diff --git a/app.php b/app.php index d3f7351..7498ef7 100644 --- a/app.php +++ b/app.php @@ -230,8 +230,7 @@ $f3->route('POST /share', return basename($tmpfile."_".$fileBaseName); } }); - array_map('cryptographyClass::hardUnlink', $_FILES['svg']['tmp_name']); - CryptographyClass::hardUnlink($_FILES['pdf']['tmp_name']); + if(!count($files)) { $f3->error(403); } @@ -241,15 +240,14 @@ $f3->route('POST /share', if(!$f3->get('DEBUG')) { array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg")); } - if (!isset($_COOKIE[$hash])) { - $symmetric_key = createSymmetricKey(); - $keyCookieDate = strtotime('+1 year'); - setcookie($hash, $symmetric_key, ['expires' => $keyCookieDate, 'samesite' => 'Strict', 'path' => "/"]); - } - $encryptor = new CryptographyClass($symmetric_key); - $encryptor->encrypt($hash); + $symmetricKey = CryptographyClass::createSymmetricKey(); + setcookie($hash, $symmetricKey, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]); - $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetric_key); + $encryptor = new CryptographyClass($symmetricKey, $f3->get('PDF_STORAGE_PATH').$hash); + $encryptor->encrypt(); + + + $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetricKey); } ); @@ -260,12 +258,11 @@ $f3->route('GET /signature/@hash/pdf', $hash = Web::instance()->slug($f3->get('PARAMS.hash')); $sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash; - if (substr($_COOKIE[$hash], 0, 4) !== '#sk:') { - echo "Error: Invalid prefix."; - exit; + if (CryptographyClass::isSymmetricKeyValid($_COOKIE[$hash]) == false) { + $f3->error(403); } - $cryptor = new CryptographyClass(substr($_COOKIE[$hash], 4, 15)); - $cryptor->decrypt($hash); + $cryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash); + $cryptor->decrypt(); $files = scandir($sharingFolder); $originalFile = $sharingFolder.'/original.pdf'; @@ -536,15 +533,4 @@ function convertPHPSizeToBytes($sSize) return (int)$iValue; } -function createSymmetricKey() { - $length = 15; - $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - $pieces = []; - $max = mb_strlen($keyspace, '8bit') - 1; - for ($i = 0; $i < $length; ++$i) { - $pieces []= $keyspace[random_int(0, $max)]; - } - return implode('', $pieces); - } - return $f3; diff --git a/lib/cryptography.class.php b/lib/cryptography.class.php index 22d53aa..395c5ee 100644 --- a/lib/cryptography.class.php +++ b/lib/cryptography.class.php @@ -2,54 +2,77 @@ class CryptographyClass { - private $symmetric_key = null; + private $symmetricKey = null; + private $pathHash = null; - function __construct($key) { - $this->setSymmetricKey($key); + function __construct($key, $pathHash) { + $this->symmetricKey = $key; + $this->pathHash = $pathHash; } - public function encrypt($hash) { - foreach (glob("/tmp/".$hash.'/*.pdf') as $file) { + private function getFiles($isGpg) { + $suffix = ""; + if ($isGpg) { + $suffix = ".gpg"; + } + $filesTab = glob($this->pathHash.'/*.pdf'.$suffix); + $filesTab[] = $this->pathHash."/filename.txt".$suffix; + + return $filesTab; + } + + public function encrypt() { + + foreach ($this->getFiles(false) as $file) { $outputFile = $file.".gpg"; - $key = $this->getSymmetricKey(); - $command = "gpg --batch --passphrase $key --symmetric --cipher-algo AES256 -o $outputFile $file"; + $command = "gpg --batch --passphrase $this->symmetricKey --symmetric --cipher-algo AES256 -o $outputFile $file"; $result = shell_exec($command); if ($result === false) { echo "Cypher failure"; exit; } - unlink($file); + $this->hardUnlink($file); } } - public function decrypt($hash) { - foreach (glob("/tmp/".$hash.'/*.gpg') as $file) { + public function decrypt() { + foreach ($this->getFiles(true) as $file) { $outputFile = str_replace(".gpg", "", $file); - $key = $this->getSymmetricKey(); - $command = "gpg --batch --passphrase $key --decrypt -o $outputFile $file"; + $command = "gpg --batch --passphrase $this->symmetricKey --decrypt -o $outputFile $file"; $result = shell_exec($command); if ($result === false) { echo "Decypher failure"; exit; } - unlink($file); + $this->hardUnlink($file); } return true; } - private function getSymmetricKey() { - return $this->symmetric_key; - } - - private function setSymmetricKey($key) { - $this->symmetric_key = $key; - } - public static function hardUnlink($element) { - $eraser = str_repeat(0, strlen($element)); + if (!$element) { + return; + } + print_r(['hu', $element]); + $eraser = str_repeat(0, strlen(file_get_contents($element))); file_put_contents($element, $eraser); unlink($element); } + public static function isSymmetricKeyValid($key) { + return (bool)preg_match('/^[0-9a-zA-Z]{15}$/', $key); + } + + public static function createSymmetricKey() { + $length = 15; + $keySpace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $pieces = []; + $max = mb_strlen($keySpace, '8bit') - 1; + for ($i = 0; $i < $length; ++$i) { + $pieces []= $keySpace[random_int(0, $max)]; + } + + return implode('', $pieces); + } } ?> diff --git a/public/js/signature.js b/public/js/signature.js index b6ef42b..165bb5a 100644 --- a/public/js/signature.js +++ b/public/js/signature.js @@ -1166,5 +1166,12 @@ var pageSignature = async function(url) { })(); function storeSymmetricKeyCookie() { - document.cookie = pdfHash + "=" + window.location.hash + "; SameSite=Strict"; + let symmetricKey = window.location.hash; + if (symmetricKey.length != 19) { + console.error("Erreur taille cle symmetrique."); + return; + } else if (symmetricKey.substr(0, 4) != "#sk:") { + console.error("Erreur format cle symmetrique"); + } + document.cookie = pdfHash + "=" + symmetricKey.substr(4, 15) + "; SameSite=Strict"; }