From: Philipp Gesang Date: Thu, 23 Mar 2017 09:43:25 +0000 (+0100) Subject: start payload encryption counter at 2 X-Git-Url: http://developer.intra2net.com/git/?a=commitdiff_plain;h=5c5c38d7750217c313d2180325f2e903e89658cc;p=python-delta-tar start payload encryption counter at 2 As per the spec, a file counter of 1 is reserved for the info file. --- diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 64e62f9..0330552 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -53,7 +53,8 @@ from cryptography.hazmat.backends import default_backend __all__ = [ "hdr_make", "hdr_read", "hdr_fmt", "hdr_fmt_pretty" - , "I2N_HDR_SIZE" ] + , "I2N_HDR_SIZE" , "AES_GCM_IV_CNT_DATA", "AES_GCM_IV_CNT_INFOFILE" + ] ############################################################################### @@ -115,6 +116,9 @@ AES_GCM_IV_LEN = 12 AES_GCM_MAX_SIZE = (1 << 36) - (1 << 5) # 2^39 - 2^8 b ≅ 64 GB AES_GCM_FMT_TAG = "<16s" +AES_GCM_IV_CNT_INFOFILE = 1 # constant +AES_GCM_IV_CNT_DATA = AES_GCM_IV_CNT_INFOFILE + 1 # also for multivolume + ############################################################################### ## header, trailer @@ -319,11 +323,12 @@ class Crypto (object): state = STATE_DEAD def __init__ (self, *al, **akv): - self.cnt = 1 self.set_parameters (*al, **akv) - def set_parameters (self, password, paramversion, nacl=None, pfx=None): + def set_parameters (self, password, paramversion, nacl=None, pfx=None, + counter=None): + self.cnt = counter or AES_GCM_IV_CNT_DATA if isinstance (password, bytes) is False: password = str.encode (password) self.password = password if paramversion is None and nacl is None: @@ -335,7 +340,7 @@ class Crypto (object): if kdf is not None: self.key, self.nacl = kdf (password, nacl) - if pfx is not None: + if pfx is not None and isinstance (pfx, bytes) is True: self.pfx = pfx if self.pfx is None: self.pfx = os.urandom(8) @@ -363,8 +368,9 @@ class Encrypt (Crypto): hdrdum = None ctsize = -1 # per object from .next() → .done() - def __init__ (self, password, paramversion, nacl=None): - super().__init__ (password, paramversion, nacl) + def __init__ (self, password, paramversion, nacl=None, + counter=AES_GCM_IV_CNT_DATA): + super().__init__ (password, paramversion, nacl, counter=counter) def iv_make (self): @@ -420,8 +426,8 @@ class Decrypt (Crypto): ctsize = -1 ptsize = -1 - def __init__ (self, password, paramversion=None, nacl=None): - super().__init__ (password, paramversion, nacl) + def __init__ (self, password, paramversion=None, nacl=None, counter=None): + super().__init__ (password, paramversion, nacl, counter=counter) def next (self, hdr): diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py index c48c8d6..ef50e1d 100644 --- a/deltatar/tarfile.py +++ b/deltatar/tarfile.py @@ -448,7 +448,9 @@ class _Stream: ("encryption requested (v=%d) but no password given" % encver) try: - enc = crypto.Encrypt (password, I2N_XXX_ENCRYPTION_VERSION, nacl) + enc = crypto.Encrypt (password, + I2N_XXX_ENCRYPTION_VERSION, nacl, + counter=crypto.AES_GCM_IV_CNT_DATA) except ValueError as exn: raise InvalidEncryptionError \ ("ctor failed crypto.Encrypt(, “%s”, %r)" @@ -515,7 +517,9 @@ class _Stream: ("encryption requested (v=%d) but no password given" % encver) try: - enc = crypto.Encrypt (password, I2N_XXX_ENCRYPTION_VERSION, nacl) + enc = crypto.Encrypt (password, + I2N_XXX_ENCRYPTION_VERSION, nacl, + counter=crypto.AES_GCM_IV_CNT_DATA) except ValueError as exn: raise InvalidEncryptionError \ ("ctor failed crypto.Encrypt(, “%s”, %r)"