From e9a385a78e2e346eaf70eaedad128912d2c6c2be Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 12 Aug 2019 17:47:25 +0200 Subject: [PATCH] src/backup/data_blob.rs - DataBlobReader: impl compressed, signed blobs --- src/backup/data_blob.rs | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/backup/data_blob.rs b/src/backup/data_blob.rs index 166b669a..af41b841 100644 --- a/src/backup/data_blob.rs +++ b/src/backup/data_blob.rs @@ -696,6 +696,7 @@ enum BlobReaderState<'a, R: Read> { Uncompressed { expected_crc: u32, csum_reader: ChecksumReader<'a, R> }, Compressed { expected_crc: u32, decompr: zstd::stream::read::Decoder>> }, Signed { expected_crc: u32, expected_hmac: [u8; 32], csum_reader: ChecksumReader<'a, R> }, + SignedCompressed { expected_crc: u32, expected_hmac: [u8; 32], decompr: zstd::stream::read::Decoder>> }, } /// Read data blobs @@ -729,6 +730,16 @@ impl <'a, R: Read> DataBlobReader<'a, R> { let csum_reader = ChecksumReader::new(reader, signer); Ok(Self { state: BlobReaderState::Signed { expected_crc, expected_hmac, csum_reader }}) } + AUTH_COMPR_BLOB_MAGIC_1_0 => { + let expected_crc = u32::from_le_bytes(head.crc); + let mut expected_hmac = [0u8; 32]; + reader.read_exact(&mut expected_hmac)?; + let signer = config.map(|c| c.data_signer()); + let csum_reader = ChecksumReader::new(reader, signer); + + let decompr = zstd::stream::read::Decoder::new(csum_reader)?; + Ok(Self { state: BlobReaderState::SignedCompressed { expected_crc, expected_hmac, decompr }}) + } _ => bail!("got wrong magic number {:?}", head.magic) } } @@ -762,6 +773,19 @@ impl <'a, R: Read> DataBlobReader<'a, R> { } Ok(reader) } + BlobReaderState::SignedCompressed { expected_crc, expected_hmac, decompr } => { + let csum_reader = decompr.finish().into_inner(); + let (reader, crc, hmac) = csum_reader.finish()?; + if crc != expected_crc { + bail!("blob crc check failed"); + } + if let Some(hmac) = hmac { + if hmac != expected_hmac { + bail!("blob signature check failed"); + } + } + Ok(reader) + } } } } @@ -779,6 +803,9 @@ impl <'a, R: BufRead> Read for DataBlobReader<'a, R> { BlobReaderState::Signed { csum_reader, .. } => { csum_reader.read(buf) } + BlobReaderState::SignedCompressed { decompr, .. } => { + decompr.read(buf) + } } } }