Thomas Waldmann
f34092e567
move openssl version checks to staticmethod requirements_check
2017-07-27 23:48:30 +02:00
Thomas Waldmann
23959eb5bf
borg.key: include chunk id in exception msgs
2017-07-27 23:48:30 +02:00
Thomas Waldmann
37cf3ef469
init ciphersuites with header_len and aad_offset
...
it's needed for extract_iv already, so it should be given to init, not encrypt/decrypt
2017-07-27 23:48:30 +02:00
Thomas Waldmann
e9bbf9307d
refactor to cipher.extract_iv
...
position and length of iv depends on cipher
2017-07-27 23:48:29 +02:00
Thomas Waldmann
2d79f19263
refactor / generalize to num_cipher_blocks
2017-07-27 23:48:29 +02:00
Thomas Waldmann
310b4b7775
UNENCRYPTED (and unauthenticated) "ciphersuite"
...
it can be used to integrate the plaintext mode with the AEAD modes, both use same api now.
2017-07-27 23:48:29 +02:00
Thomas Waldmann
f76f42c2a0
use cipher.block_count()
...
there are some more places where it is used.
2017-07-27 23:48:29 +02:00
Thomas Waldmann
de0707d3dd
refactor AES class to new api
2017-07-27 23:48:29 +02:00
Thomas Waldmann
fbc740427d
cosmetic: s/enc_cipher/cipher/, remove comment
2017-07-27 23:48:08 +02:00
Thomas Waldmann
8752039bec
integrate new crypto code
2017-07-27 23:33:15 +02:00
Thomas Waldmann
4effe40415
re-add legacy AES() crypto class
...
we need it to encrypt/decrypt key files / config keys.
2017-07-27 23:22:32 +02:00
Thomas Waldmann
ef880de64c
add iv as optional encrypt() param
2017-07-27 23:22:32 +02:00
Thomas Waldmann
5287531130
make sure set_iv is called before each encrypt() call
2017-07-27 23:22:32 +02:00
Thomas Waldmann
d88c0765e7
make sure sizes are in sync
2017-07-27 23:22:32 +02:00
Thomas Waldmann
fb85d6abdc
generalize intermediate classes' init
2017-07-27 23:22:32 +02:00
Thomas Waldmann
11349d1699
move IV type check to set_iv method
2017-07-27 23:22:32 +02:00
Thomas Waldmann
71b8d7fc18
generalize block count computation
...
also: use block_count method for legacy ciphersuites
2017-07-27 23:22:32 +02:00
Thomas Waldmann
ca4fc2a222
generalize next_iv comment
2017-07-27 23:22:31 +02:00
Thomas Waldmann
ce5c5781aa
replace literals for iv_len/mac_len
2017-07-27 23:22:31 +02:00
Thomas Waldmann
d94f64c6d5
dedup crypto tests for AE/AEAD ciphersuites
2017-07-27 23:22:31 +02:00
Thomas Waldmann
741ab8ba05
use PyMem_Malloc / Free
...
Hopefully it is better dealing with a lot of small-object allocations than malloc/free is.
Small allocs happen if the input file is small, so it results only in 1 small chunk.
2017-07-27 23:22:31 +02:00
Thomas Waldmann
15490d520d
add support for AES-OCB and chacha20-poly1305
...
also: use AEAD base class
2017-07-27 23:22:31 +02:00
Thomas Waldmann
92080f9572
crypto: add functions missing in openssl 1.0.x
2017-07-27 23:22:31 +02:00
Thomas Waldmann
ee604ab390
crypto: use OpenSSL 1.1 HMAC API
...
This breaks it on OpenSSL 1.0.x as there is no HMAC_CTX_new/free() yet.
OTOH, this change is consistent with the previous change done for
EVP_CIPHER_CTX (which works on 1.0 and 1.1).
2017-07-27 23:22:31 +02:00
Thomas Waldmann
67567fc432
new crypto api, blackbox/AEAD. also adds AES256-GCM.
...
includes:
- aes256-ctr-hmac-sha256 (attic/borg legacy, optional aad support)
- aes256-gcm (new, optional aad support)
uses 96bits for iv, 128bit for auth tag.
- header support
the caller-provided header will be just copied in front of the rest -
this avoids expensive operations (memcpy, garbage collection) in Python.
the first bytes in the header may be non-authenticated data if aad_offset > 0.
this is to support legacy attic/borg envelope layout, where the type byte
is not authenticated.
- aad support
additional authenticated data - it just contributes to the computed mac,
but is not encrypted). the current api assumes that aad starts at some
aad_offset inside the given header and extends to the end of it.
- iv handling helpers, compute next iv based on amount of processed data
- unit tests
Note: the changes are intentionally kept isolated / not integrated into the
rest of the code, so this has to be done later.
2017-07-27 23:22:19 +02:00
enkore
8d89ee981c
Merge pull request #2882 from enkore/docs/minor-fixes
...
docs: minor formatting fixes
2017-07-26 14:01:49 +02:00
Marian Beermann
405e5ac9e1
docs: common options: don't wrap options
2017-07-26 13:57:48 +02:00
Marian Beermann
8727b79325
docs: don't narrow right margin in sidebar toc
...
avoids overly narrow text in the FAQ toc
2017-07-26 13:54:55 +02:00
enkore
153da8a9e6
Merge pull request #2881 from enkore/docs/tarpipe
...
docs: tar: tarpipe example
2017-07-26 10:41:10 +02:00
Marian Beermann
2ff4550d4b
docs: tar: tarpipe example
2017-07-26 10:40:35 +02:00
enkore
daa88e07f2
Merge pull request #2877 from Alexander-N/pylint-rules
...
Activate more linting rules in .coafile
2017-07-25 09:56:25 +02:00
enkore
c1d7cd9b90
Merge pull request #2873 from enkore/issue/2869
...
with-lock, info docs
2017-07-24 23:50:51 +02:00
Marian Beermann
b4b58e7225
info: explain max. archive size
2017-07-24 23:50:18 +02:00
Marian Beermann
24de8514fa
with-lock: fix help text
2017-07-24 23:50:18 +02:00
enkore
836bc33a4d
Merge pull request #2876 from enkore/issue/2628
...
cache: write_archive_index: truncate_and_unlink on error
2017-07-24 21:22:24 +02:00
enkore
3c0f8b7943
Merge pull request #2875 from enkore/issue/2863
...
umount: try fusermount, then try umount
2017-07-24 21:08:44 +02:00
Marian Beermann
2fe37dba7f
umount: try fusermount, then try umount
2017-07-24 13:55:32 +02:00
Alexander-N
eff492a8d8
Replace assert_true(False) with fail and don't ignore pylint rule W1503
...
assert_true(False) violates W1503 (redundant-unittest-assert) and is less clear than using fail().
2017-07-24 13:30:35 +02:00
Alexander-N
61b53f8995
Remove several linting rules from ignored list in .coafile
...
These rules are not violated and don't need to be ignored.
2017-07-24 13:26:21 +02:00
enkore
77797a2fbf
Merge pull request #2837 from milkey-mouse/fix392
...
Detail how to use macOS/GNOME/KDE keyrings for repo passwords (fixes #392 )
2017-07-24 11:03:00 +02:00
Marian Beermann
2623e330a4
cache: write_archive_index: truncate_and_unlink on error
2017-07-24 10:45:57 +02:00
TW
b85076db6f
Merge pull request #2867 from ThomasWaldmann/rel110rc1
...
WIP: release 1.1.0rc1
2017-07-24 01:27:19 +02:00
Thomas Waldmann
43ecde1bde
python setup.py build_usage
2017-07-23 17:12:01 +02:00
Thomas Waldmann
6b08ec78bb
add release date to CHANGES
2017-07-23 17:07:43 +02:00
TW
090d2fead9
Merge pull request #2804 from ThomasWaldmann/update-changes
...
update CHANGES (master)
2017-07-23 17:04:55 +02:00
Thomas Waldmann
6c39c1c515
update CHANGES (master)
2017-07-23 17:00:56 +02:00
enkore
eb3e7604d8
Merge pull request #2836 from enkore/docs/installation
...
Cleanup installation
2017-07-23 16:04:47 +02:00
Marian Beermann
b3e0dd3761
docs: file system requirements, update segs per dir
2017-07-23 16:03:45 +02:00
TW
22bbe45f98
Merge pull request #2860 from ThomasWaldmann/fix-2853
...
give known chunk size to chunk_incref, fixes #2853
2017-07-23 14:31:07 +02:00
Thomas Waldmann
2edbcd7703
chunk_incref: compute "_size or size" only once
2017-07-23 13:53:48 +02:00