From 4d7bd0e5d7bc75471aa1f60e059373fb7c006b31 Mon Sep 17 00:00:00 2001 From: Denis Corbin Date: Tue, 29 Oct 2024 22:24:37 +0100 Subject: [PATCH 1/5] fixing bug reported as present in file i_archive.cpp line 2302 --- src/libdar/i_archive.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libdar/i_archive.cpp b/src/libdar/i_archive.cpp index f4d9abb7..e2f56e51 100644 --- a/src/libdar/i_archive.cpp +++ b/src/libdar/i_archive.cpp @@ -781,6 +781,8 @@ namespace libdar const archive_options_repair & options_repair, statistics* progressive_report): mem_ui(dialog) { + statistics st = false; + statistics* st_ptr = progressive_report == nullptr ? &st : progressive_report; archive_options_read my_options_read = options_read; bool initial_pause = (*options_read.get_entrepot() == *options_repair.get_entrepot() && chem_src == chem_dst); @@ -906,7 +908,7 @@ namespace libdar src.pimpl->ver.get_iteration_count(), src.pimpl->ver.get_kdf_hash(), delta_sig_block_size(), // sig block size is not used for repairing, build_delta_sig is set to false above - progressive_report); // statistics + st_ptr); // statistics // stealing src's catalogue, our's is still empty at this step catalogue *tmp = cat; From 8f4c380d11f49b46d6af0398955813d8391bd7dc Mon Sep 17 00:00:00 2001 From: Denis Corbin Date: Tue, 29 Oct 2024 22:31:44 +0100 Subject: [PATCH 2/5] adding kdf support for repair operation --- man/dar.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/dar.1 b/man/dar.1 index 14d30ae5..3b187ebd 100644 --- a/man/dar.1 +++ b/man/dar.1 @@ -654,7 +654,7 @@ With this option, When reading or writing an archive to a remote repository when -ab, --alter=blind-to-signatures do not check whether an encrypted archive with public key that has also been signed have correct signatures. .PP -.B SAVING, ISOLATION, MERGING AND REPAIRING SPECIFIC OPTIONS (to use with -c, -C or -+) +.B SAVING, ISOLATION, MERGING AND REPAIRING SPECIFIC OPTIONS (to use with -c, -C, -+ or -y) .PP .TP 5 -z, --compression={ [algo] | level | algo:level | algo:level:block-size } @@ -1150,7 +1150,7 @@ option. Since release 2.6.0 a new entry status ("inode-only") has been added. Dar can now re-save only metadata when the inode change does not concern the data. To know whether the data has changed or not, by default (no --modified-data-detection option given) dar looks at mtime and at file's size only. Specifying --modified-data-detection=mtime-and-size (which is the default behavior) can be used to revert the action of --modified-data-detection=any-inode-change for example when playing with included files (DCF files): the latest met takes precedence. .TP 20 -T, --kdf-param [:] -At the difference of the listing context (see below), in the context of archive creation, merging and isolation, -T option let you define the iteration count used to derive the archive key from the passphrase you provided (archive encryption context) and the hash algorithm used for that derivation. -T has another older meaning when doing archive listing, but due to the lack of free character to create a new CLI option, there was no other choice than recycling an existing option not used in the context of archive creation/merging/isolation. The consequence is that the -T option must appear after the -+/-c/-C options for the operational context to be known at the time the -T option is met and its --kdf-param meaning to be taken into account. As --kdf-param is an alias to -T, this long form of this option must also be found after the use of either -c, -C or -+ option. +At the difference of the listing context (see below), in the context of archive creation, merging, isolation and reparation, -T option let you define the iteration count used to derive the archive key from the passphrase you provided (archive encryption context) and the hash algorithm used for that derivation. -T has another older meaning when doing archive listing, but due to the lack of free character to create a new CLI option, there was no other choice than recycling an existing option not used in the context of archive creation/merging/isolation. The consequence is that the -T option must appear after the -+/-c/-C/-y options for the operational context to be known at the time the -T option is met and its --kdf-param meaning to be taken into account. As --kdf-param is an alias to -T, this long form of this option must also be found after the use of either -c, -C or -+ option. .P .RS Without --kdf-param the KDF fonction uses 200,000 iterations for md5, sha1 and sha512 (PBKDF2 from PKCS#5 v2) but only 10,000 for argon2. If libargon2 is present, this is the default hash algorithm, else sha1 is used with PBKDF2. Valid parameters are "sha1", "sha512", "md5" and "argon2" for the hash algorithms and a value greater than 1 for the iteration count. However it is advise to use a value equal or greater to the default values mentionned previously. The suffixes described for -s option are also available here (k, M, G, T, P, ...) however pay attention to the -aSI/-abinary mode which default to binary, in which case "-T 1k" is equivalent to "-T 1024". Example of use: --kdf-param 20k:argon2 From 08abd376272e7c437c01124a82c86f0f6de47c32 Mon Sep 17 00:00:00 2001 From: Denis Corbin Date: Tue, 29 Oct 2024 20:56:58 +0100 Subject: [PATCH 3/5] adding KDF support in libdar API for repairing operation ...instead of using parameters from the archive under repairing --- src/libdar/archive_options.cpp | 15 +++++++++++++++ src/libdar/archive_options.hpp | 12 ++++++++++++ src/libdar/i_archive.cpp | 4 ++-- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/src/libdar/archive_options.cpp b/src/libdar/archive_options.cpp index 0c102fa4..b4328757 100644 --- a/src/libdar/archive_options.cpp +++ b/src/libdar/archive_options.cpp @@ -2061,6 +2061,16 @@ namespace libdar throw Ememory("archive_options_repair::clear"); x_multi_threaded_crypto = 1; x_multi_threaded_compress = 1; + if(compile_time::libargon2()) + { + x_iteration_count = default_iteration_count_argon2; + x_kdf_hash = hash_algo::argon2; + } + else + { + x_kdf_hash = hash_algo::sha1; + x_iteration_count = default_iteration_count; + } } catch(...) { @@ -2105,6 +2115,8 @@ namespace libdar x_entrepot = ref.x_entrepot; x_multi_threaded_crypto = ref.x_multi_threaded_crypto; x_multi_threaded_compress = ref.x_multi_threaded_compress; + x_iteration_count = ref.x_iteration_count; + x_kdf_hash = ref.x_kdf_hash; } void archive_options_repair::move_from(archive_options_repair && ref) noexcept @@ -2135,6 +2147,9 @@ namespace libdar x_slice_min_digits = move(ref.x_slice_min_digits); x_multi_threaded_crypto = move(ref.x_multi_threaded_crypto); x_multi_threaded_compress = move(ref.x_multi_threaded_compress); + x_iteration_count = move(ref.x_iteration_count); + x_kdf_hash = move(ref.x_kdf_hash); + } } // end of namespace diff --git a/src/libdar/archive_options.hpp b/src/libdar/archive_options.hpp index 89ee804f..1c1a8378 100644 --- a/src/libdar/archive_options.hpp +++ b/src/libdar/archive_options.hpp @@ -1914,6 +1914,13 @@ namespace libdar /// how much thread libdar will use for compression (need libthreadar too and compression_block_size > 0) void set_multi_threaded_compress(U_I num) { x_multi_threaded_compress = num; }; + /// key derivation + void set_iteration_count(const infinint & val) { x_iteration_count = val; }; + + /// hash algo used for key derivation + void set_kdf_hash(hash_algo algo) { x_kdf_hash = algo; }; + + ///////////////////////////////////////////////////////////////////// // getting methods @@ -1944,6 +1951,9 @@ namespace libdar const std::shared_ptr & get_entrepot() const { return x_entrepot; }; U_I get_multi_threaded_crypto() const { return x_multi_threaded_crypto; }; U_I get_multi_threaded_compress() const { return x_multi_threaded_compress; }; + const infinint & get_iteration_count() const { return x_iteration_count; }; + hash_algo get_kdf_hash() const { return x_kdf_hash; }; + private: bool x_allow_over; @@ -1972,6 +1982,8 @@ namespace libdar std::shared_ptr x_entrepot; U_I x_multi_threaded_crypto; U_I x_multi_threaded_compress; + infinint x_iteration_count; + hash_algo x_kdf_hash; void nullifyptr() noexcept {}; void copy_from(const archive_options_repair & ref); diff --git a/src/libdar/i_archive.cpp b/src/libdar/i_archive.cpp index e2f56e51..11041a37 100644 --- a/src/libdar/i_archive.cpp +++ b/src/libdar/i_archive.cpp @@ -905,8 +905,8 @@ namespace libdar false, // zeroing_neg_date set(), // ignored_symlinks modified_data_detection::any_inode_change, // not used for repairing - src.pimpl->ver.get_iteration_count(), - src.pimpl->ver.get_kdf_hash(), + options_repair.get_iteration_count(), + options_repair.get_kdf_hash(), delta_sig_block_size(), // sig block size is not used for repairing, build_delta_sig is set to false above st_ptr); // statistics From 5d46ba739eb8a6a17f8f05a8a1ff22f790a4cba8 Mon Sep 17 00:00:00 2001 From: Denis Corbin Date: Tue, 29 Oct 2024 22:43:13 +0100 Subject: [PATCH 4/5] adding KDF support for repair operation in dar command-line tool --- src/build/ChangeLog | 2 ++ src/dar_suite/command_line.cpp | 4 +++- src/dar_suite/dar.cpp | 5 +++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/build/ChangeLog b/src/build/ChangeLog index 05d13c26..a9d19827 100644 --- a/src/build/ChangeLog +++ b/src/build/ChangeLog @@ -10,6 +10,8 @@ from 2.7.15 to 2.7.16 overwriting policy drives entry to be removed from the resulting archive adding to that, the very specific/rare condition where the number of removals exceeds more than the half of kept entries... +- adding kdf support for repairing operation instead of using the values of the + archive/backup under reparation. from 2.7.14 to 2.7.15 diff --git a/src/dar_suite/command_line.cpp b/src/dar_suite/command_line.cpp index 5eeb4048..400758ae 100644 --- a/src/dar_suite/command_line.cpp +++ b/src/dar_suite/command_line.cpp @@ -1309,9 +1309,11 @@ static bool get_args_recursive(recursive_param & rec, case 'T': if(p.op == create || p.op == merging - || p.op == isolate) + || p.op == isolate + || p.op == repairing) { // this is the --kdf-iter-count option + if(optarg == nullptr) throw Erange("get_args", tools_printf(gettext(MISSING_ARG), char(lu))); diff --git a/src/dar_suite/dar.cpp b/src/dar_suite/dar.cpp index ebe948f9..fe71c1ca 100644 --- a/src/dar_suite/dar.cpp +++ b/src/dar_suite/dar.cpp @@ -603,6 +603,11 @@ static S_I little_main(shared_ptr & dialog, S_I argc, char * c repair_options.set_slice_min_digits(param.num_digits); repair_options.set_multi_threaded_crypto(param.multi_threaded_crypto); repair_options.set_multi_threaded_compress(param.multi_threaded_compress); + if(param.iteration_count > 0) + repair_options.set_iteration_count(param.iteration_count); + if(param.kdf_hash != hash_algo::none) + repair_options.set_kdf_hash(param.kdf_hash); + if(repo) repair_options.set_entrepot(repo); From 038ae983186a0fc2bb09f0f4604acbd74ae79f1e Mon Sep 17 00:00:00 2001 From: Denis Corbin Date: Tue, 29 Oct 2024 22:50:37 +0100 Subject: [PATCH 5/5] adapting configure.ac to libthreadar 1.5.1 (but still compatible with older versions) --- src/build/configure.ac | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/build/configure.ac b/src/build/configure.ac index 0552fa6c..ca4fff92 100644 --- a/src/build/configure.ac +++ b/src/build/configure.ac @@ -1842,7 +1842,10 @@ AS_IF( [ test "x$enable_threadar" != "xyes" ], PKG_CHECK_MODULES(LIBTHREADAR, libthreadar, [], [AC_MSG_ERROR([libthreadar not found, but reported to exist !?!])]) ], [ - AC_CHECK_LIB(threadar, [for_autoconf], [], []) + # for libthreadar before release 1.5.1; + AC_CHECK_LIB(threadar, [for_autoconf], [], []) + # ofr libthreadar since release 1.5.1: + AC_CHECK_LIB(threadar, [libthreadar_for_autoconf], [], []) ]) CPPFLAGS__cache="$CPPFLAGS" CPPFLAGS="$LIBTHREADAR_CFLAGS $CPPFLAGS"