Update python to match node, bump version numbers

martinthomson · martinthomson · commit 0393ed8d6f4f · 2016-03-16T10:47:22.000+11:00
diff --git a/nodejs/package.json b/nodejs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "http_ece",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "Encrypted Content-Encoding for HTTP",
   "homepage": "https://github.com/martinthomson/encrypted-content-encoding",
   "bugs": "https://github.com/martinthomson/encrypted-content-encoding/issues",
diff --git a/python/http_ece/__init__.py b/python/http_ece/__init__.py
@@ -10,7 +10,7 @@
 keys = {}
 labels = {}
 
-def deriveKey(mode, salt, key=None, dh=None, keyid=None, authSecret=None):
+def deriveKey(mode, salt, key=None, dh=None, keyid=None, authSecret=None, padSize=2):
     def buildInfo(base, context):
         return b"Content-Encoding: " + base + b"\0" + context
 
@@ -63,24 +63,27 @@ def lengthPrefix(key):
         )
         secret = hkdf_auth.derive(secret)
 
-    keyinfo = b"aesgcm"
     if padSize == 2:
-        keyinfo = b"aesgcm128"
-    elif padSize != 1:
+        keyinfo = buildInfo(b"aesgcm", context)
+        nonceinfo = buildInfo(b"nonce", context)
+    elif padSize == 1:
+        keyinfo = b"Content-Encoding: aesgcm128"
+        nonceinfo = b"Content-Encoding: nonce"
+    else:
         raise Exception(u"unable to set context for padSize=" + str(padSize))
 
     hkdf_key = HKDF(
         algorithm=hashes.SHA256(),
         length=16,
         salt=salt,
-        info=buildInfo(keyinfo, context),
+        info=keyinfo,
         backend=default_backend()
     )
     hkdf_nonce = HKDF(
         algorithm=hashes.SHA256(),
         length=12,
         salt=salt,
-        info=buildInfo(b"nonce", context),
+        info=nonceinfo,
         backend=default_backend()
     )
     result = (hkdf_key.derive(secret), hkdf_nonce.derive(secret))
@@ -108,7 +111,7 @@ def decryptRecord(key, nonce, counter, buffer):
 
     (key_, nonce_) = deriveKey(mode="decrypt", salt=salt,
                                key=key, keyid=keyid, dh=dh,
-                               authSecret=authSecret)
+                               authSecret=authSecret, padSize=padSize)
     if rs <= padSize:
         raise Exception(u"Record size too small")
     rs += 16 # account for tags
@@ -135,7 +138,7 @@ def encryptRecord(key, nonce, counter, buffer):
 
     (key_, nonce_) = deriveKey(mode="encrypt", salt=salt,
                                key=key, keyid=keyid, dh=dh,
-                               authSecret=authSecret)
+                               authSecret=authSecret, padSize=padSize)
     if rs <= padSize:
         raise Exception(u"Record size too small")
     rs -= padSize # account for padding
diff --git a/python/setup.py b/python/setup.py
@@ -3,7 +3,7 @@
 
 setup(
     name='http_ece',
-    version='0.4.2',
+    version='0.4.3',
     author='Martin Thomson',
     author_email='martin.thomson@gmail.com',
     scripts=[],

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "http_ece",`
`3`		`- "version": "0.4.2",`
	`3`	`+ "version": "0.4.3",`
`4`	`4`	`"description": "Encrypted Content-Encoding for HTTP",`
`5`	`5`	`"homepage": "https://github.com/martinthomson/encrypted-content-encoding",`
`6`	`6`	`"bugs": "https://github.com/martinthomson/encrypted-content-encoding/issues",`