if we just have a pointer to a bytes object which might go out of scope, we can lose it.
also: cython can directly assign a bytes object into a same-size char array.
if we just have a pointer to a bytes object which might go out of scope, we can lose it.
also: cython can directly assign a bytes object into a same-size char array.
encrypt used to "patch" the IV into the header,
decrypt used to fetch it from there.
encrypt now takes the header just "as is" and
also decrypt expects that the IV is already set.
also:
cleanup class structure: less inheritance, more mixins.
define type bytes using the 4:4 split
upper 4 bits are ciphersuite:
0 == legacy AES-CTR based stuff
1+ == new AEAD stuff
lower 4 bits are keytype:
legacy: a bit mixed up, as it was...
new stuff: 0=keyfile 1=repokey, ...
`borg benchmark cpu` fails on OpenBSD with the error below, which is
caused by LibreSSL currently not supporting AES256_OCB and
CHACHA20_POLY1305.
Work around this by checking if borg is used with LibreSSL. Tested on
OpenBSD.
```
Chunkers =======================================================
buzhash,19,23,21,4095 1GB 14.294s
fixed,1048576 1GB 0.244s
Non-cryptographic checksums / hashes ===========================
crc32 (libdeflate, used) 1GB 0.724s
crc32 (zlib) 1GB 1.953s
xxh64 1GB 0.361s
Cryptographic hashes / MACs ====================================
hmac-sha256 1GB 7.039s
blake2b-256 1GB 9.845s
Encryption =====================================================
aes-256-ctr-hmac-sha256 1GB 18.312s
aes-256-ctr-blake2b 1GB 21.213s
Local Exception
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/borg/archiver.py", line 5241, in main
exit_code = archiver.run(args)
File "/usr/local/lib/python3.9/site-packages/borg/archiver.py", line 5172, in run
return set_ec(func(args))
File "/usr/local/lib/python3.9/site-packages/borg/archiver.py", line 607, in do_benchmark_cpu
print(f"{spec:<24} {size:<10} {timeit(func, number=100):.3f}s")
File "/usr/local/lib/python3.9/timeit.py", line 233, in timeit
return Timer(stmt, setup, timer, globals).timeit(number)
File "/usr/local/lib/python3.9/timeit.py", line 177, in timeit
timing = self.inner(it, self.timer)
File "<timeit-src>", line 6, in inner
File "/usr/local/lib/python3.9/site-packages/borg/archiver.py", line 602, in <lambda>
("aes-256-ocb", lambda: AES256_OCB(
File "src/borg/crypto/low_level.pyx", line 636, in borg.crypto.low_level.AES256_OCB.__init__
File "src/borg/crypto/low_level.pyx", line 633, in borg.crypto.low_level.AES256_OCB.requirements_check
ValueError: AES OCB is not implemented by LibreSSL (yet?).
Platform: OpenBSD gateway.lan 7.1 GENERIC.MP#418 amd64
Borg: 1.2.1.dev98+gebaf0c32 Python: CPython 3.9.10 msgpack: 1.0.3 fuse: None [pyfuse3,llfuse]
PID: 38614 CWD: /storage/8899fc1454db04de.a/home/code/git/ports/sysutils/borg
sys.argv: ['/usr/local/bin/borg', 'benchmark', 'cpu']
SSH_ORIGINAL_COMMAND: None
```
we tried to be very private / secure here, but that created the issue
that a less secure umask (like e.g. 0o007) just did not work.
to make the umask work, we must start from 0o777 mode and let the
umask do its work, like e.g. 0o777 & ~0o007 --> 0o770.
with borg's default umask of 0o077, it usually ends up being 0o700,
so only permissions for the user (not group, not others).
Thomas Waldmann