tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

src/backup/data_blob.rs - DataBlobReader: impl. reader for signed blobs

This commit is contained in:
Dietmar Maurer 2019-08-12 17:41:25 +02:00
parent 09785b2795
commit 4bfa147eaf
1 changed files with 42 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/backup/data_blob.rs
View File

@ -695,6 +695,7 @@ impl <'a, R: Read> Read for ChecksumReader<'a, R> {
enum BlobReaderState<'a, R: Read> { enum BlobReaderState<'a, R: Read> {
Uncompressed { expected_crc: u32, csum_reader: ChecksumReader<'a, R> }, Uncompressed { expected_crc: u32, csum_reader: ChecksumReader<'a, R> },
Compressed { expected_crc: u32, decompr: zstd::stream::read::Decoder<BufReader<ChecksumReader<'a, R>>> }, Compressed { expected_crc: u32, decompr: zstd::stream::read::Decoder<BufReader<ChecksumReader<'a, R>>> },
Signed { expected_crc: u32, expected_hmac: [u8; 32], csum_reader: ChecksumReader<'a, R> },
} }
/// Read data blobs /// Read data blobs
@ -704,7 +705,7 @@ pub struct DataBlobReader<'a, R: Read> {
impl <'a, R: Read> DataBlobReader<'a, R> { impl <'a, R: Read> DataBlobReader<'a, R> {
pub fn new(mut reader: R) -> Result<Self, Error> { pub fn new(mut reader: R, config: Option<&'a CryptConfig>) -> Result<Self, Error> {
let head: DataBlobHeader = unsafe { reader.read_le_value()? }; let head: DataBlobHeader = unsafe { reader.read_le_value()? };
match head.magic { match head.magic {
@ -720,6 +721,14 @@ impl <'a, R: Read> DataBlobReader<'a, R> {
let decompr = zstd::stream::read::Decoder::new(csum_reader)?; let decompr = zstd::stream::read::Decoder::new(csum_reader)?;
Ok(Self { state: BlobReaderState::Compressed { expected_crc, decompr }}) Ok(Self { state: BlobReaderState::Compressed { expected_crc, decompr }})
} }
AUTHENTICATED_BLOB_MAGIC_1_0 => {
let expected_crc = u32::from_le_bytes(head.crc);
let mut expected_hmac = [0u8; 32];
reader.read_exact(&mut expected_hmac)?;
let signer = config.map(|c| c.data_signer());
let csum_reader = ChecksumReader::new(reader, signer);
Ok(Self { state: BlobReaderState::Signed { expected_crc, expected_hmac, csum_reader }})
}
_ => bail!("got wrong magic number {:?}", head.magic) _ => bail!("got wrong magic number {:?}", head.magic)
} }
} }
@ -741,6 +750,18 @@ impl <'a, R: Read> DataBlobReader<'a, R> {
} }
Ok(reader) Ok(reader)
} }
BlobReaderState::Signed { csum_reader, expected_crc, expected_hmac } => {
let (reader, crc, hmac) = csum_reader.finish()?;
if crc != expected_crc {
bail!("blob crc check failed");
}
if let Some(hmac) = hmac {
if hmac != expected_hmac {
bail!("blob signature check failed");
}
}
Ok(reader)
}
} }
} }
} }
@ -755,6 +776,9 @@ impl <'a, R: BufRead> Read for DataBlobReader<'a, R> {
BlobReaderState::Compressed { decompr, .. } => { BlobReaderState::Compressed { decompr, .. } => {
decompr.read(buf) decompr.read(buf)
} }
BlobReaderState::Signed { csum_reader, .. } => {
csum_reader.read(buf)
}
} }
} }
} }