diff --git a/setup.py b/setup.py index c255cb184..ee5d686ad 100644 --- a/setup.py +++ b/setup.py @@ -65,6 +65,7 @@ # using any other version is not supported by borg development and # any feedback related to issues caused by this will be ignored. 'packaging', + 'argon2-cffi', ] # note for package maintainers: if you package borgbackup for distribution, diff --git a/src/borg/helpers/passphrase.py b/src/borg/helpers/passphrase.py index e415a0b76..5a0acd12d 100644 --- a/src/borg/helpers/passphrase.py +++ b/src/borg/helpers/passphrase.py @@ -4,6 +4,7 @@ import subprocess import sys from hashlib import pbkdf2_hmac +from typing import Literal from . import bin_to_hex from . import Error @@ -12,6 +13,8 @@ from ..logger import create_logger +import argon2.low_level + logger = create_logger() @@ -139,3 +142,28 @@ def __repr__(self): def kdf(self, salt, iterations, length): return pbkdf2_hmac('sha256', self.encode('utf-8'), salt, iterations, length) + + def argon2( + self, + output_len_in_bytes: int, + salt: bytes, + time_cost, + memory_cost, + parallelism, + type: Literal['i', 'd', 'id'] + ) -> bytes: + type_map = { + 'i': argon2.low_level.Type.I, + 'd': argon2.low_level.Type.D, + 'id': argon2.low_level.Type.ID, + } + key = argon2.low_level.hash_secret_raw( + secret=self.encode("utf-8"), + hash_len=output_len_in_bytes, + salt=salt, + time_cost=time_cost, + memory_cost=memory_cost, + parallelism=parallelism, + type=type_map[type], + ) + return key