sync: verify chunk size and digest, if possible

for encrypted chunks this is currently not possible, as we need the key to decode the chunk. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-08-03 14:10:44 +02:00 · 2020-08-03 14:10:44 +02:00 · 9e496ff6f1
commit 9e496ff6f1
parent 8819d1f2f5
2 changed files with 8 additions and 6 deletions
--- a/src/client/pull.rs
+++ b/src/client/pull.rs
@ -27,16 +27,18 @@ async fn pull_index_chunks<I: IndexFile>(


    for pos in 0..index.index_count() {
-        let digest = index.index_digest(pos).unwrap();
-        let chunk_exists = target.cond_touch_chunk(digest, false)?;
+        let info = index.chunk_info(pos).unwrap();
+        let chunk_exists = target.cond_touch_chunk(&info.digest, false)?;
        if chunk_exists {
            //worker.log(format!("chunk {} exists {}", pos, proxmox::tools::digest_to_hex(digest)));
            continue;
        }
        //worker.log(format!("sync {} chunk {}", pos, proxmox::tools::digest_to_hex(digest)));
-        let chunk = chunk_reader.read_raw_chunk(&digest).await?;
+        let chunk = chunk_reader.read_raw_chunk(&info.digest).await?;

-        target.insert_chunk(&chunk, &digest)?;
+        chunk.verify_unencrypted(info.size() as usize, &info.digest)?;
+
+        target.insert_chunk(&chunk, &info.digest)?;
    }

    Ok(())
--- a/src/client/remote_chunk_reader.rs
+++ b/src/client/remote_chunk_reader.rs
@ -35,6 +35,8 @@ impl RemoteChunkReader {
        }
    }

+    /// Downloads raw chunk. This only verifies the (untrusted) CRC32, use
+    /// DataBlob::verify_unencrypted or DataBlob::decode before storing/processing further.
    pub async fn read_raw_chunk(&self, digest: &[u8; 32]) -> Result<DataBlob, Error> {
        let mut chunk_data = Vec::with_capacity(4 * 1024 * 1024);

@ -43,8 +45,6 @@ impl RemoteChunkReader {
            .await?;

        let chunk = DataBlob::load_from_reader(&mut &chunk_data[..])?;
-        
-        // fixme: verify digest?

        Ok(chunk)
    }