From cedcb8c1c2c8a24c77157319b93f707e01272855 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Thu, 16 Mar 2017 17:39:57 +0100 Subject: [PATCH] create crypto header in .next() Saves us from exposing the IV to the stream. --- deltatar/crypto.py | 14 ++++++++++---- 1 files changed, 10 insertions(+), 4 deletions(-) diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 2d84ccc..b389ef6 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -273,6 +273,7 @@ class Crypto (object): key = None pfx = None # 64 bit fixed parts of IV cnt = None + iv = None def __init__ (self, *al, **akv): self.cnt = 1 @@ -330,17 +331,21 @@ class Encrypt (Crypto): return struct.pack("<8sL", self.pfx, self.cnt % 0xffFFffFF) - def next (self, filename): + def next (self, filename, version, paramversion, nacl, ctsize=None): + iv = self.iv_make() + ok, hdr = hdr_from_params (version, paramversion, nacl, iv, ctsize) + if ok is False: + return None self.cnt += 1 aad = "%s" % filename - iv = self.iv_make() self.aes = Cipher \ ( algorithms.AES (self.key) , modes.GCM (iv) , backend = default_backend ()) \ .encryptor () + return hdr - return self.aes.authenticate_additional_data (aad) + return self.aes.authenticate_additional_data (str.encode (aad)) def done (self): @@ -358,6 +363,7 @@ class Decrypt (Crypto): def next (self, hdr): self.cnt += 1 print("I2N: got header “%s”" % crypto.hdr_fmt (hdr)) + iv = hdr ["iv"] self.aes = Cipher \ ( algorithms.AES (key) , modes.GCM (hdr["iv"]) @@ -375,7 +381,7 @@ class Decrypt (Crypto): def done (self, filename, tag): aad = "%s" % filename - self.aes.authenticate_additional_data (aad) + self.aes.authenticate_additional_data (str.encode (aad)) return self.aes.finalize_with_tag (tag) -- 1.7.1