KeyConfig: bail on wrong fingerprint

instead of just logging the error. this should never happen in practice
unless someone is messing with the keyfile, in which case, it's better
to abort.

update tests accordingly (wrong fingerprint should fail, no fingerprint
should get the expected one).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2020-12-17 10:53:21 +01:00
parent 9c953dd260
commit c01742855a
1 changed files with 28 additions and 8 deletions

View File

@ -239,7 +239,7 @@ pub fn decrypt_key(
let fingerprint = crypt_config.fingerprint(); let fingerprint = crypt_config.fingerprint();
if let Some(stored_fingerprint) = key_config.fingerprint { if let Some(stored_fingerprint) = key_config.fingerprint {
if fingerprint != stored_fingerprint { if fingerprint != stored_fingerprint {
eprintln!( bail!(
"KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}", "KeyConfig contains wrong fingerprint {}, contained key has fingerprint {}",
stored_fingerprint, fingerprint stored_fingerprint, fingerprint
); );
@ -316,6 +316,11 @@ fn encrypt_decrypt_test() -> Result<(), Error> {
assert_eq!(key.data, decrypted); assert_eq!(key.data, decrypted);
assert_eq!(key.fingerprint, Some(fingerprint)); assert_eq!(key.fingerprint, Some(fingerprint));
Ok(())
}
#[test]
fn fingerprint_checks() -> Result<(), Error> {
let key = KeyConfig { let key = KeyConfig {
kdf: None, kdf: None,
created: proxmox::tools::time::epoch_i64(), created: proxmox::tools::time::epoch_i64(),
@ -323,15 +328,30 @@ fn encrypt_decrypt_test() -> Result<(), Error> {
data: (0u8..32u8).collect(), data: (0u8..32u8).collect(),
fingerprint: Some(Fingerprint::new([0u8; 32])), // wrong FP fingerprint: Some(Fingerprint::new([0u8; 32])), // wrong FP
}; };
let encrypted = rsa_encrypt_key_config(public.clone(), &key).expect("encryption failed");
let (decrypted, created, fingerprint) =
rsa_decrypt_key_config(private.clone(), &encrypted, &passphrase)
.expect("decryption failed");
let expected_fingerprint = Fingerprint::new([
14, 171, 212, 70, 11, 110, 185, 202, 52, 80, 35, 222, 226, 183, 120, 199, 144, 229, 74,
22, 131, 185, 101, 156, 10, 87, 174, 25, 144, 144, 21, 155,
]);
let mut data = serde_json::to_vec(&key).expect("encoding KeyConfig failed");
decrypt_key(&mut data, &{ || { Ok(Vec::new()) }}).expect_err("decoding KeyConfig with wrong fingerprint worked");
let key = KeyConfig {
kdf: None,
created: proxmox::tools::time::epoch_i64(),
modified: proxmox::tools::time::epoch_i64(),
data: (0u8..32u8).collect(),
fingerprint: None,
};
let mut data = serde_json::to_vec(&key).expect("encoding KeyConfig failed");
let (key_data, created, fingerprint) = decrypt_key(&mut data, &{ || { Ok(Vec::new()) }}).expect("decoding KeyConfig without fingerprint failed");
assert_eq!(key.data, key_data);
assert_eq!(key.created, created); assert_eq!(key.created, created);
assert_eq!(key.data, decrypted); assert_eq!(expected_fingerprint, fingerprint);
// wrong FP update by round-trip through encrypt/decrypt
assert_ne!(key.fingerprint, Some(fingerprint));
Ok(()) Ok(())
} }