From 15bbe379861c671a2e9b6dc5ac2583625c489033 Mon Sep 17 00:00:00 2001 From: rjaeckel Date: Sat, 30 Jan 2016 20:54:10 +0100 Subject: [PATCH 1/5] bugfix as openssl 1.0.2 does not accept a key longer than 64Bytes in hex openssl 1.0.1 just strips the key --- ocdec.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/ocdec.sh b/ocdec.sh index 1388c2f..2f682d0 100755 --- a/ocdec.sh +++ b/ocdec.sh @@ -124,6 +124,7 @@ function decryptFile() { decFileKeyContent="$( openssl rc4 -d -in "$encFileKeyPath" -iv 0 -K $decUserFileShareKeyHEX )" decFileKeyContentHEX="$( echo -n $decFileKeyContent |od -An -tx1 |tr -dc '[:xdigit:]' )" + decFileKeyContentHEX=${decFileKeyContentHEX:0:64} # --- Get the FileKey --- # --- Decrypt the file --- From d25fc4b5c87fa3bb539eb82e1f16c49d1d217af7 Mon Sep 17 00:00:00 2001 From: rjaeckel Date: Sat, 30 Jan 2016 20:58:28 +0100 Subject: [PATCH 2/5] refactored decryption to use a single file operation, increases performance extremely --- ocdec.sh | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/ocdec.sh b/ocdec.sh index 2f682d0..cd648e2 100755 --- a/ocdec.sh +++ b/ocdec.sh @@ -128,19 +128,16 @@ function decryptFile() { # --- Get the FileKey --- # --- Decrypt the file --- - # TODO: to figure out how to speed-up the decryption process. - # bottlenecks: - # - awk is running really slow, consuming lot of CPU - encFileContentsALL="$(cat "${USER}/$encFilePath")" - encFileContentsNOHEAD=$(echo -n "$encFileContentsALL" | sed -r 's/^HBEGIN:.+:HEND-*//') - N=0 - for IV in $(echo -n "$encFileContentsNOHEAD" |grep -E -o '00iv00.{16}xx' |sed -r 's/^00iv00//;s/xx$//'); do - N=$[N+1] - encFileContentsBASE64=$(echo -n "$encFileContentsNOHEAD" |awk -F '00iv00................xx' -v N=$N '{print $N}') - plainFileIVHEX=$(echo -n "$IV" |od -An -tx1 |tr -dc '[:xdigit:]') - openssl enc -AES-256-CFB -d -nosalt -base64 -A -K $decFileKeyContentHEX -iv $plainFileIVHEX -in <(echo "$encFileContentsBASE64") - #php -r "echo openssl_decrypt('$encFileContentsBASE64', 'AES-256-CFB', '$decFileKeyContent', false, '$IV');" - done + # OC writes the encrypted file in 8K chunks, each containing it's own iv in the end + chunkSize=8192 + while read -d '' -n $chunkSize CHUNK; do + #split chunk into payload an iv string (strip padding from iv) + read payload iv <<<`echo $CHUNK | sed -r 's/(.*)00iv00(.{16})xx/\1 \2/'` + # convert base64 iv into hex + iv=$(echo -n "$iv" | od -An -tx1 | tr -dc '[:xdigit:]' ) + # decode chunk + openssl enc -AES-256-CFB -d -nosalt -base64 -A -K $decFileKeyContentHEX -iv $iv -in <(echo "$payload") + done <<<`sed -r 's/^HBEGIN:.+:HEND-*//' <"$encFilePath"` # pipe the encrypted file without head into the loop # --- Decrypt the file --- } From 683980933599a4c68b771ee4fac69de8d67d98e6 Mon Sep 17 00:00:00 2001 From: rjaeckel Date: Sun, 31 Jan 2016 23:17:09 +0100 Subject: [PATCH 3/5] force to read last line of encrypted file --- ocdec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocdec.sh b/ocdec.sh index cd648e2..3ba919c 100755 --- a/ocdec.sh +++ b/ocdec.sh @@ -130,7 +130,7 @@ function decryptFile() { # --- Decrypt the file --- # OC writes the encrypted file in 8K chunks, each containing it's own iv in the end chunkSize=8192 - while read -d '' -n $chunkSize CHUNK; do + while read -d '' -n $chunkSize CHUNK || [ -n "$CHUNK" ]; do #split chunk into payload an iv string (strip padding from iv) read payload iv <<<`echo $CHUNK | sed -r 's/(.*)00iv00(.{16})xx/\1 \2/'` # convert base64 iv into hex From f5156ef14cd747b0c70524cbe79248985941109e Mon Sep 17 00:00:00 2001 From: rjaeckel Date: Sun, 31 Jan 2016 23:17:49 +0100 Subject: [PATCH 4/5] missing user parameter in filepath --- ocdec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocdec.sh b/ocdec.sh index 3ba919c..1d67ea7 100755 --- a/ocdec.sh +++ b/ocdec.sh @@ -137,7 +137,7 @@ function decryptFile() { iv=$(echo -n "$iv" | od -An -tx1 | tr -dc '[:xdigit:]' ) # decode chunk openssl enc -AES-256-CFB -d -nosalt -base64 -A -K $decFileKeyContentHEX -iv $iv -in <(echo "$payload") - done <<<`sed -r 's/^HBEGIN:.+:HEND-*//' <"$encFilePath"` # pipe the encrypted file without head into the loop + done <<<`sed -r 's/^HBEGIN:.+:HEND-*//' <"${USER}/$encFilePath"` # pipe the encrypted file without head into the loop # --- Decrypt the file --- } From 2adaf0464f96e33a69c7e598dc87e24d028bd695 Mon Sep 17 00:00:00 2001 From: rjaeckel Date: Sun, 31 Jan 2016 23:44:19 +0100 Subject: [PATCH 5/5] clear CHUNK variable to avoid infinite loops --- ocdec.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ocdec.sh b/ocdec.sh index 1d67ea7..863773f 100755 --- a/ocdec.sh +++ b/ocdec.sh @@ -130,9 +130,11 @@ function decryptFile() { # --- Decrypt the file --- # OC writes the encrypted file in 8K chunks, each containing it's own iv in the end chunkSize=8192 - while read -d '' -n $chunkSize CHUNK || [ -n "$CHUNK" ]; do + while read -d '' -n $chunkSize CHUNK || [ ! -z "$CHUNK" ]; do #split chunk into payload an iv string (strip padding from iv) read payload iv <<<`echo $CHUNK | sed -r 's/(.*)00iv00(.{16})xx/\1 \2/'` + CHUNK= + #if [ -z $CHUNK ]; then break; fi # convert base64 iv into hex iv=$(echo -n "$iv" | od -An -tx1 | tr -dc '[:xdigit:]' ) # decode chunk