fix(aes): Allow AES encryption while streaming

[roblabla]

The update_aes_extra_data function requires the underlying writer to support seeking to succeed. In effect, this function is only used to switch the mode between AE2 and AE1 depending on file size, using AE2 only for small files (as the CRC in AE1 could leak too much information on those small files).

Changing the type isn't strictly necessary, however - I assume it's only there to slightly increase compatibility?

So, in order to support streaming use-cases, I suggest we default to writing a header using AE2, and only run the update_aes_extra_data function if not using a data descriptor.

[gemini-code-assist]

Summary of Changes

Hello @roblabla, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a limitation where AES encryption could not be utilized with streaming writers due to the update_aes_extra_data function requiring seek operations. By restructuring the AES mode determination and making the update_aes_extra_data call conditional on the writer's seek capability, the change allows AES encryption to function correctly in streaming contexts, defaulting to AE2 mode when seeking is not possible.

Highlights

• Streaming AES Support: Enables AES encryption for streaming write operations by conditionally skipping seek-dependent updates to the AES extra data.
• Conditional AES Mode Update: The dynamic switching between AE1 and AE2 modes (based on file size to prevent CRC leakage) is now only performed if the underlying writer supports seeking (i.e., not using a data descriptor).
• Refactored AES Parameter Initialization: The logic for determining the AES compression method and mode has been refactored and moved earlier in the process for improved clarity and to support the new conditional logic.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly enables AES encryption for streaming use cases by defaulting to the AE-2 encryption specification and only updating the AES extra data (which requires seeking) when not in streaming mode. The changes are logical and also include some nice refactoring that improves code clarity, such as decoupling the CRC calculation logic. I have one minor suggestion regarding a comment to improve maintainability.

[gemini-code-assist]

This comment is slightly confusing because it describes the case for the if branch (using_data_descriptor is true) but is located in the else branch. A comment explaining what happens in the else branch would be clearer.

Suggested change

	// If using a data descriptor, it's because the underlying
	// Write implementation doesn't support seek. In this case, we
	// shouldn't update the AES Extra Data.
	update_aes_extra_data(writer, file)?;
	update_local_file_header(writer, file)?;
	writer.seek(SeekFrom::Start(file_end))?;
	// Not using a data descriptor means the underlying writer supports seeking,
	// so we can go back and update the file headers.
	update_aes_extra_data(writer, file)?;
	update_local_file_header(writer, file)?;
	writer.seek(SeekFrom::Start(file_end))?;