summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjaseg <git@jaseg.net>2019-06-25 14:22:13 +0900
committerjaseg <git@jaseg.net>2019-06-25 14:22:13 +0900
commitfb2f3bcc2a6ec010e1ffc33b78833234f57da11a (patch)
tree7609c1a54ae9c263e4f4b1be747ef5e7c2d49017
parent0ad5efec388db4f8e9233f4dfd5de716f680549e (diff)
downloadsecure-download-fb2f3bcc2a6ec010e1ffc33b78833234f57da11a.tar.gz
secure-download-fb2f3bcc2a6ec010e1ffc33b78833234f57da11a.tar.bz2
secure-download-fb2f3bcc2a6ec010e1ffc33b78833234f57da11a.zip
Verify download filenames in URL
-rw-r--r--encrypt.py5
-rw-r--r--filecrypt.py6
-rw-r--r--server.py4
3 files changed, 9 insertions, 6 deletions
diff --git a/encrypt.py b/encrypt.py
index 80cedf3..e813d36 100644
--- a/encrypt.py
+++ b/encrypt.py
@@ -14,6 +14,7 @@ if __name__ == '__main__':
print(f'{infile} is not a file or directory, exiting.')
os.exit(2)
- file_id, token = encrypt_file(args.infile)
- print(f'/{file_id}/{token}/{os.path.basename(args.infile)}')
+ download_filename = os.path.basename(args.infile)
+ file_id, token = encrypt_file(args.infile, download_filename)
+ print(f'/{file_id}/{token}/{download_filename}')
diff --git a/filecrypt.py b/filecrypt.py
index 85d9eea..da0db9b 100644
--- a/filecrypt.py
+++ b/filecrypt.py
@@ -10,13 +10,14 @@ FILE_ID_LENGTH = 22
TOKEN_LENGTH = 22
HEADER_LENGTH = 56
-def encrypt_file(filename_in, chunk_size=1000000//16):
+def encrypt_file(filename_in, download_filename, chunk_size=1000000//16):
file_id = secrets.token_urlsafe(16)
auth_secret = secrets.token_bytes(16)
key = secrets.token_bytes(16)
data_nonce = secrets.token_bytes(8)
token_cipher = AES.new(auth_secret, AES.MODE_GCM)
+ token_cipher.update(download_filename.encode())
ciphertext, token_tag = token_cipher.encrypt_and_digest(key)
token = base64.b64encode(ciphertext).rstrip(b'=').decode()
@@ -41,7 +42,7 @@ def encrypt_file(filename_in, chunk_size=1000000//16):
def payload_size(path):
return os.stat(path).st_size - HEADER_LENGTH
-def decrypt_generator(filename, token, seek=0, end=None, chunk_size=1000000//16):
+def decrypt_generator(filename, download_filename, token, seek=0, end=None, chunk_size=1000000//16):
with open(filename, 'rb') as fin:
token_nonce = fin.read(16)
token_tag = fin.read(16)
@@ -51,6 +52,7 @@ def decrypt_generator(filename, token, seek=0, end=None, chunk_size=1000000//16)
ciphertext = base64.b64decode(token + '='*((3-len(token)%3)%3))
token_cipher = AES.new(auth_secret, AES.MODE_GCM, nonce=token_nonce)
+ token_cipher.update(download_filename.encode())
key = token_cipher.decrypt_and_verify(ciphertext, token_tag)
def generator():
diff --git a/server.py b/server.py
index b084298..694b1ac 100644
--- a/server.py
+++ b/server.py
@@ -26,7 +26,7 @@ def download(file_id, token, filename):
range_header = re.match('^bytes=([0-9]+)-([0-9]*)$', request.headers.get('Range', ''))
if not range_header:
try:
- generator = filecrypt.decrypt_generator(path, token)
+ generator = filecrypt.decrypt_generator(path, filename, token)
except ValueError: # MAC check failed
abort(403) # forbidden
@@ -40,7 +40,7 @@ def download(file_id, token, filename):
abort(416) # range not satisfiable
try:
- generator = filecrypt.decrypt_generator(path, token, seek=range_start, end=range_end)
+ generator = filecrypt.decrypt_generator(path, filename, token, seek=range_start, end=range_end)
except ValueError: # MAC check failed
abort(403) # forbidden
response = Response(generator, status=206, mimetype='application/octet-stream')