upstream/borgbackup
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2026-06-13 19:00:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

bugfix: skip TAM check with BORG_WORKAROUNDS=authenticated_no_key

Browse source 
This is an emergency workaround for authenticated repos
if the user has lost the borg key.

We can't compute the TAM key without the borg key, so just
skip all the TAM stuff.
This commit is contained in:
Thomas Waldmann 2023-07-20 18:02:58 +02:00
parent b067aeadef
commit 104cc196fc
No known key found for this signature in database
GPG key ID: 243ACFA951F78E01
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/borg/crypto/key.py
View file

@ -235,6 +235,8 @@ class KeyBase:
unpacker = get_limited_unpacker('manifest')
unpacker.feed(data)
unpacked = unpacker.unpack()
if AUTHENTICATED_NO_KEY:
return unpacked, True # True is a lie.
if b'tam' not in unpacked:
if tam_required:
raise TAMRequiredError(self.repository._location.canonical_path())
@ -258,8 +260,6 @@ class KeyBase:
offset = data.index(tam_hmac)
data[offset:offset + 64] = bytes(64)
tam_key = self._tam_key(tam_salt, context=b'manifest')
if AUTHENTICATED_NO_KEY:
return unpacked, True # True is a lie.
calculated_hmac = hmac.digest(tam_key, data, 'sha512')
if not hmac.compare_digest(calculated_hmac, tam_hmac):
raise TAMInvalid()