feat(cli): allow setting key derivation algorithm for format blob #3779
Conversation
…tenhq/kopia into repo_key_derivation
…tenhq/kopia into repo_key_derivation
…tenhq/kopia into repo_key_derivation
repo/format/content_format.go
Outdated
| ECCOverheadPercent int `json:"eccOverheadPercent,omitempty"` // space overhead for ecc | ||
| HMACSecret []byte `json:"secret,omitempty" kopia:"sensitive"` // HMAC secret used to generate encryption keys | ||
| MasterKey []byte `json:"masterKey,omitempty" kopia:"sensitive"` // master encryption key (SIV-mode encryption only) | ||
| KeyDerivationAlgorithm string `json:"keyDerivationAlgorithm,omitempty"` // key derivation algorith used to generate keys |
There was a problem hiding this comment.
i don't understand how this works, keyDerivationAlgorithm must be known beforehand to generate key to decrypt this JSON, so by definition it can't be stored in this JSON, right?
There was a problem hiding this comment.
When creating a new repository we pass this in as the NewRepositoryOptions. See repo/initialize.go.
Its also stored unencrypted in the status.
There was a problem hiding this comment.
it should ONLY be stored unencrypted in KopiaRepositoryJSON and not in format.ContentFormat - the latter is encrypted using key derived using the algorithm itself, so it makes no sense.
There was a problem hiding this comment.
We should move KeyDerivationAlgorithm to be a field in NewRepositoryOptions instead of a field in format.ContentFormat
repo/initialize.go
Outdated
| @@ -108,7 +108,8 @@ func repositoryObjectFormatFromOptions(opt *NewRepositoryOptions) (*format.Repos | |||
| IndexVersion: applyDefaultInt(opt.BlockFormat.IndexVersion, content.DefaultIndexVersion), | |||
| EpochParameters: opt.BlockFormat.EpochParameters, | |||
| }, | |||
| EnablePasswordChange: opt.BlockFormat.EnablePasswordChange, | |||
| EnablePasswordChange: opt.BlockFormat.EnablePasswordChange, | |||
| KeyDerivationAlgorithm: opt.BlockFormat.KeyDerivationAlgorithm, | |||
There was a problem hiding this comment.
do we need to store it at all?
There was a problem hiding this comment.
Atleast in this iteration I think its good to keep it consistent. We store it along side Hash and Encryption (other FIPS related settings) and the EnablePasswordChange setting which relies on the keyDerivationAlgorithm (derive key from password)
|
Thanks for the comments and clarity @jkowalski. I addressed your feedback. Let me know if you want to see any other changes. |
There was a problem hiding this comment.
Changes look good. @bathina2 can we put a test which verifies the connection using the key derivation algorithm flag from CLI. Also, one more test that verifies the behavior of repo connect when you change the algorithm,... would be useful to verify the error response when that happens.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3779 +/- ##
==========================================
+ Coverage 75.86% 77.04% +1.18%
==========================================
Files 470 473 +3
Lines 37301 28659 -8642
==========================================
- Hits 28299 22081 -6218
+ Misses 7071 4686 -2385
+ Partials 1931 1892 -39 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Please wait for @julio-lopez 's approval before merge, he has some concerns to be addressed.
There was a problem hiding this comment.
@bathina2 Please address the comments around:
- CLI flag name: feat(cli): allow setting key derivation algorithm for format blob #3779 (comment)
- Field name in
NewRepositoryOptions structfeat(cli): allow setting key derivation algorithm for format blob #3779 (comment) - Remove unused
RepositoryConfig.KeyDerivationAlgorithmfield
julio-lopez
changed the title
…3821) Code movement and simplification, no functional changes. Objectives: - Allow callers specifying the needed key (or hash) size, instead of hard-coding it in the registered PBK derivers. Conceptually, the caller needs to specify the key size, since that is a requirement of the (encryption) algorithm being used in the caller. Now, the code changes here do not result in any functional changes since the key size is always 32 bytes. - Remove a global definition for the default PB key deriver to use. Instead, each of the 3 use case sets the default value. Changes: - `crypto.DeriveKeyFromPassword` now takes a key size. - Adds new constants for the key sizes at the callers. - Removes the global `crypto.MasterKeySize` const. - Removes the global `crypto.DefaultKeyDerivationAlgorithm` const. - Adds const for the default derivation algorithms for each use case. - Adds a const for the salt length in the `internal/user` package, to ensure the same salt length is used in both hash versions. - Unexports various functions, variables and constants in the `internal/crypto` & `internal/user` packages. - Renames various constants for consistency. - Removes unused functions and symbols. - Renames files to be consistent and better reflect the structure of the code. - Adds a couple of tests to ensure the const values are in sync and supported. - Fixes a couple of typos Followups to: - #3725 - #3770 - #3779 - #3799 - #3816 The individual commits show the code transformations to simplify the review of the changes.
This PR adds support to set the key derivation algorithm when using repositories. It is a replacement for #3731