crypt config: add fingerprint mechanism
by computing the ID digest of a hash of a static string. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
6364115b4b
commit
05cdc05347
@ -7,6 +7,8 @@
|
|||||||
//! encryption](https://en.wikipedia.org/wiki/Authenticated_encryption)
|
//! encryption](https://en.wikipedia.org/wiki/Authenticated_encryption)
|
||||||
//! for a short introduction.
|
//! for a short introduction.
|
||||||
|
|
||||||
|
use std::fmt;
|
||||||
|
use std::fmt::Display;
|
||||||
use std::io::Write;
|
use std::io::Write;
|
||||||
|
|
||||||
use anyhow::{bail, Error};
|
use anyhow::{bail, Error};
|
||||||
@ -17,6 +19,11 @@ use serde::{Deserialize, Serialize};
|
|||||||
|
|
||||||
use proxmox::api::api;
|
use proxmox::api::api;
|
||||||
|
|
||||||
|
// openssl::sha::sha256(b"Proxmox Backup Encryption Key Fingerprint")
|
||||||
|
const FINGERPRINT_INPUT: [u8; 32] = [ 110, 208, 239, 119, 71, 31, 255, 77,
|
||||||
|
85, 199, 168, 254, 74, 157, 182, 33,
|
||||||
|
97, 64, 127, 19, 76, 114, 93, 223,
|
||||||
|
48, 153, 45, 37, 236, 69, 237, 38, ];
|
||||||
#[api(default: "encrypt")]
|
#[api(default: "encrypt")]
|
||||||
#[derive(Copy, Clone, Debug, Eq, PartialEq, Deserialize, Serialize)]
|
#[derive(Copy, Clone, Debug, Eq, PartialEq, Deserialize, Serialize)]
|
||||||
#[serde(rename_all = "kebab-case")]
|
#[serde(rename_all = "kebab-case")]
|
||||||
@ -30,6 +37,17 @@ pub enum CryptMode {
|
|||||||
SignOnly,
|
SignOnly,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// 32-byte fingerprint, usually calculated with SHA256.
|
||||||
|
pub struct Fingerprint {
|
||||||
|
bytes: [u8; 32],
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Display for Fingerprint {
|
||||||
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||||
|
write!(f, "{:?}", self.bytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// Encryption Configuration with secret key
|
/// Encryption Configuration with secret key
|
||||||
///
|
///
|
||||||
/// This structure stores the secret key and provides helpers for
|
/// This structure stores the secret key and provides helpers for
|
||||||
@ -101,6 +119,12 @@ impl CryptConfig {
|
|||||||
tag
|
tag
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn fingerprint(&self) -> Fingerprint {
|
||||||
|
Fingerprint {
|
||||||
|
bytes: self.compute_digest(&FINGERPRINT_INPUT)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pub fn data_crypter(&self, iv: &[u8; 16], mode: Mode) -> Result<Crypter, Error> {
|
pub fn data_crypter(&self, iv: &[u8; 16], mode: Mode) -> Result<Crypter, Error> {
|
||||||
let mut crypter = openssl::symm::Crypter::new(self.cipher, mode, &self.enc_key, Some(iv))?;
|
let mut crypter = openssl::symm::Crypter::new(self.cipher, mode, &self.enc_key, Some(iv))?;
|
||||||
crypter.aad_update(b"")?; //??
|
crypter.aad_update(b"")?; //??
|
||||||
|
Loading…
Reference in New Issue
Block a user