src/bin/proxmox-backup-client.rs: upload rsa encoded key after backup

2019-06-24 13:56:37 +02:00
parent cd7dc87903
commit 9f46c7de4b
3 changed files with 75 additions and 6 deletions
--- a/src/backup/crypt_config.rs
+++ b/src/backup/crypt_config.rs
@ -167,4 +167,17 @@ impl CryptConfig {

        Ok(decr_data)
    }
+
+    pub fn generate_rsa_encoded_key(
+        &self,
+        rsa: openssl::rsa::Rsa<openssl::pkey::Public>,
+    ) -> Result<Vec<u8>, Error> {
+
+        let mut buffer = vec![0u8; rsa.size() as usize];
+        let len = rsa.public_encrypt(&self.enc_key, &mut buffer, openssl::rsa::Padding::PKCS1)?;
+        if len != buffer.len() {
+            bail!("got unexpected length from rsa.public_encrypt().");
+        }
+        Ok(buffer)
+    }
 }
--- a/src/bin/proxmox-backup-client.rs
+++ b/src/bin/proxmox-backup-client.rs
@ -482,7 +482,7 @@ fn create_backup(
        match backup_type {
            BackupType::CONFIG => {
                println!("Upload config file '{}' to '{:?}' as {}", filename, repo, target);
-                client.upload_blob(&filename, &target, crypt_config.clone(), true).wait()?;
+                client.upload_blob_from_file(&filename, &target, crypt_config.clone(), true).wait()?;
            }
            BackupType::PXAR => {
                println!("Upload directory '{}' to '{:?}' as {}", filename, repo, target);
@ -511,6 +511,27 @@ fn create_backup(
        }
    }

+    if let Some(crypt_config) = crypt_config {
+        let path = master_pubkey_path()?;
+        if path.exists() {
+            let pem_data = proxmox_backup::tools::file_get_contents(&path)?;
+            let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
+            let enc_key = crypt_config.generate_rsa_encoded_key(rsa)?;
+            let target = "rsa-encoded.key";
+            println!("Upload RSA encoded key to '{:?}' as {}", repo, target);
+            client.upload_blob_from_data(enc_key, target, None, false).wait()?;
+
+            // openssl rsautl -decrypt -inkey master-private.pem -in mtest.enckey -out t
+            /*
+            let mut buffer2 = vec![0u8; rsa.size() as usize];
+            let pem_data = proxmox_backup::tools::file_get_contents("master-private.pem")?;
+            let rsa = openssl::rsa::Rsa::private_key_from_pem(&pem_data)?;
+            let len = rsa.private_decrypt(&buffer, &mut buffer2, openssl::rsa::Padding::PKCS1)?;
+            println!("TEST {} {:?}", len, buffer2);
+             */
+        }
+    }
+
    client.finish().wait()?;

    let end_time = Local.timestamp(Local::now().timestamp(), 0);
@ -853,6 +874,15 @@ fn key_create(
    }
 }

+fn master_pubkey_path() -> Result<PathBuf, Error> {
+    let base = BaseDirectories::with_prefix("proxmox-backup")?;
+
+    // usually $HOME/.config/proxmox-backup/master-public.pem
+    let path = base.place_config_file("master-public.pem")?;
+
+    Ok(path)
+}
+
 fn key_import_master_pubkey(
    param: Value,
    _info: &ApiMethod,
@ -868,10 +898,7 @@ fn key_import_master_pubkey(
        bail!("Unable to decode PEM data - {}", err);
    }

-    let base = BaseDirectories::with_prefix("proxmox-backup")?;
-
-    // usually $HOME/.config/proxmox-backup/master-public.pem
-    let target_path = base.place_config_file("master-public.pem")?;
+    let target_path = master_pubkey_path()?;

    proxmox_backup::tools::file_set_contents(&target_path, &pem_data, None)?;

--- a/src/client/http_client.rs
+++ b/src/client/http_client.rs
@ -452,7 +452,36 @@ impl BackupClient {
        self.canceller.take().unwrap().cancel();
    }

-    pub fn upload_blob<P: AsRef<std::path::Path>>(
+    pub fn upload_blob_from_data(
+        &self,
+        data: Vec<u8>,
+        file_name: &str,
+        crypt_config: Option<Arc<CryptConfig>>,
+        compress: bool,
+     ) -> impl Future<Item=(), Error=Error> {
+
+        let h2 = self.h2.clone();
+        let file_name = file_name.to_owned();
+
+        futures::future::ok(())
+            .and_then(move |_| {
+                let blob = if let Some(ref crypt_config) = crypt_config {
+                    DataBlob::encode(&data, Some(crypt_config), compress)?
+                } else {
+                    DataBlob::encode(&data, None, compress)?
+                };
+
+                let raw_data = blob.into_inner();
+                Ok(raw_data)
+            })
+            .and_then(move |raw_data| {
+                let param = json!({"encoded-size": raw_data.len(), "file-name": file_name });
+                h2.upload("blob", Some(param), raw_data)
+                    .map(|_| {})
+            })
+    }
+
+    pub fn upload_blob_from_file<P: AsRef<std::path::Path>>(
        &self,
        src_path: P,
        file_name: &str,