rcreate: remove legacy encryption modes for new repos, fixes #6490

These are legacy crypto modes based on AES-CTR mode:
(repokey|keyfile)[-blake2]

New crypto modes with session keys and AEAD ciphers:

(repokey|keyfile)[-blake2]-(aes-ocb|chacha20-poly1305)

Tests needed some changes:
- most used repokey/keyfile, changed to new modes
- some nonce tests removed, the new crypto code does not generate
  the repo side nonces any more (were only used for AES-CTR)

src/borg/archiver.py

@@ -48,6 +48,8 @@ try:
     from .compress import CompressionSpec, ZLIB, ZLIB_legacy, ObfuscateSize
     from .crypto.key import key_creator, key_argument_names, tam_required_file, tam_required
     from .crypto.key import RepoKey, KeyfileKey, Blake2RepoKey, Blake2KeyfileKey, FlexiKey
+    from .crypto.key import AESOCBRepoKey, CHPORepoKey, Blake2AESOCBRepoKey, Blake2CHPORepoKey
+    from .crypto.key import AESOCBKeyfileKey, CHPOKeyfileKey, Blake2AESOCBKeyfileKey, Blake2CHPOKeyfileKey
     from .crypto.keymanager import KeyManager
     from .helpers import EXIT_SUCCESS, EXIT_WARNING, EXIT_ERROR, EXIT_SIGNAL_BASE
     from .helpers import Error, NoManifestError, set_ec
@@ -503,28 +505,32 @@ class Archiver:
             return EXIT_ERROR
 
         if args.key_mode == 'keyfile':
-            if isinstance(key, RepoKey):
+            if isinstance(key, AESOCBRepoKey):
-                key_new = KeyfileKey(repository)
+                key_new = AESOCBKeyfileKey(repository)
-            elif isinstance(key, Blake2RepoKey):
+            elif isinstance(key, CHPORepoKey):
-                key_new = Blake2KeyfileKey(repository)
+                key_new = CHPOKeyfileKey(repository)
-            elif isinstance(key, (KeyfileKey, Blake2KeyfileKey)):
+            elif isinstance(key, Blake2AESOCBRepoKey):
-                print(f"Location already is {args.key_mode}")
+                key_new = Blake2AESOCBKeyfileKey(repository)
-                return EXIT_SUCCESS
+            elif isinstance(key, Blake2CHPORepoKey):
+                key_new = Blake2CHPOKeyfileKey(repository)
             else:
-                raise Error("Unsupported key type")
+                print("Change not needed or not supported.")
+                return EXIT_WARNING
         if args.key_mode == 'repokey':
-            if isinstance(key, KeyfileKey):
+            if isinstance(key, AESOCBKeyfileKey):
-                key_new = RepoKey(repository)
+                key_new = AESOCBRepoKey(repository)
-            elif isinstance(key, Blake2KeyfileKey):
+            elif isinstance(key, CHPOKeyfileKey):
-                key_new = Blake2RepoKey(repository)
+                key_new = CHPORepoKey(repository)
-            elif isinstance(key, (RepoKey, Blake2RepoKey)):
+            elif isinstance(key, Blake2AESOCBKeyfileKey):
-                print(f"Location already is {args.key_mode}")
+                key_new = Blake2AESOCBRepoKey(repository)
-                return EXIT_SUCCESS
+            elif isinstance(key, Blake2CHPOKeyfileKey):
+                key_new = Blake2CHPORepoKey(repository)
             else:
-                raise Error("Unsupported key type")
+                print("Change not needed or not supported.")
+                return EXIT_WARNING
 
         for name in ('repository_id', 'enc_key', 'enc_hmac_key', 'id_key', 'chunk_seed',
-                     'tam_required', 'nonce_manager', 'cipher'):
+                     'tam_required', 'sessionid', 'cipher'):
             value = getattr(key, name)
             setattr(key_new, name, value)
 

src/borg/crypto/key.py

@@ -98,7 +98,7 @@ def identify_key(manifest_data):
     if key_type == KeyType.PASSPHRASE:  # legacy, see comment in KeyType class.
         return RepoKey
 
-    for key in AVAILABLE_KEY_TYPES:
+    for key in LEGACY_KEY_TYPES + AVAILABLE_KEY_TYPES:
         if key.TYPE == key_type:
             return key
     else:
@@ -977,7 +977,7 @@ class CHPORepoKey(ID_HMAC_SHA_256, AEADKeyBase, FlexiKey):
 class Blake2AESOCBKeyfileKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
     TYPES_ACCEPTABLE = {KeyType.BLAKE2AESOCBKEYFILE, KeyType.BLAKE2AESOCBREPO}
     TYPE = KeyType.BLAKE2AESOCBKEYFILE
-    NAME = 'key file Blake2b AES-OCB'
+    NAME = 'key file BLAKE2b AES-OCB'
     ARG_NAME = 'keyfile-blake2-aes-ocb'
     STORAGE = KeyBlobStorage.KEYFILE
     CIPHERSUITE = AES256_OCB
@@ -986,7 +986,7 @@ class Blake2AESOCBKeyfileKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
 class Blake2AESOCBRepoKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
     TYPES_ACCEPTABLE = {KeyType.BLAKE2AESOCBKEYFILE, KeyType.BLAKE2AESOCBREPO}
     TYPE = KeyType.BLAKE2AESOCBREPO
-    NAME = 'repokey Blake2b AES-OCB'
+    NAME = 'repokey BLAKE2b AES-OCB'
     ARG_NAME = 'repokey-blake2-aes-ocb'
     STORAGE = KeyBlobStorage.REPO
     CIPHERSUITE = AES256_OCB
@@ -995,7 +995,7 @@ class Blake2AESOCBRepoKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
 class Blake2CHPOKeyfileKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
     TYPES_ACCEPTABLE = {KeyType.BLAKE2CHPOKEYFILE, KeyType.BLAKE2CHPOREPO}
     TYPE = KeyType.BLAKE2CHPOKEYFILE
-    NAME = 'key file Blake2b ChaCha20-Poly1305'
+    NAME = 'key file BLAKE2b ChaCha20-Poly1305'
     ARG_NAME = 'keyfile-blake2-chacha20-poly1305'
     STORAGE = KeyBlobStorage.KEYFILE
     CIPHERSUITE = CHACHA20_POLY1305
@@ -1004,16 +1004,23 @@ class Blake2CHPOKeyfileKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
 class Blake2CHPORepoKey(ID_BLAKE2b_256, AEADKeyBase, FlexiKey):
     TYPES_ACCEPTABLE = {KeyType.BLAKE2CHPOKEYFILE, KeyType.BLAKE2CHPOREPO}
     TYPE = KeyType.BLAKE2CHPOREPO
-    NAME = 'repokey Blake2b ChaCha20-Poly1305'
+    NAME = 'repokey BLAKE2b ChaCha20-Poly1305'
     ARG_NAME = 'repokey-blake2-chacha20-poly1305'
     STORAGE = KeyBlobStorage.REPO
     CIPHERSUITE = CHACHA20_POLY1305
 
 
+LEGACY_KEY_TYPES = (
+    # legacy (AES-CTR based) crypto
+    KeyfileKey, RepoKey,
+    Blake2KeyfileKey, Blake2RepoKey,
+)
+
 AVAILABLE_KEY_TYPES = (
+    # these are available encryption modes for new repositories
+    # not encrypted modes
     PlaintextKey,
-    KeyfileKey, RepoKey, AuthenticatedKey,
+    AuthenticatedKey, Blake2AuthenticatedKey,
-    Blake2KeyfileKey, Blake2RepoKey, Blake2AuthenticatedKey,
     # new crypto
     AESOCBKeyfileKey, AESOCBRepoKey,
     CHPOKeyfileKey, CHPORepoKey,