mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-23 16:26:29 +00:00
borg.key: include chunk id in exception msgs
this is a backport of bcdce91dfb2883c139011322a9e8086059fbe5c2 improvements on the exception msgs.
This commit is contained in:
parent
5ccc124667
commit
5f337e2c9c
1 changed files with 6 additions and 6 deletions
12
borg/key.py
12
borg/key.py
|
@ -105,10 +105,10 @@ def encrypt(self, data):
|
|||
|
||||
def decrypt(self, id, data):
|
||||
if data[0] != self.TYPE:
|
||||
raise IntegrityError('Invalid encryption envelope')
|
||||
raise IntegrityError('Chunk %s: Invalid encryption envelope' % bin_to_hex(id))
|
||||
data = self.compressor.decompress(memoryview(data)[1:])
|
||||
if id and sha256(data).digest() != id:
|
||||
raise IntegrityError('Chunk id verification failed')
|
||||
raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id))
|
||||
return data
|
||||
|
||||
|
||||
|
@ -142,24 +142,24 @@ def encrypt(self, data):
|
|||
def decrypt(self, id, data):
|
||||
if not (data[0] == self.TYPE or
|
||||
data[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
|
||||
raise IntegrityError('Invalid encryption envelope')
|
||||
raise IntegrityError('Chunk %s: Invalid encryption envelope' % bin_to_hex(id))
|
||||
hmac_given = memoryview(data)[1:33]
|
||||
hmac_computed = memoryview(HMAC(self.enc_hmac_key, memoryview(data)[33:], sha256).digest())
|
||||
if not compare_digest(hmac_computed, hmac_given):
|
||||
raise IntegrityError('Encryption envelope checksum mismatch')
|
||||
raise IntegrityError('Chunk %s: Encryption envelope checksum mismatch' % bin_to_hex(id))
|
||||
self.dec_cipher.reset(iv=PREFIX + data[33:41])
|
||||
data = self.compressor.decompress(self.dec_cipher.decrypt(data[41:]))
|
||||
if id:
|
||||
hmac_given = id
|
||||
hmac_computed = HMAC(self.id_key, data, sha256).digest()
|
||||
if not compare_digest(hmac_computed, hmac_given):
|
||||
raise IntegrityError('Chunk id verification failed')
|
||||
raise IntegrityError('Chunk %s: Chunk id verification failed' % bin_to_hex(id))
|
||||
return data
|
||||
|
||||
def extract_nonce(self, payload):
|
||||
if not (payload[0] == self.TYPE or
|
||||
payload[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
|
||||
raise IntegrityError('Invalid encryption envelope')
|
||||
raise IntegrityError('Manifest: Invalid encryption envelope')
|
||||
nonce = bytes_to_long(payload[33:41])
|
||||
return nonce
|
||||
|
||||
|
|
Loading…
Reference in a new issue