From 73f3cf0b72d0e05a8d7cd515ff3287d721763d24 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Fri, 31 Mar 2017 14:31:19 +0200 Subject: [PATCH] do not require parameter version with each encrypted object When encrypting, stick to the parameter version specified in the ctor. Despite the format allowing for on-the-fly adjustment of encryption parameters, there is no real world scenario yet in which this might be desired. Thus, remove this prerequisite as it only encumbers the signature of ``.next()`` with cruft. --- deltatar/crypto.py | 27 ++++++++++++++++----------- deltatar/tarfile.py | 3 +-- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 5ae9330..9fdbef0 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -421,11 +421,16 @@ class Encrypt (Crypto): curobj = None hdrdum = None - + paramversion = None + paramenc = None def __init__ (self, password, paramversion, nacl=None, counter=AES_GCM_IV_CNT_DATA): self.pfx = [ ] + self.paramversion = paramversion + defs = ENCRYPTION_PARAMETERS.get(self.paramversion) + self.paramenc = defs ["enc"] + super().__init__ (password, paramversion, nacl, counter=counter, nextpfx=lambda: self.pfx.append (os.urandom(8))) @@ -434,25 +439,25 @@ class Encrypt (Crypto): return struct.pack(FMT_I2N_IV, self.pfx [-1], self.cnt) - def next (self, filename, version, paramversion, nacl): - self.curobj = (filename, version, paramversion, nacl or self.nacl) + def next (self, filename, version, nacl): + self.curobj = (filename, version, nacl or self.nacl) self.set_object_counter (self.cnt + 1) self.iv = self.iv_make () - defs = ENCRYPTION_PARAMETERS.get(paramversion) - enc = defs ["enc"] - if enc == "aes-gcm": + + if self.paramenc == "aes-gcm": self.enc = Cipher \ ( algorithms.AES (self.key) , modes.GCM (self.iv) , backend = default_backend ()) \ .encryptor () - elif enc == "passthrough": + elif self.paramenc == "passthrough": self.enc = PassthroughCipher () else: raise Exception ("XXX garbage encryption parameter %d → %r" - % (paramversion, enc)) + % (self.paramversion, enc)) self.hdrdum = hdr_make_dummy (filename) - super().next (self.password, paramversion, nacl) + super().next (self.password, self.paramversion, nacl) + return self.hdrdum @@ -462,8 +467,8 @@ class Encrypt (Crypto): data = self.enc.finalize () self.stats ["out"] += len (data) self.ctsize += len (data) - (filename, version, paramversion, nacl) = self.curobj - ok, hdr = hdr_from_params (version, paramversion, nacl, self.iv, + (filename, version, nacl) = self.curobj + ok, hdr = hdr_from_params (version, self.paramversion, nacl, self.iv, self.ctsize, self.enc.tag) if ok is False: raise Exception ("XXX error constructing header: %r" % hdr) ## we need to converge on a sensible error handling strategy diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py index 71a50d6..2c024c9 100644 --- a/deltatar/tarfile.py +++ b/deltatar/tarfile.py @@ -494,7 +494,7 @@ class _Stream: else: self.cmp = lzma.LZMACompressor() - elif comptype != "tar": + elif comptype not in [ "tar", "aes128" ]: if self.encryption is not None: raise InvalidEncryptionError("encryption not available for " "compression %s" % comptype) @@ -527,7 +527,6 @@ class _Stream: # encryption layer in .__write(). dummyhdr = self.encryption.next (entry, version=DELTATAR_HEADER_VERSION, - paramversion=self.encver, nacl=self.encryption.nacl) if dummyhdr is None: raise EncryptionError ("Crypto.next(): bad dummy header") # XXX -- 1.7.1