check: --verify-data does not need to decompress with new crypto modes

borgbackup · Jul 20, 2022 · 6b1bff2 · 6b1bff2
1 parent 9d6c98d
commit 6b1bff2
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/borg/archive.py b/src/borg/archive.py
@@ -21,7 +21,7 @@
 from . import xattr
 from .chunker import get_chunker, Chunk
 from .cache import ChunkListEntry
-from .crypto.key import key_factory
+from .crypto.key import key_factory, AEADKeyBase
 from .compress import Compressor, CompressionSpec
 from .constants import *  # NOQA
 from .crypto.low_level import IntegrityError as IntegrityErrorBase
@@ -1714,7 +1714,13 @@ def verify_data(self):
                         chunk_data_iter = self.repository.get_many(chunk_ids)
                 else:
                     try:
-                        self.key.decrypt(chunk_id, encrypted_data)
+                        # for the new crypto, derived from AEADKeyBase, we know that it checks authenticity on
+                        # the crypto.low_level level - invalid chunks will fail to AEAD authenticate.
+                        # for these key types, we know that there is no need to decompress the data afterwards.
+                        # for all other modes, we assume that we must decompress, so we can verify authenticity
+                        # based on the plaintext MAC (via calling ._assert_id(id, plaintext)).
+                        decompress = not isinstance(self.key, AEADKeyBase)
+                        self.key.decrypt(chunk_id, encrypted_data, decompress=decompress)
                     except IntegrityErrorBase as integrity_error:
                         self.error_found = True
                         errors += 1