Fix file encryption

Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt>
This commit is contained in:
Tiago Garcia 2024-12-11 22:57:41 +00:00
parent 511458f770
commit 62272039d6
Signed by: TiagoRG
GPG Key ID: DFCD48E3F420DB42
5 changed files with 38 additions and 33 deletions

View File

@ -51,10 +51,10 @@ def addDoc(args):
args.session = json.load(f)
#Encrypt content
key, content, nonce = encrypt_file(BASE_DIR + args.file, BASE_DIR + 'encryptedText')
key, content = encrypt_file(BASE_DIR + args.file, BASE_DIR + 'encryptedText')
#Upload document metadata
doc = {'document_name' : args.name, 'key' : key.hex(), 'alg' : 'AES-CFB', 'nonce' : nonce.hex() }
doc = {'document_name' : args.name, 'key' : key.hex(), 'alg' : 'AES-CFB' }
try:
req = requests.post(f'http://{state['REP_ADDRESS']}/file/upload/metadata', json=json.dumps(doc),

View File

@ -6,41 +6,49 @@ from cryptography.hazmat.backends import default_backend
# Function to encrypt a file using a salt
def encrypt_file(input_file, output_file=None):
key = os.urandom(16)
iv = os.urandom(16)
key = os.urandom(16)
iv = os.urandom(16)
cipher = Cipher(algorithms.AES(key), modes.CFB(iv))
encryptor = cipher.encryptor()
cipher = Cipher(algorithms.AES(key), modes.CFB(iv))
encryptor = cipher.encryptor()
with open(input_file, 'rb') as f:
plaintext = f.read()
encrypted_content = b""
ciphertext = encryptor.update(plaintext) + encryptor.finalize()
ciphertext = iv + ciphertext
if output_file is not None:
with open(input_file, 'rb') as infile, open(output_file, 'wb') as outfile:
# Write the IV to the output file first
outfile.write(iv)
encrypted_content += iv
if output_file is not None:
with open(output_file, 'wb') as f:
f.write(ciphertext)
while chunk := infile.read(2048):
ciphertext = encryptor.update(chunk)
outfile.write(ciphertext)
encrypted_content += ciphertext
print(iv.hex())
# Finalize encryption
final_chunk = encryptor.finalize()
outfile.write(final_chunk)
encrypted_content += final_chunk
return key, ciphertext, iv
return key, encrypted_content
# Function to decrypt a file
def decrypt_file(nonce, key, input_file, output_file=None):
with open(input_file, 'rb') as f:
encrypted_data = f.read()
def decrypt_file(key, input_file, output_file=None):
with open(input_file, 'rb') as infile:
# Read the IV from the input file
iv = infile.read(16)
cipher = Cipher(algorithms.AES(key), modes.CFB(iv))
decryptor = cipher.decryptor()
ciphertext = encrypted_data
if output_file is not None:
with open(output_file, 'wb') as outfile:
while chunk := infile.read(2048):
plaintext = decryptor.update(chunk)
outfile.write(plaintext)
cipher = Cipher(algorithms.AES(key), modes.CFB(nonce))
decryptor = cipher.decryptor()
# Finalize decryption
outfile.write(decryptor.finalize())
plaintext = decryptor.update(ciphertext) + decryptor.finalize()
return True
if output_file is not None:
with open(output_file, 'wb') as f:
f.write(plaintext)
return plaintext.hex()

View File

@ -11,7 +11,6 @@ class File(db_connection.Model):
created_at = db_connection.Column(db_connection.Integer, nullable=False)
key = db_connection.Column(db_connection.String, nullable=False)
alg = db_connection.Column(db_connection.String, nullable=False)
nonce = db_connection.Column(db_connection.String, nullable=False)
org_id = db_connection.Column(db_connection.Integer, db_connection.ForeignKey('organizations.id'), nullable=False)
creator_id = db_connection.Column(db_connection.Integer, db_connection.ForeignKey('users.id'), nullable=False)
org = db_connection.relationship('Organization', backref=db_connection.backref('org_files', uselist=False))
@ -26,7 +25,6 @@ class File(db_connection.Model):
"created_at": self.created_at,
"key": self.key,
"alg": self.alg,
"nonce": self.nonce,
"org": {"id": self.org.id, "name": self.org.name},
"creator": {"id": self.creator.id, "username": self.creator.username}
}

View File

@ -48,7 +48,7 @@ def file_upload_metadata():
data = request.json
if type(data) is str:
data = json.loads(data)
if "document_name" not in data or "key" not in data or "alg" not in data or "nonce" not in data:
if "document_name" not in data or "key" not in data or "alg" not in data:
return jsonify({"error": "Missing required fields"}), 400
org = OrganizationService.get_organization(session.org_id)
@ -59,7 +59,7 @@ def file_upload_metadata():
if not user:
return jsonify({"error": "User not found"}), 404
file = upload_service.create_file(session.token, org, user, data["document_name"], data["key"], data["alg"], data["nonce"])
file = upload_service.create_file(session.token, org, user, data["document_name"], data["key"], data["alg"])
return jsonify(file.to_dict()), 201

View File

@ -13,7 +13,7 @@ class FileService:
def __init__(self):
self.current_requests = {}
def create_file(self, session_token: str, org: Organization, user: User, file_name: str, key: str, alg: str, nonce: str) -> File:
def create_file(self, session_token: str, org: Organization, user: User, file_name: str, key: str, alg: str) -> File:
file = File(
file_handle = None,
document_handle = get_hash(file_name),
@ -21,7 +21,6 @@ class FileService:
created_at = int(datetime.now().timestamp()),
key = key,
alg = alg,
nonce = nonce,
org_id = org.id,
creator_id = user.id,
org = org,