Skip to content

Commit

Permalink
Merge branch 'branch_2.7.x' into no_last_slice
Browse files Browse the repository at this point in the history
  • Loading branch information
Edrusb committed Oct 29, 2024
2 parents b4d5024 + 038ae98 commit 18f90db
Show file tree
Hide file tree
Showing 8 changed files with 48 additions and 7 deletions.
4 changes: 2 additions & 2 deletions man/dar.1
Original file line number Diff line number Diff line change
Expand Up @@ -654,7 +654,7 @@ With this option, When reading or writing an archive to a remote repository when
-ab, --alter=blind-to-signatures
do not check whether an encrypted archive with public key that has also been signed have correct signatures.
.PP
.B SAVING, ISOLATION, MERGING AND REPAIRING SPECIFIC OPTIONS (to use with -c, -C or -+)
.B SAVING, ISOLATION, MERGING AND REPAIRING SPECIFIC OPTIONS (to use with -c, -C, -+ or -y)
.PP
.TP 5
-z, --compression={ [algo] | level | algo:level | algo:level:block-size }
Expand Down Expand Up @@ -1150,7 +1150,7 @@ option.
Since release 2.6.0 a new entry status ("inode-only") has been added. Dar can now re-save only metadata when the inode change does not concern the data. To know whether the data has changed or not, by default (no --modified-data-detection option given) dar looks at mtime and at file's size only. Specifying --modified-data-detection=mtime-and-size (which is the default behavior) can be used to revert the action of --modified-data-detection=any-inode-change for example when playing with included files (DCF files): the latest met takes precedence.
.TP 20
-T, --kdf-param <integer>[:<hash algo>]
At the difference of the listing context (see below), in the context of archive creation, merging and isolation, -T option let you define the iteration count used to derive the archive key from the passphrase you provided (archive encryption context) and the hash algorithm used for that derivation. -T has another older meaning when doing archive listing, but due to the lack of free character to create a new CLI option, there was no other choice than recycling an existing option not used in the context of archive creation/merging/isolation. The consequence is that the -T option must appear after the -+/-c/-C options for the operational context to be known at the time the -T option is met and its --kdf-param meaning to be taken into account. As --kdf-param is an alias to -T, this long form of this option must also be found after the use of either -c, -C or -+ option.
At the difference of the listing context (see below), in the context of archive creation, merging, isolation and reparation, -T option let you define the iteration count used to derive the archive key from the passphrase you provided (archive encryption context) and the hash algorithm used for that derivation. -T has another older meaning when doing archive listing, but due to the lack of free character to create a new CLI option, there was no other choice than recycling an existing option not used in the context of archive creation/merging/isolation. The consequence is that the -T option must appear after the -+/-c/-C/-y options for the operational context to be known at the time the -T option is met and its --kdf-param meaning to be taken into account. As --kdf-param is an alias to -T, this long form of this option must also be found after the use of either -c, -C or -+ option.
.P
.RS
Without --kdf-param the KDF fonction uses 200,000 iterations for md5, sha1 and sha512 (PBKDF2 from PKCS#5 v2) but only 10,000 for argon2. If libargon2 is present, this is the default hash algorithm, else sha1 is used with PBKDF2. Valid parameters are "sha1", "sha512", "md5" and "argon2" for the hash algorithms and a value greater than 1 for the iteration count. However it is advise to use a value equal or greater to the default values mentionned previously. The suffixes described for -s option are also available here (k, M, G, T, P, ...) however pay attention to the -aSI/-abinary mode which default to binary, in which case "-T 1k" is equivalent to "-T 1024". Example of use: --kdf-param 20k:argon2
Expand Down
2 changes: 2 additions & 0 deletions src/build/ChangeLog
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ from 2.7.15 to 2.7.16
overwriting policy drives entry to be removed from the resulting archive adding
to that, the very specific/rare condition where the number of removals exceeds
more than the half of kept entries...
- adding kdf support for repairing operation instead of using the values of the
archive/backup under reparation.


from 2.7.14 to 2.7.15
Expand Down
5 changes: 4 additions & 1 deletion src/build/configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -1842,7 +1842,10 @@ AS_IF( [ test "x$enable_threadar" != "xyes" ],
PKG_CHECK_MODULES(LIBTHREADAR, libthreadar, [], [AC_MSG_ERROR([libthreadar not found, but reported to exist !?!])])
],
[
AC_CHECK_LIB(threadar, [for_autoconf], [], [])
# for libthreadar before release 1.5.1;
AC_CHECK_LIB(threadar, [for_autoconf], [], [])
# ofr libthreadar since release 1.5.1:
AC_CHECK_LIB(threadar, [libthreadar_for_autoconf], [], [])
])
CPPFLAGS__cache="$CPPFLAGS"
CPPFLAGS="$LIBTHREADAR_CFLAGS $CPPFLAGS"
Expand Down
4 changes: 3 additions & 1 deletion src/dar_suite/command_line.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1314,9 +1314,11 @@ static bool get_args_recursive(recursive_param & rec,
case 'T':
if(p.op == create
|| p.op == merging
|| p.op == isolate)
|| p.op == isolate
|| p.op == repairing)
{
// this is the --kdf-iter-count option

if(optarg == nullptr)
throw Erange("get_args", tools_printf(gettext(MISSING_ARG), char(lu)));

Expand Down
5 changes: 5 additions & 0 deletions src/dar_suite/dar.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,11 @@ static S_I little_main(shared_ptr<user_interaction> & dialog, S_I argc, char * c
repair_options.set_slice_min_digits(param.num_digits);
repair_options.set_multi_threaded_crypto(param.multi_threaded_crypto);
repair_options.set_multi_threaded_compress(param.multi_threaded_compress);
if(param.iteration_count > 0)
repair_options.set_iteration_count(param.iteration_count);
if(param.kdf_hash != hash_algo::none)
repair_options.set_kdf_hash(param.kdf_hash);

if(repo)
repair_options.set_entrepot(repo);

Expand Down
15 changes: 15 additions & 0 deletions src/libdar/archive_options.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2066,6 +2066,16 @@ namespace libdar
throw Ememory("archive_options_repair::clear");
x_multi_threaded_crypto = 1;
x_multi_threaded_compress = 1;
if(compile_time::libargon2())
{
x_iteration_count = default_iteration_count_argon2;
x_kdf_hash = hash_algo::argon2;
}
else
{
x_kdf_hash = hash_algo::sha1;
x_iteration_count = default_iteration_count;
}
}
catch(...)
{
Expand Down Expand Up @@ -2110,6 +2120,8 @@ namespace libdar
x_entrepot = ref.x_entrepot;
x_multi_threaded_crypto = ref.x_multi_threaded_crypto;
x_multi_threaded_compress = ref.x_multi_threaded_compress;
x_iteration_count = ref.x_iteration_count;
x_kdf_hash = ref.x_kdf_hash;
}

void archive_options_repair::move_from(archive_options_repair && ref) noexcept
Expand Down Expand Up @@ -2140,6 +2152,9 @@ namespace libdar
x_slice_min_digits = move(ref.x_slice_min_digits);
x_multi_threaded_crypto = move(ref.x_multi_threaded_crypto);
x_multi_threaded_compress = move(ref.x_multi_threaded_compress);
x_iteration_count = move(ref.x_iteration_count);
x_kdf_hash = move(ref.x_kdf_hash);

}

} // end of namespace
12 changes: 12 additions & 0 deletions src/libdar/archive_options.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -1916,6 +1916,13 @@ namespace libdar
/// how much thread libdar will use for compression (need libthreadar too and compression_block_size > 0)
void set_multi_threaded_compress(U_I num) { x_multi_threaded_compress = num; };

/// key derivation
void set_iteration_count(const infinint & val) { x_iteration_count = val; };

/// hash algo used for key derivation
void set_kdf_hash(hash_algo algo) { x_kdf_hash = algo; };



/////////////////////////////////////////////////////////////////////
// getting methods
Expand Down Expand Up @@ -1946,6 +1953,9 @@ namespace libdar
const std::shared_ptr<entrepot> & get_entrepot() const { return x_entrepot; };
U_I get_multi_threaded_crypto() const { return x_multi_threaded_crypto; };
U_I get_multi_threaded_compress() const { return x_multi_threaded_compress; };
const infinint & get_iteration_count() const { return x_iteration_count; };
hash_algo get_kdf_hash() const { return x_kdf_hash; };


private:
bool x_allow_over;
Expand Down Expand Up @@ -1974,6 +1984,8 @@ namespace libdar
std::shared_ptr<entrepot> x_entrepot;
U_I x_multi_threaded_crypto;
U_I x_multi_threaded_compress;
infinint x_iteration_count;
hash_algo x_kdf_hash;

void nullifyptr() noexcept {};
void copy_from(const archive_options_repair & ref);
Expand Down
8 changes: 5 additions & 3 deletions src/libdar/i_archive.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -783,6 +783,8 @@ namespace libdar
const archive_options_repair & options_repair,
statistics* progressive_report): mem_ui(dialog)
{
statistics st = false;
statistics* st_ptr = progressive_report == nullptr ? &st : progressive_report;
archive_options_read my_options_read = options_read;
bool initial_pause = (*options_read.get_entrepot() == *options_repair.get_entrepot() && chem_src == chem_dst);

Expand Down Expand Up @@ -905,10 +907,10 @@ namespace libdar
false, // zeroing_neg_date
set<string>(), // ignored_symlinks
modified_data_detection::any_inode_change, // not used for repairing
src.pimpl->ver.get_iteration_count(),
src.pimpl->ver.get_kdf_hash(),
options_repair.get_iteration_count(),
options_repair.get_kdf_hash(),
delta_sig_block_size(), // sig block size is not used for repairing, build_delta_sig is set to false above
progressive_report); // statistics
st_ptr); // statistics

// stealing src's catalogue, our's is still empty at this step
catalogue *tmp = cat;
Expand Down

0 comments on commit 18f90db

Please sign in to comment.