From 02f34a22c84a2df1e67bd2775347aa64b5ba8f8b Mon Sep 17 00:00:00 2001
From: Daniel Garcia Moreno <danigm@wadobo.com>
Date: Tue, 16 Jul 2013 10:26:36 +0200
Subject: [PATCH] Fixed encryption pad treatment using random pad

---
 deltatar/aescrypto.py      |    4 ++--
 deltatar/tarfile.py        |   12 ++++++++----
 testing/test_encryption.py |    8 ++++----
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/deltatar/aescrypto.py b/deltatar/aescrypto.py
index 423bba2..f46e031 100644
--- a/deltatar/aescrypto.py
+++ b/deltatar/aescrypto.py
@@ -45,8 +45,8 @@ class AESCrypt:
             self.salt = Random.new().read(self.bs - len('Salted__'))
         self.password = password
 
-        self.get_pad = self.get_pkcs5_pad
-        self.split_pad = self.split_pkcs5_pad
+        self.get_pad = self.get_random_pad
+        self.split_pad = self.split_random_pad
 
     def init(self):
         '''
diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py
index e632421..d732c7c 100644
--- a/deltatar/tarfile.py
+++ b/deltatar/tarfile.py
@@ -720,15 +720,19 @@ class _Stream:
 
     def __dec_read(self, size):
         buf = self.fileobj.read(size)
+        last = len(buf) < size
         if self.enctype == 'aes':
-            buf = self.__split_enc_file(buf)
+            buf = self.__split_enc_file(buf, last)
         return buf
 
-    def __split_enc_file(self, buf):
+    def __split_enc_file(self, buf, last):
+        if not buf:
+            return buf
+
         try:
             idx = buf.index('Salted__')
         except ValueError:
-            buf = self.encryption.decrypt(buf)
+            buf = self.encryption.decrypt(buf, last)
         else:
             b1 = buf[:idx]
             b2 = buf[idx:]
@@ -736,7 +740,7 @@ class _Stream:
             self.encryption.get_salt_str(b2)
             self.encryption.init()
             b2 = b2[len(self.encryption.salt_str):]
-            buf += self.__split_enc_file(b2)
+            buf += self.__split_enc_file(b2, last)
         return buf
 # class _Stream
 
diff --git a/testing/test_encryption.py b/testing/test_encryption.py
index 69b51da..260786b 100644
--- a/testing/test_encryption.py
+++ b/testing/test_encryption.py
@@ -54,8 +54,8 @@ class EncryptionTest(BaseTest):
         assert os.path.exists("sample.tar.gz.aes.0") # beginning of the tar file
         assert os.path.exists("sample.tar.gz.aes.1") # first file
 
-        os.system("openssl aes-128-cbc -k 'key' -d -in sample.tar.gz.aes.1 -out sample.tar.gz")
-        os.system("zcat sample.tar.gz > sample.tar")
+        os.system("openssl aes-128-cbc -nopad -k 'key' -d -in sample.tar.gz.aes.1 -out sample.tar.gz")
+        os.system("zcat sample.tar.gz 2>/dev/null > sample.tar")
         os.system("tar xf sample.tar")
         assert os.path.exists("big")
         assert hash == self.md5sum("big")
@@ -99,8 +99,8 @@ class EncryptionTest(BaseTest):
         # extract and check output
         for i in xrange(1, 4):
             fname = "sample.tar.gz.aes.%d" % i
-            os.system("openssl aes-128-cbc -k 'key' -d -in %s -out sample.tar.gz" % fname)
-            os.system("zcat sample.tar.gz > sample.tar")
+            os.system("openssl aes-128-cbc -nopad -k 'key' -d -in %s -out sample.tar.gz" % fname)
+            os.system("zcat sample.tar.gz 2>/dev/null > sample.tar")
             os.system("tar xf sample.tar")
 
         for key, value in hash.iteritems():
-- 
1.7.1