upstream/borgbackup
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2026-05-28 04:03:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #9668 from mr-raj12/legacy-pbkdf2-into-mixin
Some checks failed
Lint / lint (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / security (push) Has been cancelled
Details
CodeQL / Analyze (push) Has been cancelled
Details
CI / asan_ubsan (push) Has been cancelled
Details
CI / native_tests (push) Has been cancelled
Details
CI / vm_tests (Haiku, false, haiku, r1beta5) (push) Has been cancelled
Details
CI / vm_tests (NetBSD, false, netbsd, 10.1) (push) Has been cancelled
Details
CI / vm_tests (OmniOS, false, omnios, r151056) (push) Has been cancelled
Details
CI / vm_tests (OpenBSD, false, openbsd, 7.8) (push) Has been cancelled
Details
CI / vm_tests (borg-freebsd-14-x86_64-gh, FreeBSD, true, freebsd, 14.3) (push) Has been cancelled
Details
CI / windows_tests (push) Has been cancelled
Details

Browse source 
legacy: move pbkdf2 static method from FlexiKey to Pbkdf2FileMixin
This commit is contained in:
TW 2026-05-26 14:25:16 +02:00 committed by GitHub
commit f348fe981f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/borg/crypto/key.py
View file

@ -2,7 +2,7 @@ import binascii
import hmac
import os
import textwrap
from hashlib import sha256, pbkdf2_hmac
from hashlib import sha256
from pathlib import Path
from typing import Literal, ClassVar
from collections.abc import Callable
@ -443,12 +443,6 @@ class FlexiKey:
else:
raise UnsupportedKeyFormatError()
@staticmethod
def pbkdf2(passphrase, salt, iterations, output_len_in_bytes):
if os.environ.get("BORG_TESTONLY_WEAKEN_KDF") == "1":
iterations = 1
return pbkdf2_hmac("sha256", passphrase.encode("utf-8"), salt, iterations, output_len_in_bytes)
@staticmethod
def argon2(
passphrase: str,

7
src/borg/legacy/crypto/key.py
View file

@ -1,5 +1,6 @@
import hmac
import os
from hashlib import pbkdf2_hmac
from ...constants import * # NOQA
from ...crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_CTR_BLAKE2b, hmac_sha256
@ -12,6 +13,12 @@ from .low_level import AES
class Pbkdf2FileMixin:
"""Mixin for borg 1.x key files encrypted with PBKDF2 + AES-CTR."""
@staticmethod
def pbkdf2(passphrase, salt, iterations, output_len_in_bytes):
if os.environ.get("BORG_TESTONLY_WEAKEN_KDF") == "1":
iterations = 1
return pbkdf2_hmac("sha256", passphrase.encode("utf-8"), salt, iterations, output_len_in_bytes)
def decrypt_key_file(self, data, passphrase):
unpacker = get_limited_unpacker("key")
unpacker.feed(data)

4
src/borg/testsuite/crypto/crypto_test.py
View file

@ -9,7 +9,7 @@ from ...crypto.low_level import bytes_to_long, bytes_to_int, long_to_bytes
from ...crypto.low_level import hmac_sha256
from ...legacy.crypto.low_level import AES
from hashlib import sha256
from ...crypto.key import CHPOKeyfileKey, AESOCBRepoKey, FlexiKey, KeyBase, PlaintextKey
from ...crypto.key import CHPOKeyfileKey, AESOCBRepoKey, KeyBase, PlaintextKey
from ...legacy.crypto.key import KeyfileKey as LegacyKeyfileKey
from ...helpers import msgpack, bin_to_hex
@ -228,7 +228,7 @@ def test_decrypt_key_file_pbkdf2_sha256_aes256_ctr_hmac_sha256():
plain = b"hello"
salt = b"salt" * 4
passphrase = "hello, pass phrase"
key = FlexiKey.pbkdf2(passphrase, salt, 1, 32)
key = LegacyKeyfileKey.pbkdf2(passphrase, salt, 1, 32)
hash = hmac_sha256(key, plain)
data = AES(key, b"\0" * 16).encrypt(plain)
encrypted = msgpack.packb(