Merge pull request #14 from maxlaverse/release_encryption

Release encryption

Author: maxlaverse

.github/workflows/workflow.yaml

@@ -8,10 +8,16 @@ jobs:
     - uses: actions/checkout@master
 
     - name: run tests for library
-      uses: cedrickring/golang-action@1.6.0
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.18
+        stable: false
 
     - name: run tests for cli
-      uses: cedrickring/golang-action@1.6.0
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.18
+        stable: false
       env:
         PROJECT_PATH: "./cli/synocrypto"
         CI: "true"

README.md

@@ -1,4 +1,4 @@
-# Synology Cloud Sync decryption in Go
+# Synology Cloud Sync encryption/decryption in Go
 
 [![GoDoc](https://godoc.org/github.com/maxlaverse/synocrypto?status.svg)](https://godoc.org/github.com/maxlaverse/synocrypto)
 [![test](https://github.com/maxlaverse/synocrypto/actions/workflows/workflow.yaml/badge.svg)](https://github.com/maxlaverse/synocrypto/actions/workflows/workflow.yaml)
@@ -45,7 +45,7 @@ GLOBAL OPTIONS:
 
 ## Library
 
-### Usage
+### Decryption Usage
 
 ```go
 encFile, err := os.Open("./my-encrypted-file.jpg")
@@ -70,18 +70,36 @@ if err != nil {
 }
 ```
 
-### Encryption Support
+### Encryption Usage
 
-The library has a prototype implementation for encrypting files.
-Files encrypted with it can often (always?) be decrypted using the library again.
-However, Cloudsync sometimes fails to decrypt them with errors related to compression:
-```
-Sep 16 22:54:25 [ERROR] lz4-processor.cpp(239): LZ4F_decompress LOGIC ERROR: inbuf_consumed='0' inbuf_size='8'
-Sep 16 22:54:25 [ERROR] pipeline.cpp(119): Failed when read
-Sep 16 22:54:25 [ERROR] encrypt-file.cpp(148): Failed when reading from decryptor.
-Sep 16 22:54:25 [WARNING] worker.cpp(3211): Worker (15): Failed to decrypt file
+```go
+plainFile, err := os.Open("./my-plain-file.jpg")
+if err != nil {
+      panic(err)
+}
+defer plainFile.Close()
+
+encFile, err := os.OpenFile("./my-encrypted-file.jpg", os.O_CREATE|os.O_WRONLY, 0644)
+if err != nil {
+      panic(err)
+}
+defer encFile.Close()
+
+privateKey, err := ioutil.ReadFile("private.pem")
+if err != nil {
+      panic(err)
+}
+
+encrypter := synocrypto.NewEncrypter(synocrypto.EncrypterOptions{
+      Password: "synocrypto",
+      PrivateKey: privateKey,
+})
+
+err = encrypter.Encrypt(plainFile, encFile)
+if err != nil {
+      panic(err)
+}
 ```
 
-I haven't had the time to debug this further.
 
 [releases]: https://github.com/maxlaverse/synocrypto/releases

cli/synocrypto/go.mod

@@ -1,6 +1,6 @@
 module github.com/maxlaverse/synocrypto/cli/synocrypto
 
-go 1.16
+go 1.18
 
 require (
 	github.com/maxlaverse/synocrypto v0.0.0-20210411154523-101d272bbf64

go.mod

@@ -1,6 +1,6 @@
 module github.com/maxlaverse/synocrypto
 
-go 1.17
+go 1.18
 
 require (
 	github.com/pierrec/lz4/v4 v4.1.14

pkg/crypto/decrypter.go

@@ -12,6 +12,8 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
+
+	"github.com/maxlaverse/synocrypto/pkg/log"
 )
 
 const (
@@ -27,6 +29,7 @@ type decrypter struct {
 	mode             cipher.BlockMode
 	bufferedBlock    []byte
 	out              io.Writer
+	blockIndex       int
 }
 
 // PublicKeyFromPrivateKey generates the public key corresponding to a given
@@ -107,27 +110,32 @@ func newAESCBCDecrypter(key, iv []byte, out io.Writer) io.WriteCloser {
 
 // Write always buffers the decrypted data and writes it on the next call to Write() or Close()
 func (d *decrypter) Write(p []byte) (int, error) {
-	var n int
 	if d.hasBufferedBlock {
-		var err error
-		n, err = d.out.Write(d.bufferedBlock)
+		err := d.flushBuffer()
 		if err != nil {
-			return n, fmt.Errorf("error flushing buffered block: %w", err)
+			return -1, err
 		}
-		d.hasBufferedBlock = false
 	}
 
-	if len(p) == 0 {
-		return n, nil
+	if len(p) != 0 {
+		err := d.bufferData(p)
+		if err != nil {
+			return -1, err
+		}
 	}
+	return len(p), nil
+}
+
+func (d *decrypter) bufferData(p []byte) error {
+	log.Debugf("Buffering %d bytes of encrypted data", len(p))
 
 	if len(d.bufferedBlock) < len(p) {
 		d.bufferedBlock = make([]byte, len(p))
 	} else if len(d.bufferedBlock) > len(p) {
 		d.bufferedBlock = d.bufferedBlock[:len(p)]
 	}
 
-	err := func() (err error) {
+	return func() (err error) {
 		defer func() {
 			if r := recover(); r != nil {
 				err = fmt.Errorf("CryptBlocks paniced: %v", r)
@@ -138,25 +146,38 @@ func (d *decrypter) Write(p []byte) (int, error) {
 		d.hasBufferedBlock = true
 		return
 	}()
-	return n, err
 }
 
-func (d *decrypter) flushBufferWithoutPadding() (int, error) {
+func (d *decrypter) flushBuffer() error {
+	d.blockIndex += 1
+	log.Debugf("Block #%d - Writing out %d decrypted bytes", d.blockIndex, len(d.bufferedBlock))
+
+	_, err := d.out.Write(d.bufferedBlock)
+	if err != nil {
+		return fmt.Errorf("error flushing buffered block: %w", err)
+	}
+	d.hasBufferedBlock = false
+	return nil
+}
+
+func (d *decrypter) flushBufferWithoutPadding() error {
 	if !d.hasBufferedBlock {
-		return -1, nil
+		return nil
 	}
 
 	var err error
+	sizeBeforeUnpadding := len(d.bufferedBlock)
 	d.bufferedBlock, err = pkcs7Unpad(d.bufferedBlock, d.mode.BlockSize())
+	log.Debugf("Removing %d bytes of padding to the plain data", sizeBeforeUnpadding-len(d.bufferedBlock))
 	if err != nil {
-		return -1, fmt.Errorf("unable to unpad data: %w", err)
+		return fmt.Errorf("unable to unpad data: %w", err)
 	}
 
-	return d.Write(nil)
+	return d.flushBuffer()
 }
 
 func (d *decrypter) Close() error {
-	_, err := d.flushBufferWithoutPadding()
+	err := d.flushBufferWithoutPadding()
 
 	if v, ok := d.out.(io.WriteCloser); ok {
 		if err := v.Close(); err != nil {

pkg/crypto/encrypter.go

@@ -11,13 +11,15 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
+
+	"github.com/maxlaverse/synocrypto/pkg/log"
 )
 
 const (
 	// maxBlockSize is the maximum size an object can have. If the limit
 	// is cross, CloudSync complains about it and says it considers the file
-	// to be corrupted. This size seems to be 8192 but we're being conservative.
-	maxBlockSize = 4096
+	// to be corrupted.
+	maxBlockSize = 8192
 )
 
 // EncryptOnceWithPasswordAndSalt encrypts a single blob of data with
@@ -99,21 +101,22 @@ type encrypter struct {
 	mode             cipher.BlockMode
 	bufferedBlock    []byte
 	out              io.Writer
+	blockIndex       int
 }
 
-func (d *encrypter) Write(p []byte) (int, error) {
-	if len(p) == 0 {
-		return d.write(nil)
-	}
+func (e *encrypter) Write(p []byte) (int, error) {
+	return e.writeInChunks(p, maxBlockSize)
+}
 
+func (e *encrypter) writeInChunks(p []byte, size int) (int, error) {
 	written := 0
-	for start := 0; start < len(p); start += maxBlockSize {
-		end := start + maxBlockSize
+	for start := 0; start <= len(p); start += size {
+		end := start + size
 		if end > len(p) {
 			end = len(p)
 		}
 
-		n, err := d.write(p[start:end])
+		n, err := e.write(p[start:end])
 		written = written + n
 		if err != nil {
 			return written, err
@@ -122,66 +125,76 @@ func (d *encrypter) Write(p []byte) (int, error) {
 	return written, nil
 }
 
-func (d *encrypter) write(p []byte) (int, error) {
-	if d.hasBufferedBlock {
-		lastBlockEncrypted := make([]byte, len(d.bufferedBlock))
-
-		err := func() (err error) {
-			defer func() {
-				if r := recover(); r != nil {
-					err = fmt.Errorf("CryptBlocks paniced: %v", r)
-				}
-			}()
-
-			d.mode.CryptBlocks(lastBlockEncrypted, d.bufferedBlock)
-			return
-		}()
+func (e *encrypter) write(p []byte) (int, error) {
+	if e.hasBufferedBlock {
+		err := e.encryptAndFlushBuffer()
 		if err != nil {
-			return -1, fmt.Errorf("error crypting block: %w", err)
+			return -1, err
 		}
+	}
 
-		n, err := d.out.Write(lastBlockEncrypted)
-		if err != nil {
-			return n, fmt.Errorf("error flushing block: %w", err)
-		}
-		d.hasBufferedBlock = false
+	if len(p) != 0 {
+		e.bufferData(p)
 	}
+	return len(p), nil
+}
 
-	// We have to return len(p) instead of what was really written
-	// to the output, or io.Copy() returns 'short write' error.
-	if len(p) == 0 {
-		return len(p), nil
+func (e *encrypter) bufferData(p []byte) {
+	log.Debugf("Buffering %d bytes of plain data", len(p))
+	e.bufferedBlock = make([]byte, len(p))
+	copy(e.bufferedBlock, p)
+
+	e.hasBufferedBlock = true
+}
+
+func (e *encrypter) encryptAndFlushBuffer() error {
+	encryptedBlock := make([]byte, len(e.bufferedBlock))
+
+	err := func() (err error) {
+		defer func() {
+			if r := recover(); r != nil {
+				err = fmt.Errorf("CryptBlocks paniced: %v", r)
+			}
+		}()
+
+		e.mode.CryptBlocks(encryptedBlock, e.bufferedBlock)
+		return
+	}()
+	if err != nil {
+		return fmt.Errorf("error crypting block: %w", err)
 	}
 
-	if len(d.bufferedBlock) < len(p) {
-		d.bufferedBlock = make([]byte, len(p))
-	} else if len(d.bufferedBlock) > len(p) {
-		d.bufferedBlock = d.bufferedBlock[:len(p)]
+	e.blockIndex += 1
+	log.Debugf("Block #%d - Writting out %d encrypted bytes ", e.blockIndex, len(encryptedBlock))
+	_, err = e.out.Write(encryptedBlock)
+	if err != nil {
+		return fmt.Errorf("error flushing block: %w", err)
 	}
-	copy(d.bufferedBlock, p)
 
-	d.hasBufferedBlock = true
-	return len(p), nil
+	e.hasBufferedBlock = false
+	return nil
 }
 
-func (d *encrypter) flushBufferWithPadding() (int, error) {
-	if !d.hasBufferedBlock {
-		return -1, nil
+func (e *encrypter) encryptAndFlushBufferWithPadding() error {
+	if !e.hasBufferedBlock {
+		return nil
 	}
 
 	var err error
-	d.bufferedBlock, err = pkcs7Pad(d.bufferedBlock, d.mode.BlockSize())
+	sizeBeforePadding := len(e.bufferedBlock)
+	e.bufferedBlock, err = pkcs7Pad(e.bufferedBlock, e.mode.BlockSize())
+	log.Debugf("Adding %d bytes of padding to the plain data", len(e.bufferedBlock)-sizeBeforePadding)
+
 	if err != nil {
-		return -1, fmt.Errorf("unable to pad data: %w", err)
+		return fmt.Errorf("unable to pad data: %w", err)
 	}
-
-	return d.Write(nil)
+	return e.encryptAndFlushBuffer()
 }
 
-func (d *encrypter) Close() error {
-	_, err := d.flushBufferWithPadding()
+func (e *encrypter) Close() error {
+	err := e.encryptAndFlushBufferWithPadding()
 
-	if v, ok := d.out.(io.WriteCloser); ok {
+	if v, ok := e.out.(io.WriteCloser); ok {
 		if err := v.Close(); err != nil {
 			return err
 		}

pkg/crypto/encrypter_test.go

@@ -42,7 +42,7 @@ func TestEncrypt(t *testing.T) {
 			decrypter := NewDecrypterWithPasswordAndSalt([]byte(tc.givenSessionKey), []byte{}, &outputDecrypted)
 			n, err = decrypter.Write(outputEncrypted.Bytes())
 			assert.NoError(t, err)
-			assert.Equal(t, 0, n)
+			assert.Equal(t, outputEncrypted.Len(), n)
 
 			err = decrypter.Close()
 			assert.NoError(t, err)

synocrypto.go

@@ -65,6 +65,9 @@ type EncrypterOptions struct {
 
 	// DisableDigestGeneration allows to disable the md5 checksum computation.
 	DisableDigestGeneration bool
+
+	// DisableIntegrityCheck disables the check that what was encrypted can be decrypted.
+	DisableIntegrityCheck bool
 }
 
 // NewEncrypter returns a new encrypter