[pve-devel] [PATCH proxmox-backup-qemu 2/2] invalidate bitmap when crypto key changes

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Oct 21 13:49:51 CEST 2020


by computing and remembering the ID digest of a static string, we can
detect when the passed in key has changed without keeping a copy of it
around inbetween backup jobs.

this is a follow-up/fixup for

104fae9111cd9a4e4dd7779172d39580a393165d fix #2866: invalidate bitmap on crypt_mode change

which implemented detection for crypt MODE changes.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
note: the string is just an implementation detail right now, but once we
start sending that along with migration or persisting it together with
bitmaps, we probably want a more robust scheme and store the input
string + digest

 src/backup.rs   |  1 +
 src/commands.rs | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/src/backup.rs b/src/backup.rs
index 7945575..9f6d176 100644
--- a/src/backup.rs
+++ b/src/backup.rs
@@ -203,6 +203,7 @@ impl BackupTask {
             Some(ref manifest) => {
                 check_last_incremental_csum(Arc::clone(manifest), &device_name, size)
                     && check_last_encryption_mode(Arc::clone(manifest), &device_name, self.crypt_mode)
+                    && check_last_encryption_key(self.crypt_config.clone())
             },
             None => false,
         }
diff --git a/src/commands.rs b/src/commands.rs
index b9b0161..f7e0f62 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -19,6 +19,10 @@ lazy_static!{
     static ref PREVIOUS_CSUMS: Mutex<HashMap<String, [u8;32]>> = {
         Mutex::new(HashMap::new())
     };
+
+    static ref PREVIOUS_CRYPT_CONFIG_DIGEST: Mutex<Option<[u8;32]>> = {
+        Mutex::new(None)
+    };
 }
 
 pub struct ImageUploadInfo {
@@ -82,6 +86,15 @@ fn archive_name(device_name: &str) -> String {
     format!("{}.img.fidx", device_name)
 }
 
+const CRYPT_CONFIG_HASH_INPUT:&[u8] = b"this is just a static string to protect against key changes";
+
+/// Create an identifying digest for the crypt config
+pub(crate) fn crypt_config_digest(
+    config: Arc<CryptConfig>,
+) -> [u8;32] {
+    config.compute_digest(CRYPT_CONFIG_HASH_INPUT)
+}
+
 pub(crate) fn check_last_incremental_csum(
     manifest: Arc<BackupManifest>,
     device_name: &str,
@@ -114,6 +127,19 @@ pub(crate) fn check_last_encryption_mode(
     }
 }
 
+pub(crate) fn check_last_encryption_key(
+    config: Option<Arc<CryptConfig>>,
+) -> bool {
+    let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
+    match (*digest_guard, config)  {
+        (Some(last_digest), Some(current_config)) => {
+            crypt_config_digest(current_config) == last_digest
+        },
+        (None, None) => true,
+        _ => false,
+    }
+}
+
 #[allow(clippy::too_many_arguments)]
 pub(crate) async fn register_image(
     client: Arc<BackupWriter>,
@@ -393,6 +419,16 @@ pub(crate) async fn finish_backup(
             .map_err(|err| format_err!("unable to format manifest - {}", err))?
     };
 
+    {
+        let crypt_config_digest = match crypt_config {
+            Some(current_config) => Some(crypt_config_digest(current_config)),
+            None => None,
+        };
+
+        let mut crypt_config_digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
+        *crypt_config_digest_guard = crypt_config_digest;
+    }
+
     client
         .upload_blob_from_data(manifest.into_bytes(), MANIFEST_BLOB_NAME, true, false)
         .await?;
-- 
2.20.1






More information about the pve-devel mailing list