handled above
+ if encrypted && existing_target_manifest.is_some() {
+ bail!("No matching key found, refusing sync");
+ }
+
+ // regular sync
+ if !params.crypt_configs.is_empty() {
log_sender
.log(
Level::INFO,
@@ -963,15 +974,12 @@ async fn optionally_use_decryption_key(
)
.await?;
}
+
return Ok((None, false));
};
// check if source is encrypted or contents signed
- if !manifest
- .files()
- .iter()
- .all(|f| f.chunk_crypt_mode() == CryptMode::Encrypt)
- {
+ if !encrypted {
log_sender
.log(
Level::WARN,
@@ -986,16 +994,11 @@ async fn optionally_use_decryption_key(
.context("failed to check source manifest signature")
.with_context(|| prefix.clone())?;
+ let mut skip_resync = false;
+
// avoid overwriting pre-existing target manifest
if let Some(existing_manifest) = existing_target_manifest {
- if let Some(existing_fingerprint) = existing_manifest
- .fingerprint()
- .with_context(|| prefix.clone())?
- {
- if existing_fingerprint != key_fp {
- bail!("Detected local encrypted or signed snapshot with encryption key mismatch!");
- }
- } else if let Some(source_fp) = manifest
+ if let Some(source_fp) = manifest
.get_change_detection_fingerprint()
.context("failed to parse change detection fingerprint of source manifest")
.with_context(|| prefix.clone())?
@@ -1006,12 +1009,13 @@ async fn optionally_use_decryption_key(
.signature(config)
.with_context(|| prefix.clone())?;
if target_fp == *source_fp.bytes() {
- return Ok((None, true));
+ skip_resync = true;
+ } else {
+ bail!("Change detection fingerprint mismatch, refuse to continue!");
}
-
- bail!("Change detection fingerprint mismatch, refuse to continue!");
+ } else {
+ bail!("No change detection fingerprint found, refuse to continue!");
}
- return Ok((None, false));
}
log_sender
@@ -1021,7 +1025,7 @@ async fn optionally_use_decryption_key(
)
.await?;
- Ok((Some(Arc::clone(config)), false))
+ Ok((Some(Arc::clone(config)), skip_resync))
}
/// Pulls a `snapshot`, removing newly created ones on error, but keeping existing ones in any case.
--
2.47.3
next prev parent reply other threads:[~2026-04-24 12:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 10:36 [PATCH proxmox-backup 0/3] fixup for server side decryption Christian Ebner
2026-04-24 10:36 ` [PATCH proxmox-backup 1/3] sync: pull decrypt: check if contents only signed or fully encrypted Christian Ebner
2026-04-24 10:36 ` [PATCH proxmox-backup 2/3] sync: pull: refactor decryption key loading checks Christian Ebner
2026-04-24 12:46 ` Fabian Grünbichler
2026-04-24 10:36 ` [PATCH proxmox-backup 3/3] api: encryption keys: refactor associated keys check Christian Ebner
2026-04-24 12:46 ` [PATCH proxmox-backup 1/2] pull: decrypt: use let else to reduce indentation Fabian Grünbichler
2026-04-24 12:46 ` Fabian Grünbichler [this message]
2026-04-24 19:06 ` applied: [PATCH proxmox-backup 0/3] fixup for server side decryption Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260424124615.654666-2-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox