From: Philipp Gesang Date: Tue, 21 Mar 2017 12:13:00 +0000 (+0100) Subject: simplify password save and retrieval X-Git-Url: http://developer.intra2net.com/git/?a=commitdiff_plain;h=1640c97e307cca736569fa53c796b3226721baf6;p=python-delta-tar simplify password save and retrieval The password must be available for the entire time of the decryption since it might be necessary to recalculate the key on account of different salt or parameters of some object. --- diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 1dab1be..0428555 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -310,6 +310,7 @@ class Crypto (object): pfx = None # 64 bit fixed parts of IV cnt = None iv = None + password = None def __init__ (self, *al, **akv): self.cnt = 1 @@ -318,7 +319,10 @@ class Crypto (object): def set_parameters (self, password, paramversion, nacl=None, pfx=None): if isinstance (password, bytes) is False: password = str.encode (password) - self.password = password + self.password = password + if paramversion is None and nacl is None: + # postpone until first header is available + return self.nacl = nacl self.paramversion = paramversion kdf = kdf_by_version (paramversion) @@ -393,24 +397,17 @@ class Encrypt (Crypto): class Decrypt (Crypto): pfx = None - password = None tag = None # GCM tag, part of header ctsize = -1 ptsize = -1 def __init__ (self, password, paramversion=None, nacl=None): - if paramversion is not None \ - and nacl is not None : - super().__init__ (password, paramversion, nacl) - else: - self.password = password - # else postpone until first header is available + super().__init__ (password, paramversion, nacl) def next (self, hdr): if self.key is None: super().__init__ (self.password, hdr ["paramversion"], hdr ["nacl"]) - del self.password # XXX find a way to zero out the buffer instead self.cnt += 1 iv = hdr ["iv"] self.tag = hdr ["tag"]