Fix encryption key normalization
This commit is contained in:
parent
d6cceacfcb
commit
1db425f888
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "encrypted_images"
|
||||
version = "1.4.0"
|
||||
version = "1.4.1"
|
||||
edition = "2021"
|
||||
description = "Encrypt Text to Images and decrypt text from images."
|
||||
authors = ["Bruce Bates | https://www.linkedin.com/in/bruce-bates/"]
|
||||
|
|
|
|||
|
|
@ -30,16 +30,13 @@
|
|||
/// ```
|
||||
use subtle::ConstantTimeEq;
|
||||
use openssl::symm::{decrypt, Cipher};
|
||||
use crate::encryption::text::hmac::calculate_hmac;
|
||||
use crate::encryption::text::{hmac::calculate_hmac, normalize_key};
|
||||
use base64::{Engine as _, engine::{self, general_purpose}, alphabet};
|
||||
const CUSTOM_ENGINE: engine::GeneralPurpose =
|
||||
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
|
||||
pub fn decrypts(encoded_result: &str, key: Option<&str>) -> Option<String> {
|
||||
let key = key.unwrap_or("welovenfts");
|
||||
let mut padded_key = key.as_bytes().to_vec();
|
||||
while padded_key.len() < 16 {
|
||||
padded_key.push(b'\0');
|
||||
}
|
||||
let padded_key = normalize_key(key);
|
||||
let result_bytes = CUSTOM_ENGINE.decode(encoded_result).ok()?;
|
||||
let iv = &result_bytes[..16];
|
||||
let hmac = &result_bytes[16..48];
|
||||
|
|
|
|||
|
|
@ -65,6 +65,14 @@
|
|||
const CUSTOM_ENGINE: engine::GeneralPurpose =
|
||||
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
|
||||
|
||||
pub(crate) fn normalize_key(key: &str) -> Vec<u8> {
|
||||
let mut padded_key = key.as_bytes().to_vec();
|
||||
while padded_key.len() < 16 {
|
||||
padded_key.push(b'\0');
|
||||
}
|
||||
padded_key.truncate(16);
|
||||
padded_key
|
||||
}
|
||||
|
||||
pub fn encrypts(input: &str, key: Option<&str>, strength: Option<&str>) -> Option<String> {
|
||||
let cipher = Cipher::aes_128_cbc();
|
||||
|
|
@ -79,11 +87,7 @@
|
|||
let random_bytes = generate_random_bytes(num_bytes);
|
||||
iv = CUSTOM_ENGINE.encode(random_bytes);
|
||||
}
|
||||
let mut padded_key = key.as_bytes().to_vec();
|
||||
while padded_key.len() < 16 {
|
||||
padded_key.push(b'\0');
|
||||
}
|
||||
padded_key.truncate(16);
|
||||
let padded_key = normalize_key(key);
|
||||
let ciphertext = encrypt(cipher, &padded_key, Some(iv.as_bytes()), input.as_bytes()).unwrap();
|
||||
let hmac = calculate_hmac(&ciphertext, &padded_key);
|
||||
if hmac.ct_eq(&calculate_hmac(&ciphertext, &padded_key)).unwrap_u8() == 1 {
|
||||
|
|
@ -114,4 +118,3 @@
|
|||
rng.fill(&mut random_bytes[..]);
|
||||
random_bytes
|
||||
}
|
||||
|
||||
|
|
|
|||
18
src/lib.rs
18
src/lib.rs
|
|
@ -50,6 +50,24 @@
|
|||
assert_eq!(decrypted, Some(input.to_string()));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_encrypts_decrypts_with_long_key() {
|
||||
let input = "ThisIsJustaTestString";
|
||||
let key = Some("this_key_is_longer_than_sixteen_bytes");
|
||||
let encrypted = encrypts(input, key.clone(), None);
|
||||
let decrypted = decrypts(encrypted.as_ref().unwrap(), key);
|
||||
assert_eq!(decrypted, Some(input.to_string()));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_encrypts_decrypts_with_unicode_key() {
|
||||
let input = "ThisIsJustaTestString";
|
||||
let key = Some("密码密码密码密码");
|
||||
let encrypted = encrypts(input, key.clone(), None);
|
||||
let decrypted = decrypts(encrypted.as_ref().unwrap(), key);
|
||||
assert_eq!(decrypted, Some(input.to_string()));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_encrypts_decrypts_without_key() {
|
||||
// Input data to encrypt
|
||||
|
|
|
|||
Loading…
Reference in New Issue