GSoC 17 : Client side file crypto : week 6

Note: This is a repost of the original Blog post during GSoC ’17. As my AWS instance went down, I’ve been migrating my old blog posts here.
Originally posted on: 12th July 2017

GSoC 17 : Client side file crypto : week 6

This blog post summarises my sixth week of working with Google Summer of Code 2017 with Drupal.

This week’s work began with finalising and completing the key manager (and all key generations) that will be responsible for the functioning of this module and the key manager on both the front and backend were completed and pushed to the js_key_manager branch. One of the bugs that I was encountering in JS made me rewrite the code for that complete script. But finally after it worked, seeing the following screen, where there were no more null or false values in the variables, i exclaimed, “yay!”

The above screen capture shows the variable dump for various stages inside the new access key generation JS script. As this script has several nested AJAX requests and multiple encryption and decryption processes incorporated into those functions, a bug that occured in the previous code was that at some stages, the result of some operations came out to be null.

As I began work with the other part, I committed all my code and then switched to a new branch “js_encrypt”.

File encryption

Last week, I had tried the encryption of files in a sandbox so this week I worked on binding that JS to the actual page where it is supposed to be implemented, the add new node page. The JS was added using the hook client_side_file_crypto_form_node_article_form_alter()

To attach the “client_side_file_crypto/csfcEncrypt” library defined in the libraries.yaml file, the $form[‘#attached’] was used inside that hook.

I had to call the function on an event of when the file form field is changed,

And overriding the default upload action by using event.preventDefault();

For testing if the form alter and the JS overriding worked, I initially used an alert box, after clearing the cache, voila! It worked!

After confirmation from this alert message, I proceeded on porting my code from the sandbox to the JS file that was attached to the new node form. This concluded the encryption part of the module and am currently looking into which part of the core JS handles the asynchronous file uploads. After overriding that pipeline, I will be sending the new encrypted file over the AJAX call rather than the original cleartext file.

Also after this week’s meeting with Colan and Talha, Talha pointed out that the Math.random() function for generating the symmetric key was not cryptographically reliable.

I’ll be beginning this week’s work with fixing code according to the code review. After finding and overriding that code, I will be working on fetching the file and in the decryption of the file in the upcoming week and also look into some libraries that provide generation of cryptographically secure random strings for the AES encryption part.