diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm index 9bae6841c..179c92036 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm @@ -162,12 +162,23 @@ sub _cryptHex { "Lemonldap::NG::Common::Crypto::${sub}Hex error : data length must be multiple of 32"; return undef; } + my $iv; + if($sub eq 'encrypt') { + $iv = $newIv->(); + } $data = pack "H*", $data; - eval { $data = $self->_getCipher($key)->$sub($data); }; + if($sub eq 'decrypt') { + $iv = bytes::substr($data,0,16); + $data = bytes::substr($data,16); + } + eval { $data = $self->_getCipher($key)->set_iv($iv)->$sub($data); }; if ($@) { $msg = "Crypt::Rijndael error : $@"; return undef; } + if($sub eq 'encrypt') { + $data = $iv.$data; + } $msg = ""; $data = unpack "H*", $data; return $data; diff --git a/lemonldap-ng-common/t/35-Common-Crypto.t b/lemonldap-ng-common/t/35-Common-Crypto.t index d0edd23dc..3d682d7f6 100644 --- a/lemonldap-ng-common/t/35-Common-Crypto.t +++ b/lemonldap-ng-common/t/35-Common-Crypto.t @@ -5,7 +5,7 @@ # change 'tests => 1' to 'tests => last_test_to_print'; -use Test::More tests => 21; +use Test::More tests => 22; use Digest::MD5 qw(md5 md5_hex md5_base64); use strict; @@ -30,7 +30,11 @@ foreach my $i ( 1 .. 17 ) { my $s = ''; $s = join( '', map { chr( int( rand(94) ) + 33 ) } ( 1 .. $i ) ); ok( $c->decrypt( $c->encrypt($s) ) eq $s, - "Test of base64 encrypting with $i characters string" ) or diag "Source: $s\nCypher: ".$c->encrypt($s)."\nUncipher:".$c->decrypt( $c->encrypt($s)); + "Test of base64 encrypting with $i characters string" ) + or diag "Source: $s\nCypher: " + . $c->encrypt($s) + . "\nUncipher:" + . $c->decrypt( $c->encrypt($s) ); } my $data = md5_hex(rand); @@ -42,4 +46,9 @@ ok( # Test a long value, and replace carriage return by %0A my $long = "f5a1f72e7ab2f7712855a068af0066f36bfcf2c87e6feb9cf4200da1868e1dfe"; -ok( $c->decrypt($c->encrypt($long)) eq $long, "Test of long value encrypting" ); +ok( $c->decrypt( $c->encrypt($long) ) eq $long, + "Test of long value encrypting" ); +ok( + $c->decryptHex( $c->encryptHex($long) ) eq $long, + "Test of long value encrypting (hex)" +); diff --git a/lemonldap-ng-portal/t/59-Double-cookies-for-a-Single-session.t b/lemonldap-ng-portal/t/59-Double-cookies-for-a-Single-session.t index 25de134f1..8d6d81def 100644 --- a/lemonldap-ng-portal/t/59-Double-cookies-for-a-Single-session.t +++ b/lemonldap-ng-portal/t/59-Double-cookies-for-a-Single-session.t @@ -44,8 +44,8 @@ my $id1 = expectCookie($res); my $id2 = expectCookie( $res, 'lemonldaphttp' ); # Check lemonldap Cookie -ok( $id1 =~ /^\w{64}$/, " -> Get cookie : lemonldap=something" ) - or explain( $res->[1], "Set-Cookie: lemonldap=$id1" ); +ok( $id1 =~ /^\w{64}$/, " -> https cookie is 64 char long" ) + or explain( $id1, '64-char string' ); ok( ${ $res->[1] }[3] =~ /HttpOnly=1/, " -> Cookie 'lemonldap' is HttpOnly" ) or explain( $res->[1] ); ok( ${ $res->[1] }[3] =~ /secure/, " -> Cookie 'lemonldap' is secure" ) @@ -53,8 +53,8 @@ ok( ${ $res->[1] }[3] =~ /secure/, " -> Cookie 'lemonldap' is secure" ) count(3); # Check lemonldaphttp Cookie -ok( $id2 =~ /^\w{64}$/, " -> Get cookie lemonldaphttp=something" ) - or explain( $res->[1], "Set-Cookie: lemonldaphttp=$id2" ); +ok( length($id2) % 32 == 0, " -> http cookie is 96 byte long" ) + or explain( $id2, '\w x 32 string' ); ok( ${ $res->[1] }[5] =~ /HttpOnly=1/, " -> Cookie 'lemonldaphttp' is HttpOnly"