From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 173AA655C2
 for <pve-devel@lists.proxmox.com>; Thu, 23 Jul 2020 11:22:13 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 093D82744B
 for <pve-devel@lists.proxmox.com>; Thu, 23 Jul 2020 11:21:43 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 5F2A927441
 for <pve-devel@lists.proxmox.com>; Thu, 23 Jul 2020 11:21:42 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2ABBC43324
 for <pve-devel@lists.proxmox.com>; Thu, 23 Jul 2020 11:21:42 +0200 (CEST)
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 23 Jul 2020 11:21:36 +0200
Message-Id: <20200723092136.2527542-1-f.gruenbichler@proxmox.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.065 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH proxmox-backup-qemu] fix #2866: invalidate
 bitmap on crypt_mode change
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 09:22:13 -0000

signed and plain backups share chunks, so bitmap reusal is okay for
those combinations. switching from encrypted to not encrypted or
vice-versa could have pretty fatal consequences - either referencing
plain-text chunks in 'encrypted' backups, or referencing encrypted
chunks in 'unencrypted' backups without still having the corresponding
keys..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

Notes:
    requires recent proxmox-backup with public lookup_file_info

 src/backup.rs   |  3 ++-
 src/commands.rs | 35 +++++++++++++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/src/backup.rs b/src/backup.rs
index 717e099..b8108ef 100644
--- a/src/backup.rs
+++ b/src/backup.rs
@@ -202,7 +202,8 @@ impl BackupTask {
         device_name: String,
         size: u64,
     ) -> bool {
-        check_last_incremental_csum(self.last_manifest(), device_name, size)
+        check_last_incremental_csum(self.last_manifest(), &device_name, size)
+            && check_last_encryption_mode(self.last_manifest(), &device_name, self.crypt_mode)
     }
 
     pub async fn register_image(
diff --git a/src/commands.rs b/src/commands.rs
index 6f26324..8d8f2a7 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -80,7 +80,7 @@ pub(crate) async fn add_config(
 
 pub(crate) fn check_last_incremental_csum(
     manifest: Option<Arc<BackupManifest>>,
-    device_name: String,
+    device_name: &str,
     device_size: u64,
 ) -> bool {
 
@@ -91,12 +91,43 @@ pub(crate) fn check_last_incremental_csum(
 
     let archive_name = format!("{}.img.fidx", device_name);
 
-    match PREVIOUS_CSUMS.lock().unwrap().get(&device_name) {
+    match PREVIOUS_CSUMS.lock().unwrap().get(device_name) {
         Some(csum) => manifest.verify_file(&archive_name, &csum, device_size).is_ok(),
         None => false,
     }
 }
 
+pub(crate) fn check_last_encryption_mode(
+    manifest: Option<Arc<BackupManifest>>,
+    device_name: &str,
+    crypt_mode: CryptMode,
+) -> bool {
+
+    let manifest = match manifest {
+        Some(ref manifest) => manifest,
+        None => return false,
+    };
+
+    let archive_name = format!("{}.img.fidx", device_name);
+    match manifest.lookup_file_info(&archive_name) {
+        Ok(file) => {
+            eprintln!("device {} last mode: {:?} current mode {:?}", device_name, file.crypt_mode, crypt_mode);
+            match file.crypt_mode {
+                CryptMode::Encrypt => match crypt_mode {
+                    CryptMode::Encrypt => true,
+                    _ => false,
+                },
+                CryptMode::SignOnly | CryptMode::None => match crypt_mode {
+                    CryptMode::Encrypt => false,
+                    _ => true,
+                },
+            }
+        },
+        _ => false,
+    }
+}
+
+
 pub(crate) async fn register_image(
     client: Arc<BackupWriter>,
     crypt_config: Option<Arc<CryptConfig>>,
-- 
2.20.1