1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-25 09:19:31 +00:00
Commit graph

4630 commits

Author SHA1 Message Date
Thomas Waldmann
dc4abffbc0 remove unused bytes16 conversions 2017-07-27 23:48:30 +02:00
Thomas Waldmann
63ebfc140b remove unused extract_nonce method 2017-07-27 23:48:30 +02:00
Thomas Waldmann
e7228fa3a4 cosmetic: move some lines 2017-07-27 23:48:30 +02:00
Thomas Waldmann
68ef5e8a4b allow different MACs, implement blake2b MAC 2017-07-27 23:48:30 +02:00
Thomas Waldmann
945b5e25e2 dispatch to dummy blake2b ciphersuite 2017-07-27 23:48:30 +02:00
Thomas Waldmann
1e23291b7f post-merge: re-enabled AuthenticatedKey and tests 2017-07-27 23:48:30 +02:00
Thomas Waldmann
6090fdeef3 move the cipher internal counter overflow check to encrypt()/decrypt() 2017-07-27 23:48:30 +02:00
Thomas Waldmann
8f1678e2ba set_iv / next iv with integers 2017-07-27 23:48:30 +02:00
Thomas Waldmann
58c2dafbe0 nonce manager: remove get/set iv, make it integer based 2017-07-27 23:48:30 +02:00
Thomas Waldmann
f34092e567 move openssl version checks to staticmethod requirements_check 2017-07-27 23:48:30 +02:00
Thomas Waldmann
23959eb5bf borg.key: include chunk id in exception msgs 2017-07-27 23:48:30 +02:00
Thomas Waldmann
37cf3ef469 init ciphersuites with header_len and aad_offset
it's needed for extract_iv already, so it should be given to init, not encrypt/decrypt
2017-07-27 23:48:30 +02:00
Thomas Waldmann
e9bbf9307d refactor to cipher.extract_iv
position and length of iv depends on cipher
2017-07-27 23:48:29 +02:00
Thomas Waldmann
2d79f19263 refactor / generalize to num_cipher_blocks 2017-07-27 23:48:29 +02:00
Thomas Waldmann
310b4b7775 UNENCRYPTED (and unauthenticated) "ciphersuite"
it can be used to integrate the plaintext mode with the AEAD modes, both use same api now.
2017-07-27 23:48:29 +02:00
Thomas Waldmann
f76f42c2a0 use cipher.block_count()
there are some more places where it is used.
2017-07-27 23:48:29 +02:00
Thomas Waldmann
de0707d3dd refactor AES class to new api 2017-07-27 23:48:29 +02:00
Thomas Waldmann
fbc740427d cosmetic: s/enc_cipher/cipher/, remove comment 2017-07-27 23:48:08 +02:00
Thomas Waldmann
8752039bec integrate new crypto code 2017-07-27 23:33:15 +02:00
Thomas Waldmann
4effe40415 re-add legacy AES() crypto class
we need it to encrypt/decrypt key files / config keys.
2017-07-27 23:22:32 +02:00
Thomas Waldmann
ef880de64c add iv as optional encrypt() param 2017-07-27 23:22:32 +02:00
Thomas Waldmann
5287531130 make sure set_iv is called before each encrypt() call 2017-07-27 23:22:32 +02:00
Thomas Waldmann
d88c0765e7 make sure sizes are in sync 2017-07-27 23:22:32 +02:00
Thomas Waldmann
fb85d6abdc generalize intermediate classes' init 2017-07-27 23:22:32 +02:00
Thomas Waldmann
11349d1699 move IV type check to set_iv method 2017-07-27 23:22:32 +02:00
Thomas Waldmann
71b8d7fc18 generalize block count computation
also: use block_count method for legacy ciphersuites
2017-07-27 23:22:32 +02:00
Thomas Waldmann
ca4fc2a222 generalize next_iv comment 2017-07-27 23:22:31 +02:00
Thomas Waldmann
ce5c5781aa replace literals for iv_len/mac_len 2017-07-27 23:22:31 +02:00
Thomas Waldmann
d94f64c6d5 dedup crypto tests for AE/AEAD ciphersuites 2017-07-27 23:22:31 +02:00
Thomas Waldmann
741ab8ba05 use PyMem_Malloc / Free
Hopefully it is better dealing with a lot of small-object allocations than malloc/free is.
Small allocs happen if the input file is small, so it results only in 1 small chunk.
2017-07-27 23:22:31 +02:00
Thomas Waldmann
15490d520d add support for AES-OCB and chacha20-poly1305
also: use AEAD base class
2017-07-27 23:22:31 +02:00
Thomas Waldmann
92080f9572 crypto: add functions missing in openssl 1.0.x 2017-07-27 23:22:31 +02:00
Thomas Waldmann
ee604ab390 crypto: use OpenSSL 1.1 HMAC API
This breaks it on OpenSSL 1.0.x as there is no HMAC_CTX_new/free() yet.

OTOH, this change is consistent with the previous change done for
EVP_CIPHER_CTX (which works on 1.0 and 1.1).
2017-07-27 23:22:31 +02:00
Thomas Waldmann
67567fc432 new crypto api, blackbox/AEAD. also adds AES256-GCM.
includes:

- aes256-ctr-hmac-sha256 (attic/borg legacy, optional aad support)

- aes256-gcm (new, optional aad support)
  uses 96bits for iv, 128bit for auth tag.

- header support
  the caller-provided header will be just copied in front of the rest -
  this avoids expensive operations (memcpy, garbage collection) in Python.
  the first bytes in the header may be non-authenticated data if aad_offset > 0.
  this is to support legacy attic/borg envelope layout, where the type byte
  is not authenticated.

- aad support
  additional authenticated data - it just contributes to the computed mac,
  but is not encrypted). the current api assumes that aad starts at some
  aad_offset inside the given header and extends to the end of it.

- iv handling helpers, compute next iv based on amount of processed data

- unit tests

Note: the changes are intentionally kept isolated / not integrated into the
      rest of the code, so this has to be done later.
2017-07-27 23:22:19 +02:00
enkore
8d89ee981c Merge pull request #2882 from enkore/docs/minor-fixes
docs: minor formatting fixes
2017-07-26 14:01:49 +02:00
Marian Beermann
405e5ac9e1 docs: common options: don't wrap options 2017-07-26 13:57:48 +02:00
Marian Beermann
8727b79325 docs: don't narrow right margin in sidebar toc
avoids overly narrow text in the FAQ toc
2017-07-26 13:54:55 +02:00
enkore
153da8a9e6 Merge pull request #2881 from enkore/docs/tarpipe
docs: tar: tarpipe example
2017-07-26 10:41:10 +02:00
Marian Beermann
2ff4550d4b docs: tar: tarpipe example 2017-07-26 10:40:35 +02:00
enkore
daa88e07f2 Merge pull request #2877 from Alexander-N/pylint-rules
Activate more linting rules in .coafile
2017-07-25 09:56:25 +02:00
enkore
c1d7cd9b90 Merge pull request #2873 from enkore/issue/2869
with-lock, info docs
2017-07-24 23:50:51 +02:00
Marian Beermann
b4b58e7225 info: explain max. archive size 2017-07-24 23:50:18 +02:00
Marian Beermann
24de8514fa with-lock: fix help text 2017-07-24 23:50:18 +02:00
enkore
836bc33a4d Merge pull request #2876 from enkore/issue/2628
cache: write_archive_index: truncate_and_unlink on error
2017-07-24 21:22:24 +02:00
enkore
3c0f8b7943 Merge pull request #2875 from enkore/issue/2863
umount: try fusermount, then try umount
2017-07-24 21:08:44 +02:00
Marian Beermann
2fe37dba7f umount: try fusermount, then try umount 2017-07-24 13:55:32 +02:00
Alexander-N
eff492a8d8 Replace assert_true(False) with fail and don't ignore pylint rule W1503
assert_true(False) violates W1503 (redundant-unittest-assert) and is less clear than using fail().
2017-07-24 13:30:35 +02:00
Alexander-N
61b53f8995 Remove several linting rules from ignored list in .coafile
These rules are not violated and don't need to be ignored.
2017-07-24 13:26:21 +02:00
enkore
77797a2fbf Merge pull request #2837 from milkey-mouse/fix392
Detail how to use macOS/GNOME/KDE keyrings for repo passwords (fixes #392)
2017-07-24 11:03:00 +02:00
Marian Beermann
2623e330a4 cache: write_archive_index: truncate_and_unlink on error 2017-07-24 10:45:57 +02:00