tape: add --kdf parameter to create key api
This commit is contained in:
Dietmar Maurer
parent
9a045790ed
commit
e5b6c93323
@ -30,6 +30,7 @@ use crate::{
|
|||||||
TapeKeyMetadata,
|
TapeKeyMetadata,
|
||||||
},
|
},
|
||||||
backup::{
|
backup::{
|
||||||
|
Kdf,
|
||||||
Fingerprint,
|
Fingerprint,
|
||||||
},
|
},
|
||||||
tools::format::as_fingerprint,
|
tools::format::as_fingerprint,
|
||||||
@ -71,6 +72,10 @@ pub fn list_keys(
|
|||||||
protected: true,
|
protected: true,
|
||||||
input: {
|
input: {
|
||||||
properties: {
|
properties: {
|
||||||
|
kdf: {
|
||||||
|
type: Kdf,
|
||||||
|
optional: true,
|
||||||
|
},
|
||||||
password: {
|
password: {
|
||||||
description: "A secret password.",
|
description: "A secret password.",
|
||||||
min_length: 5,
|
min_length: 5,
|
||||||
@ -86,12 +91,19 @@ pub fn list_keys(
|
|||||||
)]
|
)]
|
||||||
/// Create a new encryption key
|
/// Create a new encryption key
|
||||||
pub fn create_key(
|
pub fn create_key(
|
||||||
|
kdf: Option<Kdf>,
|
||||||
password: String,
|
password: String,
|
||||||
hint: String,
|
hint: String,
|
||||||
_rpcenv: &mut dyn RpcEnvironment
|
_rpcenv: &mut dyn RpcEnvironment
|
||||||
) -> Result<Fingerprint, Error> {
|
) -> Result<Fingerprint, Error> {
|
||||||
|
|
||||||
let (key, mut key_config) = generate_tape_encryption_key(password.as_bytes())?;
|
let kdf = kdf.unwrap_or_default();
|
||||||
|
|
||||||
|
if let Kdf::None = kdf {
|
||||||
|
bail!("Please specify a key derivation funktion (none is not allowed here).");
|
||||||
|
}
|
||||||
|
|
||||||
|
let (key, mut key_config) = generate_tape_encryption_key(password.as_bytes(), kdf)?;
|
||||||
key_config.hint = Some(hint);
|
key_config.hint = Some(hint);
|
||||||
|
|
||||||
let fingerprint = key_config.fingerprint.clone().unwrap();
|
let fingerprint = key_config.fingerprint.clone().unwrap();
|
||||||
|
|||||||
@ -19,6 +19,7 @@ use proxmox_backup::{
|
|||||||
DRIVE_NAME_SCHEMA,
|
DRIVE_NAME_SCHEMA,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
backup::Kdf,
|
||||||
config::tape_encryption_keys::complete_key_fingerprint,
|
config::tape_encryption_keys::complete_key_fingerprint,
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -83,6 +84,10 @@ async fn restore_key(
|
|||||||
#[api(
|
#[api(
|
||||||
input: {
|
input: {
|
||||||
properties: {
|
properties: {
|
||||||
|
kdf: {
|
||||||
|
type: Kdf,
|
||||||
|
optional: true,
|
||||||
|
},
|
||||||
hint: {
|
hint: {
|
||||||
description: "Password restore hint.",
|
description: "Password restore hint.",
|
||||||
type: String,
|
type: String,
|
||||||
|
|||||||
@ -57,8 +57,8 @@ pub fn compute_tape_key_fingerprint(key: &[u8; 32]) -> Result<Fingerprint, Error
|
|||||||
Ok(crypt_config.fingerprint())
|
Ok(crypt_config.fingerprint())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn generate_tape_encryption_key(password: &[u8]) -> Result<([u8; 32], KeyConfig), Error> {
|
pub fn generate_tape_encryption_key(password: &[u8], kdf: Kdf) -> Result<([u8; 32], KeyConfig), Error> {
|
||||||
let (key, mut key_config) = KeyConfig::new(password, Kdf::Scrypt)?;
|
let (key, mut key_config) = KeyConfig::new(password, kdf)?;
|
||||||
key_config.fingerprint = Some(compute_tape_key_fingerprint(&key)?);
|
key_config.fingerprint = Some(compute_tape_key_fingerprint(&key)?);
|
||||||
Ok((key, key_config))
|
Ok((key, key_config))
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user