src/backup/data_blob.rs: implement signed blobs

2019-08-02 09:56:01 +02:00
parent 93205f942a
commit 69ecd8d5b0
2 changed files with 89 additions and 0 deletions
--- a/src/backup/file_formats.rs
+++ b/src/backup/file_formats.rs
@ -26,6 +26,12 @@ pub static ENCRYPTED_BLOB_MAGIC_1_0: [u8; 8] = [123, 103, 133, 190, 34, 45, 76,
 // openssl::sha::sha256(b"Proxmox Backup zstd compressed encrypted blob v1.0")[0..8]
 pub static ENCR_COMPR_BLOB_MAGIC_1_0: [u8; 8] = [230, 89, 27, 191, 11, 191, 216, 11];

+//openssl::sha::sha256(b"Proxmox Backup authenticated blob v1.0")[0..8]
+pub static AUTHENTICATED_BLOB_MAGIC_1_0: [u8; 8] = [31, 135, 238, 226, 145, 206, 5, 2];
+
+//openssl::sha::sha256(b"Proxmox Backup zstd compressed authenticated blob v1.0")[0..8]
+pub static AUTH_COMPR_BLOB_MAGIC_1_0: [u8; 8] = [126, 166, 15, 190, 145, 31, 169, 96];
+
 // openssl::sha::sha256(b"Proxmox Backup fixed sized chunk index v1.0")[0..8]
 pub static FIXED_SIZED_CHUNK_INDEX_1_0: [u8; 8] = [47, 127, 65, 237, 145, 253, 15, 205];

@ -53,6 +59,19 @@ pub struct DataBlobHeader {
    pub crc: [u8; 4],
 }

+/// Authenticated data blob binary storage format
+///
+/// The ``DataBlobHeader`` for authenticated blobs additionally contains
+/// a 16 byte HMAC tag, followed by the data:
+///
+/// (MAGIC || CRC32 || TAG || Data).
+#[derive(Endian)]
+#[repr(C,packed)]
+pub struct AuthenticatedDataBlobHeader {
+    pub head: DataBlobHeader,
+    pub tag: [u8; 32],
+}
+
 /// Encrypted data blob binary storage format
 ///
 /// The ``DataBlobHeader`` for encrypted blobs additionally contains