src/backup/manifest.rs: include signature inside the manifest

This is more flexible, because we can choose what fileds we want to sign.
2020-07-08 16:07:14 +02:00
parent 3638341aa4
commit 2107a5aebc
5 changed files with 72 additions and 16 deletions
--- a/src/client/backup_reader.rs
+++ b/src/client/backup_reader.rs
@ -1,4 +1,4 @@
-use anyhow::{format_err, Error};
+use anyhow::{bail, format_err, Error};
 use std::io::{Read, Write, Seek, SeekFrom};
 use std::fs::File;
 use std::sync::Arc;
@ -123,7 +123,9 @@ impl BackupReader {
    }

    /// Download backup manifest (index.json)
-    pub async fn download_manifest(&self) -> Result<BackupManifest, Error> {
+    ///
+    /// The manifest signature is verified if we have a crypt_config.
+    pub async fn download_manifest(&self) -> Result<(BackupManifest, Vec<u8>), Error> {

        use std::convert::TryFrom;

@ -131,10 +133,25 @@ impl BackupReader {
        self.download(MANIFEST_BLOB_NAME, &mut raw_data).await?;
        let blob = DataBlob::from_raw(raw_data)?;
        blob.verify_crc()?;
-        let data = blob.decode(self.crypt_config.as_ref().map(Arc::as_ref))?;
+        let data = blob.decode(None)?;
        let json: Value = serde_json::from_slice(&data[..])?;

-        BackupManifest::try_from(json)
+        let signature = json["signature"].as_str().map(String::from);
+
+        let manifest = BackupManifest::try_from(json)?;
+
+        if let Some(ref crypt_config) = self.crypt_config {
+            if let Some(signature) = signature {
+                let expected_signature = proxmox::tools::digest_to_hex(&manifest.signature(crypt_config));
+                if signature != expected_signature {
+                    bail!("wrong signature in manifest");
+                }
+            } else {
+                // warn/fail?
+            }
+        }
+
+        Ok((manifest, data))
    }

    /// Download a .blob file