mirror of https://github.com/borgbackup/borg.git
key: add round-trip test
This commit is contained in:
parent
848df38d08
commit
a16d81271a
|
@ -778,6 +778,17 @@ class AuthenticatedKey(ID_BLAKE2b_256, RepoKey):
|
|||
super().save(target, passphrase)
|
||||
self.logically_encrypted = False
|
||||
|
||||
def extract_nonce(self, payload):
|
||||
# This is called during set-up of the AES ciphers we're not actually using for this
|
||||
# key. Therefore the return value of this method doesn't matter; it's just around
|
||||
# to not have it crash should key identification be run against a very small chunk
|
||||
# by "borg check" when the manifest is lost. (The manifest is always large enough
|
||||
# to have the original method read some garbage from bytes 33-41). (Also, the return
|
||||
# value must be larger than the 41 byte bloat of the original format).
|
||||
if payload[0] != self.TYPE:
|
||||
raise IntegrityError('Manifest: Invalid encryption envelope')
|
||||
return 42
|
||||
|
||||
def encrypt(self, chunk):
|
||||
data = self.compressor.compress(chunk)
|
||||
return b''.join([self.TYPE_STR, data])
|
||||
|
|
|
@ -11,6 +11,7 @@ from ..crypto.key import Passphrase, PasswordRetriesExceeded, bin_to_hex
|
|||
from ..crypto.key import PlaintextKey, PassphraseKey, KeyfileKey, RepoKey, Blake2KeyfileKey, Blake2RepoKey, \
|
||||
AuthenticatedKey
|
||||
from ..crypto.key import TAMRequiredError, TAMInvalid, TAMUnsupportedSuiteError, UnsupportedManifestError
|
||||
from ..crypto.key import identify_key
|
||||
from ..crypto.low_level import bytes_to_long, num_aes_blocks
|
||||
from ..helpers import IntegrityError
|
||||
from ..helpers import Location
|
||||
|
@ -224,6 +225,16 @@ class TestKey:
|
|||
id[12] = 0
|
||||
key.decrypt(id, data)
|
||||
|
||||
def test_roundtrip(self, key):
|
||||
repository = key.repository
|
||||
plaintext = b'foo'
|
||||
encrypted = key.encrypt(plaintext)
|
||||
identified_key_class = identify_key(encrypted)
|
||||
assert identified_key_class == key.__class__
|
||||
loaded_key = identified_key_class.detect(repository, encrypted)
|
||||
decrypted = loaded_key.decrypt(None, encrypted)
|
||||
assert decrypted == plaintext
|
||||
|
||||
def test_decrypt_decompress(self, key):
|
||||
plaintext = b'123456789'
|
||||
encrypted = key.encrypt(plaintext)
|
||||
|
|
Loading…
Reference in New Issue