From 167c16b57434335ba13ae07eaed232b0b4faf08f Mon Sep 17 00:00:00 2001 From: Uncled1023 Date: Fri, 29 Jan 2016 11:55:53 -0800 Subject: [PATCH] Modified stored filename to not include full path --- .../Areas/Upload/Controllers/UploadController.cs | 11 +++++--- Teknik/Areas/Upload/Uploader.cs | 5 ++-- Teknik/Helpers/Crypto.cs | 33 ++++++++++++++++++---- 3 files changed, 37 insertions(+), 12 deletions(-) diff --git a/Teknik/Areas/Upload/Controllers/UploadController.cs b/Teknik/Areas/Upload/Controllers/UploadController.cs index d656943..0dbac4d 100644 --- a/Teknik/Areas/Upload/Controllers/UploadController.cs +++ b/Teknik/Areas/Upload/Controllers/UploadController.cs @@ -109,6 +109,7 @@ namespace Teknik.Areas.Upload.Controllers upload.Downloads += 1; db.Entry(upload).State = EntityState.Modified; db.SaveChanges(); + // We don't have the key, so we need to decrypt it client side if (string.IsNullOrEmpty(upload.Key) && !string.IsNullOrEmpty(upload.IV)) { @@ -122,11 +123,12 @@ namespace Teknik.Areas.Upload.Controllers } else // We have the key, so that means server side decryption { - if (System.IO.File.Exists(upload.FileName)) + string subDir = upload.FileName[0].ToString(); + string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName); + if (System.IO.File.Exists(filePath)) { // Read in the file - byte[] data = System.IO.File.ReadAllBytes(upload.FileName); - + byte[] data = System.IO.File.ReadAllBytes(filePath); // If the IV is set, and Key is set, then decrypt it if (!string.IsNullOrEmpty(upload.Key) && !string.IsNullOrEmpty(upload.IV)) { @@ -162,7 +164,8 @@ namespace Teknik.Areas.Upload.Controllers Models.Upload upload = db.Uploads.Where(up => up.Url == file).FirstOrDefault(); if (upload != null) { - string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, upload.FileName); + string subDir = upload.FileName[0].ToString(); + string filePath = Path.Combine(Config.UploadConfig.UploadDirectory, subDir, upload.FileName); if (System.IO.File.Exists(filePath)) { byte[] buffer; diff --git a/Teknik/Areas/Upload/Uploader.cs b/Teknik/Areas/Upload/Uploader.cs index 5247219..9dc42f3 100644 --- a/Teknik/Areas/Upload/Uploader.cs +++ b/Teknik/Areas/Upload/Uploader.cs @@ -40,10 +40,11 @@ namespace Teknik.Areas.Upload } // Generate a unique file name that does not currently exist - string fileName = Utility.GenerateUniqueFileName(config.UploadConfig.UploadDirectory, config.UploadConfig.FileExtension, 10); + string filePath = Utility.GenerateUniqueFileName(config.UploadConfig.UploadDirectory, config.UploadConfig.FileExtension, 10); + string fileName = Path.GetFileName(filePath); // once we have the filename, lets save the file - File.WriteAllBytes(fileName, file); + File.WriteAllBytes(filePath, file); // Generate a unique url string extension = (config.UploadConfig.IncludeExtension) ? Utility.GetDefaultExtension(contentType, defaultExtension) : string.Empty; diff --git a/Teknik/Helpers/Crypto.cs b/Teknik/Helpers/Crypto.cs index f3b0f31..80cabb1 100644 --- a/Teknik/Helpers/Crypto.cs +++ b/Teknik/Helpers/Crypto.cs @@ -63,30 +63,51 @@ namespace Teknik.Helpers public class AES { + public static byte[] Decrypt(byte[] data, byte[] key, byte[] iv) + { + return Decrypt(data, key, iv, "CTR", "NoPadding"); + } public static byte[] Decrypt(byte[] data, string key, string iv) { byte[] keyBytes = Encoding.UTF8.GetBytes(key); byte[] ivBytes = Encoding.UTF8.GetBytes(iv); - return Decrypt(data, keyBytes, ivBytes); + return Decrypt(data, keyBytes, ivBytes, "CTR", "NoPadding"); } - public static byte[] Decrypt(byte[] data, byte[] key, byte[] iv) + public static byte[] DecryptCBC(byte[] data, string key, string iv) { - IBufferedCipher cipher = CipherUtilities.GetCipher("AES/CTR/NoPadding"); + byte[] keyBytes = Encoding.UTF8.GetBytes(key); + byte[] ivBytes = Encoding.UTF8.GetBytes(iv); + return Decrypt(data, keyBytes, ivBytes, "CBC", "PKCS5PADDING"); + } + public static byte[] Decrypt(byte[] data, byte[] key, byte[] iv, string mode, string padding) + { + IBufferedCipher cipher = CipherUtilities.GetCipher("AES/" + mode + "/" + padding); cipher.Init(false, new ParametersWithIV(ParameterUtilities.CreateKeyParameter("AES", key), iv)); return cipher.DoFinal(data); } + + public static byte[] Encrypt(byte[] data, byte[] key, byte[] iv) + { + return Encrypt(data, key, iv, "CTR", "NoPadding"); + } public static byte[] Encrypt(byte[] data, string key, string iv) { byte[] keyBytes = Encoding.UTF8.GetBytes(key); byte[] ivBytes = Encoding.UTF8.GetBytes(iv); - return Encrypt(data, keyBytes, ivBytes); + return Encrypt(data, keyBytes, ivBytes, "CTR", "NoPadding"); } - public static byte[] Encrypt(byte[] data, byte[] key, byte[] iv) + public static byte[] EncryptCBC(byte[] data, string key, string iv) + { + byte[] keyBytes = Encoding.UTF8.GetBytes(key); + byte[] ivBytes = Encoding.UTF8.GetBytes(iv); + return Encrypt(data, keyBytes, ivBytes, "CBC", "PKCS5PADDING"); + } + public static byte[] Encrypt(byte[] data, byte[] key, byte[] iv, string mode, string padding) { - IBufferedCipher cipher = CipherUtilities.GetCipher("AES/CTR/NoPadding"); + IBufferedCipher cipher = CipherUtilities.GetCipher("AES/" + mode + "/" + padding); cipher.Init(true, new ParametersWithIV(ParameterUtilities.CreateKeyParameter("AES", key), iv));