-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(cli): allow setting key derivation algorithm for format blob #3779
Conversation
…tenhq/kopia into repo_key_derivation
…tenhq/kopia into repo_key_derivation
…tenhq/kopia into repo_key_derivation
repo/format/content_format.go
Outdated
ECCOverheadPercent int `json:"eccOverheadPercent,omitempty"` // space overhead for ecc | ||
HMACSecret []byte `json:"secret,omitempty" kopia:"sensitive"` // HMAC secret used to generate encryption keys | ||
MasterKey []byte `json:"masterKey,omitempty" kopia:"sensitive"` // master encryption key (SIV-mode encryption only) | ||
KeyDerivationAlgorithm string `json:"keyDerivationAlgorithm,omitempty"` // key derivation algorith used to generate keys |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't understand how this works, keyDerivationAlgorithm
must be known beforehand to generate key to decrypt this JSON, so by definition it can't be stored in this JSON, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When creating a new repository we pass this in as the NewRepositoryOptions. See repo/initialize.go
.
Its also stored unencrypted in the status.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should ONLY be stored unencrypted in KopiaRepositoryJSON
and not in format.ContentFormat
- the latter is encrypted using key derived using the algorithm itself, so it makes no sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should move KeyDerivationAlgorithm
to be a field in NewRepositoryOptions
instead of a field in format.ContentFormat
repo/initialize.go
Outdated
@@ -108,7 +108,8 @@ func repositoryObjectFormatFromOptions(opt *NewRepositoryOptions) (*format.Repos | |||
IndexVersion: applyDefaultInt(opt.BlockFormat.IndexVersion, content.DefaultIndexVersion), | |||
EpochParameters: opt.BlockFormat.EpochParameters, | |||
}, | |||
EnablePasswordChange: opt.BlockFormat.EnablePasswordChange, | |||
EnablePasswordChange: opt.BlockFormat.EnablePasswordChange, | |||
KeyDerivationAlgorithm: opt.BlockFormat.KeyDerivationAlgorithm, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to store it at all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Atleast in this iteration I think its good to keep it consistent. We store it along side Hash and Encryption (other FIPS related settings) and the EnablePasswordChange
setting which relies on the keyDerivationAlgorithm (derive key from password)
Thanks for the comments and clarity @jkowalski. I addressed your feedback. Let me know if you want to see any other changes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good. @bathina2 can we put a test which verifies the connection using the key derivation algorithm flag from CLI. Also, one more test that verifies the behavior of repo connect when you change the algorithm,... would be useful to verify the error response when that happens.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3779 +/- ##
==========================================
+ Coverage 75.86% 77.04% +1.18%
==========================================
Files 470 473 +3
Lines 37301 28659 -8642
==========================================
- Hits 28299 22081 -6218
+ Misses 7071 4686 -2385
+ Partials 1931 1892 -39 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM TY for adding tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please wait for @julio-lopez 's approval before merge, he has some concerns to be addressed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please hold off merging
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bathina2 Please address the comments around:
- CLI flag name: feat(cli): allow setting key derivation algorithm for format blob #3779 (comment)
- Field name in
NewRepositoryOptions struct
feat(cli): allow setting key derivation algorithm for format blob #3779 (comment) - Remove unused
RepositoryConfig.KeyDerivationAlgorithm
field
…3821) Code movement and simplification, no functional changes. Objectives: - Allow callers specifying the needed key (or hash) size, instead of hard-coding it in the registered PBK derivers. Conceptually, the caller needs to specify the key size, since that is a requirement of the (encryption) algorithm being used in the caller. Now, the code changes here do not result in any functional changes since the key size is always 32 bytes. - Remove a global definition for the default PB key deriver to use. Instead, each of the 3 use case sets the default value. Changes: - `crypto.DeriveKeyFromPassword` now takes a key size. - Adds new constants for the key sizes at the callers. - Removes the global `crypto.MasterKeySize` const. - Removes the global `crypto.DefaultKeyDerivationAlgorithm` const. - Adds const for the default derivation algorithms for each use case. - Adds a const for the salt length in the `internal/user` package, to ensure the same salt length is used in both hash versions. - Unexports various functions, variables and constants in the `internal/crypto` & `internal/user` packages. - Renames various constants for consistency. - Removes unused functions and symbols. - Renames files to be consistent and better reflect the structure of the code. - Adds a couple of tests to ensure the const values are in sync and supported. - Fixes a couple of typos Followups to: - #3725 - #3770 - #3779 - #3799 - #3816 The individual commits show the code transformations to simplify the review of the changes.
This PR adds support to set the key derivation algorithm when using repositories. It is a replacement for #3731