do not require parameter version with each encrypted object

When encrypting, stick to the parameter version specified in the
ctor. Despite the format allowing for on-the-fly adjustment of
encryption parameters, there is no real world scenario yet in
which this might be desired. Thus, remove this prerequisite as it
only encumbers the signature of ``.next()`` with cruft.

diff --git a/deltatar/crypto.py b/deltatar/crypto.py
index 5ae9330..9fdbef0 100755 (executable)
--- a/deltatar/crypto.py
+++ b/deltatar/crypto.py
@@ -421,11 +421,16 @@ class Encrypt (Crypto):
 
     curobj = None
     hdrdum = None
-
+    paramversion = None
+    paramenc     = None
 
     def __init__ (self, password, paramversion, nacl=None,
                   counter=AES_GCM_IV_CNT_DATA):
         self.pfx = [ ]
+        self.paramversion = paramversion
+        defs = ENCRYPTION_PARAMETERS.get(self.paramversion)
+        self.paramenc = defs ["enc"]
+
         super().__init__ (password, paramversion, nacl, counter=counter,
                           nextpfx=lambda: self.pfx.append (os.urandom(8)))
 
@@ -434,25 +439,25 @@ class Encrypt (Crypto):
         return struct.pack(FMT_I2N_IV, self.pfx [-1], self.cnt)
 
 
-    def next (self, filename, version, paramversion, nacl):
-        self.curobj = (filename, version, paramversion, nacl or self.nacl)
+    def next (self, filename, version, nacl):
+        self.curobj = (filename, version, nacl or self.nacl)
         self.set_object_counter (self.cnt + 1)
         self.iv = self.iv_make ()
-        defs = ENCRYPTION_PARAMETERS.get(paramversion)
-        enc = defs ["enc"]
-        if enc == "aes-gcm":
+
+        if self.paramenc == "aes-gcm":
             self.enc = Cipher \
                             ( algorithms.AES (self.key)
                             , modes.GCM (self.iv)
                             , backend = default_backend ()) \
                             .encryptor ()
-        elif enc == "passthrough":
+        elif self.paramenc == "passthrough":
             self.enc = PassthroughCipher ()
         else:
             raise Exception ("XXX garbage encryption parameter %d → %r"
-                             % (paramversion, enc))
+                             % (self.paramversion, enc))
         self.hdrdum = hdr_make_dummy (filename)
-        super().next (self.password, paramversion, nacl)
+        super().next (self.password, self.paramversion, nacl)
+
         return self.hdrdum
 
 
@@ -462,8 +467,8 @@ class Encrypt (Crypto):
         data = self.enc.finalize ()
         self.stats ["out"] += len (data)
         self.ctsize += len (data)
-        (filename, version, paramversion, nacl) = self.curobj
-        ok, hdr = hdr_from_params (version, paramversion, nacl, self.iv,
+        (filename, version, nacl) = self.curobj
+        ok, hdr = hdr_from_params (version, self.paramversion, nacl, self.iv,
                                    self.ctsize, self.enc.tag)
         if ok is False:
             raise Exception ("XXX error constructing header: %r" % hdr) ## we need to converge on a sensible error handling strategy

diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py
index 71a50d6..2c024c9 100644 (file)
--- a/deltatar/tarfile.py
+++ b/deltatar/tarfile.py
@@ -494,7 +494,7 @@ class _Stream:
                 else:
                     self.cmp = lzma.LZMACompressor()
 
-            elif comptype != "tar":
+            elif comptype not in [ "tar", "aes128" ]:
                 if self.encryption is not None:
                     raise InvalidEncryptionError("encryption not available for "
                                                  "compression %s" % comptype)
@@ -527,7 +527,6 @@ class _Stream:
             # encryption layer in .__write().
             dummyhdr = self.encryption.next (entry,
                                              version=DELTATAR_HEADER_VERSION,
-                                             paramversion=self.encver,
                                              nacl=self.encryption.nacl)
             if dummyhdr is None:
                 raise EncryptionError ("Crypto.next(): bad dummy header") # XXX