From 886fb188cdf12c8b0f048c095a18b3c6b79c4ee1 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 14 Nov 2012 15:00:40 +0000 Subject: [PATCH] Improved documentation Implemented exceptions Added method for splitting catfiles --- apps/files_encryption/lib/crypt.php | 49 ++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 7 deletions(-) mode change 100644 => 100755 apps/files_encryption/lib/crypt.php diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php old mode 100644 new mode 100755 index e92c534a93c..48e114846b7 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -88,7 +88,7 @@ class Crypt { * @brief Add arbitrary padding to encrypted data * @param string $data data to be padded * @return padded data - * @note In order to end up with data exactly 8192 bytes long we must add two letters. Something about the encryption process always results in 8190 or 8194 byte length, hence the letters must be added manually after encryption takes place + * @note In order to end up with data exactly 8192 bytes long we must add two letters. It is impossible to achieve exactly 8192 length blocks with encryption alone, hence padding is added to achieve the required length. */ public static function addPadding( $data ) { @@ -228,6 +228,12 @@ class Crypt { } + /** + * @brief Concatenate encrypted data with its IV and padding + * @param string $content content to be concatenated + * @param string $iv IV to be concatenated + * @returns string concatenated content + */ public static function concatIv ( $content, $iv ) { $combined = $content . '00iv00' . $iv; @@ -236,6 +242,33 @@ class Crypt { } + /** + * @brief Split concatenated data and IV into respective parts + * @param string $catFile concatenated data to be split + * @returns array keys: encrypted, iv + */ + public static function splitIv ( $catFile ) { + + // Fetch encryption metadata from end of file + $meta = substr( $catFile, -22 ); + + // Fetch IV from end of file + $iv = substr( $meta, -16 ); + + // Remove IV and IV identifier text to expose encrypted content + $encrypted = substr( $catFile, 0, -22 ); + + $split = array( + 'encrypted' => $encrypted + , 'iv' => $iv + ); + + $combined = $content . '00iv00' . $iv; + + return $combined; + + } + /** * @brief Symmetrically encrypts a string and returns keyfile content * @param $plainContent content to be encrypted in keyfile @@ -525,12 +558,12 @@ class Crypt { } /** - * @brief Generate a pseudo random 1024kb ASCII key - * @returns $key Generated key + * @brief Generates a pseudo random initialisation vector + * @return String $iv generated IV */ public static function generateIv() { - if ( $random = openssl_random_pseudo_bytes( 13, $strong ) ) { + if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) { if ( !$strong ) { @@ -539,13 +572,15 @@ class Crypt { } - $iv = substr( base64_encode( $random ), 0, -4 ); + // We encode the iv purely for string manipulation + // purposes - it gets decoded before use + $iv = base64_encode( $random ); return $iv; } else { - return false; + throw new Exception( 'Generating IV failed' ); } @@ -565,7 +600,7 @@ class Crypt { if ( !$strong ) { // If OpenSSL indicates randomness is insecure, log error - \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()' , \OC_Log::WARN ); + throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' ); }