MCPcopy
hub / github.com/borgbackup/borg / assert_id

Method assert_id

src/borg/crypto/key.py:849–866  ·  view source on GitHub ↗
(self, id, data)

Source from the content-addressed store, hash-verified

847 MAX_IV = 2**48 - 1
848
849 def assert_id(self, id, data):
850 # Comparing the id hash here would not be needed any more for the new AEAD crypto **IF** we
851 # could be sure that chunks were created by normal (not tampered, not evil) borg code:
852 # We put the id into AAD when storing the chunk, so it gets into the authentication tag computation.
853 # when decrypting, we provide the id we **want** as AAD for the auth tag verification, so
854 # decrypting only succeeds if we got the ciphertext we wrote **for that chunk id**.
855 # So, basically the **repository** can not cheat on us by giving us a different chunk.
856 #
857 # **BUT**, if chunks are created by tampered, evil borg code, the borg client code could put
858 # a wrong chunkid into AAD and then AEAD-encrypt-and-auth this and store it into the
859 # repository using this bad chunkid as key (violating the usual chunkid == id_hash(data)).
860 # Later, when reading such a bad chunk, AEAD-auth-and-decrypt would not notice any
861 # issue and decrypt successfully.
862 # Thus, to notice such evil borg activity, we must check for such violations here:
863 if id and id != Manifest.MANIFEST_ID:
864 id_computed = self.id_hash(data)
865 if not hmac.compare_digest(id_computed, id):
866 raise IntegrityError("Chunk %s: id verification failed" % bin_to_hex(id))
867
868 def encrypt(self, id, data):
869 # to encrypt new data in this session we use always self.cipher and self.sessionid

Callers

nothing calls this directly

Calls 3

IntegrityErrorClass · 0.85
bin_to_hexFunction · 0.85
id_hashMethod · 0.45

Tested by

no test coverage detected