mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-02-21 13:47:16 +00:00
Code Issues Releases Wiki Activity

dedup code: assert_type

Browse source
This commit is contained in:
Thomas Waldmann 2022-03-11 22:01:20 +01:00
parent b3e7e90c29
commit 0b3b78e139
1 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/borg/crypto/key.py
View file

@ -169,6 +169,11 @@ def assert_id(self, id, data):
if not hmac.compare_digest(id_computed, id): if not hmac.compare_digest(id_computed, id):
raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id)) raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id))
def assert_type(self, type_byte, id=None):
if type_byte not in self.TYPES_ACCEPTABLE:
id_str = bin_to_hex(id) if id is not None else '(unknown)'
raise IntegrityError(f'Chunk {id_str}: Invalid encryption envelope')
def _tam_key(self, salt, context): def _tam_key(self, salt, context):
return hkdf_hmac_sha512( return hkdf_hmac_sha512(
ikm=self.id_key + self.enc_key + self.enc_hmac_key, ikm=self.id_key + self.enc_key + self.enc_hmac_key,
@ -263,9 +268,7 @@ def encrypt(self, chunk):
return b''.join([self.TYPE_STR, data]) return b''.join([self.TYPE_STR, data])
def decrypt(self, id, data, decompress=True): def decrypt(self, id, data, decompress=True):
if data[0] not in self.TYPES_ACCEPTABLE: self.assert_type(data[0], id)
id_str = bin_to_hex(id) if id is not None else '(unknown)'
raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str)
payload = memoryview(data)[1:] payload = memoryview(data)[1:]
if not decompress: if not decompress:
return payload return payload
@ -343,9 +346,7 @@ def encrypt(self, chunk):
return self.cipher.encrypt(data, header=self.TYPE_STR, iv=next_iv) return self.cipher.encrypt(data, header=self.TYPE_STR, iv=next_iv)
def decrypt(self, id, data, decompress=True): def decrypt(self, id, data, decompress=True):
if data[0] not in self.TYPES_ACCEPTABLE: self.assert_type(data[0], id)
id_str = bin_to_hex(id) if id is not None else '(unknown)'
raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str)
try: try:
payload = self.cipher.decrypt(data) payload = self.cipher.decrypt(data)
except IntegrityError as e: except IntegrityError as e:
@ -371,8 +372,7 @@ def init_ciphers(self, manifest_data=None):
if manifest_data is None: if manifest_data is None:
nonce = 0 nonce = 0
else: else:
if manifest_data[0] not in self.TYPES_ACCEPTABLE: self.assert_type(manifest_data[0])
raise IntegrityError('Manifest: Invalid encryption envelope')
# manifest_blocks is a safe upper bound on the amount of cipher blocks needed # manifest_blocks is a safe upper bound on the amount of cipher blocks needed
# to encrypt the manifest. depending on the ciphersuite and overhead, it might # to encrypt the manifest. depending on the ciphersuite and overhead, it might
# be a bit too high, but that does not matter. # be a bit too high, but that does not matter.
@ -673,17 +673,15 @@ def save(self, target, passphrase, create=False):
self.logically_encrypted = False self.logically_encrypted = False
def init_ciphers(self, manifest_data=None): def init_ciphers(self, manifest_data=None):
if manifest_data is not None and manifest_data[0] not in self.TYPES_ACCEPTABLE: if manifest_data is not None:
raise IntegrityError('Manifest: Invalid encryption envelope') self.assert_type(manifest_data[0])
def encrypt(self, chunk): def encrypt(self, chunk):
data = self.compressor.compress(chunk) data = self.compressor.compress(chunk)
return b''.join([self.TYPE_STR, data]) return b''.join([self.TYPE_STR, data])
def decrypt(self, id, data, decompress=True): def decrypt(self, id, data, decompress=True):
if data[0] not in self.TYPES_ACCEPTABLE: self.assert_type(data[0], id)
id_str = bin_to_hex(id) if id is not None else '(unknown)'
raise IntegrityError('Chunk %s: Invalid envelope' % id_str)
payload = memoryview(data)[1:] payload = memoryview(data)[1:]
if not decompress: if not decompress:
return payload return payload