From d5ffa59c913c385c75091a4d0677d79f4375835e Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Thu, 20 Jul 2023 17:54:33 +0200 Subject: [PATCH] bugfix: skip TAM check with BORG_WORKAROUNDS=authenticated_no_key This is an emergency workaround for authenticated repos if the user has lost the borg key. We can't compute the TAM key without the borg key, so just skip all the TAM stuff. --- src/borg/crypto/key.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py index a45c6c7953..338888b3af 100644 --- a/src/borg/crypto/key.py +++ b/src/borg/crypto/key.py @@ -246,6 +246,8 @@ def unpack_and_verify_manifest(self, data, force_tam_not_required=False): unpacker = get_limited_unpacker("manifest") unpacker.feed(data) unpacked = unpacker.unpack() + if AUTHENTICATED_NO_KEY: + return unpacked, True # True is a lie. if "tam" not in unpacked: if tam_required: raise TAMRequiredError(self.repository._location.canonical_path()) @@ -271,8 +273,6 @@ def unpack_and_verify_manifest(self, data, force_tam_not_required=False): offset = data.index(tam_hmac) data[offset : offset + 64] = bytes(64) tam_key = self._tam_key(tam_salt, context=b"manifest") - if AUTHENTICATED_NO_KEY: - return unpacked, True # True is a lie. calculated_hmac = hmac.digest(tam_key, data, "sha512") if not hmac.compare_digest(calculated_hmac, tam_hmac): raise TAMInvalid()