use failure::*;
+use std::sync::Arc;
use std::io::Read;
-pub struct ChecksumReader<'a, R> {
+use super::CryptConfig;
+use crate::tools::borrow::Tied;
+
+pub struct ChecksumReader<R> {
reader: R,
hasher: crc32fast::Hasher,
- signer: Option<openssl::sign::Signer<'a>>,
+ signer: Option<Tied<Arc<CryptConfig>, openssl::sign::Signer<'static>>>,
}
-impl <'a, R: Read> ChecksumReader<'a, R> {
+impl <R: Read> ChecksumReader<R> {
- pub fn new(reader: R, signer: Option<openssl::sign::Signer<'a>>) -> Self {
+ pub fn new(reader: R, config: Option<Arc<CryptConfig>>) -> Self {
let hasher = crc32fast::Hasher::new();
+ let signer = match config {
+ Some(config) => {
+ let tied_signer = Tied::new(config, |config| {
+ Box::new(unsafe { (*config).data_signer() })
+ });
+ Some(tied_signer)
+ }
+ None => None,
+ };
+
Self { reader, hasher, signer }
}
}
}
-impl <'a, R: Read> Read for ChecksumReader<'a, R> {
+impl <R: Read> Read for ChecksumReader<R> {
fn read(&mut self, buf: &mut [u8]) -> Result<usize, std::io::Error> {
let count = self.reader.read(buf)?;
-use failure::*;
+use std::sync::Arc;
use std::io::Write;
-pub struct ChecksumWriter<'a, W> {
+use failure::*;
+
+use super::CryptConfig;
+use crate::tools::borrow::Tied;
+
+pub struct ChecksumWriter<W> {
writer: W,
hasher: crc32fast::Hasher,
- signer: Option<openssl::sign::Signer<'a>>,
+ signer: Option<Tied<Arc<CryptConfig>, openssl::sign::Signer<'static>>>,
}
-impl <'a, W: Write> ChecksumWriter<'a, W> {
+impl <W: Write> ChecksumWriter<W> {
- pub fn new(writer: W, signer: Option<openssl::sign::Signer<'a>>) -> Self {
+ pub fn new(writer: W, config: Option<Arc<CryptConfig>>) -> Self {
let hasher = crc32fast::Hasher::new();
+ let signer = match config {
+ Some(config) => {
+ let tied_signer = Tied::new(config.clone(), |config| {
+ Box::new(unsafe { (*config).data_signer() })
+ });
+ Some(tied_signer)
+ }
+ None => None,
+ };
Self { writer, hasher, signer }
}
}
}
-impl <'a, W: Write> Write for ChecksumWriter<'a, W> {
+impl <W: Write> Write for ChecksumWriter<W> {
fn write(&mut self, buf: &[u8]) -> Result<usize, std::io::Error> {
self.hasher.update(buf);
use failure::*;
+use std::sync::Arc;
use std::io::{Read, BufRead};
use super::CryptConfig;
impl <R: BufRead> CryptReader<R> {
- pub fn new(reader: R, iv: [u8; 16], tag: [u8; 16], config: &CryptConfig) -> Result<Self, Error> {
+ pub fn new(reader: R, iv: [u8; 16], tag: [u8; 16], config: Arc<CryptConfig>) -> Result<Self, Error> {
let block_size = config.cipher().block_size(); // Note: block size is normally 1 byte for stream ciphers
if block_size.count_ones() != 1 || block_size > 512 {
bail!("unexpected Cipher block size {}", block_size);
use failure::*;
+use std::sync::Arc;
use std::io::Write;
use super::CryptConfig;
impl <W: Write> CryptWriter<W> {
- pub fn new(writer: W, config: &CryptConfig) -> Result<Self, Error> {
+ pub fn new(writer: W, config: Arc<CryptConfig>) -> Result<Self, Error> {
let mut iv = [0u8; 16];
proxmox::sys::linux::fill_with_random_data(&mut iv)?;
let block_size = config.cipher().block_size();
use failure::*;
use std::convert::TryInto;
+use std::sync::Arc;
use proxmox::tools::io::{ReadExt, WriteExt};
/// Create a DataBlob, optionally compressed and/or encrypted
pub fn encode(
data: &[u8],
- config: Option<&CryptConfig>,
+ config: Option<Arc<CryptConfig>>,
compress: bool,
) -> Result<Self, Error> {
}
/// Decode blob data
- pub fn decode(self, config: Option<&CryptConfig>) -> Result<Vec<u8>, Error> {
+ pub fn decode(self, config: Option<Arc<CryptConfig>>) -> Result<Vec<u8>, Error> {
let magic = self.magic();
/// Create a signed DataBlob, optionally compressed
pub fn create_signed(
data: &[u8],
- config: &CryptConfig,
+ config: Arc<CryptConfig>,
compress: bool,
) -> Result<Self, Error> {
use failure::*;
+use std::sync::Arc;
use std::io::{Read, BufReader};
use proxmox::tools::io::ReadExt;
use super::*;
-enum BlobReaderState<'a, R: Read> {
- Uncompressed { expected_crc: u32, csum_reader: ChecksumReader<'a, R> },
- Compressed { expected_crc: u32, decompr: zstd::stream::read::Decoder<BufReader<ChecksumReader<'a, R>>> },
- Signed { expected_crc: u32, expected_hmac: [u8; 32], csum_reader: ChecksumReader<'a, R> },
- SignedCompressed { expected_crc: u32, expected_hmac: [u8; 32], decompr: zstd::stream::read::Decoder<BufReader<ChecksumReader<'a, R>>> },
- Encrypted { expected_crc: u32, decrypt_reader: CryptReader<BufReader<ChecksumReader<'a, R>>> },
- EncryptedCompressed { expected_crc: u32, decompr: zstd::stream::read::Decoder<BufReader<CryptReader<BufReader<ChecksumReader<'a, R>>>>> },
+enum BlobReaderState<R: Read> {
+ Uncompressed { expected_crc: u32, csum_reader: ChecksumReader<R> },
+ Compressed { expected_crc: u32, decompr: zstd::stream::read::Decoder<BufReader<ChecksumReader<R>>> },
+ Signed { expected_crc: u32, expected_hmac: [u8; 32], csum_reader: ChecksumReader<R> },
+ SignedCompressed { expected_crc: u32, expected_hmac: [u8; 32], decompr: zstd::stream::read::Decoder<BufReader<ChecksumReader<R>>> },
+ Encrypted { expected_crc: u32, decrypt_reader: CryptReader<BufReader<ChecksumReader<R>>> },
+ EncryptedCompressed { expected_crc: u32, decompr: zstd::stream::read::Decoder<BufReader<CryptReader<BufReader<ChecksumReader<R>>>>> },
}
/// Read data blobs
-pub struct DataBlobReader<'a, R: Read> {
- state: BlobReaderState<'a, R>,
+pub struct DataBlobReader<R: Read> {
+ state: BlobReaderState<R>,
}
-impl <'a, R: Read> DataBlobReader<'a, R> {
+impl <R: Read> DataBlobReader<R> {
- pub fn new(mut reader: R, config: Option<&'a CryptConfig>) -> Result<Self, Error> {
+ pub fn new(mut reader: R, config: Option<Arc<CryptConfig>>) -> Result<Self, Error> {
let head: DataBlobHeader = unsafe { reader.read_le_value()? };
match head.magic {
let expected_crc = u32::from_le_bytes(head.crc);
let mut expected_hmac = [0u8; 32];
reader.read_exact(&mut expected_hmac)?;
- let signer = config.map(|c| c.data_signer());
- let csum_reader = ChecksumReader::new(reader, signer);
+ let csum_reader = ChecksumReader::new(reader, config);
Ok(Self { state: BlobReaderState::Signed { expected_crc, expected_hmac, csum_reader }})
}
AUTH_COMPR_BLOB_MAGIC_1_0 => {
let expected_crc = u32::from_le_bytes(head.crc);
let mut expected_hmac = [0u8; 32];
reader.read_exact(&mut expected_hmac)?;
- let signer = config.map(|c| c.data_signer());
- let csum_reader = ChecksumReader::new(reader, signer);
+ let csum_reader = ChecksumReader::new(reader, config);
let decompr = zstd::stream::read::Decoder::new(csum_reader)?;
Ok(Self { state: BlobReaderState::SignedCompressed { expected_crc, expected_hmac, decompr }})
}
}
-impl <'a, R: Read> Read for DataBlobReader<'a, R> {
+impl <R: Read> Read for DataBlobReader<R> {
fn read(&mut self, buf: &mut [u8]) -> Result<usize, std::io::Error> {
match &mut self.state {
use failure::*;
+use std::sync::Arc;
use std::io::{Write, Seek, SeekFrom};
use proxmox::tools::io::WriteExt;
use super::*;
-enum BlobWriterState<'a, W: Write> {
- Uncompressed { csum_writer: ChecksumWriter<'a, W> },
- Compressed { compr: zstd::stream::write::Encoder<ChecksumWriter<'a, W>> },
- Signed { csum_writer: ChecksumWriter<'a, W> },
- SignedCompressed { compr: zstd::stream::write::Encoder<ChecksumWriter<'a, W>> },
- Encrypted { crypt_writer: CryptWriter<ChecksumWriter<'a, W>> },
- EncryptedCompressed { compr: zstd::stream::write::Encoder<CryptWriter<ChecksumWriter<'a, W>>> },
+enum BlobWriterState<W: Write> {
+ Uncompressed { csum_writer: ChecksumWriter<W> },
+ Compressed { compr: zstd::stream::write::Encoder<ChecksumWriter<W>> },
+ Signed { csum_writer: ChecksumWriter<W> },
+ SignedCompressed { compr: zstd::stream::write::Encoder<ChecksumWriter<W>> },
+ Encrypted { crypt_writer: CryptWriter<ChecksumWriter<W>> },
+ EncryptedCompressed { compr: zstd::stream::write::Encoder<CryptWriter<ChecksumWriter<W>>> },
}
/// Data blob writer
-pub struct DataBlobWriter<'a, W: Write> {
- state: BlobWriterState<'a, W>,
+pub struct DataBlobWriter<W: Write> {
+ state: BlobWriterState<W>,
}
-impl <'a, W: Write + Seek> DataBlobWriter<'a, W> {
+impl <W: Write + Seek> DataBlobWriter<W> {
pub fn new_uncompressed(mut writer: W) -> Result<Self, Error> {
writer.seek(SeekFrom::Start(0))?;
Ok(Self { state: BlobWriterState::Compressed { compr }})
}
- pub fn new_signed(mut writer: W, config: &'a CryptConfig) -> Result<Self, Error> {
+ pub fn new_signed(mut writer: W, config: Arc<CryptConfig>) -> Result<Self, Error> {
writer.seek(SeekFrom::Start(0))?;
let head = AuthenticatedDataBlobHeader {
head: DataBlobHeader { magic: AUTHENTICATED_BLOB_MAGIC_1_0, crc: [0; 4] },
unsafe {
writer.write_le_value(head)?;
}
- let signer = config.data_signer();
- let csum_writer = ChecksumWriter::new(writer, Some(signer));
+ let csum_writer = ChecksumWriter::new(writer, Some(config));
Ok(Self { state: BlobWriterState::Signed { csum_writer }})
}
- pub fn new_signed_compressed(mut writer: W, config: &'a CryptConfig) -> Result<Self, Error> {
+ pub fn new_signed_compressed(mut writer: W, config: Arc<CryptConfig>) -> Result<Self, Error> {
writer.seek(SeekFrom::Start(0))?;
let head = AuthenticatedDataBlobHeader {
head: DataBlobHeader { magic: AUTH_COMPR_BLOB_MAGIC_1_0, crc: [0; 4] },
unsafe {
writer.write_le_value(head)?;
}
- let signer = config.data_signer();
- let csum_writer = ChecksumWriter::new(writer, Some(signer));
+ let csum_writer = ChecksumWriter::new(writer, Some(config));
let compr = zstd::stream::write::Encoder::new(csum_writer, 1)?;
Ok(Self { state: BlobWriterState::SignedCompressed { compr }})
}
- pub fn new_encrypted(mut writer: W, config: &'a CryptConfig) -> Result<Self, Error> {
+ pub fn new_encrypted(mut writer: W, config: Arc<CryptConfig>) -> Result<Self, Error> {
writer.seek(SeekFrom::Start(0))?;
let head = EncryptedDataBlobHeader {
head: DataBlobHeader { magic: ENCRYPTED_BLOB_MAGIC_1_0, crc: [0; 4] },
Ok(Self { state: BlobWriterState::Encrypted { crypt_writer }})
}
- pub fn new_encrypted_compressed(mut writer: W, config: &'a CryptConfig) -> Result<Self, Error> {
+ pub fn new_encrypted_compressed(mut writer: W, config: Arc<CryptConfig>) -> Result<Self, Error> {
writer.seek(SeekFrom::Start(0))?;
let head = EncryptedDataBlobHeader {
head: DataBlobHeader { magic: ENCR_COMPR_BLOB_MAGIC_1_0, crc: [0; 4] },
}
}
-impl <'a, W: Write + Seek> Write for DataBlobWriter<'a, W> {
+impl <W: Write + Seek> Write for DataBlobWriter<W> {
fn write(&mut self, buf: &[u8]) -> Result<usize, std::io::Error> {
match self.state {
None => None,
Some(path) => {
let (key, _) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
- Some(CryptConfig::new(key)?)
+ Some(Arc::new(CryptConfig::new(key)?))
}
};
blob_file.seek(SeekFrom::Start(0))?;
- let reader = BufReader::new(DataBlobReader::new(blob_file, crypt_config.as_ref())?);
+ let reader = BufReader::new(DataBlobReader::new(blob_file, crypt_config)?);
let mut catalog_reader = pxar::catalog::SimpleCatalogReader::new(reader);
let blob = DataBlob::from_raw(blob_data)?;
blob.verify_crc()?;
- let raw_data = match crypt_config {
- Some(ref crypt_config) => blob.decode(Some(crypt_config))?,
- None => blob.decode(None)?,
- };
+ let raw_data = blob.decode(crypt_config)?;
if let Some(target) = target {
file_set_contents(target, &raw_data, None)?;
Some(path) => {
let (key, _created) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
let crypt_config = CryptConfig::new(key)?;
- Some(crypt_config)
+ Some(Arc::new(crypt_config))
}
};
let data = file_get_contents(logfile)?;
- let blob = if let Some(ref crypt_config) = crypt_config {
- DataBlob::encode(&data, Some(crypt_config), true)?
- } else {
- DataBlob::encode(&data, None, true)?
- };
+ let blob = DataBlob::encode(&data, crypt_config, true)?;
let raw_data = blob.into_inner();
futures::future::ok(())
.and_then(move |_| {
- let blob = if let Some(ref crypt_config) = crypt_config {
+ let blob = if let Some(crypt_config) = crypt_config {
if sign_only {
DataBlob::create_signed(&data, crypt_config, compress)?
} else {
- DataBlob::encode(&data, Some(crypt_config), compress)?
+ DataBlob::encode(&data, Some(crypt_config.clone()), compress)?
}
} else {
DataBlob::encode(&data, None, compress)?
tokio::io::read_to_end(file, contents)
.map_err(Error::from)
.and_then(move |(_, contents)| {
- let blob = if let Some(ref crypt_config) = crypt_config {
- DataBlob::encode(&contents, Some(crypt_config), compress)?
- } else {
- DataBlob::encode(&contents, None, compress)?
- };
+ let blob = DataBlob::encode(&contents, crypt_config, compress)?;
let raw_data = blob.into_inner();
Ok((raw_data, contents.len() as u64))
})
use failure::*;
+use std::sync::Arc;
use std::io::Cursor;
-use std::io::{ Read, Write, Seek, SeekFrom };
+use std::io::{Read, Write, Seek, SeekFrom };
use lazy_static::lazy_static;
use proxmox_backup::backup::*;
data
};
- static ref CRYPT_CONFIG: CryptConfig = {
+ static ref CRYPT_CONFIG: Arc<CryptConfig> = {
let key = [1u8; 32];
- CryptConfig::new(key).unwrap()
+ Arc::new(CryptConfig::new(key).unwrap())
};
}
println!("Starting DataBlobReader test (size = {})", size);
cursor.seek(SeekFrom::Start(0))?;
- let mut reader = DataBlobReader::new(&mut cursor, Some(&CRYPT_CONFIG))?;
+ let mut reader = DataBlobReader::new(&mut cursor, Some(CRYPT_CONFIG.clone()))?;
let mut buffer = Vec::<u8>::new();
// read the whole file
//reader.read_to_end(&mut buffer)?;
let blob = DataBlob::from_raw(raw_data)?;
blob.verify_crc()?;
- let data = blob.decode(Some(&CRYPT_CONFIG))?;
+ let data = blob.decode(Some(CRYPT_CONFIG.clone()))?;
if data != *TEST_DATA {
bail!("blob data is wrong (decode)");
}
#[test]
fn test_signed_blob_writer() -> Result<(), Error> {
let tmp = Cursor::new(Vec::<u8>::new());
- let mut blob_writer = DataBlobWriter::new_signed(tmp, &CRYPT_CONFIG)?;
+ let mut blob_writer = DataBlobWriter::new_signed(tmp, CRYPT_CONFIG.clone())?;
blob_writer.write_all(&TEST_DATA)?;
verify_test_blob(blob_writer.finish()?)
#[test]
fn test_signed_compressed_blob_writer() -> Result<(), Error> {
let tmp = Cursor::new(Vec::<u8>::new());
- let mut blob_writer = DataBlobWriter::new_signed_compressed(tmp, &CRYPT_CONFIG)?;
+ let mut blob_writer = DataBlobWriter::new_signed_compressed(tmp, CRYPT_CONFIG.clone())?;
blob_writer.write_all(&TEST_DATA)?;
verify_test_blob(blob_writer.finish()?)
#[test]
fn test_encrypted_blob_writer() -> Result<(), Error> {
let tmp = Cursor::new(Vec::<u8>::new());
- let mut blob_writer = DataBlobWriter::new_encrypted(tmp, &CRYPT_CONFIG)?;
+ let mut blob_writer = DataBlobWriter::new_encrypted(tmp, CRYPT_CONFIG.clone())?;
blob_writer.write_all(&TEST_DATA)?;
verify_test_blob(blob_writer.finish()?)
#[test]
fn test_encrypted_compressed_blob_writer() -> Result<(), Error> {
let tmp = Cursor::new(Vec::<u8>::new());
- let mut blob_writer = DataBlobWriter::new_encrypted_compressed(tmp, &CRYPT_CONFIG)?;
+ let mut blob_writer = DataBlobWriter::new_encrypted_compressed(tmp, CRYPT_CONFIG.clone())?;
blob_writer.write_all(&TEST_DATA)?;
verify_test_blob(blob_writer.finish()?)
projects / proxmox-backup.git / commitdiff