From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DBE3161870 for ; Wed, 21 Oct 2020 17:17:50 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C8B1519156 for ; Wed, 21 Oct 2020 17:17:20 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 8961E19148 for ; Wed, 21 Oct 2020 17:17:19 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 59D4945E8E for ; Wed, 21 Oct 2020 17:17:19 +0200 (CEST) To: =?UTF-8?Q?Fabian_Gr=c3=bcnbichler?= , pve-devel@lists.proxmox.com References: <20201021114951.3006517-1-f.gruenbichler@proxmox.com> <20201021114951.3006517-2-f.gruenbichler@proxmox.com> From: Stefan Reiter Message-ID: <538c080f-25c7-b10c-bc93-8e23ec0a07e8@proxmox.com> Date: Wed, 21 Oct 2020 17:17:18 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20201021114951.3006517-2-f.gruenbichler@proxmox.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.031 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [commands.rs, backup.rs] Subject: Re: [pve-devel] [PATCH proxmox-backup-qemu 2/2] invalidate bitmap when crypto key changes X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 15:17:50 -0000 On 10/21/20 1:49 PM, Fabian Grünbichler wrote: > by computing and remembering the ID digest of a static string, we can > detect when the passed in key has changed without keeping a copy of it > around inbetween backup jobs. > > this is a follow-up/fixup for > > 104fae9111cd9a4e4dd7779172d39580a393165d fix #2866: invalidate bitmap on crypt_mode change > > which implemented detection for crypt MODE changes. > > Signed-off-by: Fabian Grünbichler > --- > note: the string is just an implementation detail right now, but once we > start sending that along with migration or persisting it together with > bitmaps, we probably want a more robust scheme and store the input > string + digest I'm not sure I follow... as long as this string stays the same it shouldn't ever be necessary to store it alongside the digest? In any case, this works fine: Reviewed-by: Stefan Reiter > > src/backup.rs | 1 + > src/commands.rs | 36 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 37 insertions(+) > > diff --git a/src/backup.rs b/src/backup.rs > index 7945575..9f6d176 100644 > --- a/src/backup.rs > +++ b/src/backup.rs > @@ -203,6 +203,7 @@ impl BackupTask { > Some(ref manifest) => { > check_last_incremental_csum(Arc::clone(manifest), &device_name, size) > && check_last_encryption_mode(Arc::clone(manifest), &device_name, self.crypt_mode) > + && check_last_encryption_key(self.crypt_config.clone()) > }, > None => false, > } > diff --git a/src/commands.rs b/src/commands.rs > index b9b0161..f7e0f62 100644 > --- a/src/commands.rs > +++ b/src/commands.rs > @@ -19,6 +19,10 @@ lazy_static!{ > static ref PREVIOUS_CSUMS: Mutex> = { > Mutex::new(HashMap::new()) > }; > + > + static ref PREVIOUS_CRYPT_CONFIG_DIGEST: Mutex> = { > + Mutex::new(None) > + }; > } > > pub struct ImageUploadInfo { > @@ -82,6 +86,15 @@ fn archive_name(device_name: &str) -> String { > format!("{}.img.fidx", device_name) > } > > +const CRYPT_CONFIG_HASH_INPUT:&[u8] = b"this is just a static string to protect against key changes"; > + > +/// Create an identifying digest for the crypt config > +pub(crate) fn crypt_config_digest( > + config: Arc, > +) -> [u8;32] { > + config.compute_digest(CRYPT_CONFIG_HASH_INPUT) > +} > + > pub(crate) fn check_last_incremental_csum( > manifest: Arc, > device_name: &str, > @@ -114,6 +127,19 @@ pub(crate) fn check_last_encryption_mode( > } > } > > +pub(crate) fn check_last_encryption_key( > + config: Option>, > +) -> bool { > + let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap(); > + match (*digest_guard, config) { > + (Some(last_digest), Some(current_config)) => { > + crypt_config_digest(current_config) == last_digest > + }, > + (None, None) => true, > + _ => false, > + } > +} > + > #[allow(clippy::too_many_arguments)] > pub(crate) async fn register_image( > client: Arc, > @@ -393,6 +419,16 @@ pub(crate) async fn finish_backup( > .map_err(|err| format_err!("unable to format manifest - {}", err))? > }; > > + { > + let crypt_config_digest = match crypt_config { > + Some(current_config) => Some(crypt_config_digest(current_config)), > + None => None, > + }; > + > + let mut crypt_config_digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap(); > + *crypt_config_digest_guard = crypt_config_digest; > + } > + > client > .upload_blob_from_data(manifest.into_bytes(), MANIFEST_BLOB_NAME, true, false) > .await?; >