mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-26 09:47:58 +00:00
Merge pull request #1927 from ThomasWaldmann/blake2b-mac-key-length
demonstrate mac key length issue
This commit is contained in:
commit
ded22d3650
2 changed files with 24 additions and 13 deletions
|
@ -336,6 +336,8 @@ def encrypt(self, chunk):
|
||||||
self.nonce_manager.ensure_reservation(num_aes_blocks(len(chunk.data)))
|
self.nonce_manager.ensure_reservation(num_aes_blocks(len(chunk.data)))
|
||||||
self.enc_cipher.reset()
|
self.enc_cipher.reset()
|
||||||
data = b''.join((self.enc_cipher.iv[8:], self.enc_cipher.encrypt(chunk.data)))
|
data = b''.join((self.enc_cipher.iv[8:], self.enc_cipher.encrypt(chunk.data)))
|
||||||
|
assert (self.MAC is blake2b_256 and len(self.enc_hmac_key) == 128 or
|
||||||
|
self.MAC is hmac_sha256 and len(self.enc_hmac_key) == 32)
|
||||||
hmac = self.MAC(self.enc_hmac_key, data)
|
hmac = self.MAC(self.enc_hmac_key, data)
|
||||||
return b''.join((self.TYPE_STR, hmac, data))
|
return b''.join((self.TYPE_STR, hmac, data))
|
||||||
|
|
||||||
|
@ -346,6 +348,8 @@ def decrypt(self, id, data, decompress=True):
|
||||||
raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str)
|
raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str)
|
||||||
data_view = memoryview(data)
|
data_view = memoryview(data)
|
||||||
hmac_given = data_view[1:33]
|
hmac_given = data_view[1:33]
|
||||||
|
assert (self.MAC is blake2b_256 and len(self.enc_hmac_key) == 128 or
|
||||||
|
self.MAC is hmac_sha256 and len(self.enc_hmac_key) == 32)
|
||||||
hmac_computed = memoryview(self.MAC(self.enc_hmac_key, data_view[33:]))
|
hmac_computed = memoryview(self.MAC(self.enc_hmac_key, data_view[33:]))
|
||||||
if not compare_digest(hmac_computed, hmac_given):
|
if not compare_digest(hmac_computed, hmac_given):
|
||||||
id_str = bin_to_hex(id) if id is not None else '(unknown)'
|
id_str = bin_to_hex(id) if id is not None else '(unknown)'
|
||||||
|
|
|
@ -39,21 +39,28 @@ class MockArgs:
|
||||||
|
|
||||||
keyfile_blake2_key_file = """
|
keyfile_blake2_key_file = """
|
||||||
BORG_KEY 0000000000000000000000000000000000000000000000000000000000000000
|
BORG_KEY 0000000000000000000000000000000000000000000000000000000000000000
|
||||||
hqlhbGdvcml0aG2mc2hhMjU2pGRhdGHaANAwo4EbUPF/kLQXhQnT4LxRc1advS8lUiegDa
|
hqlhbGdvcml0aG2mc2hhMjU2pGRhdGHaAZBu680Do3CmfWzeMCwe48KJi3Vps9mEDy7MKF
|
||||||
q2Q6oOkP1Jc7MwBa7ZVMgoBG1sBeKYO6Sn6W6BBrHbMR8Dxv7xquaQIh8jIpnjLWpzyFIk
|
TastsEhiAd1RQMuxfZpklkLeddMMWk+aPtFiURRFb02JLXV5cKRC1o2ZDdiNa0nao+o6+i
|
||||||
JlijFiTWI58Sxj+2D19b2ayFolnGkF9PJSARgfaieo0GkryqjcIgcXuKHO/H9NfaUDk5YJ
|
gUjjsea9TAu25t3vxh8uQWs5BuKRLBRr0nUgrSd0IYMUgn+iVbLJRzCCssvxsklkwQxN3F
|
||||||
UqrJ9TUMohXSQzwF1pO4ak2BHPZKnbeJ7XL/8fFN8VFQZl27R0et4WlTFRBI1qQYyQaTiL
|
Y+MvBnn8kUXSeoSoQ2l0fBHzq94Y7LMOm/owMam5URnE8/UEc6ZXBrbyX4EXxDtUqJcs+D
|
||||||
+/1ICMUpVsQM0mvyW6dc8/zGMsAlmZVApGhhc2jaACDdRF7uPv90UN3zsZy5Be89728RBl
|
i451thtlGdigDLpvf9nyK66mjiCpPCTCgtlzq0Pe1jcdhnsUYLg+qWzXZ7e2opEZoC6XxS
|
||||||
zKvtzupDyTsfrJMqppdGVyYXRpb25zzgABhqCkc2FsdNoAIGTK3TR09UZqw1bPi17gyHOi
|
3DIuBOxG3Odqj9IKB+6/kl94vz98awPWFSpYcLZVWu7sIP38ZkUK+ad5MHTo/LvTuZdFnd
|
||||||
7YtSp4BVK7XptWeKh6Vip3ZlcnNpb24B""".strip()
|
iqKzZIDUJl3Zl1WGmP/0xVOmfIlznkCZy4d3SMuujwIcqQ5kDvwDRPpdhBBk+UWQY5vFXk
|
||||||
|
kR1NBNLSTyhAzu3fiUmFl0qZ+UWPRkGAEBy/NuoEibrWwab8BX97cATyvnmOqYkU9PT0C6
|
||||||
|
l2l9E4bPpGhhc2jaACDnIa8KgKv84/b5sjaMgSZeIVkuKSLJy2NN8zoH8lnd36ppdGVyYX
|
||||||
|
Rpb25zzgABhqCkc2FsdNoAIEJLlLh7q74j3q53856H5GgzA1HH+aW5bA/as544+PGkp3Zl
|
||||||
|
cnNpb24B""".strip()
|
||||||
|
|
||||||
keyfile_blake2_cdata = bytes.fromhex('045d225d745e07af9002d739391e4e7509ff82a04f98debd74'
|
keyfile_blake2_cdata = bytes.fromhex('04fdf9475cf2323c0ba7a99ddc011064f2e7d039f539f2e448'
|
||||||
'012f09b82cc1d07e0404040404040408ec852921309243b164')
|
'0e6f5fc6ff9993d604040404040404098c8cee1c6db8c28947')
|
||||||
# Verified against b2sum. Entire string passed to BLAKE2, including the 32 byte key contained in
|
# Verified against b2sum. Entire string passed to BLAKE2, including the padded 64 byte key contained in
|
||||||
# keyfile_blake2_key_file above is
|
# keyfile_blake2_key_file above is
|
||||||
# 037fb9b75b20d623f1d5a568050fccde4a1b7c5f5047432925e941a17c7a2d0d7061796c6f6164
|
# 19280471de95185ec27ecb6fc9edbb4f4db26974c315ede1cd505fab4250ce7cd0d081ea66946c
|
||||||
# p a y l o a d
|
# 95f0db934d5f616921efbd869257e8ded2bd9bd93d7f07b1a30000000000000000000000000000
|
||||||
keyfile_blake2_id = bytes.fromhex('a22d4fc81bb61c3846c334a09eaf28d22dd7df08c9a7a41e713ef28d80eebd45')
|
# 000000000000000000000000000000000000000000000000000000000000000000000000000000
|
||||||
|
# 00000000000000000000007061796c6f6164
|
||||||
|
# p a y l o a d
|
||||||
|
keyfile_blake2_id = bytes.fromhex('d8bc68e961c79f99be39061589e5179b2113cd9226e07b08ddd4a1fef7ce93fb')
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def keys_dir(self, request, monkeypatch, tmpdir):
|
def keys_dir(self, request, monkeypatch, tmpdir):
|
||||||
|
|
Loading…
Reference in a new issue