diff options
| author | jaseg <git@jaseg.net> | 2019-06-23 19:17:37 +0900 |
|---|---|---|
| committer | jaseg <git@jaseg.net> | 2019-06-23 19:17:37 +0900 |
| commit | e59b4672b1ee6d58cf3e828b0a7c7b4c4c1cbb38 (patch) | |
| tree | cbbb2a3ebca66a98d23aae5c899658b3ac51b7d9 | |
| parent | 093dea5197d1a66c9734aa20ff554ca8dc654d89 (diff) | |
| download | secure-download-e59b4672b1ee6d58cf3e828b0a7c7b4c4c1cbb38.tar.gz secure-download-e59b4672b1ee6d58cf3e828b0a7c7b4c4c1cbb38.tar.bz2 secure-download-e59b4672b1ee6d58cf3e828b0a7c7b4c4c1cbb38.zip | |
Works with fast encryption
| -rw-r--r-- | encrypt.py | 39 |
1 files changed, 8 insertions, 31 deletions
@@ -7,16 +7,6 @@ import struct import subprocess import binascii -def _pad(data, blocksize): - return (data + b'\x80' + b'\x00'*blocksize)[:blocksize] - -def _unpad(data): - data = data.rstrip(b'\0') - if data[-1] == 0x80: - return data[:-1] - else: - raise ValueError('Invalid padding!') - def encrypt_file(filename_in): file_id = secrets.token_urlsafe(22) auth_secret = secrets.token_bytes(16) @@ -27,26 +17,18 @@ def encrypt_file(filename_in): ciphertext, token_tag = token_cipher.encrypt_and_digest(key) token = base64.b64encode(ciphertext) - with open(filename_in, 'rb', buffering=8192) as fin, open(f'{file_id}.enc', 'wb', buffering=8192) as fout: + with open(f'{file_id}.enc', 'wb') as fout: fout.write(token_cipher.nonce) # 16 bytes fout.write(token_tag) # 16 bytes fout.write(auth_secret) # 16 bytes fout.write(cipher_nonce) # 8 bytes + fout.flush() subprocess.check_call(['openssl', 'enc', '-aes-128-ctr', '-K', binascii.hexlify(key), - '-iv', binascii.hexlify(cipher_nonce + '\0'*8) - - data = fin.read(cipher.block_size) or None - while data is not None: - next_data = fin.read(cipher.block_size) or None - if not next_data: # padding required - if len(data) == cipher.block_size: - next_data = b'' - else: - data = _pad(data, cipher.block_size) - fout.write(cipher.encrypt(data)) - data = next_data + '-iv', binascii.hexlify(cipher_nonce + b'\0'*8), # nonce || counter format + '-in', filename_in, # no out: output defaults to stdout + ], stdout=fout.fileno()) return file_id, token @@ -68,17 +50,12 @@ def decrypt_generator(file_id, token, seek=0): fin.seek(seek - seek % cipher.block_size, 1) offset = seek % cipher.block_size - next_block = fin.read(cipher.block_size) - while next_block: - block = next_block - next_block = fin.read(cipher.block_size) + block = fin.read(cipher.block_size) + while block: data = cipher.decrypt(block) - - if not next_block: # remove padding - data = _unpad(data) - yield data[offset:] offset = 0 + block = fin.read(cipher.block_size) if __name__ == '__main__': import argparse |