tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

client: refactor crypto_parameter handling 

pull out the crypt-mode to logically group arms and make the whole mess
a bit more "human-parsable".

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2021-02-05 16:35:34 +01:00 committed by Dietmar Maurer
parent 1a89a7794e
commit 9432838914
1 changed files with 61 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
src/bin/proxmox-backup-client.rs
View File

@ -694,37 +694,25 @@ fn crypto_parameters(param: &Value) -> Result<CryptoParams, Error> {
} }
}; };
Ok(match (keydata, master_pubkey_data, mode) { let res = match mode {
// no parameters: // no crypt mode, enable encryption if keys are available
(None, None, None) => match key::read_optional_default_encryption_key()? { None => match (keydata, master_pubkey_data) {
None => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None }, // only default keys if available
enc_key => { (None, None) => match key::read_optional_default_encryption_key()? {
eprintln!("Encrypting with default encryption key!"); None => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None },
let master_pubkey = key::read_optional_default_master_pubkey()?; enc_key => {
CryptoParams { eprintln!("Encrypting with default encryption key!");
mode: CryptMode::Encrypt, let master_pubkey = key::read_optional_default_master_pubkey()?;
enc_key, CryptoParams {
master_pubkey, mode: CryptMode::Encrypt,
} enc_key,
master_pubkey,
}
},
}, },
},
// just --crypt-mode=none // explicit master key, default enc key needed
(None, None, Some(CryptMode::None)) => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None }, (None, master_pubkey) => match key::read_optional_default_encryption_key()? {
// --keyfile and --crypt-mode=none
(Some(_), _, Some(CryptMode::None)) => {
bail!("--keyfile/--keyfd and --crypt-mode=none are mutually exclusive");
},
// --master-pubkey-file and --crypt-mode=none
(_, Some(_), Some(CryptMode::None)) => {
bail!("--master-pubkey-file/--master-pubkey-fd and --crypt-mode=none are mutually exclusive");
},
// --master-pubkey-file and nothing else
(None, master_pubkey, None) => {
match key::read_optional_default_encryption_key()? {
None => bail!("--master-pubkey-file/--master-pubkey-fd specified, but no key available"), None => bail!("--master-pubkey-file/--master-pubkey-fd specified, but no key available"),
enc_key => { enc_key => {
eprintln!("Encrypting with default encryption key!"); eprintln!("Encrypting with default encryption key!");
@ -734,47 +722,60 @@ fn crypto_parameters(param: &Value) -> Result<CryptoParams, Error> {
master_pubkey, master_pubkey,
} }
}, },
} },
// explicit keyfile, maybe default master key
(enc_key, None) => CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey: key::read_optional_default_master_pubkey()? },
// explicit keyfile and master key
(enc_key, master_pubkey) => CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey },
}, },
// --crypt-mode other than none, without keyfile, with or without master key // explicitly disabled encryption
(None, master_pubkey, Some(mode)) => match key::read_optional_default_encryption_key()? { Some(CryptMode::None) => match (keydata, master_pubkey_data) {
None => bail!("--crypt-mode without --keyfile and no default key file available"), // no keys => OK, no encryption
enc_key => { (None, None) => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None },
eprintln!("Encrypting with default encryption key!");
// --keyfile and --crypt-mode=none
(Some(_), _) => bail!("--keyfile/--keyfd and --crypt-mode=none are mutually exclusive"),
// --master-pubkey-file and --crypt-mode=none
(_, Some(_)) => bail!("--master-pubkey-file/--master-pubkey-fd and --crypt-mode=none are mutually exclusive"),
},
// explicitly enabled encryption
Some(mode) => match (keydata, master_pubkey_data) {
// no key, maybe master key
(None, master_pubkey) => match key::read_optional_default_encryption_key()? {
None => bail!("--crypt-mode without --keyfile and no default key file available"),
enc_key => {
eprintln!("Encrypting with default encryption key!");
let master_pubkey = match master_pubkey {
None => key::read_optional_default_master_pubkey()?,
master_pubkey => master_pubkey,
};
CryptoParams {
mode,
enc_key,
master_pubkey,
}
},
},
// --keyfile and --crypt-mode other than none
(enc_key, master_pubkey) => {
let master_pubkey = match master_pubkey { let master_pubkey = match master_pubkey {
None => key::read_optional_default_master_pubkey()?, None => key::read_optional_default_master_pubkey()?,
master_pubkey => master_pubkey, master_pubkey => master_pubkey,
}; };
CryptoParams { CryptoParams { mode, enc_key, master_pubkey }
mode,
enc_key,
master_pubkey,
}
}, },
}
// just --keyfile
(enc_key, master_pubkey, None) => {
let master_pubkey = match master_pubkey {
None => key::read_optional_default_master_pubkey()?,
master_pubkey => master_pubkey,
};
CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey }
}, },
};
// --keyfile and --crypt-mode other than none Ok(res)
(enc_key, master_pubkey, Some(mode)) => {
let master_pubkey = match master_pubkey {
None => key::read_optional_default_master_pubkey()?,
master_pubkey => master_pubkey,
};
CryptoParams { mode, enc_key, master_pubkey }
},
})
} }
#[test] #[test]