mirror of
https://github.com/borgbackup/borg.git
synced 2025-01-03 05:35:58 +00:00
remove libressl support
currently it does not have what we need, so we can simplify our code.
This commit is contained in:
Thomas Waldmann
parent
c592b20262
commit
be9e7d37c2
6 changed files with 23 additions and 74 deletions
3
setup.py
3
setup.py
|
|
@ -49,7 +49,6 @@
|
||||||
|
|
||||||
compress_source = 'src/borg/compress.pyx'
|
compress_source = 'src/borg/compress.pyx'
|
||||||
crypto_ll_source = 'src/borg/crypto/low_level.pyx'
|
crypto_ll_source = 'src/borg/crypto/low_level.pyx'
|
||||||
crypto_helpers = 'src/borg/crypto/_crypto_helpers.c'
|
|
||||||
chunker_source = 'src/borg/chunker.pyx'
|
chunker_source = 'src/borg/chunker.pyx'
|
||||||
hashindex_source = 'src/borg/hashindex.pyx'
|
hashindex_source = 'src/borg/hashindex.pyx'
|
||||||
item_source = 'src/borg/item.pyx'
|
item_source = 'src/borg/item.pyx'
|
||||||
|
|
@ -171,7 +170,7 @@ def lib_ext_kwargs(pc, prefix_env_var, lib_name, lib_pkg_name, pc_version, lib_s
|
||||||
pc, 'BORG_OPENSSL_PREFIX', 'crypto', 'libcrypto', '>=1.1.1')
|
pc, 'BORG_OPENSSL_PREFIX', 'crypto', 'libcrypto', '>=1.1.1')
|
||||||
|
|
||||||
crypto_ext_kwargs = members_appended(
|
crypto_ext_kwargs = members_appended(
|
||||||
dict(sources=[crypto_ll_source, crypto_helpers]),
|
dict(sources=[crypto_ll_source]),
|
||||||
crypto_ext_lib,
|
crypto_ext_lib,
|
||||||
dict(extra_compile_args=cflags),
|
dict(extra_compile_args=cflags),
|
||||||
dict(extra_link_args=crypto_ldflags),
|
dict(extra_link_args=crypto_ldflags),
|
||||||
|
|
|
||||||
|
|
@ -602,7 +602,6 @@ def chunkit(chunker_name, *args, **kwargs):
|
||||||
|
|
||||||
from borg.crypto.low_level import AES256_CTR_BLAKE2b, AES256_CTR_HMAC_SHA256
|
from borg.crypto.low_level import AES256_CTR_BLAKE2b, AES256_CTR_HMAC_SHA256
|
||||||
from borg.crypto.low_level import AES256_OCB, CHACHA20_POLY1305
|
from borg.crypto.low_level import AES256_OCB, CHACHA20_POLY1305
|
||||||
from borg.crypto.low_level import is_libressl
|
|
||||||
print("Encryption =====================================================")
|
print("Encryption =====================================================")
|
||||||
size = "1GB"
|
size = "1GB"
|
||||||
|
|
||||||
|
|
@ -611,14 +610,11 @@ def chunkit(chunker_name, *args, **kwargs):
|
||||||
key_256, key_256, iv=key_128, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
key_256, key_256, iv=key_128, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
||||||
("aes-256-ctr-blake2b", lambda: AES256_CTR_BLAKE2b(
|
("aes-256-ctr-blake2b", lambda: AES256_CTR_BLAKE2b(
|
||||||
key_256*4, key_256, iv=key_128, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
key_256*4, key_256, iv=key_128, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
||||||
]
|
|
||||||
if not is_libressl:
|
|
||||||
tests.extend([
|
|
||||||
("aes-256-ocb", lambda: AES256_OCB(
|
("aes-256-ocb", lambda: AES256_OCB(
|
||||||
key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
||||||
("chacha20-poly1305", lambda: CHACHA20_POLY1305(
|
("chacha20-poly1305", lambda: CHACHA20_POLY1305(
|
||||||
key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
key_256, iv=key_96, header_len=1, aad_offset=1).encrypt(random_10M, header=b'X')),
|
||||||
])
|
]
|
||||||
for spec, func in tests:
|
for spec, func in tests:
|
||||||
print(f"{spec:<24} {size:<10} {timeit(func, number=100):.3f}s")
|
print(f"{spec:<24} {size:<10} {timeit(func, number=100):.3f}s")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
||||||
/* some helpers, so our code also works with LibreSSL */
|
|
||||||
|
|
||||||
#include <openssl/opensslv.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
|
|
||||||
#if defined(LIBRESSL_VERSION_NUMBER)
|
|
||||||
const EVP_CIPHER *EVP_aes_256_ocb(void){ /* dummy, so that code compiles */
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
const EVP_CIPHER *EVP_chacha20_poly1305(void){ /* dummy, so that code compiles */
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
/* some helpers, so our code also works with LibreSSL */
|
|
||||||
|
|
||||||
#include <openssl/opensslv.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
|
|
||||||
#if defined(LIBRESSL_VERSION_NUMBER)
|
|
||||||
const EVP_CIPHER *EVP_aes_256_ocb(void); /* dummy, so that code compiles */
|
|
||||||
const EVP_CIPHER *EVP_chacha20_poly1305(void); /* dummy, so that code compiles */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if !defined(LIBRESSL_VERSION_NUMBER)
|
|
||||||
#define LIBRESSL_VERSION_NUMBER 0
|
|
||||||
#endif
|
|
||||||
|
|
@ -47,6 +47,8 @@ API_VERSION = '1.3_01'
|
||||||
cdef extern from "openssl/crypto.h":
|
cdef extern from "openssl/crypto.h":
|
||||||
int CRYPTO_memcmp(const void *a, const void *b, size_t len)
|
int CRYPTO_memcmp(const void *a, const void *b, size_t len)
|
||||||
|
|
||||||
|
cdef extern from "openssl/opensslv.h":
|
||||||
|
long OPENSSL_VERSION_NUMBER
|
||||||
|
|
||||||
cdef extern from "openssl/evp.h":
|
cdef extern from "openssl/evp.h":
|
||||||
ctypedef struct EVP_MD:
|
ctypedef struct EVP_MD:
|
||||||
|
|
@ -92,16 +94,6 @@ cdef extern from "openssl/hmac.h":
|
||||||
const unsigned char *data, int data_len,
|
const unsigned char *data, int data_len,
|
||||||
unsigned char *md, unsigned int *md_len) nogil
|
unsigned char *md, unsigned int *md_len) nogil
|
||||||
|
|
||||||
cdef extern from "_crypto_helpers.h":
|
|
||||||
long OPENSSL_VERSION_NUMBER
|
|
||||||
long LIBRESSL_VERSION_NUMBER
|
|
||||||
|
|
||||||
const EVP_CIPHER *EVP_aes_256_ocb() # dummy
|
|
||||||
const EVP_CIPHER *EVP_chacha20_poly1305() # dummy
|
|
||||||
|
|
||||||
|
|
||||||
is_libressl = bool(LIBRESSL_VERSION_NUMBER)
|
|
||||||
|
|
||||||
|
|
||||||
import struct
|
import struct
|
||||||
|
|
||||||
|
|
@ -600,8 +592,7 @@ cdef class _AEAD_BASE:
|
||||||
cdef class AES256_OCB(_AEAD_BASE):
|
cdef class AES256_OCB(_AEAD_BASE):
|
||||||
@classmethod
|
@classmethod
|
||||||
def requirements_check(cls):
|
def requirements_check(cls):
|
||||||
if is_libressl:
|
pass
|
||||||
raise ValueError('AES OCB is not implemented by LibreSSL (yet?).')
|
|
||||||
|
|
||||||
def __init__(self, key, iv=None, header_len=0, aad_offset=0):
|
def __init__(self, key, iv=None, header_len=0, aad_offset=0):
|
||||||
self.requirements_check()
|
self.requirements_check()
|
||||||
|
|
@ -613,8 +604,7 @@ cdef class AES256_OCB(_AEAD_BASE):
|
||||||
cdef class CHACHA20_POLY1305(_AEAD_BASE):
|
cdef class CHACHA20_POLY1305(_AEAD_BASE):
|
||||||
@classmethod
|
@classmethod
|
||||||
def requirements_check(cls):
|
def requirements_check(cls):
|
||||||
if is_libressl:
|
pass
|
||||||
raise ValueError('CHACHA20-POLY1305 is not implemented by LibreSSL (yet?).')
|
|
||||||
|
|
||||||
def __init__(self, key, iv=None, header_len=0, aad_offset=0):
|
def __init__(self, key, iv=None, header_len=0, aad_offset=0):
|
||||||
self.requirements_check()
|
self.requirements_check()
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,7 @@
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
|
|
||||||
from ..crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_OCB, CHACHA20_POLY1305, UNENCRYPTED, \
|
from ..crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_OCB, CHACHA20_POLY1305, UNENCRYPTED, IntegrityError
|
||||||
IntegrityError, is_libressl
|
|
||||||
from ..crypto.low_level import bytes_to_long, bytes_to_int, long_to_bytes
|
from ..crypto.low_level import bytes_to_long, bytes_to_int, long_to_bytes
|
||||||
from ..crypto.low_level import hkdf_hmac_sha512
|
from ..crypto.low_level import hkdf_hmac_sha512
|
||||||
from ..crypto.low_level import AES, hmac_sha256
|
from ..crypto.low_level import AES, hmac_sha256
|
||||||
|
|
@ -103,9 +102,6 @@ def test_AE(self):
|
||||||
header = b'\x23' + iv_int.to_bytes(12, 'big')
|
header = b'\x23' + iv_int.to_bytes(12, 'big')
|
||||||
tests = [
|
tests = [
|
||||||
# (ciphersuite class, exp_mac, exp_cdata)
|
# (ciphersuite class, exp_mac, exp_cdata)
|
||||||
]
|
|
||||||
if not is_libressl:
|
|
||||||
tests += [
|
|
||||||
(AES256_OCB,
|
(AES256_OCB,
|
||||||
b'b6909c23c9aaebd9abbe1ff42097652d',
|
b'b6909c23c9aaebd9abbe1ff42097652d',
|
||||||
b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ),
|
b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ),
|
||||||
|
|
@ -146,9 +142,6 @@ def test_AEAD(self):
|
||||||
header = b'\x12\x34\x56' + iv_int.to_bytes(12, 'big')
|
header = b'\x12\x34\x56' + iv_int.to_bytes(12, 'big')
|
||||||
tests = [
|
tests = [
|
||||||
# (ciphersuite class, exp_mac, exp_cdata)
|
# (ciphersuite class, exp_mac, exp_cdata)
|
||||||
]
|
|
||||||
if not is_libressl:
|
|
||||||
tests += [
|
|
||||||
(AES256_OCB,
|
(AES256_OCB,
|
||||||
b'f2748c412af1c7ead81863a18c2c1893',
|
b'f2748c412af1c7ead81863a18c2c1893',
|
||||||
b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ),
|
b'877ce46d2f62dee54699cebc3ba41d9ab613f7c486778c1b3636664b1493', ),
|
||||||
|
|
@ -187,9 +180,7 @@ def test_AEAD_with_more_AAD(self):
|
||||||
iv_int = 0
|
iv_int = 0
|
||||||
data = b'foo' * 10
|
data = b'foo' * 10
|
||||||
header = b'\x12\x34'
|
header = b'\x12\x34'
|
||||||
tests = []
|
tests = [AES256_OCB, CHACHA20_POLY1305]
|
||||||
if not is_libressl:
|
|
||||||
tests += [AES256_OCB, CHACHA20_POLY1305]
|
|
||||||
for cs_cls in tests:
|
for cs_cls in tests:
|
||||||
# encrypt/mac
|
# encrypt/mac
|
||||||
cs = cs_cls(key, iv_int, header_len=len(header), aad_offset=0)
|
cs = cs_cls(key, iv_int, header_len=len(header), aad_offset=0)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue