From d3520c9d9877f9c959bd4eb41f4f6c4936f9c154 Mon Sep 17 00:00:00 2001 From: Scott Date: Mon, 19 Oct 2015 09:26:34 -0400 Subject: [PATCH 1/7] Prevent partial reads/writes Reference: #125 --- src/File.php | 176 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 108 insertions(+), 68 deletions(-) diff --git a/src/File.php b/src/File.php index 3db66bb..7ac639e 100644 --- a/src/File.php +++ b/src/File.php @@ -290,15 +290,11 @@ public static function encryptResource($inputHandle, $outputHandle, $key) /** * First let's write our header, file salt, and IV to the first N blocks of the output file */ - if (\fwrite( + self::writeBytes( $outputHandle, Core::CURRENT_FILE_VERSION . $file_salt . $iv, Core::HEADER_VERSION_SIZE + $config->saltByteSize() + $ivsize - ) === false) { - throw new Ex\CannotPerformOperationException( - 'Cannot write to output file' - ); - } + ); /** * We're going to initialize a HMAC-SHA256 with the given $akey @@ -334,12 +330,7 @@ public static function encryptResource($inputHandle, $outputHandle, $key) * Iterate until we reach the end of the input file */ while (!\feof($inputHandle)) { - $read = \fread($inputHandle, $config->bufferByteSize()); - if ($read === false) { - throw new Ex\CannotPerformOperationException( - 'Cannot read input file' - ); - } + $read = self::readBytes($inputHandle, $config->bufferByteSize()); $thisIv = Core::incrementCounter($thisIv, $inc, $config); /** @@ -364,11 +355,7 @@ public static function encryptResource($inputHandle, $outputHandle, $key) /** * Write the ciphertext to the output file */ - if (\fwrite($outputHandle, $encrypted, Core::ourStrlen($encrypted)) === false) { - throw new Ex\CannotPerformOperationException( - 'Cannot write to output file during encryption' - ); - } + self::writeBytes($outputHandle, $encrypted, Core::ourStrlen($encrypted)); /** * Update the HMAC for the entire file with the data from this block @@ -379,12 +366,7 @@ public static function encryptResource($inputHandle, $outputHandle, $key) // Now let's get our HMAC and append it $finalHMAC = \hash_final($hmac, true); - $appended = \fwrite($outputHandle, $finalHMAC, $config->macByteSize()); - if ($appended === false) { - throw new Ex\CannotPerformOperationException( - 'Cannot write to output file' - ); - } + self::writeBytes($outputHandle, $finalHMAC, $config->macByteSize()); return true; } @@ -412,13 +394,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) } // Parse the header. - $header = ''; - $remaining = Core::HEADER_VERSION_SIZE; - do { - $header .= \fread($inputHandle, $remaining); - $remaining = Core::HEADER_VERSION_SIZE - Core::ourStrlen($header); - } while ($remaining > 0); - + $header = self::readBytes($inputHandle, Core::HEADER_VERSION_SIZE); $config = self::getFileVersionConfigFromHeader( $header, Core::CURRENT_FILE_VERSION @@ -438,12 +414,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) ); } // Let's grab the file salt. - $file_salt = \fread($inputHandle, $config->saltByteSize()); - if ($file_salt === false ) { - throw new Ex\CannotPerformOperationException( - 'Cannot read input file' - ); - } + $file_salt = self::readBytes($inputHandle, $config->saltByteSize()); // For storing MACs of each buffer chunk $macs = []; @@ -483,12 +454,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) * It should be the first N blocks of the file (N = 16) */ $ivsize = \openssl_cipher_iv_length($config->cipherMethod()); - $iv = \fread($inputHandle, $ivsize); - if ($iv === false ) { - throw new Ex\CannotPerformOperationException( - 'Cannot read input file' - ); - } + $iv = self::readBytes($inputHandle, $ivsize); // How much do we increase the counter after each buffered encryption to prevent nonce reuse $inc = $config->bufferByteSize() / $config->blockByteSize(); @@ -516,12 +482,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) --$cipher_end; // We need to subtract one // We keep our MAC stored in this variable - $stored_mac = \fread($inputHandle, $config->macByteSize()); - if ($stored_mac === false) { - throw new Ex\CannotPerformOperationException( - 'Cannot read input file' - ); - } + $stored_mac = self::readBytes($inputHandle, $config->macByteSize()); /** * We begin recalculating the HMAC for the entire file... @@ -579,9 +540,15 @@ public static function decryptResource($inputHandle, $outputHandle, $key) */ if ($pos + $config->bufferByteSize() >= $cipher_end) { $break = true; - $read = \fread($inputHandle, $cipher_end - $pos + 1); + $read = self::readBytes( + $inputHandle, + $cipher_end - $pos + 1 + ); } else { - $read = \fread($inputHandle, $config->bufferByteSize()); + $read = self::readBytes( + $inputHandle, + $config->bufferByteSize() + ); } if ($read === false) { throw new Ex\CannotPerformOperationException( @@ -654,13 +621,14 @@ public static function decryptResource($inputHandle, $outputHandle, $key) */ if ($pos + $config->bufferByteSize() >= $cipher_end) { $breakW = true; - $read = \fread($inputHandle, $cipher_end - $pos + 1); + $read = self::readBytes( + $inputHandle, + $cipher_end - $pos + 1 + ); } else { - $read = \fread($inputHandle, $config->bufferByteSize()); - } - if ($read === false) { - throw new Ex\CannotPerformOperationException( - 'Could not read input file during decryption' + $read = self::readBytes( + $inputHandle, + $config->bufferByteSize() ); } @@ -713,20 +681,11 @@ public static function decryptResource($inputHandle, $outputHandle, $key) /** * Write the plaintext out to the output file */ - $result = \fwrite( - $outputHandle, - $decrypted, + self::writeBytes( + $outputHandle, + $decrypted, Core::ourStrlen($decrypted) ); - - /** - * Check result - */ - if ($result === false) { - throw new Ex\CannotPerformOperationException( - 'Could not write to output file during decryption.' - ); - } } // This should be an integer return $result; @@ -799,4 +758,85 @@ private static function getFileVersionConfigFromMajorMinor($major, $minor) ); } } + + + + /** + * Read from a stream; prevent partial reads + * + * @param resource $stream + * @param int $num + * @return string + * + * @throws \RangeException + * @throws \Exception + * @throws Ex\CannotPerformOperationException + */ + final public static function readBytes($stream, $num) + { + if ($num <= 0) { + throw new \RangeException( + 'Tried to read less than 0 bytes' + ); + } + $fstat = \fstat($stream); + $pos = \ftell($stream); + if (($pos + $num) > $fstat['size']) { + throw new \Exception('Out-of-bounds read'); + } + $buf = ''; + $remaining = $num; + do { + if ($remaining <= 0) { + break; + } + $read = \fread($stream, $remaining); + if ($read === false) { + throw new Ex\CannotPerformOperationException( + 'Could not write to the file' + ); + } + $buf .= $read; + $remaining -= Core::ourStrlen($read); + } while ($remaining > 0); + return $buf; + } + + /** + * Write to a stream; prevent partial writes + * + * @param resource $stream + * @param string $buf + * @param int $num (number of bytes) + * @return string + * @throws \RangeException + * @throws Ex\CannotPerformOperationException + */ + final public static function writeBytes($stream, $buf, $num = null) + { + $bufSize = Core::ourStrlen($buf); + if ($num === null || $num > $bufSize) { + $num = $bufSize; + } + if ($num < 0) { + throw new \RangeException( + 'Tried to write less than 0 bytes' + ); + } + $remaining = $num; + do { + if ($remaining <= 0) { + break; + } + $written = \fwrite($stream, $buf, $remaining); + if ($written === false) { + throw new Ex\CannotPerformOperationException( + 'Could not write to the file' + ); + } + $buf = Core::ourSubstr($buf, $written, null); + $remaining -= $written; + } while ($remaining > 0); + return $num; + } } From 666692e7f582d697a38e8f316f2b9c681726294d Mon Sep 17 00:00:00 2001 From: Scott Date: Mon, 19 Oct 2015 09:38:56 -0400 Subject: [PATCH 2/7] Fix out-of-bounds read errors in encryptResource() --- src/File.php | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/File.php b/src/File.php index 7ac639e..f6886ff 100644 --- a/src/File.php +++ b/src/File.php @@ -235,6 +235,8 @@ public static function encryptResource($inputHandle, $outputHandle, $key) Core::CURRENT_FILE_VERSION, Core::CURRENT_FILE_VERSION ); + $inputStat = \fstat($inputHandle); + $inputSize = $inputStat['size']; // Let's add this check before anything if (!\in_array($config->hashFunctionName(), \hash_algos())) { @@ -329,8 +331,21 @@ public static function encryptResource($inputHandle, $outputHandle, $key) /** * Iterate until we reach the end of the input file */ - while (!\feof($inputHandle)) { - $read = self::readBytes($inputHandle, $config->bufferByteSize()); + $breakR = false; + while (!\feof($inputHandle) && !$breakR) { + $pos = \ftell($inputHandle); + if ($pos + $config->bufferByteSize() >= $inputSize) { + $breakR = true; + $read = self::readBytes( + $inputHandle, + $inputSize - $pos + ); + } else { + $read = self::readBytes( + $inputHandle, + $config->bufferByteSize() + ); + } $thisIv = Core::incrementCounter($thisIv, $inc, $config); /** From e1d3e353c5a2bcf3c2de80070cd1381fbda12b6a Mon Sep 17 00:00:00 2001 From: Scott Date: Tue, 27 Oct 2015 11:13:02 -0400 Subject: [PATCH 3/7] Comment consistency, don't throw a generic Exception. --- src/File.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/File.php b/src/File.php index f6886ff..8048869 100644 --- a/src/File.php +++ b/src/File.php @@ -784,7 +784,6 @@ private static function getFileVersionConfigFromMajorMinor($major, $minor) * @return string * * @throws \RangeException - * @throws \Exception * @throws Ex\CannotPerformOperationException */ final public static function readBytes($stream, $num) @@ -797,7 +796,9 @@ final public static function readBytes($stream, $num) $fstat = \fstat($stream); $pos = \ftell($stream); if (($pos + $num) > $fstat['size']) { - throw new \Exception('Out-of-bounds read'); + throw new Ex\CannotPerformOperationException( + 'Out-of-bounds read' + ); } $buf = ''; $remaining = $num; @@ -808,7 +809,7 @@ final public static function readBytes($stream, $num) $read = \fread($stream, $remaining); if ($read === false) { throw new Ex\CannotPerformOperationException( - 'Could not write to the file' + 'Could not read from the file' ); } $buf .= $read; From 3017bf5d4a885f4f9ce6024eb8c23e6491f63578 Mon Sep 17 00:00:00 2001 From: Scott Date: Thu, 10 Dec 2015 13:04:28 -0500 Subject: [PATCH 4/7] Make File use Key objects, apply TOCTOU fixes. --- src/File.php | 77 +++++++++++++++++++---------------------- src/StreamInterface.php | 16 ++++----- test/stream/decrypt.php | 2 +- test/stream/encrypt.php | 2 +- test/stream/error.php | 6 ++-- test/stream/keygen.php | 2 +- 6 files changed, 49 insertions(+), 56 deletions(-) diff --git a/src/File.php b/src/File.php index 8048869..8cf8215 100644 --- a/src/File.php +++ b/src/File.php @@ -59,10 +59,10 @@ public static function createNewRandomKey() * * @param string $inputFilename * @param string $outputFilename - * @param string $key + * @param Key $key * @return boolean */ - public static function encryptFile($inputFilename, $outputFilename, $key) + public static function encryptFile($inputFilename, $outputFilename, Key $key) { if (!\is_string($inputFilename)) { throw new Ex\InvalidInput( @@ -137,10 +137,10 @@ public static function encryptFile($inputFilename, $outputFilename, $key) * * @param string $inputFilename * @param string $outputFilename - * @param string $key + * @param Key $key * @return boolean */ - public static function decryptFile($inputFilename, $outputFilename, $key) + public static function decryptFile($inputFilename, $outputFilename, Key $key) { if (!\is_string($inputFilename)) { throw new Ex\InvalidInput( @@ -215,10 +215,10 @@ public static function decryptFile($inputFilename, $outputFilename, $key) * * @param resource $inputHandle * @param resource $outputHandle - * @param string $key + * @param Key $key * @return boolean */ - public static function encryptResource($inputHandle, $outputHandle, $key) + public static function encryptResource($inputHandle, $outputHandle, Key $key) { // Because we don't have strict typing in PHP 5 if (!\is_resource($inputHandle)) { @@ -245,13 +245,6 @@ public static function encryptResource($inputHandle, $outputHandle, $key) ); } - // Sanity check; key must be the appropriate length! - if (Core::ourStrlen($key) !== $config->keyByteSize()) { - throw new Ex\InvalidInput( - 'Invalid key length. Keys should be '.$config->keyByteSize().' bytes long.' - ); - } - /** * Let's split our keys */ @@ -260,7 +253,7 @@ public static function encryptResource($inputHandle, $outputHandle, $key) // $ekey -- Encryption Key -- used for AES $ekey = Core::HKDF( $config->hashFunctionName(), - $key, + $key->getRawBytes(), $config->keyByteSize(), $config->encryptionInfoString(), $file_salt, @@ -270,7 +263,7 @@ public static function encryptResource($inputHandle, $outputHandle, $key) // $akey -- Authentication Key -- used for HMAC $akey = Core::HKDF( $config->hashFunctionName(), - $key, + $key->getRawBytes(), $config->keyByteSize(), $config->authenticationInfoString(), $file_salt, @@ -332,10 +325,11 @@ public static function encryptResource($inputHandle, $outputHandle, $key) * Iterate until we reach the end of the input file */ $breakR = false; - while (!\feof($inputHandle) && !$breakR) { + while (!\feof($inputHandle)) { $pos = \ftell($inputHandle); if ($pos + $config->bufferByteSize() >= $inputSize) { $breakR = true; + // We need to break after this loop iteration $read = self::readBytes( $inputHandle, $inputSize - $pos @@ -376,6 +370,9 @@ public static function encryptResource($inputHandle, $outputHandle, $key) * Update the HMAC for the entire file with the data from this block */ \hash_update($hmac, $encrypted); + if ($breakR) { + break; + } } // Now let's get our HMAC and append it @@ -391,10 +388,10 @@ public static function encryptResource($inputHandle, $outputHandle, $key) * * @param resource $inputHandle * @param resource $outputHandle - * @param string $key + * @param Key $key * @return boolean */ - public static function decryptResource($inputHandle, $outputHandle, $key) + public static function decryptResource($inputHandle, $outputHandle, Key $key) { // Because we don't have strict typing in PHP 5 if (!\is_resource($inputHandle)) { @@ -421,13 +418,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) 'The specified hash function does not exist' ); } - - // Sanity check; key must be the appropriate length! - if (Core::ourStrlen($key) !== $config->keyByteSize()) { - throw new Ex\InvalidInput( - 'Invalid key length. Keys should be '.$config->keyByteSize().' bytes long.' - ); - } + // Let's grab the file salt. $file_salt = self::readBytes($inputHandle, $config->saltByteSize()); @@ -444,7 +435,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) */ $ekey = Core::HKDF( $config->hashFunctionName(), - $key, + $key->getRawBytes(), $config->keyByteSize(), $config->encryptionInfoString(), $file_salt, @@ -456,7 +447,7 @@ public static function decryptResource($inputHandle, $outputHandle, $key) */ $akey = Core::HKDF( $config->hashFunctionName(), - $key, + $key->getRawBytes(), $config->keyByteSize(), $config->authenticationInfoString(), $file_salt, @@ -773,8 +764,6 @@ private static function getFileVersionConfigFromMajorMinor($major, $minor) ); } } - - /** * Read from a stream; prevent partial reads @@ -802,11 +791,9 @@ final public static function readBytes($stream, $num) } $buf = ''; $remaining = $num; - do { - if ($remaining <= 0) { - break; - } + while ($remaining > 0 && !\feof($stream)) { $read = \fread($stream, $remaining); + if ($read === false) { throw new Ex\CannotPerformOperationException( 'Could not read from the file' @@ -814,7 +801,12 @@ final public static function readBytes($stream, $num) } $buf .= $read; $remaining -= Core::ourStrlen($read); - } while ($remaining > 0); + } + if (Core::ourStrlen($buf) !== $num) { + throw new Ex\CannotPerformOperationException( + 'Could not safely read the appropriate number of bytes from the file - possible TOCTOU' + ); + } return $buf; } @@ -825,25 +817,26 @@ final public static function readBytes($stream, $num) * @param string $buf * @param int $num (number of bytes) * @return string - * @throws \RangeException * @throws Ex\CannotPerformOperationException */ final public static function writeBytes($stream, $buf, $num = null) { $bufSize = Core::ourStrlen($buf); - if ($num === null || $num > $bufSize) { + if ($num === null) { $num = $bufSize; } + if ($num > $bufSize) { + throw new Ex\CannotPerformOperationException( + 'Trying to write more bytes than the buffer contains.' + ); + } if ($num < 0) { - throw new \RangeException( + throw new Ex\CannotPerformOperationException( 'Tried to write less than 0 bytes' ); } $remaining = $num; - do { - if ($remaining <= 0) { - break; - } + while ($remaining > 0) { $written = \fwrite($stream, $buf, $remaining); if ($written === false) { throw new Ex\CannotPerformOperationException( @@ -852,7 +845,7 @@ final public static function writeBytes($stream, $buf, $num = null) } $buf = Core::ourSubstr($buf, $written, null); $remaining -= $written; - } while ($remaining > 0); + } return $num; } } diff --git a/src/StreamInterface.php b/src/StreamInterface.php index e31a5e9..0b8a962 100644 --- a/src/StreamInterface.php +++ b/src/StreamInterface.php @@ -9,10 +9,10 @@ interface StreamInterface * * @param string $inputFilename * @param string $outputFilename - * @param string $key + * @param Key $key * @return boolean */ - public static function encryptFile($inputFilename, $outputFilename, $key); + public static function encryptFile($inputFilename, $outputFilename, Key $key); /** * Decrypt the contents at $inputFilename, storing the result in $outputFilename @@ -20,10 +20,10 @@ public static function encryptFile($inputFilename, $outputFilename, $key); * * @param string $inputFilename * @param string $outputFilename - * @param string $key + * @param Key $key * @return boolean */ - public static function decryptFile($inputFilename, $outputFilename, $key); + public static function decryptFile($inputFilename, $outputFilename, Key $key); /** * Encrypt the contents of a file handle $inputHandle and store the results @@ -31,10 +31,10 @@ public static function decryptFile($inputFilename, $outputFilename, $key); * * @param resource $inputHandle * @param resource $outputHandle - * @param string $key + * @param Key $key * @return boolean */ - public static function encryptResource($inputHandle, $outputHandle, $key); + public static function encryptResource($inputHandle, $outputHandle, Key $key); /** * Decrypt the contents of a file handle $inputHandle and store the results @@ -42,8 +42,8 @@ public static function encryptResource($inputHandle, $outputHandle, $key); * * @param resource $inputHandle * @param resource $outputHandle - * @param string $key + * @param Key $key * @return boolean */ - public static function decryptResource($inputHandle, $outputHandle, $key); + public static function decryptResource($inputHandle, $outputHandle, Key $key); } diff --git a/test/stream/decrypt.php b/test/stream/decrypt.php index b9c6a4e..000ab7b 100644 --- a/test/stream/decrypt.php +++ b/test/stream/decrypt.php @@ -8,7 +8,7 @@ $mem = 0; $start_time = $end_time = \microtime(true); -$key = \Defuse\Crypto\Encoding::hexToBin(\file_get_contents('key.txt')); +$key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(\file_get_contents('key.txt')); echo 'Decrypting', "\n", str_repeat('-', 50), "\n\n"; echo "Load Key:\n\t"; diff --git a/test/stream/encrypt.php b/test/stream/encrypt.php index 467b994..835a22c 100644 --- a/test/stream/encrypt.php +++ b/test/stream/encrypt.php @@ -8,7 +8,7 @@ $mem = 0; $start_time = $end_time = \microtime(true); -$key = \Defuse\Crypto\Encoding::hexToBin(\file_get_contents('key.txt')); +$key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(\file_get_contents('key.txt')); echo 'Encrypting', "\n", str_repeat('-', 50), "\n\n"; echo "Load Key:\n\t"; diff --git a/test/stream/error.php b/test/stream/error.php index 31bcc0b..74aa5b9 100644 --- a/test/stream/error.php +++ b/test/stream/error.php @@ -1,7 +1,7 @@ getRawBytes())); +\file_put_contents('key.txt', $key->saveToAsciiSafeString()); From 081f0101c680b097d34c0a3374d8e2f4ffb47c3a Mon Sep 17 00:00:00 2001 From: Scott Date: Thu, 10 Dec 2015 13:33:58 -0500 Subject: [PATCH 5/7] File::encryptFile() and File::decryptFile() should return true. --- src/File.php | 3 +-- test/stream/decrypt.php | 39 ++++++++++++++++++++++++++------------- test/stream/encrypt.php | 37 +++++++++++++++++++++++++------------ 3 files changed, 52 insertions(+), 27 deletions(-) diff --git a/src/File.php b/src/File.php index 8cf8215..5b48e28 100644 --- a/src/File.php +++ b/src/File.php @@ -609,7 +609,6 @@ public static function decryptResource($inputHandle, $outputHandle, Key $key) /** * This loop writes plaintext to the destination file: */ - $result = null; while (!$breakW) { /** * Get the current position @@ -694,7 +693,7 @@ public static function decryptResource($inputHandle, $outputHandle, Key $key) ); } // This should be an integer - return $result; + return true; } /** diff --git a/test/stream/decrypt.php b/test/stream/decrypt.php index 000ab7b..e6710aa 100644 --- a/test/stream/decrypt.php +++ b/test/stream/decrypt.php @@ -9,51 +9,64 @@ $mem = 0; $start_time = $end_time = \microtime(true); $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(\file_get_contents('key.txt')); +$end_time = \microtime(true); echo 'Decrypting', "\n", str_repeat('-', 50), "\n\n"; echo "Load Key:\n\t"; -echo \number_format($end_time - $start_time, 2), +echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; -$end_time = $start_time; -\Defuse\Crypto\File::decryptFile( +$start_time = \microtime(true); +$success = \Defuse\Crypto\File::decryptFile( 'wat-encrypted.data', 'wat-decrypted.jpg', $key ); - $end_time = \microtime(true); + +if (!$success) { + echo 'File did not encrypt successfully.', "\n"; + exit(1); +} echo "wat-encrypted.data:\n\t"; -echo \number_format($end_time - $start_time, 2), +echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; -$end_time = $start_time; -\Defuse\Crypto\File::decryptFile( +$start_time = \microtime(true); +$success = \Defuse\Crypto\File::decryptFile( 'large.data', 'large-decrypted.jpg', $key ); - $end_time = \microtime(true); + +if (!$success) { + echo 'File did not encrypt successfully.', "\n"; + exit(1); +} echo "large.data:\n\t"; -echo \number_format($end_time - $start_time, 2), +echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; -$end_time = $start_time; if (\file_exists('In_the_Conservatory.jpg')) { - \Defuse\Crypto\File::encryptFile( + $start_time = \microtime(true); + $success = \Defuse\Crypto\File::encryptFile( 'In_the_Conservatory.data', 'In_the_Conservatory_decrypted.jpg', $key ); - $end_time = \microtime(true); + + if (!$success) { + echo 'File did not encrypt successfully.', "\n"; + exit(1); + } echo "In_the_Conservatory.data:\n\t"; - echo \number_format($end_time - $start_time, 2), + echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; $end_time = $start_time; diff --git a/test/stream/encrypt.php b/test/stream/encrypt.php index 835a22c..b07cfb2 100644 --- a/test/stream/encrypt.php +++ b/test/stream/encrypt.php @@ -9,53 +9,66 @@ $mem = 0; $start_time = $end_time = \microtime(true); $key = \Defuse\Crypto\Key::LoadFromAsciiSafeString(\file_get_contents('key.txt')); +$end_time = \microtime(true); echo 'Encrypting', "\n", str_repeat('-', 50), "\n\n"; echo "Load Key:\n\t"; -echo \number_format($end_time - $start_time, 2), +echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; -$end_time = $start_time; -\Defuse\Crypto\File::encryptFile( +$start_time = \microtime(true); +$success = \Defuse\Crypto\File::encryptFile( 'wat-gigantic-duck.jpg', 'wat-encrypted.data', $key ); - $end_time = \microtime(true); + +if (!$success) { + echo 'File did not encrypt successfully.', "\n"; + exit(1); +} echo "wat-gigantic-duck.jpg:\n\t"; -echo \number_format($end_time - $start_time, 2), +echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; -$end_time = $start_time; -\Defuse\Crypto\File::encryptFile( +$start_time = \microtime(true); +$success = \Defuse\Crypto\File::encryptFile( 'large.jpg', 'large.data', $key ); $end_time = \microtime(true); + +if (!$success) { + echo 'File did not encrypt successfully.', "\n"; + exit(1); +} echo "large.jpg:\n\t"; -echo \number_format($end_time - $start_time, 2), +echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; -$end_time = $start_time; if (\file_exists('In_the_Conservatory.jpg')) { - \Defuse\Crypto\File::encryptFile( + $start_time = \microtime(true); + $success = \Defuse\Crypto\File::encryptFile( 'In_the_Conservatory.jpg', 'In_the_Conservatory.data', $key ); $end_time = \microtime(true); + if (!$success) { + echo 'File did not encrypt successfully.', "\n"; + exit(1); + } echo "In_the_Conservatory.jpg:\n\t"; - echo \number_format($end_time - $start_time, 2), + echo \number_format($end_time - $start_time, 4), 's (Memory: ', \number_format(\memory_get_usage() / 1024, 2), ' KB)', "\n"; - $end_time = $start_time; } echo 'Peak Memory: ', \number_format(\memory_get_peak_usage() / 1048576, 2), ' MB', "\n\n"; From 1b4f9c0eeca385cdfafef19d0e89cee7d38e0e9b Mon Sep 17 00:00:00 2001 From: Scott Date: Thu, 10 Dec 2015 13:39:43 -0500 Subject: [PATCH 6/7] Minor cleanup. --- src/File.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/File.php b/src/File.php index 5b48e28..f2bb4fb 100644 --- a/src/File.php +++ b/src/File.php @@ -781,13 +781,6 @@ final public static function readBytes($stream, $num) 'Tried to read less than 0 bytes' ); } - $fstat = \fstat($stream); - $pos = \ftell($stream); - if (($pos + $num) > $fstat['size']) { - throw new Ex\CannotPerformOperationException( - 'Out-of-bounds read' - ); - } $buf = ''; $remaining = $num; while ($remaining > 0 && !\feof($stream)) { @@ -803,7 +796,7 @@ final public static function readBytes($stream, $num) } if (Core::ourStrlen($buf) !== $num) { throw new Ex\CannotPerformOperationException( - 'Could not safely read the appropriate number of bytes from the file - possible TOCTOU' + 'Tried to read past the end of the file' ); } return $buf; From f026f8e89b1b64a4c655a5f332f508f472ef00a5 Mon Sep 17 00:00:00 2001 From: Scott Date: Thu, 10 Dec 2015 13:59:50 -0500 Subject: [PATCH 7/7] Remove unnecessary comment --- src/File.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/File.php b/src/File.php index f2bb4fb..6b44fbb 100644 --- a/src/File.php +++ b/src/File.php @@ -692,7 +692,6 @@ public static function decryptResource($inputHandle, $outputHandle, Key $key) Core::ourStrlen($decrypted) ); } - // This should be an integer return true; }