From 80a0104a7c2f8f2f9f0c8c52443a5600977a0569 Mon Sep 17 00:00:00 2001 From: tale-fau Date: Mon, 6 Nov 2023 14:26:36 +0100 Subject: [PATCH] symmetric key now transits with cookie --- app.php | 21 ++++++++++++++++---- lib/cryptography.class.php | 38 +++++++++++++----------------------- templates/signature.html.php | 3 ++- 3 files changed, 33 insertions(+), 29 deletions(-) diff --git a/app.php b/app.php index 02a3866..3e72024 100644 --- a/app.php +++ b/app.php @@ -239,8 +239,11 @@ $f3->route('POST /share', if(!$f3->get('DEBUG')) { array_map('unlink', glob($tmpfile."*.svg")); } - - $encryptor = new CryptographyClass(); + if (!isset($_COOKIE[$hash])) { + $symmetric_key = createSymmetricKey(); + setcookie($hash, $symmetric_key, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]); + } + $encryptor = new CryptographyClass($symmetric_key); $encryptor->encrypt($hash); $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#informations"); } @@ -253,10 +256,9 @@ $f3->route('GET /signature/@hash/pdf', $hash = Web::instance()->slug($f3->get('PARAMS.hash')); $sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash; - $cryptor = new CryptographyClass(); + $cryptor = new CryptographyClass($_COOKIE[$hash]); $cryptor->decrypt($hash); - $files = scandir($sharingFolder); $originalFile = $sharingFolder.'/original.pdf'; $finalFile = $sharingFolder.'/'.$f3->get('PARAMS.hash').uniqid().'.pdf'; @@ -526,4 +528,15 @@ function convertPHPSizeToBytes($sSize) return (int)$iValue; } +function createSymmetricKey() { + $length = 15; + $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $pieces = []; + $max = mb_strlen($keyspace, '8bit') - 1; + for ($i = 0; $i < $length; ++$i) { + $pieces []= $keyspace[random_int(0, $max)]; + } + return implode('', $pieces); + } + return $f3; diff --git a/lib/cryptography.class.php b/lib/cryptography.class.php index 8a96249..1373b27 100644 --- a/lib/cryptography.class.php +++ b/lib/cryptography.class.php @@ -2,15 +2,18 @@ class CryptographyClass { - const KEY_SIZE = 4; + private $symmetric_key = null; + + function __construct($key) { + $this->setSymmetricKey($key); + } public function encrypt($hash) { foreach (glob("/tmp/".$hash.'/*.pdf') as $file) { $outputFile = $file.".gpg"; - $keyPath = $this->getKeyPath(); - $command = "gpg --batch --passphrase-file $keyPath --symmetric --cipher-algo AES256 -o $outputFile $file"; + $key = $this->getSymmetricKey(); + $command = "gpg --batch --passphrase $key --symmetric --cipher-algo AES256 -o $outputFile $file"; $result = shell_exec($command); - $this->freeKeyFile($keyPath); if ($result === false) { echo "Cypher failure"; exit; @@ -22,38 +25,25 @@ class CryptographyClass public function decrypt($hash) { foreach (glob("/tmp/".$hash.'/*.gpg') as $file) { $outputFile = str_replace(".gpg", "", $file); - $keyPath = $this->getKeyPath(); - $command = "gpg --batch --passphrase-file $keyPath --decrypt -o $outputFile $file"; + $key = $this->getSymmetricKey(); + $command = "gpg --batch --passphrase $key --decrypt -o $outputFile $file"; $result = shell_exec($command); - $this->freeKeyFile($keyPath); if ($result === false) { echo "Decypher failure"; exit; } unlink($file); } + return true; } - private function getKeyPath() { - $path = "../key.txt"; - if (file_put_contents($path, 'test') === false) - { - echo "passphrase generation failure"; - exit; - } - return $path; + private function getSymmetricKey() { + return $this->symmetric_key; } - private function freeKeyFile($keyPath) { - $passphrase_overwrite = str_repeat("0", self::KEY_SIZE); - if (file_put_contents($keyPath, $passphrase_overwrite) === false) - { - echo "passphrase generation failure"; - exit; - } + private function setSymmetricKey($key) { + $this->symmetric_key = $key; } - - } ?> diff --git a/templates/signature.html.php b/templates/signature.html.php index d8a8365..c44351e 100644 --- a/templates/signature.html.php +++ b/templates/signature.html.php @@ -112,6 +112,7 @@
+
@@ -197,7 +198,7 @@
- +