rcreate: remove legacy crypto for new repos, fixes #6490 #6821

ThomasWaldmann · 2022-06-29T21:00:01Z

These are legacy crypto modes based on AES-CTR mode:

(repokey|keyfile)[-blake2]

New crypto modes with session keys and AEAD ciphers:

(repokey|keyfile)[-blake2]-(aes-ocb|chacha20-poly1305)

Tests needed some changes:

most used repokey/keyfile, changed to new modes
some nonce tests removed, the new crypto code does not generate
the repo side nonces any more (were only used for AES-CTR)

For the kdf, only support argon2, so we can remove the legacy code used for pbkdf2 keys in N+1 release.

codecov-commenter · 2022-06-29T22:34:49Z

Codecov Report

Merging #6821 (eabad3e) into borg2 (677de50) will increase coverage by 0.15%.
The diff coverage is 55.88%.

@@            Coverage Diff             @@
##            borg2    #6821      +/-   ##
==========================================
+ Coverage   81.85%   82.01%   +0.15%     
==========================================
  Files          39       39              
  Lines       10647    10646       -1     
  Branches     2084     2218     +134     
==========================================
+ Hits         8715     8731      +16     
+ Misses       1416     1405      -11     
+ Partials      516      510       -6

Impacted Files	Coverage Δ
src/borg/archiver.py	`76.64% <36.36%> (-0.26%)`	⬇️
src/borg/crypto/key.py	`87.17% <85.71%> (-1.22%)`	⬇️
src/borg/crypto/keymanager.py	`87.42% <100.00%> (ø)`
src/borg/repository.py	`82.52% <0.00%> (ø)`
src/borg/helpers/parseformat.py	`88.27% <0.00%> (+0.16%)`	⬆️
src/borg/archive.py	`83.31% <0.00%> (+0.51%)`	⬆️
src/borg/helpers/fs.py	`81.44% <0.00%> (+1.03%)`	⬆️
src/borg/xattr.py	`51.19% <0.00%> (+1.19%)`	⬆️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 677de50...eabad3e. Read the comment docs.

…up#6490 These are legacy crypto modes based on AES-CTR mode: (repokey|keyfile)[-blake2] New crypto modes with session keys and AEAD ciphers: (repokey|keyfile)[-blake2]-(aes-ocb|chacha20-poly1305) Tests needed some changes: - most used repokey/keyfile, changed to new modes - some nonce tests removed, the new crypto code does not generate the repo side nonces any more (were only used for AES-CTR)

this way, we can remove the legacy pbkdf2 key code in next release.

ThomasWaldmann force-pushed the remove-legacy-repo-creation-borg2 branch from 536c44f to eff91ee Compare June 29, 2022 22:18

ThomasWaldmann changed the title ~~rcreate: remove legacy encryption modes for new repos, fixes #6490~~ rcreate: remove legacy crypto for new repos, fixes #6490 Jun 29, 2022

ThomasWaldmann added 3 commits June 30, 2022 20:52

tests: use less RepoKey/KeyfileKey

ef24daf

rcreate: always use argon2 kdf for new repos, fixes borgbackup#6820

eabad3e

this way, we can remove the legacy pbkdf2 key code in next release.

ThomasWaldmann force-pushed the remove-legacy-repo-creation-borg2 branch from cb65b32 to eabad3e Compare June 30, 2022 18:54

ThomasWaldmann merged commit 2ab254c into borgbackup:borg2 Jun 30, 2022

ThomasWaldmann deleted the remove-legacy-repo-creation-borg2 branch June 30, 2022 19:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rcreate: remove legacy crypto for new repos, fixes #6490 #6821

rcreate: remove legacy crypto for new repos, fixes #6490 #6821

ThomasWaldmann commented Jun 29, 2022 •

edited

Loading

codecov-commenter commented Jun 29, 2022 •

edited

Loading

rcreate: remove legacy crypto for new repos, fixes #6490 #6821

rcreate: remove legacy crypto for new repos, fixes #6490 #6821

Conversation

ThomasWaldmann commented Jun 29, 2022 • edited Loading

codecov-commenter commented Jun 29, 2022 • edited Loading

Codecov Report

ThomasWaldmann commented Jun 29, 2022 •

edited

Loading

codecov-commenter commented Jun 29, 2022 •

edited

Loading