mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity
6,717 Commits 9 Branches 137 Tags 57 MiB
Commit Graph

6717 Commits

Author SHA1 Message Date
Thomas Waldmann e4b65dea76 crypto: add IV overflow check 
will never happen, but better play safe.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann 900a812e9c crypto: bump API_VERSION to 1.3_01 2022-03-26 17:05:57 +01:00
Thomas Waldmann ce247526c2 docs: update borg init examples 2022-03-26 17:05:57 +01:00
Thomas Waldmann 298c5ee539 docs: security infos only applying to legacy encryption 2022-03-26 17:05:57 +01:00
Thomas Waldmann b3383a4d53 update borg init docs 2022-03-26 17:05:57 +01:00
Thomas Waldmann ccf0875053 EVP_DecryptFinal_ex: fix check for return value 
seems like the current docs were updated.
was "positive return code".
now specifically mentions 0 and 1.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann e1313ccc05 crypto.low_level: simplify return code checks (legacy) 2022-03-26 17:05:57 +01:00
Thomas Waldmann 948d67efd8 crypto.low_level: simplify return code checks (AEAD) 2022-03-26 17:05:57 +01:00
Thomas Waldmann f4a6ad080b docs: add new AEAD modes to security docs 2022-03-26 17:05:57 +01:00
Thomas Waldmann c50e1124b5 also authenticate the chunkid when using the AEAD ciphers (AES-OCB/CHACHA-POLY) 2022-03-26 17:05:57 +01:00
Thomas Waldmann 8bd9477b96 add aad parameter to borg.crypto.low_level api 
added it for all classes there, so the caller just give it.

for the legacy AES-CTR based classes, the given aad is completely ignored.
this is to stay compatible with repo data of borg < 1.3.

for the new AEAD based classes:
encrypt: the aad is fed into the auth tag computation
decrypt: same. decrypt will fail on auth tag mismatch.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann d3b78a6cf5 minor key.encrypt api change/cleanup 
we already have .decrypt(id, data, ...).
i changed .encrypt(chunk) to .encrypt(id, data).

the old borg crypto won't really need or use the id,
but the new AEAD crypto will authenticate the id in future.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann 41b8a04d82 use faster hmac.digest api 2022-03-26 17:05:57 +01:00
Thomas Waldmann 74ecb63671 fix new crypto benchmarks for api change 2022-03-26 17:05:57 +01:00
Thomas Waldmann 0b5a21275f avoid losing the key (old crypto) 
if we just have a pointer to a bytes object which might go out of scope, we can lose it.

also: cython can directly assign a bytes object into a same-size char array.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann 6d6d3caa24 avoid losing the key 
if we just have a pointer to a bytes object which might go out of scope, we can lose it.

also: cython can directly assign a bytes object into a same-size char array.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann 41082f558f crypto: add some tests for new key types 2022-03-26 17:05:57 +01:00
Thomas Waldmann 6f2c587080 tests: consistently give iv_int to ciphersuite 2022-03-26 17:05:57 +01:00
Thomas Waldmann 6c7b499d3f set aead auth tag directly before EVP_DecryptFinal_ev 
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption
 2022-03-26 17:05:57 +01:00
Thomas Waldmann bb949b25ea EVP_DecryptFinal_ex: fix check for return value 
seems like the current docs were updated.
was "positive return code".
now specifically mentions 0 and 1.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann c010800f55 header_len=0 fits header=b'' default 2022-03-26 17:05:57 +01:00
Thomas Waldmann 5c66fa4caa crypto: layout updates, low-level does not deal with IV 
encrypt used to "patch" the IV into the header,
decrypt used to fetch it from there.

encrypt now takes the header just "as is" and
also decrypt expects that the IV is already set.
 2022-03-26 17:05:57 +01:00
Thomas Waldmann 0f6f278b0f crypto: AEAD key classes 
also:

cleanup class structure: less inheritance, more mixins.

define type bytes using the 4:4 split

upper 4 bits are ciphersuite:
0 == legacy AES-CTR based stuff
1+ == new AEAD stuff

lower 4 bits are keytype:
legacy: a bit mixed up, as it was...
new stuff: 0=keyfile 1=repokey, ...
 2022-03-26 17:05:35 +01:00
TW 3e1cfd009e
Merge pull request #6459 from ThomasWaldmann/vagrant-fixes 
vagrant fixes
 2022-03-25 01:32:22 +01:00
Thomas Waldmann dea54df2e4 vagrant: use a openbsd-current ("7.1") box 2022-03-25 01:31:11 +01:00
Thomas Waldmann b43ce32188 vagrant: remove focal64 VM (no py39) 2022-03-25 01:30:03 +01:00
Thomas Waldmann 93ca8f79be vagrant: py39 / libs related fixes 2022-03-25 01:29:48 +01:00
Manu 25ecde56b5
Simplify libs setup (#6482) 2022-03-24 10:28:02 +04:00
Manu 710d76e5c2 Move system lib comment up, formatting, expand lib not found error. 2022-03-24 08:41:34 +04:00
Manu f36a0fc6b6 Remove Python 3.8 from tox 2022-03-23 17:47:34 +04:00
Manu c86a5491d9 Rever xxhash version 2022-03-23 17:40:33 +04:00
Manu e686ec0d8c Fix openssl ext 2022-03-23 17:28:27 +04:00
Manu 249de7eb45 Add feedback, part 1 2022-03-23 17:19:43 +04:00
Manu ec11905f11 Add src path to setup.cfg 2022-03-23 16:19:25 +04:00
Manu dd17c0e869 Fix xxhash version 2022-03-23 15:53:26 +04:00
Manu 3732c45f42 Initial commit 2022-03-23 15:42:34 +04:00
TW 89f192edb2
Merge pull request #6455 from Whissi/issue_6453 
delete: add repository id and location to prompt
 2022-03-23 05:16:47 +01:00
Thomas Waldmann 9633273622 crypto: simplify api for new crypto, AEAD only needs 1 key 2022-03-22 20:08:34 +01:00
Thomas Waldmann 3473b17a8d crypto: improve attr naming 2022-03-22 20:07:33 +01:00
Thomas Waldmann 57479fb989 crypto: put the IV into the header, at the end of it 
one openssl call less due to simpler layout!

also change default for aad_offset to 0:
by default, we want to authenticate the complete header.
 2022-03-22 20:07:33 +01:00
Thomas Waldmann e647360a0e crypto: better raise NotImplementedError if we have no id_hash 2022-03-22 20:07:33 +01:00
Thomas Waldmann aff626119a crypto: cleanup, remove references to AES-GCM 
A lot of people have concerns about AES-GCM.

Considering we can use AES-OCB, I guess we will
not use AES-GCM anyway, thus no need to talk
about it.
 2022-03-22 20:07:33 +01:00
Thomas Waldmann d3f069cb3b crypto: fix/update borg version comments 
new AEAD crypto can be used with borg >= 1.3.
old crypto is used by attic and borg < 1.3.
 2022-03-22 20:07:33 +01:00
Andrey Bienkowski 78f041440c
Argon2 the first part: Implement key derivation (was: part 0) (#6468) 
add a argon2 based kdf, using argon2-cffi
 2022-03-21 21:51:54 +01:00
Thomas Deutschmann 19c7b85eca
delete: add repository id and location to prompt 
Closes: https://github.com/borgbackup/borg/issues/6453
 2022-03-21 21:11:46 +01:00
TW dfd7ea8171
Merge pull request #6464 from ThomasWaldmann/exclude-checksums-c 
fixup: fix some algorithms/* ignores
 2022-03-18 01:18:39 +01:00
Thomas Waldmann 1f90d4a77a fixup: fix some algorithms/* ignores 2022-03-17 23:34:26 +01:00
TW cb0e4fc2b2
Merge pull request #6460 from ThomasWaldmann/move-checksums 
remove algorithms package, move checksums module to borg package
 2022-03-17 12:55:43 +01:00
Thomas Waldmann cc3b5c062c remove algorithms package, move checksums module to borg package 2022-03-17 00:24:49 +01:00
TW c641e31e82
Merge pull request #6454 from bket/fix-benchmark-cpu 
`borg benchmark cpu` fails with libressl
 2022-03-14 20:13:02 +01:00