From a16d81271a3b4915c7fe14a3444df6dd0e88cfad Mon Sep 17 00:00:00 2001
From: Marian Beermann <public@enkore.de>
Date: Fri, 12 May 2017 20:48:47 +0200
Subject: [PATCH] key: add round-trip test

---
 src/borg/crypto/key.py    | 11 +++++++++++
 src/borg/testsuite/key.py | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
index 24bb81038..37cf3f552 100644
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@@ -778,6 +778,17 @@ class AuthenticatedKey(ID_BLAKE2b_256, RepoKey):
         super().save(target, passphrase)
         self.logically_encrypted = False
 
+    def extract_nonce(self, payload):
+        # This is called during set-up of the AES ciphers we're not actually using for this
+        # key. Therefore the return value of this method doesn't matter; it's just around
+        # to not have it crash should key identification be run against a very small chunk
+        # by "borg check" when the manifest is lost. (The manifest is always large enough
+        # to have the original method read some garbage from bytes 33-41). (Also, the return
+        # value must be larger than the 41 byte bloat of the original format).
+        if payload[0] != self.TYPE:
+            raise IntegrityError('Manifest: Invalid encryption envelope')
+        return 42
+
     def encrypt(self, chunk):
         data = self.compressor.compress(chunk)
         return b''.join([self.TYPE_STR, data])
diff --git a/src/borg/testsuite/key.py b/src/borg/testsuite/key.py
index 5f0ad367b..34399f9ba 100644
--- a/src/borg/testsuite/key.py
+++ b/src/borg/testsuite/key.py
@@ -11,6 +11,7 @@ from ..crypto.key import Passphrase, PasswordRetriesExceeded, bin_to_hex
 from ..crypto.key import PlaintextKey, PassphraseKey, KeyfileKey, RepoKey, Blake2KeyfileKey, Blake2RepoKey, \
     AuthenticatedKey
 from ..crypto.key import TAMRequiredError, TAMInvalid, TAMUnsupportedSuiteError, UnsupportedManifestError
+from ..crypto.key import identify_key
 from ..crypto.low_level import bytes_to_long, num_aes_blocks
 from ..helpers import IntegrityError
 from ..helpers import Location
@@ -224,6 +225,16 @@ class TestKey:
             id[12] = 0
             key.decrypt(id, data)
 
+    def test_roundtrip(self, key):
+        repository = key.repository
+        plaintext = b'foo'
+        encrypted = key.encrypt(plaintext)
+        identified_key_class = identify_key(encrypted)
+        assert identified_key_class == key.__class__
+        loaded_key = identified_key_class.detect(repository, encrypted)
+        decrypted = loaded_key.decrypt(None, encrypted)
+        assert decrypted == plaintext
+
     def test_decrypt_decompress(self, key):
         plaintext = b'123456789'
         encrypted = key.encrypt(plaintext)