summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjaseg <git@jaseg.net>2019-06-25 14:16:25 +0900
committerjaseg <git@jaseg.net>2019-06-25 14:16:25 +0900
commit0ad5efec388db4f8e9233f4dfd5de716f680549e (patch)
tree0d238a3022506a7e02581c43ffebfbd2dd976657
parentc5cdb8906f2fe853c0bc630ebb7cfd81711fddc4 (diff)
downloadsecure-download-0ad5efec388db4f8e9233f4dfd5de716f680549e.tar.gz
secure-download-0ad5efec388db4f8e9233f4dfd5de716f680549e.tar.bz2
secure-download-0ad5efec388db4f8e9233f4dfd5de716f680549e.zip
Fix up error handling
-rw-r--r--filecrypt.py45
-rw-r--r--server.py23
2 files changed, 40 insertions, 28 deletions
diff --git a/filecrypt.py b/filecrypt.py
index ce6e3a1..85d9eea 100644
--- a/filecrypt.py
+++ b/filecrypt.py
@@ -8,6 +8,7 @@ import os
FILE_ID_LENGTH = 22
TOKEN_LENGTH = 22
+HEADER_LENGTH = 56
def encrypt_file(filename_in, chunk_size=1000000//16):
file_id = secrets.token_urlsafe(16)
@@ -24,6 +25,7 @@ def encrypt_file(filename_in, chunk_size=1000000//16):
fout.write(token_tag) # 16 bytes
fout.write(auth_secret) # 16 bytes
fout.write(data_nonce) # 8 bytes
+ assert fout.tell() == HEADER_LENGTH
cipher = AES.new(key, AES.MODE_CTR,
initial_value=struct.pack('<Q', 0), nonce=data_nonce)
@@ -37,7 +39,7 @@ def encrypt_file(filename_in, chunk_size=1000000//16):
return file_id, token
def payload_size(path):
- return os.stat(path).st_size - 56
+ return os.stat(path).st_size - HEADER_LENGTH
def decrypt_generator(filename, token, seek=0, end=None, chunk_size=1000000//16):
with open(filename, 'rb') as fin:
@@ -45,27 +47,30 @@ def decrypt_generator(filename, token, seek=0, end=None, chunk_size=1000000//16)
token_tag = fin.read(16)
auth_secret = fin.read(16)
data_nonce = fin.read(8)
+ assert fin.tell() == HEADER_LENGTH
- ciphertext = base64.b64decode(token + '='*((3-len(token)%3)%3))
- token_cipher = AES.new(auth_secret, AES.MODE_GCM, nonce=token_nonce)
- key = token_cipher.decrypt_and_verify(ciphertext, token_tag)
+ ciphertext = base64.b64decode(token + '='*((3-len(token)%3)%3))
+ token_cipher = AES.new(auth_secret, AES.MODE_GCM, nonce=token_nonce)
+ key = token_cipher.decrypt_and_verify(ciphertext, token_tag)
- # Use token cipher's block size assuming the two are the same
- cipher = AES.new(key, AES.MODE_CTR,
- initial_value=struct.pack('>Q', seek // token_cipher.block_size), nonce=data_nonce)
- print('Seeking to position', seek, 'iv', seek // token_cipher.block_size, 'pos', seek - seek %
- cipher.block_size, 'offset', seek % cipher.block_size)
- fin.seek(seek - seek % cipher.block_size, 1)
- offset = seek % cipher.block_size
+ def generator():
+ with open(filename, 'rb') as fin:
+ fin.seek(HEADER_LENGTH)
+ # Use token cipher's block size assuming the two are the same
+ cipher = AES.new(key, AES.MODE_CTR,
+ initial_value=struct.pack('>Q', seek // token_cipher.block_size), nonce=data_nonce)
+ fin.seek(seek - seek % cipher.block_size, 1)
+ offset = seek % cipher.block_size
- to_send = end - seek + 1 if end else None
- block = fin.read(cipher.block_size*chunk_size)
- while block and (to_send is None or to_send > 0):
- data = cipher.decrypt(block)
- out = data[offset:to_send]
- yield out
- if to_send is not None:
- to_send -= len(out)
- offset = 0
+ to_send = end - seek + 1 if end else None
block = fin.read(cipher.block_size*chunk_size)
+ while block and (to_send is None or to_send > 0):
+ data = cipher.decrypt(block)
+ out = data[offset:to_send]
+ yield out
+ if to_send is not None:
+ to_send -= len(out)
+ offset = 0
+ block = fin.read(cipher.block_size*chunk_size)
+ return generator()
diff --git a/server.py b/server.py
index 9df3546..b084298 100644
--- a/server.py
+++ b/server.py
@@ -18,25 +18,32 @@ def download(file_id, token, filename):
abort(400, 'Invalid token format')
path = f'{file_id}.enc'
+ if not os.path.isfile(path):
+ abort(403) # forbidden
+
size = filecrypt.payload_size(path)
range_header = re.match('^bytes=([0-9]+)-([0-9]*)$', request.headers.get('Range', ''))
if not range_header:
- response = Response(
- filecrypt.decrypt_generator(path, token),
- mimetype='application/octet-stream')
+ try:
+ generator = filecrypt.decrypt_generator(path, token)
+ except ValueError: # MAC check failed
+ abort(403) # forbidden
+
+ response = Response(generator, mimetype='application/octet-stream')
response.headers['Content-Length'] = size
else:
range_start, range_end = range_header.groups()
range_start = int(range_start)
range_end = int(range_end) if range_end else size-1
if range_start < 0 or range_end >= size or range_start >= range_end:
- abort(416)
+ abort(416) # range not satisfiable
- response = Response(
- filecrypt.decrypt_generator(path, token, seek=range_start, end=range_end),
- status = 206,
- mimetype='application/octet-stream')
+ try:
+ generator = filecrypt.decrypt_generator(path, token, seek=range_start, end=range_end)
+ except ValueError: # MAC check failed
+ abort(403) # forbidden
+ response = Response(generator, status=206, mimetype='application/octet-stream')
response.headers['Content-Range'] = f'bytes {range_start}-{range_end}/{size}'
response.headers['Content-Length'] = range_end - range_start + 1