Fix encryption key normalization

This commit is contained in:
viraladmin 2026-07-03 12:29:57 -06:00
parent d6cceacfcb
commit 1db425f888
4 changed files with 30 additions and 12 deletions

View File

@ -1,6 +1,6 @@
[package]
name = "encrypted_images"
version = "1.4.0"
version = "1.4.1"
edition = "2021"
description = "Encrypt Text to Images and decrypt text from images."
authors = ["Bruce Bates | https://www.linkedin.com/in/bruce-bates/"]

View File

@ -30,16 +30,13 @@
/// ```
use subtle::ConstantTimeEq;
use openssl::symm::{decrypt, Cipher};
use crate::encryption::text::hmac::calculate_hmac;
use crate::encryption::text::{hmac::calculate_hmac, normalize_key};
use base64::{Engine as _, engine::{self, general_purpose}, alphabet};
const CUSTOM_ENGINE: engine::GeneralPurpose =
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
pub fn decrypts(encoded_result: &str, key: Option<&str>) -> Option<String> {
let key = key.unwrap_or("welovenfts");
let mut padded_key = key.as_bytes().to_vec();
while padded_key.len() < 16 {
padded_key.push(b'\0');
}
let padded_key = normalize_key(key);
let result_bytes = CUSTOM_ENGINE.decode(encoded_result).ok()?;
let iv = &result_bytes[..16];
let hmac = &result_bytes[16..48];

View File

@ -65,6 +65,14 @@
const CUSTOM_ENGINE: engine::GeneralPurpose =
engine::GeneralPurpose::new(&alphabet::STANDARD, general_purpose::PAD);
pub(crate) fn normalize_key(key: &str) -> Vec<u8> {
let mut padded_key = key.as_bytes().to_vec();
while padded_key.len() < 16 {
padded_key.push(b'\0');
}
padded_key.truncate(16);
padded_key
}
pub fn encrypts(input: &str, key: Option<&str>, strength: Option<&str>) -> Option<String> {
let cipher = Cipher::aes_128_cbc();
@ -79,11 +87,7 @@
let random_bytes = generate_random_bytes(num_bytes);
iv = CUSTOM_ENGINE.encode(random_bytes);
}
let mut padded_key = key.as_bytes().to_vec();
while padded_key.len() < 16 {
padded_key.push(b'\0');
}
padded_key.truncate(16);
let padded_key = normalize_key(key);
let ciphertext = encrypt(cipher, &padded_key, Some(iv.as_bytes()), input.as_bytes()).unwrap();
let hmac = calculate_hmac(&ciphertext, &padded_key);
if hmac.ct_eq(&calculate_hmac(&ciphertext, &padded_key)).unwrap_u8() == 1 {
@ -114,4 +118,3 @@
rng.fill(&mut random_bytes[..]);
random_bytes
}

View File

@ -50,6 +50,24 @@
assert_eq!(decrypted, Some(input.to_string()));
}
#[test]
fn test_encrypts_decrypts_with_long_key() {
let input = "ThisIsJustaTestString";
let key = Some("this_key_is_longer_than_sixteen_bytes");
let encrypted = encrypts(input, key.clone(), None);
let decrypted = decrypts(encrypted.as_ref().unwrap(), key);
assert_eq!(decrypted, Some(input.to_string()));
}
#[test]
fn test_encrypts_decrypts_with_unicode_key() {
let input = "ThisIsJustaTestString";
let key = Some("密码密码密码密码");
let encrypted = encrypts(input, key.clone(), None);
let decrypted = decrypts(encrypted.as_ref().unwrap(), key);
assert_eq!(decrypted, Some(input.to_string()));
}
#[test]
fn test_encrypts_decrypts_without_key() {
// Input data to encrypt