Thomas Waldmann
dc4abffbc0
remove unused bytes16 conversions
2017-07-27 23:48:30 +02:00
Thomas Waldmann
63ebfc140b
remove unused extract_nonce method
2017-07-27 23:48:30 +02:00
Thomas Waldmann
e7228fa3a4
cosmetic: move some lines
2017-07-27 23:48:30 +02:00
Thomas Waldmann
68ef5e8a4b
allow different MACs, implement blake2b MAC
2017-07-27 23:48:30 +02:00
Thomas Waldmann
945b5e25e2
dispatch to dummy blake2b ciphersuite
2017-07-27 23:48:30 +02:00
Thomas Waldmann
1e23291b7f
post-merge: re-enabled AuthenticatedKey and tests
2017-07-27 23:48:30 +02:00
Thomas Waldmann
6090fdeef3
move the cipher internal counter overflow check to encrypt()/decrypt()
2017-07-27 23:48:30 +02:00
Thomas Waldmann
8f1678e2ba
set_iv / next iv with integers
2017-07-27 23:48:30 +02:00
Thomas Waldmann
58c2dafbe0
nonce manager: remove get/set iv, make it integer based
2017-07-27 23:48:30 +02:00
Thomas Waldmann
f34092e567
move openssl version checks to staticmethod requirements_check
2017-07-27 23:48:30 +02:00
Thomas Waldmann
23959eb5bf
borg.key: include chunk id in exception msgs
2017-07-27 23:48:30 +02:00
Thomas Waldmann
37cf3ef469
init ciphersuites with header_len and aad_offset
...
it's needed for extract_iv already, so it should be given to init, not encrypt/decrypt
2017-07-27 23:48:30 +02:00
Thomas Waldmann
e9bbf9307d
refactor to cipher.extract_iv
...
position and length of iv depends on cipher
2017-07-27 23:48:29 +02:00
Thomas Waldmann
2d79f19263
refactor / generalize to num_cipher_blocks
2017-07-27 23:48:29 +02:00
Thomas Waldmann
310b4b7775
UNENCRYPTED (and unauthenticated) "ciphersuite"
...
it can be used to integrate the plaintext mode with the AEAD modes, both use same api now.
2017-07-27 23:48:29 +02:00
Thomas Waldmann
f76f42c2a0
use cipher.block_count()
...
there are some more places where it is used.
2017-07-27 23:48:29 +02:00
Thomas Waldmann
de0707d3dd
refactor AES class to new api
2017-07-27 23:48:29 +02:00
Thomas Waldmann
fbc740427d
cosmetic: s/enc_cipher/cipher/, remove comment
2017-07-27 23:48:08 +02:00
Thomas Waldmann
8752039bec
integrate new crypto code
2017-07-27 23:33:15 +02:00
Thomas Waldmann
4effe40415
re-add legacy AES() crypto class
...
we need it to encrypt/decrypt key files / config keys.
2017-07-27 23:22:32 +02:00
Thomas Waldmann
ef880de64c
add iv as optional encrypt() param
2017-07-27 23:22:32 +02:00
Thomas Waldmann
5287531130
make sure set_iv is called before each encrypt() call
2017-07-27 23:22:32 +02:00
Thomas Waldmann
d88c0765e7
make sure sizes are in sync
2017-07-27 23:22:32 +02:00
Thomas Waldmann
fb85d6abdc
generalize intermediate classes' init
2017-07-27 23:22:32 +02:00
Thomas Waldmann
11349d1699
move IV type check to set_iv method
2017-07-27 23:22:32 +02:00
Thomas Waldmann
71b8d7fc18
generalize block count computation
...
also: use block_count method for legacy ciphersuites
2017-07-27 23:22:32 +02:00
Thomas Waldmann
ca4fc2a222
generalize next_iv comment
2017-07-27 23:22:31 +02:00
Thomas Waldmann
ce5c5781aa
replace literals for iv_len/mac_len
2017-07-27 23:22:31 +02:00
Thomas Waldmann
d94f64c6d5
dedup crypto tests for AE/AEAD ciphersuites
2017-07-27 23:22:31 +02:00
Thomas Waldmann
741ab8ba05
use PyMem_Malloc / Free
...
Hopefully it is better dealing with a lot of small-object allocations than malloc/free is.
Small allocs happen if the input file is small, so it results only in 1 small chunk.
2017-07-27 23:22:31 +02:00
Thomas Waldmann
15490d520d
add support for AES-OCB and chacha20-poly1305
...
also: use AEAD base class
2017-07-27 23:22:31 +02:00
Thomas Waldmann
92080f9572
crypto: add functions missing in openssl 1.0.x
2017-07-27 23:22:31 +02:00
Thomas Waldmann
ee604ab390
crypto: use OpenSSL 1.1 HMAC API
...
This breaks it on OpenSSL 1.0.x as there is no HMAC_CTX_new/free() yet.
OTOH, this change is consistent with the previous change done for
EVP_CIPHER_CTX (which works on 1.0 and 1.1).
2017-07-27 23:22:31 +02:00
Thomas Waldmann
67567fc432
new crypto api, blackbox/AEAD. also adds AES256-GCM.
...
includes:
- aes256-ctr-hmac-sha256 (attic/borg legacy, optional aad support)
- aes256-gcm (new, optional aad support)
uses 96bits for iv, 128bit for auth tag.
- header support
the caller-provided header will be just copied in front of the rest -
this avoids expensive operations (memcpy, garbage collection) in Python.
the first bytes in the header may be non-authenticated data if aad_offset > 0.
this is to support legacy attic/borg envelope layout, where the type byte
is not authenticated.
- aad support
additional authenticated data - it just contributes to the computed mac,
but is not encrypted). the current api assumes that aad starts at some
aad_offset inside the given header and extends to the end of it.
- iv handling helpers, compute next iv based on amount of processed data
- unit tests
Note: the changes are intentionally kept isolated / not integrated into the
rest of the code, so this has to be done later.
2017-07-27 23:22:19 +02:00
enkore
8d89ee981c
Merge pull request #2882 from enkore/docs/minor-fixes
...
docs: minor formatting fixes
2017-07-26 14:01:49 +02:00
Marian Beermann
405e5ac9e1
docs: common options: don't wrap options
2017-07-26 13:57:48 +02:00
Marian Beermann
8727b79325
docs: don't narrow right margin in sidebar toc
...
avoids overly narrow text in the FAQ toc
2017-07-26 13:54:55 +02:00
enkore
153da8a9e6
Merge pull request #2881 from enkore/docs/tarpipe
...
docs: tar: tarpipe example
2017-07-26 10:41:10 +02:00
Marian Beermann
2ff4550d4b
docs: tar: tarpipe example
2017-07-26 10:40:35 +02:00
enkore
daa88e07f2
Merge pull request #2877 from Alexander-N/pylint-rules
...
Activate more linting rules in .coafile
2017-07-25 09:56:25 +02:00
enkore
c1d7cd9b90
Merge pull request #2873 from enkore/issue/2869
...
with-lock, info docs
2017-07-24 23:50:51 +02:00
Marian Beermann
b4b58e7225
info: explain max. archive size
2017-07-24 23:50:18 +02:00
Marian Beermann
24de8514fa
with-lock: fix help text
2017-07-24 23:50:18 +02:00
enkore
836bc33a4d
Merge pull request #2876 from enkore/issue/2628
...
cache: write_archive_index: truncate_and_unlink on error
2017-07-24 21:22:24 +02:00
enkore
3c0f8b7943
Merge pull request #2875 from enkore/issue/2863
...
umount: try fusermount, then try umount
2017-07-24 21:08:44 +02:00
Marian Beermann
2fe37dba7f
umount: try fusermount, then try umount
2017-07-24 13:55:32 +02:00
Alexander-N
eff492a8d8
Replace assert_true(False) with fail and don't ignore pylint rule W1503
...
assert_true(False) violates W1503 (redundant-unittest-assert) and is less clear than using fail().
2017-07-24 13:30:35 +02:00
Alexander-N
61b53f8995
Remove several linting rules from ignored list in .coafile
...
These rules are not violated and don't need to be ignored.
2017-07-24 13:26:21 +02:00
enkore
77797a2fbf
Merge pull request #2837 from milkey-mouse/fix392
...
Detail how to use macOS/GNOME/KDE keyrings for repo passwords (fixes #392 )
2017-07-24 11:03:00 +02:00
Marian Beermann
2623e330a4
cache: write_archive_index: truncate_and_unlink on error
2017-07-24 10:45:57 +02:00