src/backup/crypt_config.rs: make code more flexible

Allow to pass magic numbers as parameters.
This commit is contained in:
Dietmar Maurer 2019-06-21 10:41:39 +02:00
parent c38266c18d
commit 077a8cae63
2 changed files with 80 additions and 50 deletions

View File

@ -64,7 +64,18 @@ impl CryptConfig {
/// Compress and encrypt data using a random 16 byte IV.
///
/// Return the encrypted data, including IV and MAC (MAGIC || IV || MAC || ENC_DATA).
pub fn encode_chunk(&self, data: &[u8], compress: bool) -> Result<Vec<u8>, Error> {
/// If compression does not help, we return the uncompresssed, encrypted data.
pub fn encode_chunk(
&self,
// The data you want to encode
data: &[u8],
// Whether try to compress data before encryption
compress: bool,
// Magic number used for uncompressed results
uncomp_magic: &[u8; 8],
// Magic number used for compressed results
comp_magic: &[u8; 8],
) -> Result<Vec<u8>, Error> {
let iv = proxmox::sys::linux::random_data(16)?;
let mut c = Crypter::new(self.cipher, Mode::Encrypt, &self.enc_key, Some(&iv))?;
@ -76,7 +87,7 @@ impl CryptConfig {
if compr_data.len() < data.len() {
let mut enc = vec![0; compr_data.len()+40+self.cipher.block_size()];
enc[0..8].copy_from_slice(&super::ENCR_COMPR_CHUNK_MAGIC_1_0);
enc[0..8].copy_from_slice(comp_magic);
enc[8..24].copy_from_slice(&iv);
let count = c.update(&compr_data, &mut enc[40..])?;
@ -91,7 +102,7 @@ impl CryptConfig {
let mut enc = vec![0; data.len()+40+self.cipher.block_size()];
enc[0..8].copy_from_slice(&super::ENCRYPTED_CHUNK_MAGIC_1_0);
enc[0..8].copy_from_slice(uncomp_magic);
enc[8..24].copy_from_slice(&iv);
let count = c.update(data, &mut enc[40..])?;
@ -105,19 +116,18 @@ impl CryptConfig {
/// Decompress and decrypt chunk, verify MAC.
///
/// Binrary ``data`` is expected to be in format returned by encode_chunk.
pub fn decode_chunk(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
/// Binrary ``data`` is expected to be in format returned by encode_chunk. The magic number
/// is not used here.
pub fn decode_compressed_chunk(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
if data.len() < 40 {
bail!("Invalid chunk len (<40)");
}
let magic = &data[0..8];
// let magic = &data[0..8];
let iv = &data[8..24];
let mac = &data[24..40];
if magic == super::ENCR_COMPR_CHUNK_MAGIC_1_0 {
let dec = Vec::with_capacity(1024*1024);
let mut decompressor = zstd::stream::write::Decoder::new(dec)?;
@ -149,9 +159,23 @@ impl CryptConfig {
decompressor.flush()?;
return Ok(decompressor.into_inner());
Ok(decompressor.into_inner())
}
/// Decrypt chunk, verify MAC.
///
/// Binrary ``data`` is expected to be in format returned by encode_chunk. The magic number
/// is not used here.
pub fn decode_uncompressed_chunk(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
if data.len() < 40 {
bail!("Invalid chunk len (<40)");
}
// let magic = &data[0..8];
let iv = &data[8..24];
let mac = &data[24..40];
} else if magic == super::ENCRYPTED_CHUNK_MAGIC_1_0 {
let decr_data = decrypt_aead(
self.cipher,
&self.enc_key,
@ -160,9 +184,7 @@ impl CryptConfig {
&data[40..],
mac,
)?;
return Ok(decr_data);
} else {
bail!("Invalid magic number (expected encrypted chunk).");
}
Ok(decr_data)
}
}

View File

@ -66,7 +66,12 @@ impl DataChunk {
if let Some(config) = config {
let enc_data = config.encode_chunk(data, compress)?;
let enc_data = config.encode_chunk(
data,
compress,
&ENCRYPTED_CHUNK_MAGIC_1_0,
&ENCR_COMPR_CHUNK_MAGIC_1_0,
)?;
let chunk = DataChunk { digest, raw_data: enc_data };
Ok(chunk)
@ -108,8 +113,11 @@ impl DataChunk {
} else if magic == &ENCR_COMPR_CHUNK_MAGIC_1_0 || magic == &ENCRYPTED_CHUNK_MAGIC_1_0 {
if let Some(config) = config {
let data = config.decode_chunk(&self.raw_data)?;
let data = if magic == &ENCR_COMPR_CHUNK_MAGIC_1_0 {
config.decode_compressed_chunk(&self.raw_data)?
} else {
config.decode_uncompressed_chunk(&self.raw_data)?
};
return Ok(data);
} else {
bail!("unable to decrypt chunk - missing CryptConfig");