git://developer.intra2net.com / python-delta-tar / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 66b1c6f) | patch
enable strict IV checking by default during decryption
authorPhilipp Gesang <philipp.gesang@intra2net.com>
Fri, 17 Apr 2020 09:27:48 +0000 (11:27 +0200)
committerPhilipp Gesang <philipp.gesang@intra2net.com>
Fri, 24 Apr 2020 06:55:25 +0000 (08:55 +0200)
commitb750b280c78f7b62ba30249c68a8542a3421534c
tree1b71c3fc7f47a2735494cc06b45c6a49a848f5abtree | snapshot (zip tar.gz)
parent66b1c6f4ef81f0c6b3e3af491f016ae2572a22d3commit | diff
enable strict IV checking by default during decryption

Address Deltatar audit item 2.3: Ciphertexts can be re-ordered or
dropped when decryption is non-linear

Set *decryption* contexts to validate IVs unless the user opts out.
This requires sprinkling options for non-strict behavior wherever
a decryption context might be created, and disabling the strict
checking for APIs intended for use with possibly corrupted inputs.

During a normal *encryption* when only a single Encrypt handle is
used, the IVs are guaranteed unique. Strict tracking of IVs is
only necessary in testing and when working with multiple Encrypt
handles so used IVs are to be compared across handlers
afterwards. Thus we need not enable the ``strict_ivs'' option for
Encrypt handles.
deltatar/crypto.py diff | blob | blame | history
deltatar/deltatar.py diff | blob | blame | history
deltatar/tarfile.py diff | blob | blame | history
testing/test_crypto.py diff | blob | blame | history
testing/test_recover.py diff | blob | blame | history
python library for differential backup with tar