]> git.proxmox.com Git - proxmox-backup.git/blob - src/backup/manifest.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
avoid chrono dependency, depend on proxmox 0.3.8
[proxmox-backup.git] / src / backup / manifest.rs
1 use anyhow::{bail, format_err, Error};
2 use std::convert::TryFrom;
3 use std::path::Path;
4
5 use serde_json::{json, Value};
6 use ::serde::{Deserialize, Serialize};
7
8 use crate::backup::{BackupDir, CryptMode, CryptConfig};
9
10 pub const MANIFEST_BLOB_NAME: &str = "index.json.blob";
11 pub const CLIENT_LOG_BLOB_NAME: &str = "client.log.blob";
12
13 mod hex_csum {
14 use serde::{self, Deserialize, Serializer, Deserializer};
15
16 pub fn serialize<S>(
17 csum: &[u8; 32],
18 serializer: S,
19 ) -> Result<S::Ok, S::Error>
20 where
21 S: Serializer,
22 {
23 let s = proxmox::tools::digest_to_hex(csum);
24 serializer.serialize_str(&s)
25 }
26
27 pub fn deserialize<'de, D>(
28 deserializer: D,
29 ) -> Result<[u8; 32], D::Error>
30 where
31 D: Deserializer<'de>,
32 {
33 let s = String::deserialize(deserializer)?;
34 proxmox::tools::hex_to_digest(&s).map_err(serde::de::Error::custom)
35 }
36 }
37
38 fn crypt_mode_none() -> CryptMode { CryptMode::None }
39 fn empty_value() -> Value { json!({}) }
40
41 #[derive(Serialize, Deserialize)]
42 #[serde(rename_all="kebab-case")]
43 pub struct FileInfo {
44 pub filename: String,
45 #[serde(default="crypt_mode_none")] // to be compatible with < 0.8.0 backups
46 pub crypt_mode: CryptMode,
47 pub size: u64,
48 #[serde(with = "hex_csum")]
49 pub csum: [u8; 32],
50 }
51
52 impl FileInfo {
53
54 /// Return expected CryptMode of referenced chunks
55 ///
56 /// Encrypted Indices should only reference encrypted chunks, while signed or plain indices
57 /// should only reference plain chunks.
58 pub fn chunk_crypt_mode (&self) -> CryptMode {
59 match self.crypt_mode {
60 CryptMode::Encrypt => CryptMode::Encrypt,
61 CryptMode::SignOnly | CryptMode::None => CryptMode::None,
62 }
63 }
64 }
65
66 #[derive(Serialize, Deserialize)]
67 #[serde(rename_all="kebab-case")]
68 pub struct BackupManifest {
69 backup_type: String,
70 backup_id: String,
71 backup_time: i64,
72 files: Vec<FileInfo>,
73 #[serde(default="empty_value")] // to be compatible with < 0.8.0 backups
74 pub unprotected: Value,
75 pub signature: Option<String>,
76 }
77
78 #[derive(PartialEq)]
79 pub enum ArchiveType {
80 FixedIndex,
81 DynamicIndex,
82 Blob,
83 }
84
85 pub fn archive_type<P: AsRef<Path>>(
86 archive_name: P,
87 ) -> Result<ArchiveType, Error> {
88
89 let archive_name = archive_name.as_ref();
90 let archive_type = match archive_name.extension().and_then(|ext| ext.to_str()) {
91 Some("didx") => ArchiveType::DynamicIndex,
92 Some("fidx") => ArchiveType::FixedIndex,
93 Some("blob") => ArchiveType::Blob,
94 _ => bail!("unknown archive type: {:?}", archive_name),
95 };
96 Ok(archive_type)
97 }
98
99
100 impl BackupManifest {
101
102 pub fn new(snapshot: BackupDir) -> Self {
103 Self {
104 backup_type: snapshot.group().backup_type().into(),
105 backup_id: snapshot.group().backup_id().into(),
106 backup_time: snapshot.backup_time(),
107 files: Vec::new(),
108 unprotected: json!({}),
109 signature: None,
110 }
111 }
112
113 pub fn add_file(&mut self, filename: String, size: u64, csum: [u8; 32], crypt_mode: CryptMode) -> Result<(), Error> {
114 let _archive_type = archive_type(&filename)?; // check type
115 self.files.push(FileInfo { filename, size, csum, crypt_mode });
116 Ok(())
117 }
118
119 pub fn files(&self) -> &[FileInfo] {
120 &self.files[..]
121 }
122
123 pub fn lookup_file_info(&self, name: &str) -> Result<&FileInfo, Error> {
124
125 let info = self.files.iter().find(|item| item.filename == name);
126
127 match info {
128 None => bail!("manifest does not contain file '{}'", name),
129 Some(info) => Ok(info),
130 }
131 }
132
133 pub fn verify_file(&self, name: &str, csum: &[u8; 32], size: u64) -> Result<(), Error> {
134
135 let info = self.lookup_file_info(name)?;
136
137 if size != info.size {
138 bail!("wrong size for file '{}' ({} != {})", name, info.size, size);
139 }
140
141 if csum != &info.csum {
142 bail!("wrong checksum for file '{}'", name);
143 }
144
145 Ok(())
146 }
147
148 // Generate canonical json
149 fn to_canonical_json(value: &Value) -> Result<Vec<u8>, Error> {
150 let mut data = Vec::new();
151 Self::write_canonical_json(value, &mut data)?;
152 Ok(data)
153 }
154
155 fn write_canonical_json(value: &Value, output: &mut Vec<u8>) -> Result<(), Error> {
156 match value {
157 Value::Null => bail!("got unexpected null value"),
158 Value::String(_) | Value::Number(_) | Value::Bool(_) => {
159 serde_json::to_writer(output, &value)?;
160 }
161 Value::Array(list) => {
162 output.push(b'[');
163 let mut iter = list.iter();
164 if let Some(item) = iter.next() {
165 Self::write_canonical_json(item, output)?;
166 for item in iter {
167 output.push(b',');
168 Self::write_canonical_json(item, output)?;
169 }
170 }
171 output.push(b']');
172 }
173 Value::Object(map) => {
174 output.push(b'{');
175 let mut keys: Vec<&str> = map.keys().map(String::as_str).collect();
176 keys.sort();
177 let mut iter = keys.into_iter();
178 if let Some(key) = iter.next() {
179 serde_json::to_writer(&mut *output, &key)?;
180 output.push(b':');
181 Self::write_canonical_json(&map[key], output)?;
182 for key in iter {
183 output.push(b',');
184 serde_json::to_writer(&mut *output, &key)?;
185 output.push(b':');
186 Self::write_canonical_json(&map[key], output)?;
187 }
188 }
189 output.push(b'}');
190 }
191 }
192 Ok(())
193 }
194
195 /// Compute manifest signature
196 ///
197 /// By generating a HMAC SHA256 over the canonical json
198 /// representation, The 'unpreotected' property is excluded.
199 pub fn signature(&self, crypt_config: &CryptConfig) -> Result<[u8; 32], Error> {
200 Self::json_signature(&serde_json::to_value(&self)?, crypt_config)
201 }
202
203 fn json_signature(data: &Value, crypt_config: &CryptConfig) -> Result<[u8; 32], Error> {
204
205 let mut signed_data = data.clone();
206
207 signed_data.as_object_mut().unwrap().remove("unprotected"); // exclude
208 signed_data.as_object_mut().unwrap().remove("signature"); // exclude
209
210 let canonical = Self::to_canonical_json(&signed_data)?;
211
212 let sig = crypt_config.compute_auth_tag(&canonical);
213
214 Ok(sig)
215 }
216
217 /// Converts the Manifest into json string, and add a signature if there is a crypt_config.
218 pub fn to_string(&self, crypt_config: Option<&CryptConfig>) -> Result<String, Error> {
219
220 let mut manifest = serde_json::to_value(&self)?;
221
222 if let Some(crypt_config) = crypt_config {
223 let sig = self.signature(crypt_config)?;
224 manifest["signature"] = proxmox::tools::digest_to_hex(&sig).into();
225 }
226
227 let manifest = serde_json::to_string_pretty(&manifest).unwrap().into();
228 Ok(manifest)
229 }
230
231 /// Try to read the manifest. This verifies the signature if there is a crypt_config.
232 pub fn from_data(data: &[u8], crypt_config: Option<&CryptConfig>) -> Result<BackupManifest, Error> {
233 let json: Value = serde_json::from_slice(data)?;
234 let signature = json["signature"].as_str().map(String::from);
235
236 if let Some(ref crypt_config) = crypt_config {
237 if let Some(signature) = signature {
238 let expected_signature = proxmox::tools::digest_to_hex(&Self::json_signature(&json, crypt_config)?);
239 if signature != expected_signature {
240 bail!("wrong signature in manifest");
241 }
242 } else {
243 // not signed: warn/fail?
244 }
245 }
246
247 let manifest: BackupManifest = serde_json::from_value(json)?;
248 Ok(manifest)
249 }
250 }
251
252
253 impl TryFrom<super::DataBlob> for BackupManifest {
254 type Error = Error;
255
256 fn try_from(blob: super::DataBlob) -> Result<Self, Error> {
257 // no expected digest available
258 let data = blob.decode(None, None)
259 .map_err(|err| format_err!("decode backup manifest blob failed - {}", err))?;
260 let json: Value = serde_json::from_slice(&data[..])
261 .map_err(|err| format_err!("unable to parse backup manifest json - {}", err))?;
262 let manifest: BackupManifest = serde_json::from_value(json)?;
263 Ok(manifest)
264 }
265 }
266
267
268 #[test]
269 fn test_manifest_signature() -> Result<(), Error> {
270
271 use crate::backup::{KeyDerivationConfig};
272
273 let pw = b"test";
274
275 let kdf = KeyDerivationConfig::Scrypt {
276 n: 65536,
277 r: 8,
278 p: 1,
279 salt: Vec::new(),
280 };
281
282 let testkey = kdf.derive_key(pw)?;
283
284 let crypt_config = CryptConfig::new(testkey)?;
285
286 let snapshot: BackupDir = "host/elsa/2020-06-26T13:56:05Z".parse()?;
287
288 let mut manifest = BackupManifest::new(snapshot);
289
290 manifest.add_file("test1.img.fidx".into(), 200, [1u8; 32], CryptMode::Encrypt)?;
291 manifest.add_file("abc.blob".into(), 200, [2u8; 32], CryptMode::None)?;
292
293 manifest.unprotected["note"] = "This is not protected by the signature.".into();
294
295 let text = manifest.to_string(Some(&crypt_config))?;
296
297 let manifest: Value = serde_json::from_str(&text)?;
298 let signature = manifest["signature"].as_str().unwrap().to_string();
299
300 assert_eq!(signature, "d7b446fb7db081662081d4b40fedd858a1d6307a5aff4ecff7d5bf4fd35679e9");
301
302 let manifest: BackupManifest = serde_json::from_value(manifest)?;
303 let expected_signature = proxmox::tools::digest_to_hex(&manifest.signature(&crypt_config)?);
304
305 assert_eq!(signature, expected_signature);
306
307 Ok(())
308 }
Proxmox Backup Server and Client