1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-23 16:26:29 +00:00

borg.key: include chunk id in exception msgs

this is a backport of bcdce91dfb2883c139011322a9e8086059fbe5c2 improvements on the exception msgs.
This commit is contained in:
Thomas Waldmann 2016-10-06 22:46:37 +02:00
parent 5ccc124667
commit 5f337e2c9c

View file

@ -105,10 +105,10 @@ def encrypt(self, data):
def decrypt(self, id, data):
if data[0] != self.TYPE:
raise IntegrityError('Invalid encryption envelope')
raise IntegrityError('Chunk %s: Invalid encryption envelope' % bin_to_hex(id))
data = self.compressor.decompress(memoryview(data)[1:])
if id and sha256(data).digest() != id:
raise IntegrityError('Chunk id verification failed')
raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id))
return data
@ -142,24 +142,24 @@ def encrypt(self, data):
def decrypt(self, id, data):
if not (data[0] == self.TYPE or
data[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
raise IntegrityError('Invalid encryption envelope')
raise IntegrityError('Chunk %s: Invalid encryption envelope' % bin_to_hex(id))
hmac_given = memoryview(data)[1:33]
hmac_computed = memoryview(HMAC(self.enc_hmac_key, memoryview(data)[33:], sha256).digest())
if not compare_digest(hmac_computed, hmac_given):
raise IntegrityError('Encryption envelope checksum mismatch')
raise IntegrityError('Chunk %s: Encryption envelope checksum mismatch' % bin_to_hex(id))
self.dec_cipher.reset(iv=PREFIX + data[33:41])
data = self.compressor.decompress(self.dec_cipher.decrypt(data[41:]))
if id:
hmac_given = id
hmac_computed = HMAC(self.id_key, data, sha256).digest()
if not compare_digest(hmac_computed, hmac_given):
raise IntegrityError('Chunk id verification failed')
raise IntegrityError('Chunk %s: Chunk id verification failed' % bin_to_hex(id))
return data
def extract_nonce(self, payload):
if not (payload[0] == self.TYPE or
payload[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
raise IntegrityError('Invalid encryption envelope')
raise IntegrityError('Manifest: Invalid encryption envelope')
nonce = bytes_to_long(payload[33:41])
return nonce