From 7083e6738fa3e978d4203ab486e965680a7ce7d1 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sat, 26 Mar 2022 20:07:52 +0100 Subject: [PATCH] bugfix: correctly give manifest id but do not verify chunk-id for it (does not match because the ID is fixed at all-zero). --- src/borg/crypto/key.py | 3 ++- src/borg/helpers/manifest.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py index 56a211afb..0a93e856c 100644 --- a/src/borg/crypto/key.py +++ b/src/borg/crypto/key.py @@ -18,6 +18,7 @@ from ..helpers import get_limited_unpacker from ..helpers import bin_to_hex from ..helpers.passphrase import Passphrase, PasswordRetriesExceeded, PassphraseWrong from ..helpers import msgpack +from ..helpers.manifest import Manifest from ..item import Key, EncryptedKey from ..platform import SaveFile @@ -165,7 +166,7 @@ class KeyBase: pass def assert_id(self, id, data): - if id: + if id and id != Manifest.MANIFEST_ID: id_computed = self.id_hash(data) if not hmac.compare_digest(id_computed, id): raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id)) diff --git a/src/borg/helpers/manifest.py b/src/borg/helpers/manifest.py index dc0580f28..425feb4e6 100644 --- a/src/borg/helpers/manifest.py +++ b/src/borg/helpers/manifest.py @@ -186,7 +186,7 @@ class Manifest: if not key: key = key_factory(repository, cdata) manifest = cls(key, repository) - data = key.decrypt(None, cdata) + data = key.decrypt(cls.MANIFEST_ID, cdata) manifest_dict, manifest.tam_verified = key.unpack_and_verify_manifest(data, force_tam_not_required=force_tam_not_required) m = ManifestItem(internal_dict=manifest_dict) manifest.id = key.id_hash(data)