1 use std
::convert
::TryFrom
;
4 use anyhow
::{bail, format_err, Error}
;
6 use serde
::{Deserialize, Serialize}
;
7 use serde_json
::{json, Value}
;
9 use pbs_api_types
::{BackupType, CryptMode, Fingerprint}
;
10 use pbs_tools
::crypt_config
::CryptConfig
;
12 pub const MANIFEST_BLOB_NAME
: &str = "index.json.blob";
13 pub const MANIFEST_LOCK_NAME
: &str = ".index.json.lck";
14 pub const CLIENT_LOG_BLOB_NAME
: &str = "client.log.blob";
15 pub const ENCRYPTED_KEY_BLOB_NAME
: &str = "rsa-encrypted.key.blob";
17 fn crypt_mode_none() -> CryptMode
{
20 fn empty_value() -> Value
{
24 #[derive(Serialize, Deserialize)]
25 #[serde(rename_all = "kebab-case")]
28 #[serde(default = "crypt_mode_none")] // to be compatible with < 0.8.0 backups
29 pub crypt_mode
: CryptMode
,
31 #[serde(with = "hex::serde")]
36 /// Return expected CryptMode of referenced chunks
38 /// Encrypted Indices should only reference encrypted chunks, while signed or plain indices
39 /// should only reference plain chunks.
40 pub fn chunk_crypt_mode(&self) -> CryptMode
{
41 match self.crypt_mode
{
42 CryptMode
::Encrypt
=> CryptMode
::Encrypt
,
43 CryptMode
::SignOnly
| CryptMode
::None
=> CryptMode
::None
,
48 #[derive(Serialize, Deserialize)]
49 #[serde(rename_all = "kebab-case")]
50 pub struct BackupManifest
{
51 backup_type
: BackupType
,
55 #[serde(default = "empty_value")] // to be compatible with < 0.8.0 backups
56 pub unprotected
: Value
,
57 pub signature
: Option
<String
>,
61 pub enum ArchiveType
{
68 pub fn from_path(archive_name
: impl AsRef
<Path
>) -> Result
<Self, Error
> {
69 let archive_name
= archive_name
.as_ref();
70 let archive_type
= match archive_name
.extension().and_then(|ext
| ext
.to_str()) {
71 Some("didx") => ArchiveType
::DynamicIndex
,
72 Some("fidx") => ArchiveType
::FixedIndex
,
73 Some("blob") => ArchiveType
::Blob
,
74 _
=> bail
!("unknown archive type: {:?}", archive_name
),
80 //#[deprecated(note = "use ArchivType::from_path instead")] later...
81 pub fn archive_type
<P
: AsRef
<Path
>>(archive_name
: P
) -> Result
<ArchiveType
, Error
> {
82 ArchiveType
::from_path(archive_name
)
86 pub fn new(snapshot
: pbs_api_types
::BackupDir
) -> Self {
88 backup_type
: snapshot
.group
.ty
,
89 backup_id
: snapshot
.group
.id
,
90 backup_time
: snapshot
.time
,
92 unprotected
: json
!({}
),
102 crypt_mode
: CryptMode
,
103 ) -> Result
<(), Error
> {
104 let _archive_type
= ArchiveType
::from_path(&filename
)?
; // check type
105 self.files
.push(FileInfo
{
114 pub fn files(&self) -> &[FileInfo
] {
118 pub fn lookup_file_info(&self, name
: &str) -> Result
<&FileInfo
, Error
> {
119 let info
= self.files
.iter().find(|item
| item
.filename
== name
);
122 None
=> bail
!("manifest does not contain file '{}'", name
),
123 Some(info
) => Ok(info
),
127 pub fn verify_file(&self, name
: &str, csum
: &[u8; 32], size
: u64) -> Result
<(), Error
> {
128 let info
= self.lookup_file_info(name
)?
;
130 if size
!= info
.size
{
131 bail
!("wrong size for file '{}' ({} != {})", name
, info
.size
, size
);
134 if csum
!= &info
.csum
{
135 bail
!("wrong checksum for file '{}'", name
);
141 // Generate canonical json
142 fn to_canonical_json(value
: &Value
) -> Result
<Vec
<u8>, Error
> {
143 proxmox_serde
::json
::to_canonical_json(value
)
146 /// Compute manifest signature
148 /// By generating a HMAC SHA256 over the canonical json
149 /// representation, The 'unpreotected' property is excluded.
150 pub fn signature(&self, crypt_config
: &CryptConfig
) -> Result
<[u8; 32], Error
> {
151 Self::json_signature(&serde_json
::to_value(&self)?
, crypt_config
)
154 fn json_signature(data
: &Value
, crypt_config
: &CryptConfig
) -> Result
<[u8; 32], Error
> {
155 let mut signed_data
= data
.clone();
157 signed_data
.as_object_mut().unwrap().remove("unprotected"); // exclude
158 signed_data
.as_object_mut().unwrap().remove("signature"); // exclude
160 let canonical
= Self::to_canonical_json(&signed_data
)?
;
162 let sig
= crypt_config
.compute_auth_tag(&canonical
);
167 /// Converts the Manifest into json string, and add a signature if there is a crypt_config.
168 pub fn to_string(&self, crypt_config
: Option
<&CryptConfig
>) -> Result
<String
, Error
> {
169 let mut manifest
= serde_json
::to_value(&self)?
;
171 if let Some(crypt_config
) = crypt_config
{
172 let sig
= self.signature(crypt_config
)?
;
173 manifest
["signature"] = hex
::encode(&sig
).into();
174 let fingerprint
= &Fingerprint
::new(crypt_config
.fingerprint());
175 manifest
["unprotected"]["key-fingerprint"] = serde_json
::to_value(fingerprint
)?
;
178 let manifest
= serde_json
::to_string_pretty(&manifest
).unwrap();
182 pub fn fingerprint(&self) -> Result
<Option
<Fingerprint
>, Error
> {
183 match &self.unprotected
["key-fingerprint"] {
184 Value
::Null
=> Ok(None
),
185 value
=> Ok(Some(Deserialize
::deserialize(value
)?
)),
189 /// Checks if a BackupManifest and a CryptConfig share a valid fingerprint combination.
191 /// An unsigned manifest is valid with any or no CryptConfig.
192 /// A signed manifest is only valid with a matching CryptConfig.
193 pub fn check_fingerprint(&self, crypt_config
: Option
<&CryptConfig
>) -> Result
<(), Error
> {
194 if let Some(fingerprint
) = self.fingerprint()?
{
197 "missing key - manifest was created with key {}",
200 Some(crypt_config
) => {
201 let config_fp
= Fingerprint
::new(crypt_config
.fingerprint());
202 if config_fp
!= fingerprint
{
204 "wrong key - manifest's key {} does not match provided key {}",
216 /// Try to read the manifest. This verifies the signature if there is a crypt_config.
219 crypt_config
: Option
<&CryptConfig
>,
220 ) -> Result
<BackupManifest
, Error
> {
221 let json
: Value
= serde_json
::from_slice(data
)?
;
222 let signature
= json
["signature"].as_str().map(String
::from
);
224 if let Some(crypt_config
) = crypt_config
{
225 if let Some(signature
) = signature
{
226 let expected_signature
= hex
::encode(&Self::json_signature(&json
, crypt_config
)?
);
228 let fingerprint
= &json
["unprotected"]["key-fingerprint"];
229 if fingerprint
!= &Value
::Null
{
230 let fingerprint
= Fingerprint
::deserialize(fingerprint
)?
;
231 let config_fp
= Fingerprint
::new(crypt_config
.fingerprint());
232 if config_fp
!= fingerprint
{
234 "wrong key - unable to verify signature since manifest's key {} does not match provided key {}",
240 if signature
!= expected_signature
{
241 bail
!("wrong signature in manifest");
244 // not signed: warn/fail?
248 let manifest
: BackupManifest
= serde_json
::from_value(json
)?
;
253 impl TryFrom
<super::DataBlob
> for BackupManifest
{
256 fn try_from(blob
: super::DataBlob
) -> Result
<Self, Error
> {
257 // no expected digest available
260 .map_err(|err
| format_err
!("decode backup manifest blob failed - {}", err
))?
;
261 let json
: Value
= serde_json
::from_slice(&data
[..])
262 .map_err(|err
| format_err
!("unable to parse backup manifest json - {}", err
))?
;
263 let manifest
: BackupManifest
= serde_json
::from_value(json
)?
;
269 fn test_manifest_signature() -> Result
<(), Error
> {
270 use pbs_config
::key_config
::KeyDerivationConfig
;
274 let kdf
= KeyDerivationConfig
::Scrypt
{
281 let testkey
= kdf
.derive_key(pw
)?
;
283 let crypt_config
= CryptConfig
::new(testkey
)?
;
285 let mut manifest
= BackupManifest
::new("host/elsa/2020-06-26T13:56:05Z".parse()?
);
287 manifest
.add_file("test1.img.fidx".into(), 200, [1u8; 32], CryptMode
::Encrypt
)?
;
288 manifest
.add_file("abc.blob".into(), 200, [2u8; 32], CryptMode
::None
)?
;
290 manifest
.unprotected
["note"] = "This is not protected by the signature.".into();
292 let text
= manifest
.to_string(Some(&crypt_config
))?
;
294 let manifest
: Value
= serde_json
::from_str(&text
)?
;
295 let signature
= manifest
["signature"].as_str().unwrap().to_string();
299 "d7b446fb7db081662081d4b40fedd858a1d6307a5aff4ecff7d5bf4fd35679e9"
302 let manifest
: BackupManifest
= serde_json
::from_value(manifest
)?
;
303 let expected_signature
= hex
::encode(&manifest
.signature(&crypt_config
)?
);
305 assert_eq
!(signature
, expected_signature
);