diff --git a/pbs-client/src/backup_reader.rs b/pbs-client/src/backup_reader.rs index 1702d441..5da5616c 100644 --- a/pbs-client/src/backup_reader.rs +++ b/pbs-client/src/backup_reader.rs @@ -9,14 +9,15 @@ use serde_json::{json, Value}; use proxmox::tools::digest_to_hex; -use pbs_datastore::{PROXMOX_BACKUP_READER_PROTOCOL_ID_V1, CryptConfig, BackupManifest}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_tools::sha::sha256; +use pbs_datastore::{PROXMOX_BACKUP_READER_PROTOCOL_ID_V1, BackupManifest}; use pbs_datastore::data_blob::DataBlob; use pbs_datastore::data_blob_reader::DataBlobReader; use pbs_datastore::dynamic_index::DynamicIndexReader; use pbs_datastore::fixed_index::FixedIndexReader; use pbs_datastore::index::IndexFile; use pbs_datastore::manifest::MANIFEST_BLOB_NAME; -use pbs_tools::sha::sha256; use super::{HttpClient, H2Client}; diff --git a/pbs-client/src/backup_writer.rs b/pbs-client/src/backup_writer.rs index 5c15f27e..20ae6e2c 100644 --- a/pbs-client/src/backup_writer.rs +++ b/pbs-client/src/backup_writer.rs @@ -14,13 +14,14 @@ use tokio_stream::wrappers::ReceiverStream; use proxmox::tools::digest_to_hex; -use pbs_datastore::{CATALOG_NAME, PROXMOX_BACKUP_PROTOCOL_ID_V1, CryptConfig}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_tools::format::HumanByte; +use pbs_datastore::{CATALOG_NAME, PROXMOX_BACKUP_PROTOCOL_ID_V1}; use pbs_datastore::data_blob::{ChunkInfo, DataBlob, DataChunkBuilder}; use pbs_datastore::dynamic_index::DynamicIndexReader; use pbs_datastore::fixed_index::FixedIndexReader; use pbs_datastore::index::IndexFile; use pbs_datastore::manifest::{ArchiveType, BackupManifest, MANIFEST_BLOB_NAME}; -use pbs_tools::format::HumanByte; use super::merge_known_chunks::{MergeKnownChunks, MergedChunkInfo}; diff --git a/pbs-client/src/remote_chunk_reader.rs b/pbs-client/src/remote_chunk_reader.rs index 61b6fb05..734cd29f 100644 --- a/pbs-client/src/remote_chunk_reader.rs +++ b/pbs-client/src/remote_chunk_reader.rs @@ -5,7 +5,8 @@ use std::sync::{Arc, Mutex}; use anyhow::{bail, Error}; -use pbs_datastore::{CryptConfig, CryptMode}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_api_types::CryptMode; use pbs_datastore::data_blob::DataBlob; use pbs_datastore::read_chunk::ReadChunk; use pbs_datastore::read_chunk::AsyncReadChunk; diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml index cceb6cc4..cd65914d 100644 --- a/pbs-config/Cargo.toml +++ b/pbs-config/Cargo.toml @@ -9,6 +9,7 @@ description = "Configuration file management for PBS" anyhow = "1.0" lazy_static = "1.4" serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" openssl = "0.10" nix = "0.19.1" diff --git a/pbs-datastore/src/key_derivation.rs b/pbs-config/src/key_config.rs similarity index 98% rename from pbs-datastore/src/key_derivation.rs rename to pbs-config/src/key_config.rs index 92e81ba1..9e71368f 100644 --- a/pbs-datastore/src/key_derivation.rs +++ b/pbs-config/src/key_config.rs @@ -7,9 +7,9 @@ use serde::{Deserialize, Serialize}; use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions}; use proxmox::try_block; -use pbs_api_types::{Kdf, KeyInfo}; +use pbs_api_types::{Kdf, KeyInfo, Fingerprint}; -use crate::crypt_config::{CryptConfig, Fingerprint}; +use pbs_tools::crypt_config::CryptConfig; /// Key derivation function configuration #[derive(Deserialize, Serialize, Clone, Debug)] @@ -120,7 +120,7 @@ impl KeyConfig { pub fn without_password(raw_key: [u8; 32]) -> Result { // always compute fingerprint let crypt_config = CryptConfig::new(raw_key.clone())?; - let fingerprint = Some(crypt_config.fingerprint()); + let fingerprint = Some(Fingerprint::new(crypt_config.fingerprint())); let created = proxmox::tools::time::epoch_i64(); Ok(Self { @@ -187,7 +187,7 @@ impl KeyConfig { // always compute fingerprint let crypt_config = CryptConfig::new(raw_key.clone())?; - let fingerprint = Some(crypt_config.fingerprint()); + let fingerprint = Some(Fingerprint::new(crypt_config.fingerprint())); Ok(Self { kdf: Some(kdf), @@ -258,7 +258,7 @@ impl KeyConfig { result.copy_from_slice(&key); let crypt_config = CryptConfig::new(result.clone())?; - let fingerprint = crypt_config.fingerprint(); + let fingerprint = Fingerprint::new(crypt_config.fingerprint()); if let Some(ref stored_fingerprint) = self.fingerprint { if &fingerprint != stored_fingerprint { bail!( diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs index bd5430a3..c73766b7 100644 --- a/pbs-config/src/lib.rs +++ b/pbs-config/src/lib.rs @@ -1,5 +1,6 @@ pub mod domains; pub mod drive; +pub mod key_config; pub mod media_pool; pub mod remote; diff --git a/pbs-datastore/Cargo.toml b/pbs-datastore/Cargo.toml index 924ba09f..32eae0d7 100644 --- a/pbs-datastore/Cargo.toml +++ b/pbs-datastore/Cargo.toml @@ -27,3 +27,4 @@ proxmox = { version = "0.13.0", default-features = false, features = [ "api-macr pbs-api-types = { path = "../pbs-api-types" } pbs-tools = { path = "../pbs-tools" } +pbs-config = { path = "../pbs-config" } diff --git a/pbs-datastore/src/checksum_reader.rs b/pbs-datastore/src/checksum_reader.rs index dd6c9d29..7bf8f34d 100644 --- a/pbs-datastore/src/checksum_reader.rs +++ b/pbs-datastore/src/checksum_reader.rs @@ -3,8 +3,7 @@ use std::sync::Arc; use std::io::Read; use pbs_tools::borrow::Tied; - -use super::CryptConfig; +use pbs_tools::crypt_config::CryptConfig; pub struct ChecksumReader { reader: R, diff --git a/pbs-datastore/src/checksum_writer.rs b/pbs-datastore/src/checksum_writer.rs index 14a75503..3c502ddd 100644 --- a/pbs-datastore/src/checksum_writer.rs +++ b/pbs-datastore/src/checksum_writer.rs @@ -4,8 +4,7 @@ use std::io::Write; use anyhow::{Error}; use pbs_tools::borrow::Tied; - -use super::CryptConfig; +use pbs_tools::crypt_config::CryptConfig; pub struct ChecksumWriter { writer: W, diff --git a/pbs-datastore/src/crypt_reader.rs b/pbs-datastore/src/crypt_reader.rs index 20e219b5..a2d74427 100644 --- a/pbs-datastore/src/crypt_reader.rs +++ b/pbs-datastore/src/crypt_reader.rs @@ -3,7 +3,7 @@ use std::io::{Read, BufRead}; use anyhow::{bail, Error}; -use super::CryptConfig; +use pbs_tools::crypt_config::CryptConfig; pub struct CryptReader { reader: R, diff --git a/pbs-datastore/src/crypt_writer.rs b/pbs-datastore/src/crypt_writer.rs index f99bca88..eb5f136f 100644 --- a/pbs-datastore/src/crypt_writer.rs +++ b/pbs-datastore/src/crypt_writer.rs @@ -3,7 +3,7 @@ use std::io::Write; use anyhow::Error; -use super::CryptConfig; +use pbs_tools::crypt_config::CryptConfig; pub struct CryptWriter { writer: W, diff --git a/pbs-datastore/src/data_blob.rs b/pbs-datastore/src/data_blob.rs index ef7d74a7..7e1e54eb 100644 --- a/pbs-datastore/src/data_blob.rs +++ b/pbs-datastore/src/data_blob.rs @@ -6,8 +6,10 @@ use openssl::symm::{decrypt_aead, Mode}; use proxmox::tools::io::{ReadExt, WriteExt}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_api_types::CryptMode; + use super::file_formats::*; -use super::{CryptConfig, CryptMode}; const MAX_BLOB_SIZE: usize = 128*1024*1024; diff --git a/pbs-datastore/src/data_blob_reader.rs b/pbs-datastore/src/data_blob_reader.rs index 8b37dbe7..9c7a8568 100644 --- a/pbs-datastore/src/data_blob_reader.rs +++ b/pbs-datastore/src/data_blob_reader.rs @@ -4,8 +4,9 @@ use std::sync::Arc; use anyhow::{bail, format_err, Error}; use proxmox::tools::io::ReadExt; +use pbs_tools::crypt_config::CryptConfig; + use crate::checksum_reader::ChecksumReader; -use crate::crypt_config::CryptConfig; use crate::crypt_reader::CryptReader; use crate::file_formats::{self, DataBlobHeader}; diff --git a/pbs-datastore/src/data_blob_writer.rs b/pbs-datastore/src/data_blob_writer.rs index 200aac1c..6425cecf 100644 --- a/pbs-datastore/src/data_blob_writer.rs +++ b/pbs-datastore/src/data_blob_writer.rs @@ -3,8 +3,9 @@ use proxmox::tools::io::WriteExt; use std::io::{Seek, SeekFrom, Write}; use std::sync::Arc; +use pbs_tools::crypt_config::CryptConfig; + use crate::checksum_writer::ChecksumWriter; -use crate::crypt_config::CryptConfig; use crate::crypt_writer::CryptWriter; use crate::file_formats::{self, DataBlobHeader, EncryptedDataBlobHeader}; diff --git a/pbs-datastore/src/lib.rs b/pbs-datastore/src/lib.rs index ae06686a..b842519e 100644 --- a/pbs-datastore/src/lib.rs +++ b/pbs-datastore/src/lib.rs @@ -186,7 +186,6 @@ pub mod checksum_writer; pub mod chunk_stat; pub mod chunk_store; pub mod chunker; -pub mod crypt_config; pub mod crypt_reader; pub mod crypt_writer; pub mod data_blob; @@ -194,7 +193,6 @@ pub mod data_blob_reader; pub mod data_blob_writer; pub mod file_formats; pub mod index; -pub mod key_derivation; pub mod manifest; pub mod paperkey; pub mod prune; @@ -210,15 +208,10 @@ pub use checksum_reader::ChecksumReader; pub use checksum_writer::ChecksumWriter; pub use chunk_store::ChunkStore; pub use chunker::Chunker; -pub use crypt_config::{CryptConfig, CryptMode, Fingerprint}; pub use crypt_reader::CryptReader; pub use crypt_writer::CryptWriter; pub use data_blob::DataBlob; pub use data_blob_reader::DataBlobReader; pub use data_blob_writer::DataBlobWriter; -pub use key_derivation::{ - decrypt_key, load_and_decrypt_key, rsa_decrypt_key_config, rsa_encrypt_key_config, -}; -pub use key_derivation::{KeyConfig, KeyDerivationConfig}; pub use manifest::BackupManifest; pub use store_progress::StoreProgress; diff --git a/pbs-datastore/src/manifest.rs b/pbs-datastore/src/manifest.rs index 7799f906..94e54e76 100644 --- a/pbs-datastore/src/manifest.rs +++ b/pbs-datastore/src/manifest.rs @@ -6,7 +6,10 @@ use anyhow::{bail, format_err, Error}; use serde_json::{json, Value}; use serde::{Deserialize, Serialize}; -use crate::{BackupDir, CryptMode, CryptConfig, Fingerprint}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_api_types::{CryptMode, Fingerprint}; + +use crate::BackupDir; pub const MANIFEST_BLOB_NAME: &str = "index.json.blob"; pub const MANIFEST_LOCK_NAME: &str = ".index.json.lck"; @@ -188,7 +191,7 @@ impl BackupManifest { if let Some(crypt_config) = crypt_config { let sig = self.signature(crypt_config)?; manifest["signature"] = proxmox::tools::digest_to_hex(&sig).into(); - let fingerprint = &crypt_config.fingerprint(); + let fingerprint = &Fingerprint::new(crypt_config.fingerprint()); manifest["unprotected"]["key-fingerprint"] = serde_json::to_value(fingerprint)?; } @@ -215,7 +218,7 @@ impl BackupManifest { fingerprint, ), Some(crypt_config) => { - let config_fp = crypt_config.fingerprint(); + let config_fp = Fingerprint::new(crypt_config.fingerprint()); if config_fp != fingerprint { bail!( "wrong key - manifest's key {} does not match provided key {}", @@ -242,7 +245,7 @@ impl BackupManifest { let fingerprint = &json["unprotected"]["key-fingerprint"]; if fingerprint != &Value::Null { let fingerprint = serde_json::from_value(fingerprint.clone())?; - let config_fp = crypt_config.fingerprint(); + let config_fp = Fingerprint::new(crypt_config.fingerprint()); if config_fp != fingerprint { bail!( "wrong key - unable to verify signature since manifest's key {} does not match provided key {}", @@ -283,7 +286,7 @@ impl TryFrom for BackupManifest { #[test] fn test_manifest_signature() -> Result<(), Error> { - use crate::{KeyDerivationConfig}; + use pbs_config::key_config::KeyDerivationConfig; let pw = b"test"; diff --git a/pbs-datastore/src/paperkey.rs b/pbs-datastore/src/paperkey.rs index d90fd83a..eb5896fc 100644 --- a/pbs-datastore/src/paperkey.rs +++ b/pbs-datastore/src/paperkey.rs @@ -6,7 +6,7 @@ use serde::{Deserialize, Serialize}; use proxmox::api::api; -use crate::KeyConfig; +use pbs_config::key_config::KeyConfig; #[api()] #[derive(Debug, Serialize, Deserialize)] diff --git a/pbs-datastore/src/crypt_config.rs b/pbs-tools/src/crypt_config.rs similarity index 95% rename from pbs-datastore/src/crypt_config.rs rename to pbs-tools/src/crypt_config.rs index c3e803a4..604abae9 100644 --- a/pbs-datastore/src/crypt_config.rs +++ b/pbs-tools/src/crypt_config.rs @@ -12,8 +12,6 @@ use openssl::hash::MessageDigest; use openssl::pkcs5::pbkdf2_hmac; use openssl::symm::{Cipher, Crypter, Mode}; -pub use pbs_api_types::{CryptMode, Fingerprint}; - // openssl::sha::sha256(b"Proxmox Backup Encryption Key Fingerprint") /// This constant is used to compute fingerprints. const FINGERPRINT_INPUT: [u8; 32] = [ @@ -104,8 +102,8 @@ impl CryptConfig { /// /// This computes a digest using the derived key (id_key) in order /// to hinder brute force attacks. - pub fn fingerprint(&self) -> Fingerprint { - Fingerprint::new(self.compute_digest(&FINGERPRINT_INPUT)) + pub fn fingerprint(&self) -> [u8; 32] { + self.compute_digest(&FINGERPRINT_INPUT) } /// Returns an openssl Crypter using AES_256_GCM, diff --git a/pbs-tools/src/lib.rs b/pbs-tools/src/lib.rs index ad05a55c..bb82f7d4 100644 --- a/pbs-tools/src/lib.rs +++ b/pbs-tools/src/lib.rs @@ -6,6 +6,7 @@ pub mod broadcast_future; pub mod cert; pub mod cli; pub mod compression; +pub mod crypt_config; pub mod format; pub mod fd; pub mod fs; diff --git a/proxmox-backup-client/Cargo.toml b/proxmox-backup-client/Cargo.toml index b6e13807..b1ecf3e4 100644 --- a/proxmox-backup-client/Cargo.toml +++ b/proxmox-backup-client/Cargo.toml @@ -26,6 +26,7 @@ proxmox = { version = "0.13.0", features = [ "sortable-macro", "api-macro", "cli pbs-api-types = { path = "../pbs-api-types" } pbs-buildcfg = { path = "../pbs-buildcfg" } +pbs-config = { path = "../pbs-config" } pbs-client = { path = "../pbs-client" } pbs-datastore = { path = "../pbs-datastore" } pbs-fuse-loop = { path = "../pbs-fuse-loop" } diff --git a/proxmox-backup-client/src/benchmark.rs b/proxmox-backup-client/src/benchmark.rs index 1d31a7d8..e951b305 100644 --- a/proxmox-backup-client/src/benchmark.rs +++ b/proxmox-backup-client/src/benchmark.rs @@ -19,9 +19,10 @@ use proxmox::api::{ schema::ApiType, }; +use pbs_tools::crypt_config::CryptConfig; +use pbs_config::key_config::{KeyDerivationConfig, load_and_decrypt_key}; use pbs_client::tools::key_source::get_encryption_key_password; use pbs_client::{BackupRepository, BackupWriter}; -use pbs_datastore::{CryptConfig, KeyDerivationConfig, load_and_decrypt_key}; use pbs_datastore::data_blob::{DataBlob, DataChunkBuilder}; use crate::{ diff --git a/proxmox-backup-client/src/catalog.rs b/proxmox-backup-client/src/catalog.rs index adb8fcdc..186de913 100644 --- a/proxmox-backup-client/src/catalog.rs +++ b/proxmox-backup-client/src/catalog.rs @@ -10,6 +10,7 @@ use proxmox::api::{api, cli::*}; use pbs_client::tools::key_source::get_encryption_key_password; use pbs_client::{BackupReader, RemoteChunkReader}; use pbs_tools::json::required_string_param; +use pbs_tools::crypt_config::CryptConfig; use crate::{ REPO_URL_SCHEMA, @@ -31,7 +32,6 @@ use crate::{ BufferedDynamicReadAt, CatalogReader, CATALOG_NAME, - CryptConfig, DynamicIndexReader, IndexFile, Shell, diff --git a/proxmox-backup-client/src/key.rs b/proxmox-backup-client/src/key.rs index aca335f7..79b70fae 100644 --- a/proxmox-backup-client/src/key.rs +++ b/proxmox-backup-client/src/key.rs @@ -15,7 +15,7 @@ use proxmox::sys::linux::tty; use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions}; use pbs_api_types::{RsaPubKeyInfo, PASSWORD_HINT_SCHEMA, Kdf, KeyInfo}; -use pbs_datastore::{KeyConfig, rsa_decrypt_key_config}; +use pbs_config::key_config::{KeyConfig, rsa_decrypt_key_config}; use pbs_datastore::paperkey::{generate_paper_key, PaperkeyFormat}; use pbs_client::tools::key_source::{ find_default_encryption_key, find_default_master_pubkey, get_encryption_key_password, diff --git a/proxmox-backup-client/src/main.rs b/proxmox-backup-client/src/main.rs index d8dd0445..857fdb62 100644 --- a/proxmox-backup-client/src/main.rs +++ b/proxmox-backup-client/src/main.rs @@ -29,7 +29,7 @@ use pxar::accessor::{MaybeReady, ReadAt, ReadAtOperation}; use pbs_api_types::{ BACKUP_ID_SCHEMA, BACKUP_TIME_SCHEMA, BACKUP_TYPE_SCHEMA, Authid, CryptMode, GroupListItem, - PruneListItem, SnapshotListItem, StorageStatus, + PruneListItem, SnapshotListItem, StorageStatus, Fingerprint, }; use pbs_client::{ BACKUP_SOURCE_SCHEMA, @@ -60,7 +60,8 @@ use pbs_client::tools::{ }, CHUNK_SIZE_SCHEMA, REPO_URL_SCHEMA, }; -use pbs_datastore::{CATALOG_NAME, CryptConfig, KeyConfig, decrypt_key, rsa_encrypt_key_config}; +use pbs_config::key_config::{KeyConfig, decrypt_key, rsa_encrypt_key_config}; +use pbs_datastore::CATALOG_NAME; use pbs_datastore::backup_info::{BackupDir, BackupGroup}; use pbs_datastore::catalog::{BackupCatalogWriter, CatalogReader, CatalogWriter}; use pbs_datastore::chunk_store::verify_chunk_size; @@ -75,6 +76,7 @@ use pbs_datastore::prune::PruneOptions; use pbs_tools::sync::StdChannelWriter; use pbs_tools::tokio::TokioWriterAdapter; use pbs_tools::json; +use pbs_tools::crypt_config::CryptConfig; mod benchmark; pub use benchmark::*; @@ -1131,7 +1133,7 @@ async fn restore(param: Value) -> Result { eprintln!("{}", format_key_source(&key.source, "encryption")); } if let Some(config) = &crypt_config { - eprintln!("Fingerprint: {}", config.fingerprint()); + eprintln!("Fingerprint: {}", Fingerprint::new(config.fingerprint())); } } manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?; diff --git a/proxmox-backup-client/src/mount.rs b/proxmox-backup-client/src/mount.rs index 70123a36..e4544c07 100644 --- a/proxmox-backup-client/src/mount.rs +++ b/proxmox-backup-client/src/mount.rs @@ -17,7 +17,9 @@ use proxmox::{sortable, identity}; use proxmox::api::{ApiHandler, ApiMethod, RpcEnvironment, schema::*, cli::*}; use proxmox::tools::fd::Fd; -use pbs_datastore::{BackupDir, BackupGroup, CryptConfig, load_and_decrypt_key}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_config::key_config::load_and_decrypt_key; +use pbs_datastore::{BackupDir, BackupGroup, }; use pbs_datastore::index::IndexFile; use pbs_datastore::dynamic_index::BufferedDynamicReader; use pbs_datastore::cached_chunk_reader::CachedChunkReader; diff --git a/proxmox-backup-client/src/snapshot.rs b/proxmox-backup-client/src/snapshot.rs index b63e84a6..4465f69a 100644 --- a/proxmox-backup-client/src/snapshot.rs +++ b/proxmox-backup-client/src/snapshot.rs @@ -8,10 +8,11 @@ use proxmox::{ tools::fs::file_get_contents, }; -use pbs_api_types::SnapshotListItem; +use pbs_tools::crypt_config::CryptConfig; +use pbs_config::key_config::decrypt_key; +use pbs_api_types::{SnapshotListItem, CryptMode}; use pbs_client::tools::key_source::get_encryption_key_password; -use pbs_datastore::{BackupGroup, CryptMode, CryptConfig, decrypt_key}; -use pbs_datastore::data_blob::DataBlob; +use pbs_datastore::{DataBlob, BackupGroup}; use pbs_tools::json::required_string_param; use crate::{ diff --git a/proxmox-backup-debug/Cargo.toml b/proxmox-backup-debug/Cargo.toml index cde0f33f..7f1f596d 100644 --- a/proxmox-backup-debug/Cargo.toml +++ b/proxmox-backup-debug/Cargo.toml @@ -11,6 +11,7 @@ serde_json = "1.0" proxmox = { version = "0.13.0", features = [ "api-macro", "cli" ] } +pbs-config = { path = "../pbs-config" } pbs-client = { path = "../pbs-client" } pbs-datastore = { path = "../pbs-datastore" } pbs-runtime = { path = "../pbs-runtime" } diff --git a/proxmox-backup-debug/src/inspect.rs b/proxmox-backup-debug/src/inspect.rs index ee05e8b5..9fe2ac1a 100644 --- a/proxmox-backup-debug/src/inspect.rs +++ b/proxmox-backup-debug/src/inspect.rs @@ -12,6 +12,8 @@ use proxmox::api::cli::{ }; use proxmox::api::{api, cli::*}; +use pbs_tools::cli::outfile_or_stdout; +use pbs_tools::crypt_config::CryptConfig; use pbs_datastore::dynamic_index::DynamicIndexReader; use pbs_datastore::file_formats::{ COMPRESSED_BLOB_MAGIC_1_0, DYNAMIC_SIZED_CHUNK_INDEX_1_0, ENCRYPTED_BLOB_MAGIC_1_0, @@ -19,11 +21,10 @@ use pbs_datastore::file_formats::{ }; use pbs_datastore::fixed_index::FixedIndexReader; use pbs_datastore::index::IndexFile; -use pbs_datastore::{load_and_decrypt_key, CryptConfig, DataBlob}; - +use pbs_datastore::DataBlob; +use pbs_config::key_config::load_and_decrypt_key; use pbs_client::tools::key_source::get_encryption_key_password; -use pbs_tools::cli::outfile_or_stdout; /// Decodes a blob and writes its content either to stdout or into a file fn decode_blob( diff --git a/proxmox-backup-debug/src/recover.rs b/proxmox-backup-debug/src/recover.rs index 7e890e73..098dea09 100644 --- a/proxmox-backup-debug/src/recover.rs +++ b/proxmox-backup-debug/src/recover.rs @@ -7,17 +7,17 @@ use serde_json::Value; use proxmox::api::api; use proxmox::api::cli::{CliCommand, CliCommandMap, CommandLineInterface}; +use proxmox::tools::digest_to_hex; +use pbs_tools::crypt_config::CryptConfig; use pbs_datastore::dynamic_index::DynamicIndexReader; use pbs_datastore::file_formats::{DYNAMIC_SIZED_CHUNK_INDEX_1_0, FIXED_SIZED_CHUNK_INDEX_1_0}; use pbs_datastore::fixed_index::FixedIndexReader; use pbs_datastore::index::IndexFile; -use pbs_datastore::{load_and_decrypt_key, CryptConfig, DataBlob}; - +use pbs_datastore::DataBlob; +use pbs_config::key_config::load_and_decrypt_key; use pbs_client::tools::key_source::get_encryption_key_password; -use proxmox::tools::digest_to_hex; - #[api( input: { properties: { diff --git a/proxmox-file-restore/Cargo.toml b/proxmox-file-restore/Cargo.toml index 9890656c..127397b6 100644 --- a/proxmox-file-restore/Cargo.toml +++ b/proxmox-file-restore/Cargo.toml @@ -20,6 +20,7 @@ proxmox = { version = "0.13.0", features = [ "api-macro", "cli" ] } pbs-api-types = { path = "../pbs-api-types" } pbs-buildcfg = { path = "../pbs-buildcfg" } +pbs-config = { path = "../pbs-config" } pbs-client = { path = "../pbs-client" } pbs-datastore = { path = "../pbs-datastore" } pbs-runtime = { path = "../pbs-runtime" } diff --git a/proxmox-file-restore/src/main.rs b/proxmox-file-restore/src/main.rs index 48963d2c..957ce3f0 100644 --- a/proxmox-file-restore/src/main.rs +++ b/proxmox-file-restore/src/main.rs @@ -17,13 +17,14 @@ use proxmox::tools::fs::{create_path, CreateOptions}; use pxar::accessor::aio::Accessor; use pxar::decoder::aio::Decoder; +use pbs_tools::crypt_config::CryptConfig; use pbs_api_types::CryptMode; -use pbs_datastore::{CryptConfig, CATALOG_NAME}; +use pbs_datastore::CATALOG_NAME; use pbs_datastore::backup_info::BackupDir; use pbs_datastore::catalog::{ArchiveEntry, CatalogReader, DirEntryAttribute}; use pbs_datastore::dynamic_index::{BufferedDynamicReader, LocalDynamicReadAt}; use pbs_datastore::index::IndexFile; -use pbs_datastore::key_derivation::decrypt_key; +use pbs_config::key_config::decrypt_key; use pbs_client::{BackupReader, RemoteChunkReader}; use pbs_client::pxar::{create_zip, extract_sub_dir, extract_sub_dir_seq}; use pbs_client::tools::{ diff --git a/src/api2/config/tape_encryption_keys.rs b/src/api2/config/tape_encryption_keys.rs index 9c4b5e05..355efdcc 100644 --- a/src/api2/config/tape_encryption_keys.rs +++ b/src/api2/config/tape_encryption_keys.rs @@ -12,7 +12,7 @@ use proxmox::{ }; use pbs_api_types::{Fingerprint, KeyInfo, Kdf}; -use pbs_datastore::key_derivation::KeyConfig; +use pbs_config::key_config::KeyConfig; use pbs_config::open_backup_lockfile; use crate::{ diff --git a/src/backup/read_chunk.rs b/src/backup/read_chunk.rs index 588563c5..1e67b561 100644 --- a/src/backup/read_chunk.rs +++ b/src/backup/read_chunk.rs @@ -4,7 +4,8 @@ use std::sync::Arc; use anyhow::{bail, Error}; -use pbs_datastore::crypt_config::{CryptConfig, CryptMode}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_api_types::CryptMode; use pbs_datastore::data_blob::DataBlob; use pbs_datastore::read_chunk::{ReadChunk, AsyncReadChunk}; diff --git a/src/config/tape_encryption_keys.rs b/src/config/tape_encryption_keys.rs index 72dda1f5..63861508 100644 --- a/src/config/tape_encryption_keys.rs +++ b/src/config/tape_encryption_keys.rs @@ -17,8 +17,7 @@ use serde::{Deserialize, Serialize}; use proxmox::tools::fs::file_read_optional_string; use pbs_api_types::Fingerprint; -use pbs_datastore::key_derivation::KeyConfig; - +use pbs_config::key_config::KeyConfig; use pbs_config::{open_backup_lockfile, replace_secret_config}; mod hex_key { diff --git a/src/tape/drive/lto/mod.rs b/src/tape/drive/lto/mod.rs index 0f44c750..e5040613 100644 --- a/src/tape/drive/lto/mod.rs +++ b/src/tape/drive/lto/mod.rs @@ -28,7 +28,7 @@ use proxmox::{ }; use pbs_api_types::Fingerprint; -use pbs_datastore::key_derivation::KeyConfig; +use pbs_config::key_config::KeyConfig; use pbs_tools::run_command; use crate::{ diff --git a/src/tape/drive/mod.rs b/src/tape/drive/mod.rs index cc855303..a42ebafe 100644 --- a/src/tape/drive/mod.rs +++ b/src/tape/drive/mod.rs @@ -28,11 +28,10 @@ use proxmox::{ api::section_config::SectionConfigData, }; -use pbs_api_types::Fingerprint; -use pbs_datastore::key_derivation::KeyConfig; +use pbs_api_types::{VirtualTapeDrive, LtoTapeDrive, Fingerprint}; +use pbs_config::key_config::KeyConfig; use pbs_datastore::task::TaskState; use pbs_datastore::task_log; -use pbs_api_types::{VirtualTapeDrive, LtoTapeDrive}; use crate::{ server::{ diff --git a/src/tape/drive/virtual_tape.rs b/src/tape/drive/virtual_tape.rs index 5d7a10ad..0dadeede 100644 --- a/src/tape/drive/virtual_tape.rs +++ b/src/tape/drive/virtual_tape.rs @@ -10,7 +10,7 @@ use proxmox::tools::{ fs::{replace_file, CreateOptions}, }; -use pbs_datastore::key_derivation::KeyConfig; +use pbs_config::key_config::KeyConfig; use crate::{ tape::{ diff --git a/tests/blob_writer.rs b/tests/blob_writer.rs index 9f50ba01..a20c0972 100644 --- a/tests/blob_writer.rs +++ b/tests/blob_writer.rs @@ -4,7 +4,8 @@ use std::io::Cursor; use std::io::{Read, Write, Seek, SeekFrom }; use lazy_static::lazy_static; -use pbs_datastore::{CryptConfig, DataBlob, DataBlobReader, DataBlobWriter}; +use pbs_tools::crypt_config::CryptConfig; +use pbs_datastore::{DataBlob, DataBlobReader, DataBlobWriter}; lazy_static! { static ref TEST_DATA: Vec = {