From b1c1b47983dce6ee3606bc2dbb81b321ec793ef2 Mon Sep 17 00:00:00 2001 From: Gilbert Chen Date: Wed, 2 May 2018 22:57:47 -0400 Subject: [PATCH] Add an env var DUPLICACY_DECRYPT_WITH_HMACSHA256 to force using HMAC-SHA256 for encryption key in order to be able to manage backups created by Vertical Backup --- src/duplicacy_chunk.go | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/duplicacy_chunk.go b/src/duplicacy_chunk.go index 26385571..6298d59d 100644 --- a/src/duplicacy_chunk.go +++ b/src/duplicacy_chunk.go @@ -5,11 +5,14 @@ package duplicacy import ( + "os" "bytes" "compress/zlib" "crypto/aes" "crypto/cipher" "crypto/rand" + "crypto/hmac" + "crypto/sha256" "encoding/hex" "fmt" "hash" @@ -267,6 +270,17 @@ func (chunk *Chunk) Encrypt(encryptionKey []byte, derivationKey string) (err err } +// This is to ensure compability with Vertical Backup, which still uses HMAC-SHA256 (instead of HMAC-BLAKE2) to +// derive the key used to encrypt/decrypt files and chunks. + +var DecryptWithHMACSHA256 = false + +func init() { + if value, found := os.LookupEnv("DUPLICACY_DECRYPT_WITH_HMACSHA256"); found && value != "0" { + DecryptWithHMACSHA256 = true + } +} + // Decrypt decrypts the encrypted data stored in the chunk buffer. If derivationKey is not nil, the actual // encryption key will be HMAC-SHA256(encryptionKey, derivationKey). func (chunk *Chunk) Decrypt(encryptionKey []byte, derivationKey string) (err error) { @@ -286,7 +300,13 @@ func (chunk *Chunk) Decrypt(encryptionKey []byte, derivationKey string) (err err key := encryptionKey if len(derivationKey) > 0 { - hasher := chunk.config.NewKeyedHasher([]byte(derivationKey)) + var hasher hash.Hash + if DecryptWithHMACSHA256 { + hasher = hmac.New(sha256.New, []byte(derivationKey)) + } else { + hasher = chunk.config.NewKeyedHasher([]byte(derivationKey)) + } + hasher.Write(encryptionKey) key = hasher.Sum(nil) } @@ -325,6 +345,7 @@ func (chunk *Chunk) Decrypt(encryptionKey []byte, derivationKey string) (err err return err } + paddingLength := int(decryptedBytes[len(decryptedBytes)-1]) if paddingLength == 0 { paddingLength = 256