src/backup/key_derivation.rs: add modified field to key file

This commit is contained in:
Dietmar Maurer 2019-06-20 07:58:33 +02:00
parent 6d0983dbe1
commit ab44acff57
2 changed files with 22 additions and 14 deletions

View File

@ -60,6 +60,8 @@ pub struct KeyConfig {
pub kdf: Option<KeyDerivationConfig>, pub kdf: Option<KeyDerivationConfig>,
#[serde(with = "proxmox::tools::serde::date_time_as_rfc3339")] #[serde(with = "proxmox::tools::serde::date_time_as_rfc3339")]
pub created: DateTime<Local>, pub created: DateTime<Local>,
#[serde(with = "proxmox::tools::serde::date_time_as_rfc3339")]
pub modified: DateTime<Local>,
#[serde(with = "proxmox::tools::serde::bytes_as_base64")] #[serde(with = "proxmox::tools::serde::bytes_as_base64")]
pub data: Vec<u8>, pub data: Vec<u8>,
} }
@ -96,12 +98,10 @@ pub fn store_key_config(
Ok(()) Ok(())
} }
pub fn store_key_with_passphrase( pub fn encrypt_key_with_passphrase(
path: &std::path::Path,
raw_key: &[u8], raw_key: &[u8],
passphrase: &[u8], passphrase: &[u8],
replace: bool, ) -> Result<KeyConfig, Error> {
) -> Result<(), Error> {
let salt = proxmox::sys::linux::random_data(32)?; let salt = proxmox::sys::linux::random_data(32)?;
@ -135,14 +135,15 @@ pub fn store_key_with_passphrase(
let created = Local.timestamp(Local::now().timestamp(), 0); let created = Local.timestamp(Local::now().timestamp(), 0);
store_key_config(path, replace, KeyConfig { Ok(KeyConfig {
kdf: Some(kdf), kdf: Some(kdf),
created, created,
modified: created,
data: enc_data, data: enc_data,
}) })
} }
pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<Vec<u8>, Error>) -> Result<[u8;32], Error> { pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<Vec<u8>, Error>) -> Result<([u8;32], DateTime<Local>), Error> {
let raw = crate::tools::file_get_contents(&path)?; let raw = crate::tools::file_get_contents(&path)?;
let data = String::from_utf8(raw)?; let data = String::from_utf8(raw)?;
@ -150,6 +151,7 @@ pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<
let key_config: KeyConfig = serde_json::from_str(&data)?; let key_config: KeyConfig = serde_json::from_str(&data)?;
let raw_data = key_config.data; let raw_data = key_config.data;
let created = key_config.created;
let key = if let Some(kdf) = key_config.kdf { let key = if let Some(kdf) = key_config.kdf {
@ -186,5 +188,5 @@ pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<
let mut result = [0u8; 32]; let mut result = [0u8; 32];
result.copy_from_slice(&key); result.copy_from_slice(&key);
Ok(result) Ok((result, created))
} }

View File

@ -471,7 +471,7 @@ fn create_backup(
let crypt_config = match keyfile { let crypt_config = match keyfile {
None => None, None => None,
Some(path) => { Some(path) => {
let key = load_and_decrtypt_key(&path, get_encryption_key_password)?; let (key, _) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
Some(Arc::new(CryptConfig::new(key)?)) Some(Arc::new(CryptConfig::new(key)?))
} }
}; };
@ -832,7 +832,9 @@ fn key_create(
let password = crate::tools::tty::read_password("Encryption Key Password: ")?; let password = crate::tools::tty::read_password("Encryption Key Password: ")?;
store_key_with_passphrase(&path, &key, &password, false)?; let key_config = encrypt_key_with_passphrase(&key, &password)?;
store_key_config(&path, false, key_config)?;
Ok(Value::Null) Ok(Value::Null)
} else if kdf == "none" { } else if kdf == "none" {
@ -841,6 +843,7 @@ fn key_create(
store_key_config(&path, false, KeyConfig { store_key_config(&path, false, KeyConfig {
kdf: None, kdf: None,
created, created,
modified: created,
data: key, data: key,
})?; })?;
@ -867,7 +870,7 @@ fn key_change_passphrase(
bail!("unable to change passphrase - no tty"); bail!("unable to change passphrase - no tty");
} }
let key = load_and_decrtypt_key(&path, get_encryption_key_password)?; let (key, created) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
if kdf == "scrypt" { if kdf == "scrypt" {
@ -882,16 +885,19 @@ fn key_change_passphrase(
bail!("Password is too short!"); bail!("Password is too short!");
} }
store_key_with_passphrase(&path, &key, new_pw.as_bytes(), true)?; let mut new_key_config = encrypt_key_with_passphrase(&key, new_pw.as_bytes())?;
new_key_config.created = created; // keep original value
store_key_config(&path, true, new_key_config)?;
Ok(Value::Null) Ok(Value::Null)
} else if kdf == "none" { } else if kdf == "none" {
// fixme: keep original creation time, add modified timestamp ?? let modified = Local.timestamp(Local::now().timestamp(), 0);
let created = Local.timestamp(Local::now().timestamp(), 0);
store_key_config(&path, true, KeyConfig { store_key_config(&path, true, KeyConfig {
kdf: None, kdf: None,
created, created, // keep original value
modified,
data: key.to_vec(), data: key.to_vec(),
})?; })?;