From 2a377dfc5ce29e652c2fad587b2ef53994a6d7f2 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Fri, 24 Feb 2017 11:18:18 +0100 Subject: [PATCH] remove key length parameter wherever feasible MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Since we’re using fixed AES-128 everywhere, the revised version no longer offers adjustable key length. --- deltatar/deltatar.py | 15 +-------------- deltatar/tarfile.py | 40 ++++++++++++++++------------------------ file_crypt.py | 4 +--- 3 files changed, 18 insertions(+), 41 deletions(-) diff --git a/deltatar/deltatar.py b/deltatar/deltatar.py index 8429c6f..bbfe79a 100644 --- a/deltatar/deltatar.py +++ b/deltatar/deltatar.py @@ -98,9 +98,7 @@ class DeltaTar(object): '|bz2': '.bz2', '#gz': '.gz', '#gz.aes128': '.gz.aes128', - '#gz.aes256': '.gz.aes256', '#aes128': '.aes128', - '#aes256': '.aes256', } # valid index modes and their corresponding default file extension @@ -109,9 +107,7 @@ class DeltaTar(object): 'gz': '.gz', 'bz2': '.bz2', 'gz.aes128': '.gz.aes128', - 'gz.aes256': '.gz.aes256', 'aes128': '.aes128', - 'aes256': '.aes256' } # valid path prefixes @@ -156,9 +152,7 @@ class DeltaTar(object): '|bz2' open a bzip2 compressed stream of tar blocks '#gz' open a stream of gzip compressed tar blocks '#gz.aes128' open an aes128 encrypted stream of gzip compressed tar blocks - '#gz.aes256' open an aes256 encrypted stream of gzip compressed tar blocks '#aes128' open an aes128 encrypted stream of tar blocks - '#aes256' open an aes256 encrypted stream of tar blocks - password: used together with aes modes to encrypt and decrypt backups. @@ -175,9 +169,7 @@ class DeltaTar(object): 'gz' open with gzip compression 'bz2' open with bzip2 compression 'gz.aes128' open an aes128 encrypted stream of gzip compressed tar blocks - 'gz.aes256' open an aes256 encrypted stream of gzip compressed tar blocks 'aes128' open an aes128 encrypted stream of tar blocks - 'aes256' open an aes256 encrypted stream of tar blocks - index_name_func: function that sets a custom name for the index file. This function receives the backup_path and if it's a full backup as @@ -496,14 +488,9 @@ class DeltaTar(object): if 'aes' in self.index_mode: enctype = 'aes' - key_length = 128 - if 'aes256' in self.index_mode: - key_length = 256 - return tarfile._Stream(name=path, mode=mode, comptype=comptype, bufsize=tarfile.RECORDSIZE, fileobj=None, - enctype=enctype, password=self.password, - key_length=key_length) + enctype=enctype, password=self.password) def create_full_backup(self, source_path, backup_path, max_volume_size=None, extra_data=dict()): diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py index 8e937b4..19b27bb 100644 --- a/deltatar/tarfile.py +++ b/deltatar/tarfile.py @@ -363,7 +363,7 @@ class _Stream: def __init__(self, name, mode, comptype, fileobj, bufsize, concat_stream=False, enctype='', password="", - key_length=128, compresslevel=9): + compresslevel=9): """Construct a _Stream object. """ self._extfileobj = True @@ -390,11 +390,10 @@ class _Stream: self.internal_pos = 0 self.concat_stream = concat_stream self.enctype = enctype - self.key_length = key_length self.password = password self.last_block_offset = 0 self.dbuf = b"" - self.aes_buf = b"" + self.aes_buf = b"" # ??? self.exception = None self.compresslevel = compresslevel self.bytes_written = 0 @@ -411,8 +410,7 @@ class _Stream: self.zlib = zlib if mode == "r": if self.enctype == 'aes': - self.encryption = crypto.AES_GCM_context(self.password, - key_length=self.key_length) + self.encryption = crypto.AES_GCM_context(self.password) self._init_read_gz() self.exception = zlib.error else: @@ -452,8 +450,7 @@ class _Stream: self.cmp = lzma.LZMACompressor() elif self.enctype == 'aes': - self.encryption = aescrypto.AESCrypt(self.password, - key_length=self.key_length) + self.encryption = aescrypto.AESCrypt(self.password) if mode != "r": self.encryption.init() self.__write_to_file(self.encryption.salt_str) @@ -486,8 +483,7 @@ class _Stream: # if aes, we encrypt after compression if self.enctype == 'aes': - self.encryption = aescrypto.AESCrypt(self.password, - key_length=self.key_length) + self.encryption = aescrypto.AESCrypt(self.password) self.encryption.init() self.__write_to_file(self.encryption.salt_str) @@ -549,8 +545,7 @@ class _Stream: if set_last_block_offset: self.last_block_offset = self.fileobj.tell() - self.encryption = aescrypto.AESCrypt(self.password, - key_length=self.key_length) + self.encryption = aescrypto.AESCrypt(self.password) self.encryption.init() self.__write_to_file(self.encryption.salt_str) @@ -804,6 +799,7 @@ class _Stream: while c < size: buf = self.__dec_read(self.bufsize) if not buf: + ## XXX stream terminated prematurely; this should be an error break t.append(buf) c += len(buf) @@ -846,14 +842,17 @@ class _Stream: chars because the file is decrypted in multiples of the key size. ''' if self.enctype == 'aes': - kl = int(self.key_length/8) - buf = self.fileobj.read(size - kl) - last = len(buf) < (size - kl) + ## XXX + ## PHG: this logic doesn’t map to our header-based approach + ## and requires adjustment + buf = self.fileobj.read(size) + last = len(buf) < size buf = self.aes_buf + buf self.aes_buf = b"" # prevent setting last to False when it shouldn't if not last: + kl = 16 ## XXX key length; obsolete last = buf[-kl:].startswith(b'Salted__') self.aes_buf = buf[-kl:] buf = buf[:-kl] @@ -864,8 +863,8 @@ class _Stream: return buf def __split_enc_file(self, buf, last): - if not buf: - return buf + if not buf: # what else? + return buf ## XXX WTF‽ idx = buf.find(b'Salted__') if idx == -1: @@ -2000,7 +1999,6 @@ class TarFile(object): password = '' # if not enctype there's no encryption enctype = '' - key_length = 128 if filemode not in "rw": raise ValueError("mode must be 'r' or 'w'") @@ -2012,9 +2010,7 @@ class TarFile(object): # encryption gz.aes128 or gz.aes256 if "." in comptype: comptype, enctype = comptype.split(".", 1) - kl = enctype[3:] enctype = enctype[:3] - key_length = 128 if kl == '128' else 256 password = kwargs.get('password', '') if not password: raise ValueError("you should give a password for encryption") @@ -2022,9 +2018,7 @@ class TarFile(object): if comptype.startswith("aes"): enctype = comptype comptype = 'tar' - kl = comptype[3:] enctype = enctype[:3] - key_length = 128 if kl == '128' else 256 password = kwargs.get('password', '') if not password: raise ValueError("you should give a password for encryption") @@ -2033,8 +2027,7 @@ class TarFile(object): stream = _Stream(name, filemode, comptype, fileobj, bufsize, concat_stream=True, enctype=enctype, - password=password, key_length=key_length, - compresslevel=compresslevel) + password=password, compresslevel=compresslevel) try: t = cls(name, filemode, stream, **kwargs) except: @@ -2549,7 +2542,6 @@ class TarFile(object): fileobj=None, bufsize=self.fileobj.bufsize, password=self.fileobj.password, - key_length=self.fileobj.key_length, enctype=self.fileobj.enctype, concat_stream=self.fileobj.concat_stream) else: diff --git a/file_crypt.py b/file_crypt.py index d91744d..bd1f7dd 100755 --- a/file_crypt.py +++ b/file_crypt.py @@ -13,7 +13,7 @@ from traceback import print_exc def main(do_encrypt, in_file, out_file, password, comptype='gz', enctype='aes', - key_length=128, bufsize=tarfile.RECORDSIZE, encoding='UTF-8'): + bufsize=tarfile.RECORDSIZE, encoding='UTF-8'): """ Main function, called when running file as script see module doc for more info @@ -30,7 +30,6 @@ def main(do_encrypt, in_file, out_file, password, comptype='gz', enctype='aes', read_handle = tarfile._Stream(name=in_file, mode='r', comptype=comptype, bufsize=bufsize, fileobj=None, enctype=enctype, - key_length=key_length, password=password) return_code = 3 @@ -39,7 +38,6 @@ def main(do_encrypt, in_file, out_file, password, comptype='gz', enctype='aes', write_handle = tarfile._Stream(name=out_file, mode='w', comptype=comptype, bufsize=bufsize, fileobj=None, enctype=enctype, - key_length=key_length, password=password) else: write_handle = open(out_file, 'wt') -- 1.7.1