[pbs-devel] [PATCH proxmox{, -backup} 00/12] authentication cleanup and
Stefan Sterz
s.sterz at proxmox.com
Thu Feb 15 16:19:49 CET 2024
this series adds some more functionality to `proxmox-auth-api` and tries
to clean it up a little. the first commit tries to move signing into
the keyring itself, instead of exposing the openssl's `Signer` further.
the second commit replaces our old P-256 ec signatures with Ed25519
which offers similar security but is a bit more modern and tries to
avoid common implementation pitfalls.
the third commit adds hmac signing to the `proxmox-auth-api`'s `Keyring`
which is useful for applications where only one daemon is issueing and
verifying tickets. hmac uses symmetric keys and is much more efficient
than asymetric signature schemes. the downside being that the verifier
and the signer need to be the exact same party, as the verification key
can also be used to issue new signatures.
the fourth commit uses the hmac functionality to sign csrf tokens. here
we previously used a self-rolled potentially insecure method of
generating these tokens. hmac avoids common pitfalls here. the commit
also provides a fallback to avoid compatability issues.
the next three commits move our password hashing scheme to yescrypt,
implement a constant time comparison for password hashes and add a
method to enable us to upgrade existing hashes respectively. the final
commit for `proxmox-auth-api` cleans up some test cases that were
failing for the wrong reasons.
the four commits on the proxmox backup server side do the following:
- use hmac keys when generating new csrf tokens
- upgrade password hashes on log in if they are not using the latest
password hash function already
- add a `proxmox-backup-manager` command to upgrade existing hashes
- use Ed25519 keys when generating new auth keys
the first and the last commit here will require a bump of
`proxmox-auth-api`, while the middle two patches will require a bump to
`proxmox-sys`.
proxmox:
Stefan Sterz (8):
auth-api: move signing into the private key
auth-api: move to Ed25519 signatures
auth-api: add ability to use hmac singing in keyring
auth-api: move to hmac signing for csrf tokens
sys: crypt: move to yescrypt for password hashing
sys: crypt: use constant time comparison for password verification
sys: crypt: add helper to allow upgrading hashes
auth-api: fix types `compilefail` test
proxmox-auth-api/src/api/access.rs | 88 ++++++++--
proxmox-auth-api/src/api/mod.rs | 6 +-
proxmox-auth-api/src/auth_key.rs | 211 +++++++++++++++++-----
proxmox-auth-api/src/lib.rs | 2 +-
proxmox-auth-api/src/ticket.rs | 40 ++---
proxmox-auth-api/src/types.rs | 10 +-
proxmox-sys/Cargo.toml | 3 +-
proxmox-sys/src/crypt.rs | 271 ++++++++++++++++++++++++++++-
8 files changed, 540 insertions(+), 91 deletions(-)
proxmox-backup:
Stefan Sterz (4):
auth: move to hmac keys for csrf tokens
auth: upgrade hashes on user log in
auth/manager: add manager command to upgrade hashes
auth: us ec keys as auth keys
src/auth.rs | 32 +++--
src/auth_helpers.rs | 176 ++++++++++---------------
src/bin/proxmox_backup_manager/user.rs | 34 ++++-
3 files changed, 122 insertions(+), 120 deletions(-)
Summary over all repositories:
11 files changed, 662 insertions(+), 211 deletions(-)
--
Generated by git-murpp 0.5.0
More information about the pbs-devel
mailing list