From a0ef68b93cf6a9d8fab6b24cd124fb17887c697c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Fri, 20 Nov 2020 17:38:36 +0100
Subject: [PATCH] manifest: check fingerprint when loading with key
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

otherwise loading will run into the signature mismatch which is
technically true, but not the complete picture in this case.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/backup/manifest.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/backup/manifest.rs b/src/backup/manifest.rs
index 00dafbd6..a64cbe15 100644
--- a/src/backup/manifest.rs
+++ b/src/backup/manifest.rs
@@ -273,6 +273,19 @@ impl BackupManifest {
         if let Some(ref crypt_config) = crypt_config {
             if let Some(signature) = signature {
                 let expected_signature = proxmox::tools::digest_to_hex(&Self::json_signature(&json, crypt_config)?);
+
+                let fingerprint = &json["unprotected"]["key-fingerprint"];
+                if fingerprint != &Value::Null {
+                    let fingerprint = serde_json::from_value(fingerprint.clone())?;
+                    let config_fp = crypt_config.fingerprint();
+                    if config_fp != fingerprint {
+                        bail!(
+                            "wrong key - unable to verify signature since manifest's key {} does not match provided key {}",
+                            fingerprint,
+                            config_fp
+                        );
+                    }
+                }
                 if signature != expected_signature {
                     bail!("wrong signature in manifest");
                 }