|
|
@@ -21,7 +21,7 @@ logger = create_logger()
|
|
|
from . import xattr
|
|
|
from .chunker import get_chunker, Chunk
|
|
|
from .cache import ChunkListEntry
|
|
|
-from .crypto.key import key_factory
|
|
|
+from .crypto.key import key_factory, AEADKeyBase
|
|
|
from .compress import Compressor, CompressionSpec
|
|
|
from .constants import * # NOQA
|
|
|
from .crypto.low_level import IntegrityError as IntegrityErrorBase
|
|
|
@@ -1684,6 +1684,12 @@ class ArchiveChecker:
|
|
|
chunks_count_index = len(self.chunks)
|
|
|
chunks_count_segments = 0
|
|
|
errors = 0
|
|
|
+ # for the new crypto, derived from AEADKeyBase, we know that it checks authenticity on
|
|
|
+ # the crypto.low_level level - invalid chunks will fail to AEAD authenticate.
|
|
|
+ # for these key types, we know that there is no need to decompress the data afterwards.
|
|
|
+ # for all other modes, we assume that we must decompress, so we can verify authenticity
|
|
|
+ # based on the plaintext MAC (via calling ._assert_id(id, plaintext)).
|
|
|
+ decompress = not isinstance(self.key, AEADKeyBase)
|
|
|
defect_chunks = []
|
|
|
pi = ProgressIndicatorPercent(
|
|
|
total=chunks_count_index, msg="Verifying data %6.2f%%", step=0.01, msgid="check.verify_data"
|
|
|
@@ -1714,7 +1720,7 @@ class ArchiveChecker:
|
|
|
chunk_data_iter = self.repository.get_many(chunk_ids)
|
|
|
else:
|
|
|
try:
|
|
|
- self.key.decrypt(chunk_id, encrypted_data)
|
|
|
+ self.key.decrypt(chunk_id, encrypted_data, decompress=decompress)
|
|
|
except IntegrityErrorBase as integrity_error:
|
|
|
self.error_found = True
|
|
|
errors += 1
|
|
|
@@ -1745,7 +1751,7 @@ class ArchiveChecker:
|
|
|
# from the underlying media.
|
|
|
try:
|
|
|
encrypted_data = self.repository.get(defect_chunk)
|
|
|
- self.key.decrypt(defect_chunk, encrypted_data)
|
|
|
+ self.key.decrypt(defect_chunk, encrypted_data, decompress=decompress)
|
|
|
except IntegrityErrorBase:
|
|
|
# failed twice -> get rid of this chunk
|
|
|
del self.chunks[defect_chunk]
|
Thomas Waldmann