From 05cdc05347a3119632436556a395c872bdbf5e8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Fri, 20 Nov 2020 17:38:31 +0100 Subject: [PATCH] crypt config: add fingerprint mechanism MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit by computing the ID digest of a hash of a static string. Signed-off-by: Fabian Grünbichler --- src/backup/crypt_config.rs | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs index 4be728d9..8a4fe0e3 100644 --- a/src/backup/crypt_config.rs +++ b/src/backup/crypt_config.rs @@ -7,6 +7,8 @@ //! encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) //! for a short introduction. +use std::fmt; +use std::fmt::Display; use std::io::Write; use anyhow::{bail, Error}; @@ -17,6 +19,11 @@ use serde::{Deserialize, Serialize}; use proxmox::api::api; +// openssl::sha::sha256(b"Proxmox Backup Encryption Key Fingerprint") +const FINGERPRINT_INPUT: [u8; 32] = [ 110, 208, 239, 119, 71, 31, 255, 77, + 85, 199, 168, 254, 74, 157, 182, 33, + 97, 64, 127, 19, 76, 114, 93, 223, + 48, 153, 45, 37, 236, 69, 237, 38, ]; #[api(default: "encrypt")] #[derive(Copy, Clone, Debug, Eq, PartialEq, Deserialize, Serialize)] #[serde(rename_all = "kebab-case")] @@ -30,6 +37,17 @@ pub enum CryptMode { SignOnly, } +/// 32-byte fingerprint, usually calculated with SHA256. +pub struct Fingerprint { + bytes: [u8; 32], +} + +impl Display for Fingerprint { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "{:?}", self.bytes) + } +} + /// Encryption Configuration with secret key /// /// This structure stores the secret key and provides helpers for @@ -101,6 +119,12 @@ impl CryptConfig { tag } + pub fn fingerprint(&self) -> Fingerprint { + Fingerprint { + bytes: self.compute_digest(&FINGERPRINT_INPUT) + } + } + pub fn data_crypter(&self, iv: &[u8; 16], mode: Mode) -> Result { let mut crypter = openssl::symm::Crypter::new(self.cipher, mode, &self.enc_key, Some(iv))?; crypter.aad_update(b"")?; //??