Fix encryption key normalization
This commit is contained in:
parent
d6cceacfcb
commit
1db425f888
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "encrypted_images"
|
name = "encrypted_images"
|
||||||
version = "1.4.0"
|
version = "1.4.1"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
description = "Encrypt Text to Images and decrypt text from images."
|
description = "Encrypt Text to Images and decrypt text from images."
|
||||||
authors = ["Bruce Bates | https://www.linkedin.com/in/bruce-bates/"]
|
authors = ["Bruce Bates | https://www.linkedin.com/in/bruce-bates/"]
|
||||||
|
|
|
||||||
|
|
@ -30,16 +30,13 @@
|
||||||
/// ```
|
/// ```
|
||||||
use subtle::ConstantTimeEq;
|
use subtle::ConstantTimeEq;
|
||||||
use openssl::symm::{decrypt, Cipher};
|
use openssl::symm::{decrypt, Cipher};
|
||||||
use crate::encryption::text::hmac::calculate_hmac;
|
use crate::encryption::text::{hmac::calculate_hmac, normalize_key};
|
||||||
use base64::{Engine as _, engine::{self, general_purpose}, alphabet};
|
use base64::{Engine as _, engine::{self, general_purpose}, alphabet};
|
||||||
const CUSTOM_ENGINE: engine::GeneralPurpose =
|
const CUSTOM_ENGINE: engine::GeneralPurpose =
|
||||||
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
|
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
|
||||||
pub fn decrypts(encoded_result: &str, key: Option<&str>) -> Option<String> {
|
pub fn decrypts(encoded_result: &str, key: Option<&str>) -> Option<String> {
|
||||||
let key = key.unwrap_or("welovenfts");
|
let key = key.unwrap_or("welovenfts");
|
||||||
let mut padded_key = key.as_bytes().to_vec();
|
let padded_key = normalize_key(key);
|
||||||
while padded_key.len() < 16 {
|
|
||||||
padded_key.push(b'\0');
|
|
||||||
}
|
|
||||||
let result_bytes = CUSTOM_ENGINE.decode(encoded_result).ok()?;
|
let result_bytes = CUSTOM_ENGINE.decode(encoded_result).ok()?;
|
||||||
let iv = &result_bytes[..16];
|
let iv = &result_bytes[..16];
|
||||||
let hmac = &result_bytes[16..48];
|
let hmac = &result_bytes[16..48];
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,14 @@
|
||||||
const CUSTOM_ENGINE: engine::GeneralPurpose =
|
const CUSTOM_ENGINE: engine::GeneralPurpose =
|
||||||
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
|
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
|
||||||
|
|
||||||
|
pub(crate) fn normalize_key(key: &str) -> Vec<u8> {
|
||||||
|
let mut padded_key = key.as_bytes().to_vec();
|
||||||
|
while padded_key.len() < 16 {
|
||||||
|
padded_key.push(b'\0');
|
||||||
|
}
|
||||||
|
padded_key.truncate(16);
|
||||||
|
padded_key
|
||||||
|
}
|
||||||
|
|
||||||
pub fn encrypts(input: &str, key: Option<&str>, strength: Option<&str>) -> Option<String> {
|
pub fn encrypts(input: &str, key: Option<&str>, strength: Option<&str>) -> Option<String> {
|
||||||
let cipher = Cipher::aes_128_cbc();
|
let cipher = Cipher::aes_128_cbc();
|
||||||
|
|
@ -79,11 +87,7 @@
|
||||||
let random_bytes = generate_random_bytes(num_bytes);
|
let random_bytes = generate_random_bytes(num_bytes);
|
||||||
iv = CUSTOM_ENGINE.encode(random_bytes);
|
iv = CUSTOM_ENGINE.encode(random_bytes);
|
||||||
}
|
}
|
||||||
let mut padded_key = key.as_bytes().to_vec();
|
let padded_key = normalize_key(key);
|
||||||
while padded_key.len() < 16 {
|
|
||||||
padded_key.push(b'\0');
|
|
||||||
}
|
|
||||||
padded_key.truncate(16);
|
|
||||||
let ciphertext = encrypt(cipher, &padded_key, Some(iv.as_bytes()), input.as_bytes()).unwrap();
|
let ciphertext = encrypt(cipher, &padded_key, Some(iv.as_bytes()), input.as_bytes()).unwrap();
|
||||||
let hmac = calculate_hmac(&ciphertext, &padded_key);
|
let hmac = calculate_hmac(&ciphertext, &padded_key);
|
||||||
if hmac.ct_eq(&calculate_hmac(&ciphertext, &padded_key)).unwrap_u8() == 1 {
|
if hmac.ct_eq(&calculate_hmac(&ciphertext, &padded_key)).unwrap_u8() == 1 {
|
||||||
|
|
@ -114,4 +118,3 @@
|
||||||
rng.fill(&mut random_bytes[..]);
|
rng.fill(&mut random_bytes[..]);
|
||||||
random_bytes
|
random_bytes
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
18
src/lib.rs
18
src/lib.rs
|
|
@ -50,6 +50,24 @@
|
||||||
assert_eq!(decrypted, Some(input.to_string()));
|
assert_eq!(decrypted, Some(input.to_string()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_encrypts_decrypts_with_long_key() {
|
||||||
|
let input = "ThisIsJustaTestString";
|
||||||
|
let key = Some("this_key_is_longer_than_sixteen_bytes");
|
||||||
|
let encrypted = encrypts(input, key.clone(), None);
|
||||||
|
let decrypted = decrypts(encrypted.as_ref().unwrap(), key);
|
||||||
|
assert_eq!(decrypted, Some(input.to_string()));
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_encrypts_decrypts_with_unicode_key() {
|
||||||
|
let input = "ThisIsJustaTestString";
|
||||||
|
let key = Some("密码密码密码密码");
|
||||||
|
let encrypted = encrypts(input, key.clone(), None);
|
||||||
|
let decrypted = decrypts(encrypted.as_ref().unwrap(), key);
|
||||||
|
assert_eq!(decrypted, Some(input.to_string()));
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_encrypts_decrypts_without_key() {
|
fn test_encrypts_decrypts_without_key() {
|
||||||
// Input data to encrypt
|
// Input data to encrypt
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue