mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity

also authenticate the chunkid when using the AEAD ciphers (AES-OCB/CHACHA-POLY)

This commit is contained in:
Thomas Waldmann 2022-03-21 14:45:17 +01:00
parent 8bd9477b96
commit c50e1124b5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/borg/crypto/key.py
View File

@ -739,7 +739,7 @@ class AEADKeyBase(KeyBase):
iv = self.cipher.next_iv()
iv_48bit = iv.to_bytes(6, 'big')
header = self.TYPE_STR + reserved + iv_48bit + self.sessionid
return self.cipher.encrypt(data, header=header, iv=iv)
return self.cipher.encrypt(data, header=header, iv=iv, aad=id)
def decrypt(self, id, data, decompress=True):
# to decrypt existing data, we need to get a cipher configured for the sessionid and iv from header
@ -749,7 +749,7 @@ class AEADKeyBase(KeyBase):
iv = int.from_bytes(iv_48bit, 'big')
cipher = self._get_cipher(sessionid, iv)
try:
payload = cipher.decrypt(data)
payload = cipher.decrypt(data, aad=id)
except IntegrityError as e:
raise IntegrityError(f"Chunk {bin_to_hex(id)}: Could not decrypt [{str(e)}]")
if not decompress: