* [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
@ 2020-11-24 13:05 ` Fabian Grünbichler
2020-11-24 15:36 ` Dietmar Maurer
2020-11-25 7:28 ` [pbs-devel] applied: " Dietmar Maurer
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables Fabian Grünbichler
2 siblings, 2 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
but accept old variant as well for now, to not invalidate bitmaps for
freshly migrated VMs.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
needs proxmox-backup with Fingerprint::bytes()
src/commands.rs | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/commands.rs b/src/commands.rs
index 7a24b7c..dcee5a1 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -108,6 +108,8 @@ fn archive_name(device_name: &str) -> String {
const CRYPT_CONFIG_HASH_INPUT:&[u8] = b"this is just a static string to protect against key changes";
/// Create an identifying digest for the crypt config
+/// legacy version for VMs freshly migrated from old version
+/// TODO: remove in PVE 7.0
pub(crate) fn crypt_config_digest(
config: Arc<CryptConfig>,
) -> [u8;32] {
@@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
match (*digest_guard, config) {
(Some(last_digest), Some(current_config)) => {
- crypt_config_digest(current_config) == last_digest
+ current_config.fingerprint().bytes() == &last_digest
+ || crypt_config_digest(current_config) == last_digest
},
(None, None) => true,
_ => false,
@@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
{
let crypt_config_digest = match crypt_config {
- Some(current_config) => Some(crypt_config_digest(current_config)),
+ Some(current_config) => {
+ let fp = current_config
+ .fingerprint()
+ .bytes()
+ .to_owned();
+ Some(fp)
+ },
None => None,
};
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
@ 2020-11-24 15:36 ` Dietmar Maurer
2020-11-24 15:44 ` Fabian Grünbichler
2020-11-25 7:28 ` [pbs-devel] applied: " Dietmar Maurer
1 sibling, 1 reply; 8+ messages in thread
From: Dietmar Maurer @ 2020-11-24 15:36 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
Does this improve something? I can't see the purpose of this change.
> @@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
> let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
> match (*digest_guard, config) {
> (Some(last_digest), Some(current_config)) => {
> - crypt_config_digest(current_config) == last_digest
> + current_config.fingerprint().bytes() == &last_digest
> + || crypt_config_digest(current_config) == last_digest
> },
> (None, None) => true,
> _ => false,
> @@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
>
> {
> let crypt_config_digest = match crypt_config {
> - Some(current_config) => Some(crypt_config_digest(current_config)),
> + Some(current_config) => {
> + let fp = current_config
> + .fingerprint()
> + .bytes()
> + .to_owned();
> + Some(fp)
> + },
> None => None,
> };
>
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 15:36 ` Dietmar Maurer
@ 2020-11-24 15:44 ` Fabian Grünbichler
0 siblings, 0 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 15:44 UTC (permalink / raw)
To: Dietmar Maurer, Proxmox Backup Server development discussion
On November 24, 2020 4:36 pm, Dietmar Maurer wrote:
> Does this improve something? I can't see the purpose of this change.
it allows use to display this remembered fingerprint (e.g., in the
'invalidating bitmap' message or via the WIP 'query-proxmox-support'.
(also, I'd rather harmonize this now while PVE->PBS is still in beta,
and not afterwards)
>> @@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
>> let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
>> match (*digest_guard, config) {
>> (Some(last_digest), Some(current_config)) => {
>> - crypt_config_digest(current_config) == last_digest
>> + current_config.fingerprint().bytes() == &last_digest
>> + || crypt_config_digest(current_config) == last_digest
>> },
>> (None, None) => true,
>> _ => false,
>> @@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
>>
>> {
>> let crypt_config_digest = match crypt_config {
>> - Some(current_config) => Some(crypt_config_digest(current_config)),
>> + Some(current_config) => {
>> + let fp = current_config
>> + .fingerprint()
>> + .bytes()
>> + .to_owned();
>> + Some(fp)
>> + },
>> None => None,
>> };
>>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] applied: [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
2020-11-24 15:36 ` Dietmar Maurer
@ 2020-11-25 7:28 ` Dietmar Maurer
1 sibling, 0 replies; 8+ messages in thread
From: Dietmar Maurer @ 2020-11-25 7:28 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
applied both patches.
> On 11/24/2020 2:05 PM Fabian Grünbichler <f.gruenbichler@proxmox.com> wrote:
>
>
> but accept old variant as well for now, to not invalidate bitmaps for
> freshly migrated VMs.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
>
> Notes:
> needs proxmox-backup with Fingerprint::bytes()
>
> src/commands.rs | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/src/commands.rs b/src/commands.rs
> index 7a24b7c..dcee5a1 100644
> --- a/src/commands.rs
> +++ b/src/commands.rs
> @@ -108,6 +108,8 @@ fn archive_name(device_name: &str) -> String {
> const CRYPT_CONFIG_HASH_INPUT:&[u8] = b"this is just a static string to protect against key changes";
>
> /// Create an identifying digest for the crypt config
> +/// legacy version for VMs freshly migrated from old version
> +/// TODO: remove in PVE 7.0
> pub(crate) fn crypt_config_digest(
> config: Arc<CryptConfig>,
> ) -> [u8;32] {
> @@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
> let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
> match (*digest_guard, config) {
> (Some(last_digest), Some(current_config)) => {
> - crypt_config_digest(current_config) == last_digest
> + current_config.fingerprint().bytes() == &last_digest
> + || crypt_config_digest(current_config) == last_digest
> },
> (None, None) => true,
> _ => false,
> @@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
>
> {
> let crypt_config_digest = match crypt_config {
> - Some(current_config) => Some(crypt_config_digest(current_config)),
> + Some(current_config) => {
> + let fp = current_config
> + .fingerprint()
> + .bytes()
> + .to_owned();
> + Some(fp)
> + },
> None => None,
> };
>
> --
> 2.20.1
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
@ 2020-11-24 13:05 ` Fabian Grünbichler
2020-11-25 7:27 ` [pbs-devel] applied: " Dietmar Maurer
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables Fabian Grünbichler
2 siblings, 1 reply; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
needed for libproxmox-backup-qemu0
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/backup/crypt_config.rs | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs
index 7d27706a..67482a75 100644
--- a/src/backup/crypt_config.rs
+++ b/src/backup/crypt_config.rs
@@ -47,6 +47,12 @@ pub struct Fingerprint {
bytes: [u8; 32],
}
+impl Fingerprint {
+ pub fn bytes(&self) -> &[u8; 32] {
+ &self.bytes
+ }
+}
+
/// Display as short key ID
impl Display for Fingerprint {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread* [pbs-devel] applied: [PATCH proxmox-backup] fingerprint: add bytes() accessor
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
@ 2020-11-25 7:27 ` Dietmar Maurer
0 siblings, 0 replies; 8+ messages in thread
From: Dietmar Maurer @ 2020-11-25 7:27 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
applied
> On 11/24/2020 2:05 PM Fabian Grünbichler <f.gruenbichler@proxmox.com> wrote:
>
>
> needed for libproxmox-backup-qemu0
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> src/backup/crypt_config.rs | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs
> index 7d27706a..67482a75 100644
> --- a/src/backup/crypt_config.rs
> +++ b/src/backup/crypt_config.rs
> @@ -47,6 +47,12 @@ pub struct Fingerprint {
> bytes: [u8; 32],
> }
>
> +impl Fingerprint {
> + pub fn bytes(&self) -> &[u8; 32] {
> + &self.bytes
> + }
> +}
> +
> /// Display as short key ID
> impl Display for Fingerprint {
> fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
> --
> 2.20.1
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
@ 2020-11-24 13:05 ` Fabian Grünbichler
2 siblings, 0 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/commands.rs | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/commands.rs b/src/commands.rs
index dcee5a1..cd81dae 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -23,7 +23,7 @@ lazy_static!{
Mutex::new(HashMap::new())
};
- static ref PREVIOUS_CRYPT_CONFIG_DIGEST: Mutex<Option<[u8;32]>> = {
+ static ref PREVIOUS_KEY_FINGERPRINT: Mutex<Option<[u8;32]>> = {
Mutex::new(None)
};
}
@@ -40,16 +40,16 @@ pub struct ImageUploadInfo {
pub(crate) fn serialize_state() -> Vec<u8> {
let prev_csums = &*PREVIOUS_CSUMS.lock().unwrap();
- let prev_crypt_digest = &*PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
- bincode::serialize(&(prev_csums, prev_crypt_digest)).unwrap()
+ let prev_key_fingerprint = &*PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
+ bincode::serialize(&(prev_csums, prev_key_fingerprint)).unwrap()
}
pub(crate) fn deserialize_state(data: &[u8]) -> Result<(), Error> {
- let (prev_csums, prev_crypt_digest) = bincode::deserialize(data)?;
+ let (prev_csums, prev_key_fingerprint) = bincode::deserialize(data)?;
let mut prev_csums_guard = PREVIOUS_CSUMS.lock().unwrap();
- let mut prev_crypt_digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
+ let mut prev_key_fingerprint_guard = PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
*prev_csums_guard = prev_csums;
- *prev_crypt_digest_guard = prev_crypt_digest;
+ *prev_key_fingerprint_guard = prev_key_fingerprint;
Ok(())
}
@@ -151,11 +151,11 @@ pub(crate) fn check_last_encryption_mode(
pub(crate) fn check_last_encryption_key(
config: Option<Arc<CryptConfig>>,
) -> bool {
- let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
- match (*digest_guard, config) {
- (Some(last_digest), Some(current_config)) => {
- current_config.fingerprint().bytes() == &last_digest
- || crypt_config_digest(current_config) == last_digest
+ let fingerprint_guard = PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
+ match (*fingerprint_guard, config) {
+ (Some(last_fingerprint), Some(current_config)) => {
+ current_config.fingerprint().bytes() == &last_fingerprint
+ || crypt_config_digest(current_config) == last_fingerprint
},
(None, None) => true,
_ => false,
@@ -442,7 +442,7 @@ pub(crate) async fn finish_backup(
};
{
- let crypt_config_digest = match crypt_config {
+ let key_fingerprint = match crypt_config {
Some(current_config) => {
let fp = current_config
.fingerprint()
@@ -453,8 +453,8 @@ pub(crate) async fn finish_backup(
None => None,
};
- let mut crypt_config_digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
- *crypt_config_digest_guard = crypt_config_digest;
+ let mut key_fingerprint_guard = PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
+ *key_fingerprint_guard = key_fingerprint;
}
client
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread