From 5bb45ddd8fb29bad485bb8516fb9b09ed9b70d3e Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Mon, 20 Mar 2017 12:07:08 +0100 Subject: [PATCH] retrieve and save GCM tag from object header --- deltatar/crypto.py | 18 ++++++++++++------ 1 files changed, 12 insertions(+), 6 deletions(-) diff --git a/deltatar/crypto.py b/deltatar/crypto.py index c1c1f8f..9342c2a 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -352,13 +352,16 @@ class Encrypt (Crypto): self.curobj = (filename, version, paramversion, nacl) self.cnt += 1 self.ctsize = 0 - aad = "%s" % filename self.aes = Cipher \ ( algorithms.AES (self.key) , modes.GCM (self.iv) , backend = default_backend ()) \ .encryptor () - self.aes.authenticate_additional_data (str.encode (aad)) + # XXX figure out what we want for AAD. Filename (not known to stream)? + # Size? + #aad = "%s" % filename + #self.aes.authenticate_additional_data (str.encode (aad)) + self.hdrdum = hdr_make_dummy (filename) return self.hdrdum @@ -386,6 +389,7 @@ class Decrypt (Crypto): pfx = None password = None + tag = None # GCM tag, part of header def __init__ (self, password, paramversion=None, nacl=None): if paramversion is not None \ @@ -402,11 +406,15 @@ class Decrypt (Crypto): del self.password # XXX find a way to zero out the buffer instead self.cnt += 1 iv = hdr ["iv"] + self.tag = hdr ["tag"] self.aes = Cipher \ ( algorithms.AES (key) , modes.GCM (hdr["iv"]) , backend = default_backend ()) \ . decryptor () + # XXX figure out what we want for AAD. Filename (not known to stream)? + # Size? + #self.aes.authenticate_additional_data (str.encode (aad)) def next_in_source (self, tarinfo, source): @@ -417,10 +425,8 @@ class Decrypt (Crypto): return self.next(hdr) - def done (self, filename, tag): - aad = "%s" % filename - self.aes.authenticate_additional_data (str.encode (aad)) - return self.aes.finalize_with_tag (tag) + def done (self, tag): + return self.aes.finalize_with_tag (self.tag) ############################################################################### -- 1.7.1