dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add MAC verification to crypto

This commit is contained in:
Xavier 2019-06-27 20:48:01 +02:00
parent cc8c5e057e
commit b1f12b72e5
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
View File

@ -71,10 +71,11 @@ sub encrypt {
$data .= "\0" x ( 16 - $l ) unless ( $l == 0 );
my $iv = $low ? md5( rand() . time . {} ) : $newIv->();
my $hmac = md5($data);
eval {
$data =
encode_base64( $iv . $self->_getCipher->set_iv($iv)->encrypt($data),
'' );
encode_base64(
$iv . $hmac . $self->_getCipher->set_iv($iv)->encrypt($data), '' );
};
if ($@) {
$msg = "Crypt::Rijndael error : $@";
@ -100,13 +101,18 @@ sub decrypt {
$data = decode_base64($data);
my $iv;
$iv = bytes::substr( $data, 0, 16 );
$data = bytes::substr( $data, 16 );
my $hmac = bytes::substr( $data, 16, 16 );
$data = bytes::substr( $data, 32 );
eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); };
if ($@) {
$msg = "Crypt::Rijndael error : $@";
return undef;
}
if ( md5($data) ne $hmac ) {
$msg = "Bad MAC";
return undef;
}
else {
$msg = '';
@ -163,21 +169,21 @@ sub _cryptHex {
return undef;
}
my $iv;
if($sub eq 'encrypt') {
if ( $sub eq 'encrypt' ) {
$iv = $newIv->();
}
$data = pack "H*", $data;
if($sub eq 'decrypt') {
$iv = bytes::substr($data,0,16);
$data = bytes::substr($data,16);
if ( $sub eq 'decrypt' ) {
$iv = bytes::substr( $data, 0, 16 );
$data = bytes::substr( $data, 16 );
}
eval { $data = $self->_getCipher($key)->set_iv($iv)->$sub($data); };
if ($@) {
$msg = "Crypt::Rijndael error : $@";
return undef;
}
if($sub eq 'encrypt') {
$data = $iv.$data;
if ( $sub eq 'encrypt' ) {
$data = $iv . $data;
}
$msg = "";
$data = unpack "H*", $data;