Don't add an encryption header ".e" to encrypt_file,

and don't check for it in decrypt_file. It will raise an ValuError. Signed-off-by: Rene Jochum <rene@jochums.at>
zopefoundation · Apr 13, 2016 · e479e03 · e479e03
1 parent fa4dcbc
commit e479e03
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -6,7 +6,7 @@ CHANGES
 ------------------
 
 - Add an implementation of encrypt_file and decrypt_file.
-  This allows chuncked encoding and decoding of files.
+  This allows chunked encoding and decoding of files.
   [pcdummy]
 
 

diff --git a/src/keas/kmi/facility.py b/src/keas/kmi/facility.py
@@ -23,7 +23,6 @@
 import httplib
 import logging
 import os
-import shutil
 import struct
 import time
 import urlparse
@@ -90,7 +89,8 @@ def encrypt_file(self, key, fsrc, fdst, chunksize=24*1024):
 
         :param key: The encryption key.
         :param fsrc: File descriptor to read from (opened with 'rb')
-        :param fdst: File descriptor to write to (opened with 'wb')
+        :param fdst: File descriptor to write to (opened with 'wb').
+                     Its an append operation.
         :param chunksize: Sets the size of the chunk which the function
                           uses to read and encrypt the file. Larger chunk
                           sizes can be faster for some files and machines.
@@ -108,8 +108,9 @@ def encrypt_file(self, key, fsrc, fdst, chunksize=24*1024):
             IV=iv
         )
 
-        # 4. Write the encryption marker.
-        fdst.write('.e')
+        # 4. Get the current position so we can seek later back to it
+        #    so we can write the filesize.
+        fdst_startpos = fdst.tell()
 
         # 5. Write a spacer for the later filesize.
         fdst.write(struct.pack('<Q', 0))
@@ -134,37 +135,36 @@ def encrypt_file(self, key, fsrc, fdst, chunksize=24*1024):
             fdst.write(cipher.encrypt(chunk))
 
         # 8. Write the correct filesize.
-        fdst.seek(2)
+        fdst_endpos = fdst.tell()
+        fdst.seek(fdst_startpos)
         fdst.write(struct.pack('<Q', filesize))
 
+        # 9. Seek back to end of the file
+        fdst.seek(fdst_endpos)
+
     def decrypt(self, key, data):
-        """See interfaces.IEncryptionService"""
+        """See interfaces.IEncryptionService
+
+        :raises ValueError: if it can't decrypt the data.
+        """
         # 1. Extract the encryption key
         encryptionKey = self._bytesToKey(self.getEncryptionKey(key))
         # 2. Create a cipher object
         cipher = self.CipherFactory.new(
             key=encryptionKey, mode=self.CipherMode,
             IV=self.initializationVector)
         # 3. Decrypt the data.
-        try:
-            text = cipher.decrypt(data)
-        except ValueError:
-            return data
+        text = cipher.decrypt(data)
 
         # 4. Remove padding and return result.
         return self._pkcs7Decode(text)
 
     def decrypt_file(self, key, fsrc, fdst, chunksize=24*1024):
         """ Decrypts a file using with the given key.
         Parameters are similar to encrypt_file.
-        """
-        header = str(fsrc.read(2))
-        if header != '.e':
-            # File isn't encrypted just copy fsrc to fdst.
-            fsrc.seek(0)
-            shutil.copyfileobj(fsrc, fdst)
-            return
 
+        :raises ValueError: if it can't decrypt the file.
+        """
         origsize = struct.unpack('<Q', fsrc.read(struct.calcsize('Q')))[0]
         iv = fsrc.read(16)