mirror/kopia
1
0
Fork 0
mirror of https://github.com/kopia/kopia.git synced 2026-03-27 18:42:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

added hmac to format block embedded in pack indexes

Browse Source
This commit is contained in:
Jarek Kowalski
2019-01-14 06:55:49 -08:00
parent c35037601d
commit a01b0359dc
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
format_block.go
View File

@@ -23,6 +23,11 @@
formatBlockChecksumSize = sha256.Size
)
// formatBlockChecksumSecret is a HMAC secret used for checksumming the format block.
// It's not really a secret, but will provide positive identification of blocks that
// are repository format blocks.
var formatBlockChecksumSecret = []byte("kopia-repository")
// FormatBlockID is the identifier of a storage block that describes repository format.
const FormatBlockID = "kopia.repository"
@@ -124,7 +129,7 @@ func verifyFormatBlockChecksum(b []byte) ([]byte, bool) {
}
data, checksum := b[0:len(b)-formatBlockChecksumSize], b[len(b)-formatBlockChecksumSize:]
h := sha256.New()
h := hmac.New(sha256.New, formatBlockChecksumSecret)
h.Write(data) //nolint:errcheck
actualChecksum := h.Sum(nil)
if !hmac.Equal(actualChecksum, checksum) {
@@ -236,7 +241,7 @@ func encryptFormatBytes(f *formatBlock, format *repositoryObjectFormat, masterKe
}
func addFormatBlockChecksumAndLength(fb []byte) ([]byte, error) {
h := sha256.New()
h := hmac.New(sha256.New, formatBlockChecksumSecret)
h.Write(fb) //nolint:errcheck
checksummedFormatBytes := h.Sum(fb)