delay kdf until parameters are available from header

When decrypting, initialize the key immediately if parameters and
salt are being passed to the ctor. Otherwise, just save the
passphrase in the object and run the KDF when ``.next()`` is
passed the required bits as part of a PDTCRYPT header.

diff --git a/deltatar/crypto.py b/deltatar/crypto.py
index 32ee3dc..c1c1f8f 100755 (executable)
--- a/deltatar/crypto.py
+++ b/deltatar/crypto.py
@@ -297,7 +297,7 @@ class Crypto (object):
         self.password     = password
         self.nacl         = nacl
         self.paramversion = paramversion
-        (kdf, params) = kdf_by_version (paramversion)
+        (kdf, params)     = kdf_by_version (paramversion)
 
         N = params["N"]
         r = params["r"]
@@ -384,13 +384,22 @@ class Encrypt (Crypto):
 
 class Decrypt (Crypto):
 
-    pfx = None
+    pfx          = None
+    password     = None
 
-    def __init__ (self, password, paramversion, nacl):
-        super().__init__ (password, paramversion, nacl)
+    def __init__ (self, password, paramversion=None, nacl=None):
+        if      paramversion is not None \
+            and         nacl is not None :
+            super().__init__ (password, paramversion, nacl)
+        else:
+            self.password = password
+        # else postpone until first header is available
 
 
     def next (self, hdr):
+        if self.key is None:
+            super().__init__ (self.password, hdr ["paramversion"], hdr ["nacl"])
+        del self.password # XXX find a way to zero out the buffer instead
         self.cnt += 1
         iv = hdr ["iv"]
         self.aes = Cipher \