Skip to content

legacy: move pbkdf2 static method from FlexiKey to Pbkdf2FileMixin #9668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ThomasWaldmann merged 1 commit into from
May 26, 2026
+10 −9
Merged

legacy: move pbkdf2 static method from FlexiKey to Pbkdf2FileMixin #9668

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 1 addition & 7 deletions src/borg/crypto/key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
import hmac
import os
import textwrap
from hashlib import sha256, pbkdf2_hmac
from hashlib import sha256
from pathlib import Path
from typing import Literal, ClassVar
from collections.abc import Callable
Expand Down Expand Up @@ -443,12 +443,6 @@ def decrypt_key_file(self, data, passphrase):
else:
raise UnsupportedKeyFormatError()

@staticmethod
def pbkdf2(passphrase, salt, iterations, output_len_in_bytes):
if os.environ.get("BORG_TESTONLY_WEAKEN_KDF") == "1":
iterations = 1
return pbkdf2_hmac("sha256", passphrase.encode("utf-8"), salt, iterations, output_len_in_bytes)

@staticmethod
def argon2(
passphrase: str,
Expand Down
7 changes: 7 additions & 0 deletions src/borg/legacy/crypto/key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import hmac
import os
from hashlib import pbkdf2_hmac

from ...constants import * # NOQA
from ...crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_CTR_BLAKE2b, hmac_sha256
Expand All @@ -12,6 +13,12 @@
class Pbkdf2FileMixin:
"""Mixin for borg 1.x key files encrypted with PBKDF2 + AES-CTR."""

@staticmethod
def pbkdf2(passphrase, salt, iterations, output_len_in_bytes):
if os.environ.get("BORG_TESTONLY_WEAKEN_KDF") == "1":
iterations = 1
return pbkdf2_hmac("sha256", passphrase.encode("utf-8"), salt, iterations, output_len_in_bytes)

def decrypt_key_file(self, data, passphrase):
unpacker = get_limited_unpacker("key")
unpacker.feed(data)
Expand Down
4 changes: 2 additions & 2 deletions src/borg/testsuite/crypto/crypto_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from ...crypto.low_level import hmac_sha256
from ...legacy.crypto.low_level import AES
from hashlib import sha256
from ...crypto.key import CHPOKeyfileKey, AESOCBRepoKey, FlexiKey, KeyBase, PlaintextKey
from ...crypto.key import CHPOKeyfileKey, AESOCBRepoKey, KeyBase, PlaintextKey
from ...legacy.crypto.key import KeyfileKey as LegacyKeyfileKey
from ...helpers import msgpack, bin_to_hex

Expand Down Expand Up @@ -228,7 +228,7 @@ def test_decrypt_key_file_pbkdf2_sha256_aes256_ctr_hmac_sha256():
plain = b"hello"
salt = b"salt" * 4
passphrase = "hello, pass phrase"
key = FlexiKey.pbkdf2(passphrase, salt, 1, 32)
key = LegacyKeyfileKey.pbkdf2(passphrase, salt, 1, 32)
hash = hmac_sha256(key, plain)
data = AES(key, b"\0" * 16).encrypt(plain)
encrypted = msgpack.packb(
Expand Down
Loading