mirror of
https://github.com/kopia/kopia.git
synced 2026-01-26 07:18:02 -05:00
ddd267accc
New ciphers are using authenticated encryption with associated data
(AEAD) and per-content key derived using HMAC-SHA256:
* AES256-GCM-HMAC-SHA256
* CHACHA20-POLY1305-HMAC-SHA256
They support content IDs of arbitrary length and are quite fast:
On my 2019 MBP:
- BLAKE2B-256 + AES256-GCM-HMAC-SHA256 - 648.7 MiB / second
- BLAKE2B-256 + CHACHA20-POLY1305-HMAC-SHA256 - 597.1 MiB / second
- HMAC-SHA256 + AES256-GCM-HMAC-SHA256 351 MiB / second
- HMAC-SHA256 + CHACHA20-POLY1305-HMAC-SHA256 316.2 MiB / second
Previous ciphers had several subtle issues:
* SALSA20 encryption, used weak nonce (64 bit prefix of content ID),
which means that for any two contents, whose IDs that have the same
64-bit prefix, their plaintext can be decoded from the ciphertext
alone.
* AES-{128,192,256}-CTR were not authenticated, so we were
required to hash plaintext after decryption to validate. This is not
recommended due to possibility of subtle timing attacks if an attacker
controls the ciphertext.
* SALSA20-HMAC was only validating checksum and not that the ciphertext
was for the correct content ID.
New repositories cannot be created using deprecated ciphers, but they
will still be supported for existing repositories, until at least 0.6.0.
The users are encouraged to migrate to one of new ciphers when 0.5.0 is
out.
109 lines
3.4 KiB
Go
109 lines
3.4 KiB
Go
package cli
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/kopia/kopia/repo"
|
|
"github.com/kopia/kopia/repo/blob"
|
|
"github.com/kopia/kopia/repo/content"
|
|
"github.com/kopia/kopia/repo/encryption"
|
|
"github.com/kopia/kopia/repo/hashing"
|
|
"github.com/kopia/kopia/repo/object"
|
|
"github.com/kopia/kopia/repo/splitter"
|
|
"github.com/kopia/kopia/snapshot/policy"
|
|
)
|
|
|
|
var (
|
|
createCommand = repositoryCommands.Command("create", "Create new repository in a specified location.")
|
|
|
|
createBlockHashFormat = createCommand.Flag("block-hash", "Content hash algorithm.").PlaceHolder("ALGO").Default(hashing.DefaultAlgorithm).Enum(hashing.SupportedAlgorithms()...)
|
|
createBlockEncryptionFormat = createCommand.Flag("encryption", "Content encryption algorithm.").PlaceHolder("ALGO").Default(encryption.DefaultAlgorithm).Enum(encryption.SupportedAlgorithms(false)...)
|
|
createSplitter = createCommand.Flag("object-splitter", "The splitter to use for new objects in the repository").Default(splitter.DefaultAlgorithm).Enum(splitter.SupportedAlgorithms()...)
|
|
|
|
createOnly = createCommand.Flag("create-only", "Create repository, but don't connect to it.").Short('c').Bool()
|
|
)
|
|
|
|
func init() {
|
|
setupConnectOptions(createCommand)
|
|
}
|
|
|
|
func newRepositoryOptionsFromFlags() *repo.NewRepositoryOptions {
|
|
return &repo.NewRepositoryOptions{
|
|
BlockFormat: content.FormattingOptions{
|
|
Hash: *createBlockHashFormat,
|
|
Encryption: *createBlockEncryptionFormat,
|
|
},
|
|
|
|
ObjectFormat: object.Format{
|
|
Splitter: *createSplitter,
|
|
},
|
|
}
|
|
}
|
|
|
|
func ensureEmpty(ctx context.Context, s blob.Storage) error {
|
|
hasDataError := errors.New("has data")
|
|
|
|
err := s.ListBlobs(ctx, "", func(cb blob.Metadata) error {
|
|
return hasDataError
|
|
})
|
|
if err == hasDataError {
|
|
return errors.New("found existing data in storage location")
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
func runCreateCommandWithStorage(ctx context.Context, st blob.Storage) error {
|
|
err := ensureEmpty(ctx, st)
|
|
if err != nil {
|
|
return errors.Wrap(err, "unable to get repository storage")
|
|
}
|
|
|
|
options := newRepositoryOptionsFromFlags()
|
|
|
|
password, err := getPasswordFromFlags(ctx, true, false)
|
|
if err != nil {
|
|
return errors.Wrap(err, "getting password")
|
|
}
|
|
|
|
printStderr("Initializing repository with:\n")
|
|
printStderr(" block hash: %v\n", options.BlockFormat.Hash)
|
|
printStderr(" encryption: %v\n", options.BlockFormat.Encryption)
|
|
printStderr(" splitter: %v\n", options.ObjectFormat.Splitter)
|
|
|
|
if err := repo.Initialize(ctx, st, options, password); err != nil {
|
|
return errors.Wrap(err, "cannot initialize repository")
|
|
}
|
|
|
|
if *createOnly {
|
|
return nil
|
|
}
|
|
|
|
if err := runConnectCommandWithStorageAndPassword(ctx, st, password); err != nil {
|
|
return errors.Wrap(err, "unable to connect to repository")
|
|
}
|
|
|
|
return populateRepository(ctx, password)
|
|
}
|
|
|
|
func populateRepository(ctx context.Context, password string) error {
|
|
rep, err := repo.Open(ctx, repositoryConfigFileName(), password, applyOptionsFromFlags(ctx, nil))
|
|
if err != nil {
|
|
return errors.Wrap(err, "unable to open repository")
|
|
}
|
|
defer rep.Close(ctx) //nolint:errcheck
|
|
|
|
if err := policy.SetPolicy(ctx, rep, policy.GlobalPolicySourceInfo, policy.DefaultPolicy); err != nil {
|
|
return errors.Wrap(err, "unable to set global policy")
|
|
}
|
|
|
|
printPolicy(policy.DefaultPolicy, nil)
|
|
printStdout("\n")
|
|
printStdout("To change the policy use:\n kopia policy set --global <options>\n")
|
|
printStdout("or\n kopia policy set <dir> <options>\n")
|
|
|
|
return nil
|
|
}
|