From ad1128af81e3955e15d89ffbce23b561587c79b3 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Tue, 21 Mar 2017 13:13:00 +0100 Subject: [PATCH] simplify password save and retrieval The password must be available for the entire time of the decryption since it might be necessary to recalculate the key on account of different salt or parameters of some object. --- deltatar/crypto.py | 15 ++++++--------- 1 files changed, 6 insertions(+), 9 deletions(-) diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 1dab1be..0428555 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -310,6 +310,7 @@ class Crypto (object): pfx = None # 64 bit fixed parts of IV cnt = None iv = None + password = None def __init__ (self, *al, **akv): self.cnt = 1 @@ -318,7 +319,10 @@ class Crypto (object): def set_parameters (self, password, paramversion, nacl=None, pfx=None): if isinstance (password, bytes) is False: password = str.encode (password) - self.password = password + self.password = password + if paramversion is None and nacl is None: + # postpone until first header is available + return self.nacl = nacl self.paramversion = paramversion kdf = kdf_by_version (paramversion) @@ -393,24 +397,17 @@ class Encrypt (Crypto): class Decrypt (Crypto): pfx = None - password = None tag = None # GCM tag, part of header ctsize = -1 ptsize = -1 def __init__ (self, password, paramversion=None, nacl=None): - if paramversion is not None \ - and nacl is not None : - super().__init__ (password, paramversion, nacl) - else: - self.password = password - # else postpone until first header is available + super().__init__ (password, paramversion, nacl) def next (self, hdr): if self.key is None: super().__init__ (self.password, hdr ["paramversion"], hdr ["nacl"]) - del self.password # XXX find a way to zero out the buffer instead self.cnt += 1 iv = hdr ["iv"] self.tag = hdr ["tag"] -- 1.7.1