diff --git a/delivery2/client/bin/rep_add_doc b/delivery2/client/bin/rep_add_doc index 8576080..2c5d964 100755 --- a/delivery2/client/bin/rep_add_doc +++ b/delivery2/client/bin/rep_add_doc @@ -51,10 +51,10 @@ def addDoc(args): args.session = json.load(f) #Encrypt content - key, content, nonce = encrypt_file(BASE_DIR + args.file, BASE_DIR + 'encryptedText') + key, content = encrypt_file(BASE_DIR + args.file, BASE_DIR + 'encryptedText') #Upload document metadata - doc = {'document_name' : args.name, 'key' : key.hex(), 'alg' : 'AES-CFB', 'nonce' : nonce.hex() } + doc = {'document_name' : args.name, 'key' : key.hex(), 'alg' : 'AES-CFB' } try: req = requests.post(f'http://{state['REP_ADDRESS']}/file/upload/metadata', json=json.dumps(doc), diff --git a/delivery2/lib/symmetric_encryption.py b/delivery2/lib/symmetric_encryption.py index 094e6a3..040a697 100644 --- a/delivery2/lib/symmetric_encryption.py +++ b/delivery2/lib/symmetric_encryption.py @@ -6,41 +6,49 @@ from cryptography.hazmat.backends import default_backend # Function to encrypt a file using a salt def encrypt_file(input_file, output_file=None): - key = os.urandom(16) - iv = os.urandom(16) + key = os.urandom(16) + iv = os.urandom(16) - cipher = Cipher(algorithms.AES(key), modes.CFB(iv)) - encryptor = cipher.encryptor() + cipher = Cipher(algorithms.AES(key), modes.CFB(iv)) + encryptor = cipher.encryptor() - with open(input_file, 'rb') as f: - plaintext = f.read() + encrypted_content = b"" - ciphertext = encryptor.update(plaintext) + encryptor.finalize() - ciphertext = iv + ciphertext + if output_file is not None: + with open(input_file, 'rb') as infile, open(output_file, 'wb') as outfile: + # Write the IV to the output file first + outfile.write(iv) + encrypted_content += iv - if output_file is not None: - with open(output_file, 'wb') as f: - f.write(ciphertext) + while chunk := infile.read(2048): + ciphertext = encryptor.update(chunk) + outfile.write(ciphertext) + encrypted_content += ciphertext - print(iv.hex()) + # Finalize encryption + final_chunk = encryptor.finalize() + outfile.write(final_chunk) + encrypted_content += final_chunk - return key, ciphertext, iv + return key, encrypted_content # Function to decrypt a file -def decrypt_file(nonce, key, input_file, output_file=None): - with open(input_file, 'rb') as f: - encrypted_data = f.read() +def decrypt_file(key, input_file, output_file=None): + with open(input_file, 'rb') as infile: + # Read the IV from the input file + iv = infile.read(16) + cipher = Cipher(algorithms.AES(key), modes.CFB(iv)) + decryptor = cipher.decryptor() - ciphertext = encrypted_data + if output_file is not None: + with open(output_file, 'wb') as outfile: + while chunk := infile.read(2048): + plaintext = decryptor.update(chunk) + outfile.write(plaintext) - cipher = Cipher(algorithms.AES(key), modes.CFB(nonce)) - decryptor = cipher.decryptor() + # Finalize decryption + outfile.write(decryptor.finalize()) - plaintext = decryptor.update(ciphertext) + decryptor.finalize() + return True - if output_file is not None: - with open(output_file, 'wb') as f: - f.write(plaintext) - - return plaintext.hex() diff --git a/delivery2/server/models/file.py b/delivery2/server/models/file.py index a7fc99f..8288403 100644 --- a/delivery2/server/models/file.py +++ b/delivery2/server/models/file.py @@ -11,7 +11,6 @@ class File(db_connection.Model): created_at = db_connection.Column(db_connection.Integer, nullable=False) key = db_connection.Column(db_connection.String, nullable=False) alg = db_connection.Column(db_connection.String, nullable=False) - nonce = db_connection.Column(db_connection.String, nullable=False) org_id = db_connection.Column(db_connection.Integer, db_connection.ForeignKey('organizations.id'), nullable=False) creator_id = db_connection.Column(db_connection.Integer, db_connection.ForeignKey('users.id'), nullable=False) org = db_connection.relationship('Organization', backref=db_connection.backref('org_files', uselist=False)) @@ -26,7 +25,6 @@ class File(db_connection.Model): "created_at": self.created_at, "key": self.key, "alg": self.alg, - "nonce": self.nonce, "org": {"id": self.org.id, "name": self.org.name}, "creator": {"id": self.creator.id, "username": self.creator.username} } \ No newline at end of file diff --git a/delivery2/server/routes/file.py b/delivery2/server/routes/file.py index 5eb08a6..2d5e138 100644 --- a/delivery2/server/routes/file.py +++ b/delivery2/server/routes/file.py @@ -48,7 +48,7 @@ def file_upload_metadata(): data = request.json if type(data) is str: data = json.loads(data) - if "document_name" not in data or "key" not in data or "alg" not in data or "nonce" not in data: + if "document_name" not in data or "key" not in data or "alg" not in data: return jsonify({"error": "Missing required fields"}), 400 org = OrganizationService.get_organization(session.org_id) @@ -59,7 +59,7 @@ def file_upload_metadata(): if not user: return jsonify({"error": "User not found"}), 404 - file = upload_service.create_file(session.token, org, user, data["document_name"], data["key"], data["alg"], data["nonce"]) + file = upload_service.create_file(session.token, org, user, data["document_name"], data["key"], data["alg"]) return jsonify(file.to_dict()), 201 diff --git a/delivery2/server/services/files.py b/delivery2/server/services/files.py index 9bf55f7..316409d 100644 --- a/delivery2/server/services/files.py +++ b/delivery2/server/services/files.py @@ -13,7 +13,7 @@ class FileService: def __init__(self): self.current_requests = {} - def create_file(self, session_token: str, org: Organization, user: User, file_name: str, key: str, alg: str, nonce: str) -> File: + def create_file(self, session_token: str, org: Organization, user: User, file_name: str, key: str, alg: str) -> File: file = File( file_handle = None, document_handle = get_hash(file_name), @@ -21,7 +21,6 @@ class FileService: created_at = int(datetime.now().timestamp()), key = key, alg = alg, - nonce = nonce, org_id = org.id, creator_id = user.id, org = org,