chunk readers: ensure chunk/index CryptMode matches

an encrypted Index should never reference a plain-text chunk, and an unencrypted Index should never reference an encrypted chunk. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-08-10 13:25:07 +02:00
parent 2d55beeca0
commit 14f6c9cb8b
8 changed files with 88 additions and 22 deletions
--- a/src/client/remote_chunk_reader.rs
+++ b/src/client/remote_chunk_reader.rs
@ -3,10 +3,10 @@ use std::collections::HashMap;
 use std::pin::Pin;
 use std::sync::{Arc, Mutex};

-use anyhow::Error;
+use anyhow::{bail, Error};

 use super::BackupReader;
-use crate::backup::{AsyncReadChunk, CryptConfig, DataBlob, ReadChunk};
+use crate::backup::{AsyncReadChunk, CryptConfig, CryptMode, DataBlob, ReadChunk};
 use crate::tools::runtime::block_on;

 /// Read chunks from remote host using ``BackupReader``
@ -14,6 +14,7 @@ use crate::tools::runtime::block_on;
 pub struct RemoteChunkReader {
    client: Arc<BackupReader>,
    crypt_config: Option<Arc<CryptConfig>>,
+    crypt_mode: CryptMode,
    cache_hint: HashMap<[u8; 32], usize>,
    cache: Arc<Mutex<HashMap<[u8; 32], Vec<u8>>>>,
 }
@ -25,11 +26,13 @@ impl RemoteChunkReader {
    pub fn new(
        client: Arc<BackupReader>,
        crypt_config: Option<Arc<CryptConfig>>,
+        crypt_mode: CryptMode,
        cache_hint: HashMap<[u8; 32], usize>,
    ) -> Self {
        Self {
            client,
            crypt_config,
+            crypt_mode,
            cache_hint,
            cache: Arc::new(Mutex::new(HashMap::new())),
        }
@ -46,7 +49,20 @@ impl RemoteChunkReader {

        let chunk = DataBlob::load_from_reader(&mut &chunk_data[..])?;

-        Ok(chunk)
+        match self.crypt_mode {
+            CryptMode::Encrypt => {
+                match chunk.crypt_mode()? {
+                    CryptMode::Encrypt => Ok(chunk),
+                    CryptMode::SignOnly | CryptMode::None => bail!("Index and chunk CryptMode don't match."),
+                }
+            },
+            CryptMode::SignOnly | CryptMode::None => {
+                match chunk.crypt_mode()? {
+                    CryptMode::Encrypt => bail!("Index and chunk CryptMode don't match."),
+                    CryptMode::SignOnly | CryptMode::None => Ok(chunk),
+                }
+            },
+        }
    }
 }