tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move Kdf and KeyInfo to pbs_api_types workspace

Browse Source
This commit is contained in:
Dietmar Maurer 2021-09-06 10:19:29 +02:00
parent f46806414a
commit 45d5d873ce
6 changed files with 63 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
pbs-api-types/src/key_derivation.rs Normal file
View File

@ -0,0 +1,56 @@
use serde::{Deserialize, Serialize};
use proxmox::api::api;
use crate::CERT_FINGERPRINT_SHA256_SCHEMA;
#[api(default: "scrypt")]
#[derive(Clone, Copy, Debug, Deserialize, Serialize)]
#[serde(rename_all = "lowercase")]
/// Key derivation function for password protected encryption keys.
pub enum Kdf {
/// Do not encrypt the key.
None,
/// Encrypt they key with a password using SCrypt.
Scrypt,
/// Encrtypt the Key with a password using PBKDF2
PBKDF2,
}
impl Default for Kdf {
#[inline]
fn default() -> Self {
Kdf::Scrypt
}
}
#[api(
properties: {
kdf: {
type: Kdf,
},
fingerprint: {
schema: CERT_FINGERPRINT_SHA256_SCHEMA,
optional: true,
},
},
)]
#[derive(Deserialize, Serialize)]
/// Encryption Key Information
pub struct KeyInfo {
/// Path to key (if stored in a file)
#[serde(skip_serializing_if="Option::is_none")]
pub path: Option<String>,
pub kdf: Kdf,
/// Key creation time
pub created: i64,
/// Key modification time
pub modified: i64,
/// Key fingerprint
#[serde(skip_serializing_if="Option::is_none")]
pub fingerprint: Option<String>,
/// Password hint
#[serde(skip_serializing_if="Option::is_none")]
pub hint: Option<String>,
}

3
pbs-api-types/src/lib.rs
View File

@ -34,6 +34,9 @@ macro_rules! SNAPSHOT_PATH_REGEX_STR {
); );
} }
mod key_derivation;
pub use key_derivation::{Kdf, KeyInfo};
#[macro_use] #[macro_use]
mod userid; mod userid;
pub use userid::Authid; pub use userid::Authid;

53
pbs-datastore/src/key_derivation.rs
View File

@ -4,64 +4,13 @@ use std::path::Path;
use anyhow::{bail, format_err, Context, Error}; use anyhow::{bail, format_err, Context, Error};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use proxmox::api::api;
use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions}; use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions};
use proxmox::try_block; use proxmox::try_block;
use pbs_api_types::CERT_FINGERPRINT_SHA256_SCHEMA; use pbs_api_types::{Kdf, KeyInfo};
use crate::crypt_config::{CryptConfig, Fingerprint}; use crate::crypt_config::{CryptConfig, Fingerprint};
#[api(default: "scrypt")]
#[derive(Clone, Copy, Debug, Deserialize, Serialize)]
#[serde(rename_all = "lowercase")]
/// Key derivation function for password protected encryption keys.
pub enum Kdf {
/// Do not encrypt the key.
None,
/// Encrypt they key with a password using SCrypt.
Scrypt,
/// Encrtypt the Key with a password using PBKDF2
PBKDF2,
}
impl Default for Kdf {
#[inline]
fn default() -> Self {
Kdf::Scrypt
}
}
#[api(
properties: {
kdf: {
type: Kdf,
},
fingerprint: {
schema: CERT_FINGERPRINT_SHA256_SCHEMA,
optional: true,
},
},
)]
#[derive(Deserialize, Serialize)]
/// Encryption Key Information
pub struct KeyInfo {
/// Path to key (if stored in a file)
#[serde(skip_serializing_if="Option::is_none")]
pub path: Option<String>,
pub kdf: Kdf,
/// Key creation time
pub created: i64,
/// Key modification time
pub modified: i64,
/// Key fingerprint
#[serde(skip_serializing_if="Option::is_none")]
pub fingerprint: Option<String>,
/// Password hint
#[serde(skip_serializing_if="Option::is_none")]
pub hint: Option<String>,
}
/// Key derivation function configuration /// Key derivation function configuration
#[derive(Deserialize, Serialize, Clone, Debug)] #[derive(Deserialize, Serialize, Clone, Debug)]
pub enum KeyDerivationConfig { pub enum KeyDerivationConfig {

2
pbs-datastore/src/lib.rs
View File

@ -219,6 +219,6 @@ pub use data_blob_writer::DataBlobWriter;
pub use key_derivation::{ pub use key_derivation::{
decrypt_key, load_and_decrypt_key, rsa_decrypt_key_config, rsa_encrypt_key_config, decrypt_key, load_and_decrypt_key, rsa_decrypt_key_config, rsa_encrypt_key_config,
}; };
pub use key_derivation::{Kdf, KeyConfig, KeyDerivationConfig, KeyInfo}; pub use key_derivation::{KeyConfig, KeyDerivationConfig};
pub use manifest::BackupManifest; pub use manifest::BackupManifest;
pub use store_progress::StoreProgress; pub use store_progress::StoreProgress;

3
src/api2/config/tape_encryption_keys.rs
View File

@ -11,8 +11,7 @@ use proxmox::{
}, },
}; };
use pbs_api_types::Fingerprint; use pbs_api_types::{Fingerprint, KeyInfo, Kdf};
use pbs_datastore::{KeyInfo, Kdf};
use pbs_datastore::key_derivation::KeyConfig; use pbs_datastore::key_derivation::KeyConfig;
use pbs_config::open_backup_lockfile; use pbs_config::open_backup_lockfile;

3
src/bin/proxmox_tape/encryption_key.rs
View File

@ -11,8 +11,7 @@ use proxmox::{
sys::linux::tty, sys::linux::tty,
}; };
use pbs_api_types::Fingerprint; use pbs_api_types::{Fingerprint, Kdf};
use pbs_datastore::Kdf;
use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key}; use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key};
use proxmox_backup::{ use proxmox_backup::{