dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add MAC verification to crypto

Browse Source
This commit is contained in:
Xavier 2019-06-27 20:48:01 +02:00
parent cc8c5e057e
commit b1f12b72e5
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
View File

@ -71,10 +71,11 @@ sub encrypt {
$data .= "\0" x ( 16 - $l ) unless ( $l == 0 ); $data .= "\0" x ( 16 - $l ) unless ( $l == 0 );
my $iv = $low ? md5( rand() . time . {} ) : $newIv->(); my $iv = $low ? md5( rand() . time . {} ) : $newIv->();
my $hmac = md5($data);
eval { eval {
$data = $data =
encode_base64( $iv . $self->_getCipher->set_iv($iv)->encrypt($data), encode_base64(
'' ); $iv . $hmac . $self->_getCipher->set_iv($iv)->encrypt($data), '' );
}; };
if ($@) { if ($@) {
$msg = "Crypt::Rijndael error : $@"; $msg = "Crypt::Rijndael error : $@";
@ -100,13 +101,18 @@ sub decrypt {
$data = decode_base64($data); $data = decode_base64($data);
my $iv; my $iv;
$iv = bytes::substr( $data, 0, 16 ); $iv = bytes::substr( $data, 0, 16 );
$data = bytes::substr( $data, 16 ); my $hmac = bytes::substr( $data, 16, 16 );
$data = bytes::substr( $data, 32 );
eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); }; eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); };
if ($@) { if ($@) {
$msg = "Crypt::Rijndael error : $@"; $msg = "Crypt::Rijndael error : $@";
return undef; return undef;
} }
if ( md5($data) ne $hmac ) {
$msg = "Bad MAC";
return undef;
}
else { else {
$msg = ''; $msg = '';
@ -163,21 +169,21 @@ sub _cryptHex {
return undef; return undef;
} }
my $iv; my $iv;
if($sub eq 'encrypt') { if ( $sub eq 'encrypt' ) {
$iv = $newIv->(); $iv = $newIv->();
} }
$data = pack "H*", $data; $data = pack "H*", $data;
if($sub eq 'decrypt') { if ( $sub eq 'decrypt' ) {
$iv = bytes::substr($data,0,16); $iv = bytes::substr( $data, 0, 16 );
$data = bytes::substr($data,16); $data = bytes::substr( $data, 16 );
} }
eval { $data = $self->_getCipher($key)->set_iv($iv)->$sub($data); }; eval { $data = $self->_getCipher($key)->set_iv($iv)->$sub($data); };
if ($@) { if ($@) {
$msg = "Crypt::Rijndael error : $@"; $msg = "Crypt::Rijndael error : $@";
return undef; return undef;
} }
if($sub eq 'encrypt') { if ( $sub eq 'encrypt' ) {
$data = $iv.$data; $data = $iv . $data;
} }
$msg = ""; $msg = "";
$data = unpack "H*", $data; $data = unpack "H*", $data;