mirror of https://github.com/nextcloud/android
tobiasKaminsky
parent
3d5f74bfe5
commit
da32815f20
|
|
@ -36,7 +36,6 @@ import org.junit.Test;
|
|||
import org.junit.runner.RunWith;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.KeyPair;
|
||||
|
|
@ -193,7 +192,7 @@ public class EncryptionTestIT {
|
|||
byte[] iv = EncryptionUtils.decodeStringToBase64Bytes("gKm3n+mJzeY26q4OfuZEqg==");
|
||||
byte[] authTag = EncryptionUtils.decodeStringToBase64Bytes("PboI9tqHHX3QeAA22PIu4w==");
|
||||
|
||||
assertTrue(cryptFile("ia7OEEEyXMoRa1QWQk8r", "78f42172166f9dc8fd1a7156b1753353", key, iv, authTag));
|
||||
assertTrue(cryptFile("test", "0d97a9cd8bbd7ce75a2a76bb06258915", key, iv, authTag));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -344,27 +343,23 @@ public class EncryptionTestIT {
|
|||
|
||||
private boolean cryptFile(String fileName, String md5, byte[] key, byte[] iv, byte[] expectedAuthTag)
|
||||
throws Exception {
|
||||
File file = getFile(fileName);
|
||||
assertEquals(md5, EncryptionUtils.getMD5Sum(file));
|
||||
File input = getFile(fileName);
|
||||
|
||||
EncryptionUtils.EncryptedFile encryptedFile = EncryptionUtils.encryptFile(file, key, iv);
|
||||
// File input = new File("/sdcard/test");
|
||||
assertEquals(md5, EncryptionUtils.getMD5Sum(input));
|
||||
|
||||
File encryptedTempFile = File.createTempFile("file", "tmp");
|
||||
FileOutputStream fileOutputStream = new FileOutputStream(encryptedTempFile);
|
||||
fileOutputStream.write(encryptedFile.encryptedBytes);
|
||||
fileOutputStream.close();
|
||||
EncryptionUtils.encryptFile(input, encryptedTempFile, key, iv);
|
||||
|
||||
byte[] authenticationTag = EncryptionUtils.decodeStringToBase64Bytes(encryptedFile.authenticationTag);
|
||||
// byte[] authenticationTag = EncryptionUtils.decodeStringToBase64Bytes(encryptedFile.authenticationTag);
|
||||
|
||||
// verify authentication tag
|
||||
assertTrue(Arrays.equals(expectedAuthTag, authenticationTag));
|
||||
|
||||
byte[] decryptedBytes = EncryptionUtils.decryptFile(encryptedTempFile, key, iv, authenticationTag);
|
||||
// assertTrue(Arrays.equals(expectedAuthTag, authenticationTag));
|
||||
|
||||
File decryptedFile = File.createTempFile("file", "dec");
|
||||
FileOutputStream fileOutputStream1 = new FileOutputStream(decryptedFile);
|
||||
fileOutputStream1.write(decryptedBytes);
|
||||
fileOutputStream1.close();
|
||||
|
||||
EncryptionUtils.decryptFile(encryptedTempFile, decryptedFile, key, iv);
|
||||
|
||||
|
||||
return md5.compareTo(EncryptionUtils.getMD5Sum(decryptedFile)) == 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ import com.owncloud.android.utils.EncryptionUtils;
|
|||
import com.owncloud.android.utils.FileStorageUtils;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
|
@ -201,7 +200,7 @@ public class DownloadFileOperation extends RemoteOperation {
|
|||
.get(mFile.getEncryptedFileName()).getAuthenticationTag());
|
||||
|
||||
try {
|
||||
byte[] decryptedBytes = EncryptionUtils.decryptFile(tmpFile, key, iv, authenticationTag);
|
||||
// byte[] decryptedBytes = EncryptionUtils.decryptFile(tmpFile, key, iv, authenticationTag);
|
||||
|
||||
try (FileOutputStream fileOutputStream = new FileOutputStream(tmpFile)) {
|
||||
fileOutputStream.write(decryptedBytes);
|
||||
|
|
|
|||
|
|
@ -519,7 +519,9 @@ public class UploadFileOperation extends SyncOperation {
|
|||
// IV, always generate new one
|
||||
byte[] iv = EncryptionUtils.randomBytes(EncryptionUtils.ivLength);
|
||||
|
||||
EncryptionUtils.EncryptedFile encryptedFile = EncryptionUtils.encryptFile(mFile, key, iv);
|
||||
// EncryptionUtils.EncryptedFile encryptedFile = EncryptionUtils.encryptFile(mFile, key, iv);
|
||||
|
||||
EncryptionUtils.EncryptedFile encryptedFile = new EncryptionUtils.EncryptedFile(new byte[0], "1");
|
||||
|
||||
// new random file name, check if it exists in metadata
|
||||
String encryptedFileName = UUID.randomUUID().toString().replaceAll("-", "");
|
||||
|
|
|
|||
|
|
@ -38,15 +38,16 @@ import com.owncloud.android.lib.common.utils.Log_OC;
|
|||
import com.owncloud.android.lib.resources.e2ee.GetMetadataRemoteOperation;
|
||||
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
import org.spongycastle.util.io.Streams;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.RandomAccessFile;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
|
|
@ -66,13 +67,13 @@ import java.security.spec.InvalidKeySpecException;
|
|||
import java.security.spec.KeySpec;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.CipherInputStream;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.KeyGenerator;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
|
|
@ -281,13 +282,13 @@ public final class EncryptionUtils {
|
|||
* @return encryptedFile with encryptedBytes and authenticationTag
|
||||
*/
|
||||
@RequiresApi(api = Build.VERSION_CODES.KITKAT)
|
||||
public static EncryptedFile encryptFile(OCFile ocFile, byte[] encryptionKeyBytes, byte[] iv)
|
||||
public static void encryptFile(OCFile ocFile, File output, byte[] encryptionKeyBytes, byte[] iv)
|
||||
throws NoSuchAlgorithmException,
|
||||
InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException,
|
||||
BadPaddingException, IllegalBlockSizeException, IOException {
|
||||
File file = new File(ocFile.getStoragePath());
|
||||
|
||||
return encryptFile(file, encryptionKeyBytes, iv);
|
||||
encryptFile(file, output, encryptionKeyBytes, iv);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -297,10 +298,10 @@ public final class EncryptionUtils {
|
|||
* @return encryptedFile with encryptedBytes and authenticationTag
|
||||
*/
|
||||
@RequiresApi(api = Build.VERSION_CODES.KITKAT)
|
||||
public static EncryptedFile encryptFile(File file, byte[] encryptionKeyBytes, byte[] iv)
|
||||
public static void encryptFile(File file, File output, byte[] encryptionKeyBytes, byte[] iv)
|
||||
throws NoSuchAlgorithmException,
|
||||
InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException,
|
||||
BadPaddingException, IllegalBlockSizeException, IOException {
|
||||
IOException {
|
||||
|
||||
Cipher cipher = Cipher.getInstance(AES_CIPHER);
|
||||
|
||||
|
|
@ -309,15 +310,13 @@ public final class EncryptionUtils {
|
|||
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
|
||||
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
|
||||
|
||||
RandomAccessFile randomAccessFile = new RandomAccessFile(file, "r");
|
||||
byte[] fileBytes = new byte[(int) randomAccessFile.length()];
|
||||
randomAccessFile.readFully(fileBytes);
|
||||
CipherInputStream cis = new CipherInputStream(new FileInputStream(file), cipher);
|
||||
|
||||
byte[] cryptedBytes = cipher.doFinal(fileBytes);
|
||||
String authenticationTag = encodeBytesToBase64String(Arrays.copyOfRange(cryptedBytes,
|
||||
cryptedBytes.length - (128 / 8), cryptedBytes.length));
|
||||
FileOutputStream fileOutputStream = new FileOutputStream(output);
|
||||
|
||||
return new EncryptedFile(cryptedBytes, authenticationTag);
|
||||
Streams.pipeAll(cis, fileOutputStream);
|
||||
|
||||
fileOutputStream.close();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -328,10 +327,10 @@ public final class EncryptionUtils {
|
|||
* @return decrypted byte[]
|
||||
*/
|
||||
@RequiresApi(api = Build.VERSION_CODES.KITKAT)
|
||||
public static byte[] decryptFile(File file, byte[] encryptionKeyBytes, byte[] iv, byte[] authenticationTag)
|
||||
public static void decryptFile(File file, File output, byte[] encryptionKeyBytes, byte[] iv)
|
||||
throws NoSuchAlgorithmException,
|
||||
InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException,
|
||||
BadPaddingException, IllegalBlockSizeException, IOException {
|
||||
IOException {
|
||||
|
||||
|
||||
Cipher cipher = Cipher.getInstance(AES_CIPHER);
|
||||
|
|
@ -339,19 +338,13 @@ public final class EncryptionUtils {
|
|||
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
|
||||
cipher.init(Cipher.DECRYPT_MODE, key, spec);
|
||||
|
||||
RandomAccessFile randomAccessFile = new RandomAccessFile(file, "r");
|
||||
byte[] fileBytes = new byte[(int) randomAccessFile.length()];
|
||||
randomAccessFile.readFully(fileBytes);
|
||||
CipherInputStream cis = new CipherInputStream(new FileInputStream(file), cipher);
|
||||
|
||||
// check authentication tag
|
||||
byte[] extractedAuthenticationTag = Arrays.copyOfRange(fileBytes,
|
||||
fileBytes.length - (128 / 8), fileBytes.length);
|
||||
FileOutputStream fileOutputStream1 = new FileOutputStream(output);
|
||||
|
||||
if (!Arrays.equals(extractedAuthenticationTag, authenticationTag)) {
|
||||
throw new SecurityException("Tag not correct");
|
||||
}
|
||||
Streams.pipeAll(cis, fileOutputStream1);
|
||||
|
||||
return cipher.doFinal(fileBytes);
|
||||
fileOutputStream1.close();
|
||||
}
|
||||
|
||||
public static class EncryptedFile {
|
||||
|
|
|
|||
Loading…
Reference in New Issue