Головна сторінка Огляд Довідка
Реєстрація Увійти
coolbeer
/
cryptomator
дзеркало https://github.com/cryptomator/cryptomator.git
1
0
Відгалуження 0
Файли Проблеми 0 Wiki
Переглянути джерело

Reject opening files when former filesize header is != -1

Sebastian Stenzel 8 роки тому
батько
d7d8d21ba4
коміт
a3cfcb1131
3 змінених файлів з 24 додано та 6 видалено
Розділений вигляд Показати статистику Diff
  1. 5 0
      main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImpl.java
  2. 5 5
      main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImplTest.java
  3. 14 1
      main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileHeaderTest.java

+ 5 - 0
main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImpl.java
Переглянути файл 

@@ -54,6 +54,11 @@ class FileContentDecryptorImpl implements FileContentDecryptor {
 
 		this.header = FileHeader.decrypt(headerKey, hmacSha256, header);
 
 		this.authenticate = authenticate;
 
 		this.chunkNumber = firstCiphertextByte / CHUNK_SIZE; // floor() by int-truncation
 
+		
+		// vault version 5 and onwards should have filesize: -1
 
+		if (this.header.getPayload().getFilesize() != -1l) {
 
+			throw new UncheckedIOException(new IOException("Attempted to decrypt file with invalid header (probably from previous vault version)"));
 
+		}
 
 	}
 
 
 	@Override

+ 5 - 5
main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImplTest.java
Переглянути файл 

@@ -45,7 +45,7 @@ public class FileContentDecryptorImplTest {
 
 		final byte[] keyBytes = new byte[32];
 
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
 
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 
 		final byte[] content = Base64.decode("AAAAAAAAAAAAAAAAAAAAALTwrBTNYP7m3yTGKlhka9WPvX1Lpn5EYfVxlyX1ISgRXtdRnivM7r6F3Og=");
 
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
 
@@ -68,7 +68,7 @@ public class FileContentDecryptorImplTest {
 
 		final byte[] keyBytes = new byte[32];
 
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJa==");
 
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJG==");
 
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
 
 
@@ -80,7 +80,7 @@ public class FileContentDecryptorImplTest {
 
 		final byte[] keyBytes = new byte[32];
 
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
 
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 
 		final byte[] content = Base64.decode("aAAAAAAAAAAAAAAAAAAAALTwrBTNYP7m3yTGKlhka9WPvX1Lpn5EYfVxlyX1ISgRXtdRnivM7r6F3Og=");
 
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
 
@@ -101,7 +101,7 @@ public class FileContentDecryptorImplTest {
 
 		final byte[] keyBytes = new byte[32];
 
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
 
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 
 		final byte[] content = Base64.decode("AAAAAAAAAAAAAAAAAAAAALTwrBTNYP7m3yTGKlhka9WPvX1Lpn5EYfVxlyX1ISgRXtdRnivM7r6F3OG=");
 
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, false)) {
 
@@ -124,7 +124,7 @@ public class FileContentDecryptorImplTest {
 
 		final byte[] keyBytes = new byte[32];
 
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "AES");
 
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
 
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
 
 			decryptor.cancelWithException(new IOException("can not do"));

+ 14 - 1
main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileHeaderTest.java
Переглянути файл 

@@ -53,13 +53,26 @@ public class FileHeaderTest {
 
 
 	@Test
 
 	public void testDecryption() {
 
+		final byte[] keyBytes = new byte[32];
 
+		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
+		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 
+		final ByteBuffer headerBuf = ByteBuffer.wrap(Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg=="));
 
+		final FileHeader header = FileHeader.decrypt(headerKey, new ThreadLocalMac(macKey, "HmacSHA256"), headerBuf);
 
+
 
+		Assert.assertEquals(-1l, header.getPayload().getFilesize());
 
+		Assert.assertArrayEquals(new byte[16], header.getIv());
 
+		Assert.assertArrayEquals(new byte[32], header.getPayload().getContentKey().getEncoded());
 
+	}
 
+
 
+	@Test
 
+	public void testDecryptionOfOldHeader() {
 
 		final byte[] keyBytes = new byte[32];
 
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 
 		final ByteBuffer headerBuf = ByteBuffer.wrap(Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA=="));
 
 		final FileHeader header = FileHeader.decrypt(headerKey, new ThreadLocalMac(macKey, "HmacSHA256"), headerBuf);
 
 
-		Assert.assertEquals(42, header.getPayload().getFilesize());
 
+		Assert.assertEquals(42l, header.getPayload().getFilesize());
 
 		Assert.assertArrayEquals(new byte[16], header.getIv());
 
 		Assert.assertArrayEquals(new byte[32], header.getPayload().getContentKey().getEncoded());
 
 	}