Thomas Waldmann
3a0e1a1cc2
crypto: low_level: reduce class inheritance depth
2022-03-26 17:05:57 +01:00
Thomas Waldmann
e4b65dea76
crypto: add IV overflow check
...
will never happen, but better play safe.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
900a812e9c
crypto: bump API_VERSION to 1.3_01
2022-03-26 17:05:57 +01:00
Thomas Waldmann
ce247526c2
docs: update borg init examples
2022-03-26 17:05:57 +01:00
Thomas Waldmann
298c5ee539
docs: security infos only applying to legacy encryption
2022-03-26 17:05:57 +01:00
Thomas Waldmann
b3383a4d53
update borg init docs
2022-03-26 17:05:57 +01:00
Thomas Waldmann
ccf0875053
EVP_DecryptFinal_ex: fix check for return value
...
seems like the current docs were updated.
was "positive return code".
now specifically mentions 0 and 1.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
e1313ccc05
crypto.low_level: simplify return code checks (legacy)
2022-03-26 17:05:57 +01:00
Thomas Waldmann
948d67efd8
crypto.low_level: simplify return code checks (AEAD)
2022-03-26 17:05:57 +01:00
Thomas Waldmann
f4a6ad080b
docs: add new AEAD modes to security docs
2022-03-26 17:05:57 +01:00
Thomas Waldmann
c50e1124b5
also authenticate the chunkid when using the AEAD ciphers (AES-OCB/CHACHA-POLY)
2022-03-26 17:05:57 +01:00
Thomas Waldmann
8bd9477b96
add aad parameter to borg.crypto.low_level api
...
added it for all classes there, so the caller just give it.
for the legacy AES-CTR based classes, the given aad is completely ignored.
this is to stay compatible with repo data of borg < 1.3.
for the new AEAD based classes:
encrypt: the aad is fed into the auth tag computation
decrypt: same. decrypt will fail on auth tag mismatch.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
d3b78a6cf5
minor key.encrypt api change/cleanup
...
we already have .decrypt(id, data, ...).
i changed .encrypt(chunk) to .encrypt(id, data).
the old borg crypto won't really need or use the id,
but the new AEAD crypto will authenticate the id in future.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
41b8a04d82
use faster hmac.digest api
2022-03-26 17:05:57 +01:00
Thomas Waldmann
74ecb63671
fix new crypto benchmarks for api change
2022-03-26 17:05:57 +01:00
Thomas Waldmann
0b5a21275f
avoid losing the key (old crypto)
...
if we just have a pointer to a bytes object which might go out of scope, we can lose it.
also: cython can directly assign a bytes object into a same-size char array.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
6d6d3caa24
avoid losing the key
...
if we just have a pointer to a bytes object which might go out of scope, we can lose it.
also: cython can directly assign a bytes object into a same-size char array.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
41082f558f
crypto: add some tests for new key types
2022-03-26 17:05:57 +01:00
Thomas Waldmann
6f2c587080
tests: consistently give iv_int to ciphersuite
2022-03-26 17:05:57 +01:00
Thomas Waldmann
6c7b499d3f
set aead auth tag directly before EVP_DecryptFinal_ev
...
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption
2022-03-26 17:05:57 +01:00
Thomas Waldmann
bb949b25ea
EVP_DecryptFinal_ex: fix check for return value
...
seems like the current docs were updated.
was "positive return code".
now specifically mentions 0 and 1.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
c010800f55
header_len=0 fits header=b'' default
2022-03-26 17:05:57 +01:00
Thomas Waldmann
5c66fa4caa
crypto: layout updates, low-level does not deal with IV
...
encrypt used to "patch" the IV into the header,
decrypt used to fetch it from there.
encrypt now takes the header just "as is" and
also decrypt expects that the IV is already set.
2022-03-26 17:05:57 +01:00
Thomas Waldmann
0f6f278b0f
crypto: AEAD key classes
...
also:
cleanup class structure: less inheritance, more mixins.
define type bytes using the 4:4 split
upper 4 bits are ciphersuite:
0 == legacy AES-CTR based stuff
1+ == new AEAD stuff
lower 4 bits are keytype:
legacy: a bit mixed up, as it was...
new stuff: 0=keyfile 1=repokey, ...
2022-03-26 17:05:35 +01:00
TW
3e1cfd009e
Merge pull request #6459 from ThomasWaldmann/vagrant-fixes
...
vagrant fixes
2022-03-25 01:32:22 +01:00
Thomas Waldmann
dea54df2e4
vagrant: use a openbsd-current ("7.1") box
2022-03-25 01:31:11 +01:00
Thomas Waldmann
b43ce32188
vagrant: remove focal64 VM (no py39)
2022-03-25 01:30:03 +01:00
Thomas Waldmann
93ca8f79be
vagrant: py39 / libs related fixes
2022-03-25 01:29:48 +01:00
Manu
25ecde56b5
Simplify libs setup ( #6482 )
2022-03-24 10:28:02 +04:00
Manu
710d76e5c2
Move system lib comment up, formatting, expand lib not found error.
2022-03-24 08:41:34 +04:00
Manu
f36a0fc6b6
Remove Python 3.8 from tox
2022-03-23 17:47:34 +04:00
Manu
c86a5491d9
Rever xxhash version
2022-03-23 17:40:33 +04:00
Manu
e686ec0d8c
Fix openssl ext
2022-03-23 17:28:27 +04:00
Manu
249de7eb45
Add feedback, part 1
2022-03-23 17:19:43 +04:00
Manu
ec11905f11
Add src path to setup.cfg
2022-03-23 16:19:25 +04:00
Manu
dd17c0e869
Fix xxhash version
2022-03-23 15:53:26 +04:00
Manu
3732c45f42
Initial commit
2022-03-23 15:42:34 +04:00
TW
89f192edb2
Merge pull request #6455 from Whissi/issue_6453
...
delete: add repository id and location to prompt
2022-03-23 05:16:47 +01:00
Thomas Waldmann
9633273622
crypto: simplify api for new crypto, AEAD only needs 1 key
2022-03-22 20:08:34 +01:00
Thomas Waldmann
3473b17a8d
crypto: improve attr naming
2022-03-22 20:07:33 +01:00
Thomas Waldmann
57479fb989
crypto: put the IV into the header, at the end of it
...
one openssl call less due to simpler layout!
also change default for aad_offset to 0:
by default, we want to authenticate the complete header.
2022-03-22 20:07:33 +01:00
Thomas Waldmann
e647360a0e
crypto: better raise NotImplementedError if we have no id_hash
2022-03-22 20:07:33 +01:00
Thomas Waldmann
aff626119a
crypto: cleanup, remove references to AES-GCM
...
A lot of people have concerns about AES-GCM.
Considering we can use AES-OCB, I guess we will
not use AES-GCM anyway, thus no need to talk
about it.
2022-03-22 20:07:33 +01:00
Thomas Waldmann
d3f069cb3b
crypto: fix/update borg version comments
...
new AEAD crypto can be used with borg >= 1.3.
old crypto is used by attic and borg < 1.3.
2022-03-22 20:07:33 +01:00
Andrey Bienkowski
78f041440c
Argon2 the first part: Implement key derivation (was: part 0) ( #6468 )
...
add a argon2 based kdf, using argon2-cffi
2022-03-21 21:51:54 +01:00
Thomas Deutschmann
19c7b85eca
delete: add repository id and location to prompt
...
Closes: https://github.com/borgbackup/borg/issues/6453
2022-03-21 21:11:46 +01:00
TW
dfd7ea8171
Merge pull request #6464 from ThomasWaldmann/exclude-checksums-c
...
fixup: fix some algorithms/* ignores
2022-03-18 01:18:39 +01:00
Thomas Waldmann
1f90d4a77a
fixup: fix some algorithms/* ignores
2022-03-17 23:34:26 +01:00
TW
cb0e4fc2b2
Merge pull request #6460 from ThomasWaldmann/move-checksums
...
remove algorithms package, move checksums module to borg package
2022-03-17 12:55:43 +01:00
Thomas Waldmann
cc3b5c062c
remove algorithms package, move checksums module to borg package
2022-03-17 00:24:49 +01:00