From 6b1bff273077f52d5979f4d29ad0475c7f27fa02 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Wed, 20 Jul 2022 14:53:50 +0200
Subject: [PATCH] check: --verify-data does not need to decompress with new
 crypto modes

---
 src/borg/archive.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/borg/archive.py b/src/borg/archive.py
index f6a7a900db2..ddfd1be410f 100644
--- a/src/borg/archive.py
+++ b/src/borg/archive.py
@@ -21,7 +21,7 @@
 from . import xattr
 from .chunker import get_chunker, Chunk
 from .cache import ChunkListEntry
-from .crypto.key import key_factory
+from .crypto.key import key_factory, AEADKeyBase
 from .compress import Compressor, CompressionSpec
 from .constants import *  # NOQA
 from .crypto.low_level import IntegrityError as IntegrityErrorBase
@@ -1714,7 +1714,13 @@ def verify_data(self):
                         chunk_data_iter = self.repository.get_many(chunk_ids)
                 else:
                     try:
-                        self.key.decrypt(chunk_id, encrypted_data)
+                        # for the new crypto, derived from AEADKeyBase, we know that it checks authenticity on
+                        # the crypto.low_level level - invalid chunks will fail to AEAD authenticate.
+                        # for these key types, we know that there is no need to decompress the data afterwards.
+                        # for all other modes, we assume that we must decompress, so we can verify authenticity
+                        # based on the plaintext MAC (via calling ._assert_id(id, plaintext)).
+                        decompress = not isinstance(self.key, AEADKeyBase)
+                        self.key.decrypt(chunk_id, encrypted_data, decompress=decompress)
                     except IntegrityErrorBase as integrity_error:
                         self.error_found = True
                         errors += 1