diff --git a/setup.py b/setup.py index 083b50f1d..2d91a6a47 100644 --- a/setup.py +++ b/setup.py @@ -49,7 +49,6 @@ compress_source = 'src/borg/compress.pyx' crypto_ll_source = 'src/borg/crypto/low_level.pyx' -crypto_helpers = 'src/borg/crypto/_crypto_helpers.c' chunker_source = 'src/borg/chunker.pyx' hashindex_source = 'src/borg/hashindex.pyx' item_source = 'src/borg/item.pyx' @@ -171,7 +170,7 @@ def lib_ext_kwargs(pc, prefix_env_var, lib_name, lib_pkg_name, pc_version, lib_s pc, 'BORG_OPENSSL_PREFIX', 'crypto', 'libcrypto', '>=1.1.1') crypto_ext_kwargs = members_appended( - dict(sources=[crypto_ll_source, crypto_helpers]), + dict(sources=[crypto_ll_source]), crypto_ext_lib, dict(extra_compile_args=cflags), dict(extra_link_args=crypto_ldflags), diff --git a/src/borg/archiver.py b/src/borg/archiver.py index 971226f86..bf7f9d70a 100644 --- a/src/borg/archiver.py +++ b/src/borg/archiver.py @@ -602,7 +602,6 @@ def chunkit(chunker_name, *args, **kwargs): from borg.crypto.low_level import AES256_CTR_BLAKE2b, AES256_CTR_HMAC_SHA256 from borg.crypto.low_level import AES256_OCB, CHACHA20_POLY1305 - from borg.crypto.low_level import is_libressl print("Encryption =====================================================") size = "1GB" @@ -611,14 +610,11 @@ def chunkit(chunker_name, *args, **kwargs): key_256, key_256, iv=key_128, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')), ("aes-256-ctr-blake2b", lambda: AES256_CTR_BLAKE2b( key_256*4, key_256, iv=key_128, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')), + ("aes-256-ocb", lambda: AES256_OCB( + key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')), + ("chacha20-poly1305", lambda: CHACHA20_POLY1305( + key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')), ] - if not is_libressl: - tests.extend([ - ("aes-256-ocb", lambda: AES256_OCB( - key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')), - ("chacha20-poly1305", lambda: CHACHA20_POLY1305( - key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')), - ]) for spec, func in tests: print(f"{spec:<24} {size:<10} {timeit(func, number=100):.3f}s") diff --git a/src/borg/crypto/_crypto_helpers.c b/src/borg/crypto/_crypto_helpers.c deleted file mode 100644 index 8a6460640..000000000 --- a/src/borg/crypto/_crypto_helpers.c +++ /dev/null @@ -1,14 +0,0 @@ -/* some helpers, so our code also works with LibreSSL */ - -#include -#include - -#if defined(LIBRESSL_VERSION_NUMBER) -const EVP_CIPHER *EVP_aes_256_ocb(void){ /* dummy, so that code compiles */ - return NULL; -} - -const EVP_CIPHER *EVP_chacha20_poly1305(void){ /* dummy, so that code compiles */ - return NULL; -} -#endif diff --git a/src/borg/crypto/_crypto_helpers.h b/src/borg/crypto/_crypto_helpers.h deleted file mode 100644 index 62517c115..000000000 --- a/src/borg/crypto/_crypto_helpers.h +++ /dev/null @@ -1,13 +0,0 @@ -/* some helpers, so our code also works with LibreSSL */ - -#include -#include - -#if defined(LIBRESSL_VERSION_NUMBER) -const EVP_CIPHER *EVP_aes_256_ocb(void); /* dummy, so that code compiles */ -const EVP_CIPHER *EVP_chacha20_poly1305(void); /* dummy, so that code compiles */ -#endif - -#if !defined(LIBRESSL_VERSION_NUMBER) -#define LIBRESSL_VERSION_NUMBER 0 -#endif diff --git a/src/borg/crypto/low_level.pyx b/src/borg/crypto/low_level.pyx index 5692fa23c..c0818abc5 100644 --- a/src/borg/crypto/low_level.pyx +++ b/src/borg/crypto/low_level.pyx @@ -47,6 +47,8 @@ API_VERSION = '1.3_01' cdef extern from "openssl/crypto.h": int CRYPTO_memcmp(const void *a, const void *b, size_t len) +cdef extern from "openssl/opensslv.h": + long OPENSSL_VERSION_NUMBER cdef extern from "openssl/evp.h": ctypedef struct EVP_MD: @@ -92,16 +94,6 @@ cdef extern from "openssl/hmac.h": const unsigned char *data, int data_len, unsigned char *md, unsigned int *md_len) nogil -cdef extern from "_crypto_helpers.h": - long OPENSSL_VERSION_NUMBER - long LIBRESSL_VERSION_NUMBER - - const EVP_CIPHER *EVP_aes_256_ocb() # dummy - const EVP_CIPHER *EVP_chacha20_poly1305() # dummy - - -is_libressl = bool(LIBRESSL_VERSION_NUMBER) - import struct @@ -600,8 +592,7 @@ cdef class _AEAD_BASE: cdef class AES256_OCB(_AEAD_BASE): @classmethod def requirements_check(cls): - if is_libressl: - raise ValueError('AES OCB is not implemented by LibreSSL (yet?).') + pass def __init__(self, key, iv=None, header_len=0, aad_offset=0): self.requirements_check() @@ -613,8 +604,7 @@ cdef class AES256_OCB(_AEAD_BASE): cdef class CHACHA20_POLY1305(_AEAD_BASE): @classmethod def requirements_check(cls): - if is_libressl: - raise ValueError('CHACHA20-POLY1305 is not implemented by LibreSSL (yet?).') + pass def __init__(self, key, iv=None, header_len=0, aad_offset=0): self.requirements_check() diff --git a/src/borg/testsuite/crypto.py b/src/borg/testsuite/crypto.py index 7950f58f2..570afbc1d 100644 --- a/src/borg/testsuite/crypto.py +++ b/src/borg/testsuite/crypto.py @@ -3,8 +3,7 @@ import unittest -from ..crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_OCB, CHACHA20_POLY1305, UNENCRYPTED, \ - IntegrityError, is_libressl +from ..crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_OCB, CHACHA20_POLY1305, UNENCRYPTED, IntegrityError from ..crypto.low_level import bytes_to_long, bytes_to_int, long_to_bytes from ..crypto.low_level import hkdf_hmac_sha512 from ..crypto.low_level import AES, hmac_sha256 @@ -103,16 +102,13 @@ def test_AE(self): header = b'\x23' + iv_int.to_bytes(12, 'big') tests = [ # (ciphersuite class, exp_mac, exp_cdata) + (AES256_OCB, + b'b6909c23c9aaebd9abbe1ff42097652d', + b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ), + (CHACHA20_POLY1305, + b'fd08594796e0706cde1e8b461e3e0555', + b'a093e4b0387526f085d3c40cca84a35230a5c0dd766453b77ba38bcff775', ) ] - if not is_libressl: - tests += [ - (AES256_OCB, - b'b6909c23c9aaebd9abbe1ff42097652d', - b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ), - (CHACHA20_POLY1305, - b'fd08594796e0706cde1e8b461e3e0555', - b'a093e4b0387526f085d3c40cca84a35230a5c0dd766453b77ba38bcff775', ) - ] for cs_cls, exp_mac, exp_cdata in tests: # print(repr(cs_cls)) # encrypt/mac @@ -146,16 +142,13 @@ def test_AEAD(self): header = b'\x12\x34\x56' + iv_int.to_bytes(12, 'big') tests = [ # (ciphersuite class, exp_mac, exp_cdata) + (AES256_OCB, + b'f2748c412af1c7ead81863a18c2c1893', + b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ), + (CHACHA20_POLY1305, + b'b7e7c9a79f2404e14f9aad156bf091dd', + b'a093e4b0387526f085d3c40cca84a35230a5c0dd766453b77ba38bcff775', ) ] - if not is_libressl: - tests += [ - (AES256_OCB, - b'f2748c412af1c7ead81863a18c2c1893', - b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ), - (CHACHA20_POLY1305, - b'b7e7c9a79f2404e14f9aad156bf091dd', - b'a093e4b0387526f085d3c40cca84a35230a5c0dd766453b77ba38bcff775', ) - ] for cs_cls, exp_mac, exp_cdata in tests: # print(repr(cs_cls)) # encrypt/mac @@ -187,9 +180,7 @@ def test_AEAD_with_more_AAD(self): iv_int = 0 data = b'foo' * 10 header = b'\x12\x34' - tests = [] - if not is_libressl: - tests += [AES256_OCB, CHACHA20_POLY1305] + tests = [AES256_OCB, CHACHA20_POLY1305] for cs_cls in tests: # encrypt/mac cs = cs_cls(key, iv_int, header_len=len(header), aad_offset=0)