mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-26 01:37:20 +00:00
Code Issues Releases Wiki Activity

hmac.digest: some more minor optimizations

Browse source 
also some cosmetic changes:
- import hmac module
- use hmac.compare_digest
This commit is contained in:
Thomas Waldmann 2022-03-05 21:29:42 +01:00
parent 8317698f9b
commit c63bd36a6c
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/borg/crypto/key.py
View file

@ -1,5 +1,6 @@
import configparser import configparser
import getpass import getpass
import hmac
import os import os
import shlex import shlex
import sys import sys
@ -7,7 +8,6 @@
import subprocess import subprocess
from binascii import a2b_base64, b2a_base64, hexlify from binascii import a2b_base64, b2a_base64, hexlify
from hashlib import sha256, sha512, pbkdf2_hmac from hashlib import sha256, sha512, pbkdf2_hmac
from hmac import HMAC, compare_digest
from ..logger import create_logger from ..logger import create_logger
@ -193,7 +193,7 @@ def decrypt(self, id, data, decompress=True):
def assert_id(self, id, data): def assert_id(self, id, data):
if id: if id:
id_computed = self.id_hash(data) id_computed = self.id_hash(data)
if not compare_digest(id_computed, id): if not hmac.compare_digest(id_computed, id):
raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id)) raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id))
def _tam_key(self, salt, context): def _tam_key(self, salt, context):
@ -213,7 +213,7 @@ def pack_and_authenticate_metadata(self, metadata_dict, context=b'manifest'):
}) })
packed = msgpack.packb(metadata_dict) packed = msgpack.packb(metadata_dict)
tam_key = self._tam_key(tam['salt'], context) tam_key = self._tam_key(tam['salt'], context)
tam['hmac'] = HMAC(tam_key, packed, sha512).digest() tam['hmac'] = hmac.digest(tam_key, packed, 'sha512')
return msgpack.packb(metadata_dict) return msgpack.packb(metadata_dict)
def unpack_and_verify_manifest(self, data, force_tam_not_required=False): def unpack_and_verify_manifest(self, data, force_tam_not_required=False):
@ -252,8 +252,8 @@ def unpack_and_verify_manifest(self, data, force_tam_not_required=False):
offset = data.index(tam_hmac) offset = data.index(tam_hmac)
data[offset:offset + 64] = bytes(64) data[offset:offset + 64] = bytes(64)
tam_key = self._tam_key(tam_salt, context=b'manifest') tam_key = self._tam_key(tam_salt, context=b'manifest')
calculated_hmac = HMAC(tam_key, data, sha512).digest() calculated_hmac = hmac.digest(tam_key, data, 'sha512')
if not compare_digest(calculated_hmac, tam_hmac): if not hmac.compare_digest(calculated_hmac, tam_hmac):
raise TAMInvalid() raise TAMInvalid()
logger.debug('TAM-verified manifest') logger.debug('TAM-verified manifest')
return unpacked, True return unpacked, True