mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity
4,532 Commits 9 Branches 137 Tags 57 MiB
Commit Graph

4532 Commits

Author SHA1 Message Date
Marian Beermann d5ee16d676 crypto: remove AES-GCM 2017-07-29 12:22:11 +02:00
enkore 7d02c7e453 Merge pull request #1034 from ThomasWaldmann/crypto-aead 
new crypto code, blackbox, aead internally
 2017-07-29 12:18:38 +02:00
Thomas Waldmann dc4abffbc0 remove unused bytes16 conversions 2017-07-27 23:48:30 +02:00
Thomas Waldmann 63ebfc140b remove unused extract_nonce method 2017-07-27 23:48:30 +02:00
Thomas Waldmann e7228fa3a4 cosmetic: move some lines 2017-07-27 23:48:30 +02:00
Thomas Waldmann 68ef5e8a4b allow different MACs, implement blake2b MAC 2017-07-27 23:48:30 +02:00
Thomas Waldmann 945b5e25e2 dispatch to dummy blake2b ciphersuite 2017-07-27 23:48:30 +02:00
Thomas Waldmann 1e23291b7f post-merge: re-enabled AuthenticatedKey and tests 2017-07-27 23:48:30 +02:00
Thomas Waldmann 6090fdeef3 move the cipher internal counter overflow check to encrypt()/decrypt() 2017-07-27 23:48:30 +02:00
Thomas Waldmann 8f1678e2ba set_iv / next iv with integers 2017-07-27 23:48:30 +02:00
Thomas Waldmann 58c2dafbe0 nonce manager: remove get/set iv, make it integer based 2017-07-27 23:48:30 +02:00
Thomas Waldmann f34092e567 move openssl version checks to staticmethod requirements_check 2017-07-27 23:48:30 +02:00
Thomas Waldmann 23959eb5bf borg.key: include chunk id in exception msgs 2017-07-27 23:48:30 +02:00
Thomas Waldmann 37cf3ef469 init ciphersuites with header_len and aad_offset 
it's needed for extract_iv already, so it should be given to init, not encrypt/decrypt
 2017-07-27 23:48:30 +02:00
Thomas Waldmann e9bbf9307d refactor to cipher.extract_iv 
position and length of iv depends on cipher
 2017-07-27 23:48:29 +02:00
Thomas Waldmann 2d79f19263 refactor / generalize to num_cipher_blocks 2017-07-27 23:48:29 +02:00
Thomas Waldmann 310b4b7775 UNENCRYPTED (and unauthenticated) "ciphersuite" 
it can be used to integrate the plaintext mode with the AEAD modes, both use same api now.
 2017-07-27 23:48:29 +02:00
Thomas Waldmann f76f42c2a0 use cipher.block_count() 
there are some more places where it is used.
 2017-07-27 23:48:29 +02:00
Thomas Waldmann de0707d3dd refactor AES class to new api 2017-07-27 23:48:29 +02:00
Thomas Waldmann fbc740427d cosmetic: s/enc_cipher/cipher/, remove comment 2017-07-27 23:48:08 +02:00
Thomas Waldmann 8752039bec integrate new crypto code 2017-07-27 23:33:15 +02:00
Thomas Waldmann 4effe40415 re-add legacy AES() crypto class 
we need it to encrypt/decrypt key files / config keys.
 2017-07-27 23:22:32 +02:00
Thomas Waldmann ef880de64c add iv as optional encrypt() param 2017-07-27 23:22:32 +02:00
Thomas Waldmann 5287531130 make sure set_iv is called before each encrypt() call 2017-07-27 23:22:32 +02:00
Thomas Waldmann d88c0765e7 make sure sizes are in sync 2017-07-27 23:22:32 +02:00
Thomas Waldmann fb85d6abdc generalize intermediate classes' init 2017-07-27 23:22:32 +02:00
Thomas Waldmann 11349d1699 move IV type check to set_iv method 2017-07-27 23:22:32 +02:00
Thomas Waldmann 71b8d7fc18 generalize block count computation 
also: use block_count method for legacy ciphersuites
 2017-07-27 23:22:32 +02:00
Thomas Waldmann ca4fc2a222 generalize next_iv comment 2017-07-27 23:22:31 +02:00
Thomas Waldmann ce5c5781aa replace literals for iv_len/mac_len 2017-07-27 23:22:31 +02:00
Thomas Waldmann d94f64c6d5 dedup crypto tests for AE/AEAD ciphersuites 2017-07-27 23:22:31 +02:00
Thomas Waldmann 741ab8ba05 use PyMem_Malloc / Free 
Hopefully it is better dealing with a lot of small-object allocations than malloc/free is.
Small allocs happen if the input file is small, so it results only in 1 small chunk.
 2017-07-27 23:22:31 +02:00
Thomas Waldmann 15490d520d add support for AES-OCB and chacha20-poly1305 
also: use AEAD base class
 2017-07-27 23:22:31 +02:00
Thomas Waldmann 92080f9572 crypto: add functions missing in openssl 1.0.x 2017-07-27 23:22:31 +02:00
Thomas Waldmann ee604ab390 crypto: use OpenSSL 1.1 HMAC API 
This breaks it on OpenSSL 1.0.x as there is no HMAC_CTX_new/free() yet.

OTOH, this change is consistent with the previous change done for
EVP_CIPHER_CTX (which works on 1.0 and 1.1).
 2017-07-27 23:22:31 +02:00
Thomas Waldmann 67567fc432 new crypto api, blackbox/AEAD. also adds AES256-GCM. 
includes:

- aes256-ctr-hmac-sha256 (attic/borg legacy, optional aad support)

- aes256-gcm (new, optional aad support)
  uses 96bits for iv, 128bit for auth tag.

- header support
  the caller-provided header will be just copied in front of the rest -
  this avoids expensive operations (memcpy, garbage collection) in Python.
  the first bytes in the header may be non-authenticated data if aad_offset > 0.
  this is to support legacy attic/borg envelope layout, where the type byte
  is not authenticated.

- aad support
  additional authenticated data - it just contributes to the computed mac,
  but is not encrypted). the current api assumes that aad starts at some
  aad_offset inside the given header and extends to the end of it.

- iv handling helpers, compute next iv based on amount of processed data

- unit tests

Note: the changes are intentionally kept isolated / not integrated into the
      rest of the code, so this has to be done later.
 2017-07-27 23:22:19 +02:00
enkore 8d89ee981c Merge pull request #2882 from enkore/docs/minor-fixes 
docs: minor formatting fixes
 2017-07-26 14:01:49 +02:00
Marian Beermann 405e5ac9e1 docs: common options: don't wrap options 2017-07-26 13:57:48 +02:00
Marian Beermann 8727b79325 docs: don't narrow right margin in sidebar toc 
avoids overly narrow text in the FAQ toc
 2017-07-26 13:54:55 +02:00
enkore 153da8a9e6 Merge pull request #2881 from enkore/docs/tarpipe 
docs: tar: tarpipe example
 2017-07-26 10:41:10 +02:00
Marian Beermann 2ff4550d4b docs: tar: tarpipe example 2017-07-26 10:40:35 +02:00
enkore daa88e07f2 Merge pull request #2877 from Alexander-N/pylint-rules 
Activate more linting rules in .coafile
 2017-07-25 09:56:25 +02:00
enkore c1d7cd9b90 Merge pull request #2873 from enkore/issue/2869 
with-lock, info docs
 2017-07-24 23:50:51 +02:00
Marian Beermann b4b58e7225 info: explain max. archive size 2017-07-24 23:50:18 +02:00
Marian Beermann 24de8514fa with-lock: fix help text 2017-07-24 23:50:18 +02:00
enkore 836bc33a4d Merge pull request #2876 from enkore/issue/2628 
cache: write_archive_index: truncate_and_unlink on error
 2017-07-24 21:22:24 +02:00
enkore 3c0f8b7943 Merge pull request #2875 from enkore/issue/2863 
umount: try fusermount, then try umount
 2017-07-24 21:08:44 +02:00
Marian Beermann 2fe37dba7f umount: try fusermount, then try umount 2017-07-24 13:55:32 +02:00
Alexander-N eff492a8d8 Replace assert_true(False) with fail and don't ignore pylint rule W1503 
assert_true(False) violates W1503 (redundant-unittest-assert) and is less clear than using fail().
 2017-07-24 13:30:35 +02:00
Alexander-N 61b53f8995 Remove several linting rules from ignored list in .coafile 
These rules are not violated and don't need to be ignored.
 2017-07-24 13:26:21 +02:00