From 1b8a037f3c999de7053949a50a524f4a590482cd Mon Sep 17 00:00:00 2001 From: Tanguy Le Faucheur Date: Fri, 24 Nov 2023 18:32:40 +0100 Subject: [PATCH] Modification cryptography, fix several issues that made the choice between cryptic and non cryptic impossible --- app.php | 45 +++++++++++++++++++----------------- installation.md | 1 - lib/cryptography.class.php | 21 +++++++++++++---- public/js/signature.js | 10 +++++--- templates/signature.html.php | 2 +- 5 files changed, 48 insertions(+), 31 deletions(-) diff --git a/app.php b/app.php index 45cd806..3bb77f6 100644 --- a/app.php +++ b/app.php @@ -49,6 +49,10 @@ if ($f3->get('GET.lang')) { selectLanguage($f3->get('LANGUAGE'), $f3); } +if (!$f3->exists('PDF_STORAGE_ENCRYPTION')) { + $f3->set('PDF_STORAGE_ENCRYPTION', CryptographyClass::isGpgInstalled()); +} + $domain = basename(glob($f3->get('ROOT')."/locale/application_*.pot")[0], '.pot'); bindtextdomain($domain, $f3->get('ROOT')."/locale"); @@ -82,14 +86,6 @@ $f3->route('GET /signature', $f3->set('noSharingMode', true); } - if (!$f3->exists('PDF_STORAGE_ENCRYPTION')) { - if (CryptographyClass::isGpgInstalled() == true) { - $f3->set('PDF_STORAGE_ENCRYPTION', 'true'); - } else { - $f3->set('PDF_STORAGE_ENCRYPTION', ''); - } - } - $f3->set('activeTab', 'sign'); echo View::instance()->render('signature.html.php'); @@ -250,14 +246,17 @@ $f3->route('POST /share', array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg")); } - $symmetricKey = $_COOKIE[$hash]; - $encryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash); - if (!$encryptor->encrypt()) { - $f3->error(403); - }; + $symmetricKey = ""; + if (isset($_COOKIE[$hash])) { + $symmetricKey = "#sk:" . $_COOKIE[$hash]; + $encryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash); + if (!$encryptor->encrypt()) { + shell_exec("rm -rf $sharingFolder"); + $f3->error(500); + } + } - - $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetricKey); + $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash.$symmetricKey); } ); @@ -267,10 +266,13 @@ $f3->route('GET /signature/@hash/pdf', $f3->set('activeTab', 'sign'); $hash = Web::instance()->slug($f3->get('PARAMS.hash')); $sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash; - - $cryptor = new CryptographyClass(CryptographyClass::protectSymmetricKey($_COOKIE[$hash]), $f3->get('PDF_STORAGE_PATH').$hash); + $symmetricKey = null; + if (isset($_COOKIE[$hash])) { + $symmetricKey = CryptographyClass::protectSymmetricKey($_COOKIE[$hash]); + } + $cryptor = new CryptographyClass($symmetricKey, $f3->get('PDF_STORAGE_PATH').$hash); if ($cryptor->decrypt() == false) { - $f3->error(403); + $f3->error(500); } $files = scandir($sharingFolder); @@ -296,13 +298,14 @@ $f3->route('GET /signature/@hash/pdf', shell_exec(sprintf("pdftk %s multistamp %s output %s", $finalFile, $layerFile, $bufferFile)); rename($bufferFile, $finalFile); } - Web::instance()->send($finalFile, null, 0, TRUE, $filename); - - $cryptor->encrypt($hash); + if ($symmetricKey) { + $cryptor->encrypt($hash); + } if($f3->get('DEBUG')) { return; } + array_map('unlink', glob($finalFile."*")); } ); diff --git a/installation.md b/installation.md index 8db34bf..4d5a5eb 100644 --- a/installation.md +++ b/installation.md @@ -193,4 +193,3 @@ cat <>/var/www/signaturepdf/config/config.ini PDF_STORAGE_PATH=/var/www/signaturepdf/tmp EOF ``` - diff --git a/lib/cryptography.class.php b/lib/cryptography.class.php index ce19de8..c0a3d2d 100644 --- a/lib/cryptography.class.php +++ b/lib/cryptography.class.php @@ -22,32 +22,43 @@ class CryptographyClass } public function encrypt() { - foreach ($this->getFiles(false) as $file) { $outputFile = $file.".gpg"; $command = "gpg --batch --passphrase $this->symmetricKey --symmetric --cipher-algo AES256 -o $outputFile $file"; $result = shell_exec($command); - if ($result === false) { + if ($result) { echo "Cypher failure"; return $result; } $this->hardUnlink($file); - return $result; + } + return true; } public function decrypt() { + if (!$this->isEncrypted()) { + return true; + } + if (!$this->symmetricKey) { + return false; + } foreach ($this->getFiles(true) as $file) { $outputFile = str_replace(".gpg", "", $file); $command = "gpg --batch --passphrase $this->symmetricKey --decrypt -o $outputFile $file"; $result = shell_exec($command); - if ($result === false) { + if ($result) { echo "Decypher failure"; return $result; } + $this->hardUnlink($file); } - return $result; + return true; + } + + public function isEncrypted() { + return file_exists($this->pathHash."/filename.txt.gpg"); } public static function hardUnlink($element) { diff --git a/public/js/signature.js b/public/js/signature.js index 17c6e8d..2dcb730 100644 --- a/public/js/signature.js +++ b/public/js/signature.js @@ -819,9 +819,13 @@ var createEventsListener = function() { document.getElementById('input_svg_share').files = dataTransfer.files; hasModifications = false; + document.getElementById('input_pdf_hash').value = generatePdfHash(); - document.getElementById('input_symmetric_key').value = generateSymmetricKey(); - storeSymmetricKeyCookie(document.getElementById('input_pdf_hash').value, document.getElementById('input_symmetric_key').value); + + if (document.getElementById('checkbox_encryption').checked) { + storeSymmetricKeyCookie(document.getElementById('input_pdf_hash').value, generateSymmetricKey()); + } + }); } @@ -1173,7 +1177,7 @@ function storeSymmetricKeyCookie(hash, symmetricKey) { console.error("Erreur taille cle symmetrique."); return; } - document.cookie = hash + "=" + symmetricKey + "; SameSite=Strict"; + document.cookie = hash + "=" + symmetricKey + "; SameSite=Lax;"; } function generateSymmetricKey() { diff --git a/templates/signature.html.php b/templates/signature.html.php index 7c651ac..4a75ee2 100644 --- a/templates/signature.html.php +++ b/templates/signature.html.php @@ -193,7 +193,7 @@

'); ?>

'); ?>

-
disabled="disabled"checked/> +
disabled="disabled"checked/>