src/backup/key_derivation.rs: add modified field to key file
This commit is contained in:
		| @ -60,6 +60,8 @@ pub struct KeyConfig { | |||||||
|     pub kdf: Option<KeyDerivationConfig>, |     pub kdf: Option<KeyDerivationConfig>, | ||||||
|     #[serde(with = "proxmox::tools::serde::date_time_as_rfc3339")] |     #[serde(with = "proxmox::tools::serde::date_time_as_rfc3339")] | ||||||
|     pub created: DateTime<Local>, |     pub created: DateTime<Local>, | ||||||
|  |     #[serde(with = "proxmox::tools::serde::date_time_as_rfc3339")] | ||||||
|  |     pub modified: DateTime<Local>, | ||||||
|     #[serde(with = "proxmox::tools::serde::bytes_as_base64")] |     #[serde(with = "proxmox::tools::serde::bytes_as_base64")] | ||||||
|     pub data: Vec<u8>, |     pub data: Vec<u8>, | ||||||
|  } |  } | ||||||
| @ -96,12 +98,10 @@ pub fn store_key_config( | |||||||
|     Ok(()) |     Ok(()) | ||||||
| } | } | ||||||
|  |  | ||||||
| pub fn store_key_with_passphrase( | pub fn encrypt_key_with_passphrase( | ||||||
|     path: &std::path::Path, |  | ||||||
|     raw_key: &[u8], |     raw_key: &[u8], | ||||||
|     passphrase: &[u8], |     passphrase: &[u8], | ||||||
|     replace: bool, | ) -> Result<KeyConfig, Error> { | ||||||
| ) -> Result<(), Error> { |  | ||||||
|  |  | ||||||
|     let salt = proxmox::sys::linux::random_data(32)?; |     let salt = proxmox::sys::linux::random_data(32)?; | ||||||
|  |  | ||||||
| @ -135,14 +135,15 @@ pub fn store_key_with_passphrase( | |||||||
|  |  | ||||||
|     let created =  Local.timestamp(Local::now().timestamp(), 0); |     let created =  Local.timestamp(Local::now().timestamp(), 0); | ||||||
|  |  | ||||||
|     store_key_config(path, replace, KeyConfig { |     Ok(KeyConfig { | ||||||
|         kdf: Some(kdf), |         kdf: Some(kdf), | ||||||
|         created, |         created, | ||||||
|  |         modified: created, | ||||||
|         data: enc_data, |         data: enc_data, | ||||||
|     }) |     }) | ||||||
| } | } | ||||||
|  |  | ||||||
| pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<Vec<u8>, Error>) -> Result<[u8;32], Error> { | pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<Vec<u8>, Error>) -> Result<([u8;32], DateTime<Local>), Error> { | ||||||
|  |  | ||||||
|     let raw = crate::tools::file_get_contents(&path)?; |     let raw = crate::tools::file_get_contents(&path)?; | ||||||
|     let data = String::from_utf8(raw)?; |     let data = String::from_utf8(raw)?; | ||||||
| @ -150,6 +151,7 @@ pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result< | |||||||
|     let key_config: KeyConfig = serde_json::from_str(&data)?; |     let key_config: KeyConfig = serde_json::from_str(&data)?; | ||||||
|  |  | ||||||
|     let raw_data = key_config.data; |     let raw_data = key_config.data; | ||||||
|  |     let created = key_config.created; | ||||||
|  |  | ||||||
|     let key = if let Some(kdf) = key_config.kdf { |     let key = if let Some(kdf) = key_config.kdf { | ||||||
|  |  | ||||||
| @ -186,5 +188,5 @@ pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result< | |||||||
|     let mut result = [0u8; 32]; |     let mut result = [0u8; 32]; | ||||||
|     result.copy_from_slice(&key); |     result.copy_from_slice(&key); | ||||||
|  |  | ||||||
|     Ok(result) |     Ok((result, created)) | ||||||
| } | } | ||||||
|  | |||||||
| @ -471,7 +471,7 @@ fn create_backup( | |||||||
|     let crypt_config = match keyfile { |     let crypt_config = match keyfile { | ||||||
|         None => None, |         None => None, | ||||||
|         Some(path) => { |         Some(path) => { | ||||||
|             let key = load_and_decrtypt_key(&path, get_encryption_key_password)?; |             let (key, _) = load_and_decrtypt_key(&path, get_encryption_key_password)?; | ||||||
|             Some(Arc::new(CryptConfig::new(key)?)) |             Some(Arc::new(CryptConfig::new(key)?)) | ||||||
|         } |         } | ||||||
|     }; |     }; | ||||||
| @ -832,7 +832,9 @@ fn key_create( | |||||||
|  |  | ||||||
|         let password = crate::tools::tty::read_password("Encryption Key Password: ")?; |         let password = crate::tools::tty::read_password("Encryption Key Password: ")?; | ||||||
|  |  | ||||||
|         store_key_with_passphrase(&path, &key, &password, false)?; |         let key_config = encrypt_key_with_passphrase(&key, &password)?; | ||||||
|  |          | ||||||
|  |         store_key_config(&path, false, key_config)?; | ||||||
|  |  | ||||||
|         Ok(Value::Null) |         Ok(Value::Null) | ||||||
|     } else if kdf == "none" { |     } else if kdf == "none" { | ||||||
| @ -841,6 +843,7 @@ fn key_create( | |||||||
|         store_key_config(&path, false, KeyConfig { |         store_key_config(&path, false, KeyConfig { | ||||||
|             kdf: None, |             kdf: None, | ||||||
|             created, |             created, | ||||||
|  |             modified: created, | ||||||
|             data: key, |             data: key, | ||||||
|         })?; |         })?; | ||||||
|  |  | ||||||
| @ -867,7 +870,7 @@ fn key_change_passphrase( | |||||||
|         bail!("unable to change passphrase - no tty"); |         bail!("unable to change passphrase - no tty"); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     let key = load_and_decrtypt_key(&path, get_encryption_key_password)?; |     let (key, created) = load_and_decrtypt_key(&path, get_encryption_key_password)?; | ||||||
|  |  | ||||||
|     if kdf == "scrypt" { |     if kdf == "scrypt" { | ||||||
|  |  | ||||||
| @ -882,16 +885,19 @@ fn key_change_passphrase( | |||||||
|             bail!("Password is too short!"); |             bail!("Password is too short!"); | ||||||
|         } |         } | ||||||
|  |  | ||||||
|         store_key_with_passphrase(&path, &key, new_pw.as_bytes(), true)?; |         let mut new_key_config = encrypt_key_with_passphrase(&key, new_pw.as_bytes())?; | ||||||
|  |         new_key_config.created = created; // keep original value | ||||||
|  |  | ||||||
|  |         store_key_config(&path, true, new_key_config)?; | ||||||
|  |  | ||||||
|         Ok(Value::Null) |         Ok(Value::Null) | ||||||
|     } else if kdf == "none" { |     } else if kdf == "none" { | ||||||
|         // fixme: keep original creation time, add modified timestamp ?? |         let modified =  Local.timestamp(Local::now().timestamp(), 0); | ||||||
|         let created =  Local.timestamp(Local::now().timestamp(), 0); |  | ||||||
|  |  | ||||||
|         store_key_config(&path, true, KeyConfig { |         store_key_config(&path, true, KeyConfig { | ||||||
|             kdf: None, |             kdf: None, | ||||||
|             created, |             created, // keep original value | ||||||
|  |             modified, | ||||||
|             data: key.to_vec(), |             data: key.to_vec(), | ||||||
|         })?; |         })?; | ||||||
|  |  | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user