simplify password save and retrieval

The password must be available for the entire time of the
decryption since it might be necessary to recalculate the key on
account of different salt or parameters of some object.

diff --git a/deltatar/crypto.py b/deltatar/crypto.py
index 1dab1be..0428555 100755 (executable)
--- a/deltatar/crypto.py
+++ b/deltatar/crypto.py
@@ -310,6 +310,7 @@ class Crypto (object):
     pfx  = None # 64 bit fixed parts of IV
     cnt  = None
     iv   = None
+    password = None
 
     def __init__ (self, *al, **akv):
         self.cnt  = 1
@@ -318,7 +319,10 @@ class Crypto (object):
 
     def set_parameters (self, password, paramversion, nacl=None, pfx=None):
         if isinstance (password, bytes) is False: password = str.encode (password)
-        self.password     = password
+        self.password = password
+        if paramversion is None and nacl is None:
+            # postpone until first header is available
+            return
         self.nacl         = nacl
         self.paramversion = paramversion
         kdf               = kdf_by_version (paramversion)
@@ -393,24 +397,17 @@ class Encrypt (Crypto):
 class Decrypt (Crypto):
 
     pfx          = None
-    password     = None
     tag          = None # GCM tag, part of header
     ctsize       = -1
     ptsize       = -1
 
     def __init__ (self, password, paramversion=None, nacl=None):
-        if      paramversion is not None \
-            and         nacl is not None :
-            super().__init__ (password, paramversion, nacl)
-        else:
-            self.password = password
-        # else postpone until first header is available
+        super().__init__ (password, paramversion, nacl)
 
 
     def next (self, hdr):
         if self.key is None:
             super().__init__ (self.password, hdr ["paramversion"], hdr ["nacl"])
-        del self.password # XXX find a way to zero out the buffer instead
         self.cnt += 1
         iv = hdr ["iv"]
         self.tag = hdr ["tag"]