tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cleanup: KeyConfig::decrypt - show password hint on error

Browse Source
This commit is contained in:
Dietmar Maurer
2021-01-21 07:13:56 +01:00
parent f490dda05a
commit 8428063d9e
2 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/api2/tape/drive.rs
View File

@ -484,19 +484,7 @@ pub async fn restore_key(
if let Some(key_config) = key_config {
let password_fn = || { Ok(password.as_bytes().to_vec()) };
let key = match key_config.decrypt(&password_fn) {
Ok((key, ..)) => key,
Err(_) => {
match key_config.hint {
Some(hint) => {
bail!("decrypt key failed (password hint: {})", hint);
}
None => {
bail!("decrypt key failed (wrong password)");
}
}
}
};
let (key, ..) = key_config.decrypt(&password_fn)?;
config::tape_encryption_keys::insert_key(key, key_config)?;
} else {
bail!("media does not contain any encryption key configuration");

13
src/backup/key_derivation.rs
View File

@ -216,7 +216,7 @@ impl KeyConfig {
let derived_key = kdf.derive_key(&passphrase)?;
if raw_data.len() < 32 {
bail!("Unable to encode key - short data");
bail!("Unable to decrypt key - short data");
}
let iv = &raw_data[0..16];
let tag = &raw_data[16..32];
@ -231,7 +231,16 @@ impl KeyConfig {
b"",
&enc_data,
&tag,
).map_err(|err| format_err!("Unable to decrypt key (wrong password?) - {}", err))?
).map_err(|err| {
match self.hint {
Some(ref hint) => {
format_err!("Unable to decrypt key (password hint: {})", hint)
}
None => {
format_err!("Unable to decrypt key (wrong password?) - {}", err)
}
}
})?
} else {
raw_data.clone()