Skip to content

Commit 8f346fa

Browse files
author
Inbal Tako
committed
Fix decrypt algorithm
1 parent 9d1ce7e commit 8f346fa

File tree

3 files changed

+39
-24
lines changed

3 files changed

+39
-24
lines changed

lib/securenative/config.rb

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,5 @@ module Config
77
VERIFY_EVENT = "/verify"
88
FLOW_EVENT = "/flow"
99
CIPHER_SIZE = 256
10-
AES_BLOCK_SIZE = 16
11-
AES_KEY_SIZE = 32
10+
AES_BLOCK_SIZE = 32
1211
end

lib/securenative/utils.rb

Lines changed: 24 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,6 @@
44
require "json"
55
require 'openssl'
66

7-
logger = Logger.new(STDOUT)
8-
logger.level = Logger::WARN
9-
107

118
module Utils
129
def self.verify_signature(secret, text_body, header_signature)
@@ -45,24 +42,33 @@ def self.parse_cookie(cookie = nil)
4542
end
4643
end
4744

48-
def self.decrypt(encrypted, cipher_key)
49-
decipher = OpenSSL::Cipher::AES.new(Config::CIPHER_SIZE, :CBC).decrypt
50-
decipher.padding = 0
51-
52-
begin
53-
cipher_key = cipher_key.each_byte.map { |b| b.to_s(16) }.join
54-
encrypted = encrypted.each_byte.map { |b| b.to_s(16) }.join
45+
def self.encrypt(plain_text, key)
46+
cipher = OpenSSL::Cipher::AES.new(Config::CIPHER_SIZE, :CBC).encrypt
47+
cipher.padding = 0
5548

56-
decipher.key = cipher_key.slice(0, Config::AES_KEY_SIZE)
57-
decipher.iv = encrypted.slice(0, Config::AES_BLOCK_SIZE)
58-
59-
decrypted = decipher.update(encrypted) + decipher.final
60-
decrypted = decrypted.each_byte.map { |b| b.to_s(16) }.join
61-
return decrypted
62-
rescue => err
63-
logger.fatal("Could not decrypt encrypted data: " + err.message)
49+
if plain_text.size % Config::AES_BLOCK_SIZE != 0
50+
logger = Logger.new(STDOUT)
51+
logger.level = Logger::WARN
52+
logger.fatal("data not multiple of block length")
6453
return nil
6554
end
55+
56+
key = Digest::SHA1.hexdigest key
57+
cipher.key = key.slice(0, Config::AES_BLOCK_SIZE)
58+
s = cipher.update(plain_text) + cipher.final
59+
60+
s.unpack('H*')[0].upcase
6661
end
6762

63+
def self.decrypt(encrypted, key)
64+
cipher = OpenSSL::Cipher::AES.new(Config::CIPHER_SIZE, :CBC).decrypt
65+
cipher.padding = 0
66+
67+
key = Digest::SHA1.hexdigest key
68+
cipher.key = key.slice(0, Config::AES_BLOCK_SIZE)
69+
s = [encrypted].pack("H*").unpack("C*").pack("c*")
70+
71+
rv = cipher.update(s) + cipher.final
72+
return rv.strip
73+
end
6874
end

test/test_utils.rb

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,12 +26,22 @@
2626
expect(cookie[1]).to be_empty
2727
end
2828

29+
it "encrypt text" do
30+
plain_text = "Some random plain text for test"
31+
key = "6EA4915349C0AAC6F6572DA4F6B00C42DAD33E75"
32+
encrypted = "B8D770D0F7388EC3DF62B0097C36C05CAB03E934F2E2760536004F87FE11644C"
33+
34+
res = Utils.encrypt(plain_text, key)
35+
expect(res).to_not be_empty
36+
expect(res).to eq(encrypted)
37+
end
38+
2939
it "decrypt text" do
30-
cookie = "821cb59a6647f1edf597956243e564b00c120f8ac1674a153fbd707da0707fb236ea040d1665f3d294aa1943afbae1b26b2b795a127f883ec221c10c881a147bb8acb7e760cd6f04edc21c396ee1f6c9627d9bf1315c484a970ce8930c2ed1011af7e8569325c7edcdf70396f1abca8486eabec24567bf215d2e60382c40e5c42af075379dacdf959cb3fef74f9c9d15"
31-
decrypted = "12d6a631d6eb6a95a839f7c14a91d092209180e47eb715b98be38cfee65a69d514a6ec4b838674784473d608c9c28ab7b16ddf1866d098e54c9e9a62308a2a6b3277b33c9474ffad7fb7294bd612fcdab354d483e223972257915574f5d39869bbcf51e75fdd855f023877f207da8cbb3552f433f7e50f48826628993e5957eed80261d3d16dbf4f79db72484afbc28ed67c846ec0db4078cc9bfad19b0e89583c012a743ba17d59edb86d05edb29c7cc3ffdd21ef051f7347f30dc783579187bedbc053835943f52ba96e74e8ec1628f4e9aee6428f7174df8dc822e8ceddbf171fa3cad1215b4d313bbec63abec83f8c54b87a3f0ca25d525fa1522bf7d433553748cadcddb59cf82a572a6df819cf1402d2cb656a1dba2181f363b03dc4ec4d8d05feaff28ab9f9ce1b427962f1dda4b791946f5188e32aeeb97b1eb5681ce45a26a9a855f382e227614d8781740bf45cabf4d81e950cb97fa7565f187baa340eaadf495e87b767b2d1e185ecdbc915e32306deedc19bf899205e1a2b3aa62ee9fbfa5fa9482eefab95dd23d5c454c018809a5daac4ce4f7aa9278bb78fd184188ab2cd40aadaf5bdd7a47915787e63242c418da5e3c7547ce5819cf121fc3d571d3c7e48c882e73f5ac59f541753bf5c563fa9444d5212398b050a5029c2285c10658a80cdad96305c433d87e848f56b4b1d3b3ab4814bb4ac32fe21dd24684db3bc75a113822e85bfdeb68492dfcb301fba643741c7ff1e066938ebedef5dee90d049bbacb0b46870d2c"
32-
api_key = "6EA4915349C0AAC6F6572DA4F6B00C42DAD33E75"
40+
encrypted_text = "B8D770D0F7388EC3DF62B0097C36C05CAB03E934F2E2760536004F87FE11644C"
41+
decrypted = "Some random plain text for test"
42+
key = "6EA4915349C0AAC6F6572DA4F6B00C42DAD33E75"
3343

34-
res = Utils.decrypt(cookie, api_key)
44+
res = Utils.decrypt(encrypted_text, key)
3545
expect(res).to_not be_empty
3646
expect(res).to eq(decrypted)
3747
end

0 commit comments

Comments
 (0)