Browse Source

Fixed Aes128CFB not correctly padding the text for encryption/decryption

tags/3.0.0
Teknikode 2 years ago
parent
commit
fc0ee9f673

+ 13
- 9
Teknik/Areas/User/Utility/UserHelper.cs View File

@@ -1090,32 +1090,36 @@ If you recieved this email and you did not reset your password, you can ignore t

// Create connection to the DB
MysqlDatabase mySQL = new MysqlDatabase(config.GitConfig.Database.Server, config.GitConfig.Database.Database, config.GitConfig.Database.Username, config.GitConfig.Database.Password, config.GitConfig.Database.Port);
mySQL.MysqlErrorEvent += (sender, s) =>
{
throw new Exception("Unable to edit git account two factor. Mysql Exception: " + s);
};

// Get the user's UID
string email = GetUserEmailAddress(config, username);
string userSelect = @"SELECT id FROM gogs.user WHERE gogs.user.login_name = {0}";
string userSelect = @"SELECT gogs.user.id FROM gogs.user WHERE gogs.user.login_name = {0}";
var uid = mySQL.ScalarQuery(userSelect, new object[] { email });

// See if they have Two Factor already
string sqlSelect = @"SELECT id
FROM gogs.two_factor
LEFT JOIN gogs.user ON gogs.user.id = gogs.gogs.two_factor.uid
WHERE gogs.user.login_name = {0}";
string sqlSelect = @"SELECT tf.id
FROM gogs.two_factor tf
LEFT JOIN gogs.user u ON u.id = tf.uid
WHERE u.login_name = {0}";
var result = mySQL.ScalarQuery(sqlSelect, new object[] { email });
if (result != null)
{
// They have an entry! Let's update it
string insert = @"UPDATE gogs.two_factor SET uid = {1}, secret = {2}, scratch_token = {3}, updated_unix = {4} WHERE gogs.two_factor.id = {0}";
string update = @"UPDATE gogs.two_factor tf SET tf.uid = {1}, tf.secret = {2}, tf.scratch_token = {3}, tf.updated_unix = {4} WHERE tf.id = {0}";

mySQL.Execute(insert, new object[] { result, uid, finalSecret, token, unixTime });
mySQL.Execute(update, new object[] { result, uid, finalSecret, token, unixTime });
}
else
{
// They need a new entry
string update = @"INSERT INTO gogs.two_factor SET (uid, secret, scratch_token, created_unix, updated_unix) VALUES ({0}, {1}, {2}, {3}, {4})";
string insert = @"INSERT INTO gogs.two_factor (uid, secret, scratch_token, created_unix, updated_unix) VALUES ({0}, {1}, {2}, {3}, {4})";

mySQL.Execute(update, new object[] { uid, finalSecret, token, unixTime, 0 });
mySQL.Execute(insert, new object[] { uid, finalSecret, token, unixTime, 0 });
}
}
}

+ 6
- 0
Utilities/Utilities/ByteHelper.cs View File

@@ -22,5 +22,11 @@ namespace Teknik.Utilities
}
return byteArray;
}

public static void PadToMultipleOf(ref byte[] src, int pad)
{
int len = (src.Length + pad - 1) / pad * pad;
Array.Resize(ref src, len);
}
}
}

+ 19
- 7
Utilities/Utilities/Cryptography/Aes128CFB.cs View File

@@ -43,13 +43,20 @@ namespace Teknik.Utilities.Cryptography
int keySize = 128;

// Grab the IV and encrypted text from the original text
byte[] ivBytes = text.Take(blockSize / 8).ToArray();
text = text.Skip(blockSize / 8).Take(text.Length - (blockSize / 8)).ToArray();
byte[] ivBytes = new byte[blockSize / 8];
byte[] encText = new byte[text.Length - (blockSize / 8)];
byte[] output = new byte[text.Length - (blockSize / 8)];

text.Take(blockSize / 8).ToArray().CopyTo(ivBytes, 0);
text.Skip(blockSize / 8).ToArray().CopyTo(encText, 0);

// Pad the text for decryption
ByteHelper.PadToMultipleOf(ref encText, 16);

// Process the cipher
ProcessCipher(false, text, key, ivBytes, blockSize, keySize, ref text, 0);
ProcessCipher(false, encText, key, ivBytes, blockSize, keySize, ref output, 0);

string encodedText = Encoding.UTF8.GetString(text);
string encodedText = Encoding.UTF8.GetString(output);
return Convert.FromBase64String(encodedText);
}

@@ -61,8 +68,8 @@ namespace Teknik.Utilities.Cryptography
cipher.KeySize = keySize;

cipher.Mode = CipherMode.CFB;
cipher.FeedbackSize = 8;
cipher.Padding = PaddingMode.None;
cipher.FeedbackSize = 128;
cipher.Padding = PaddingMode.Zeros;

cipher.Key = key;
cipher.IV = iv;
@@ -75,7 +82,12 @@ namespace Teknik.Utilities.Cryptography
bw.Write(text);
bw.Close();

ms.ToArray().CopyTo(output, offset);
byte[] textBytes = ms.ToArray();
for (int i = 0; i < output.Length - offset; i++)
{
output[i + offset] = textBytes[i];
}
}
}
}

+ 2
- 3
UtilitiesTests/Cryptography/Aes128Tests.cs View File

@@ -14,8 +14,8 @@ namespace Teknik.Tests.UtilitiesTests.Cryptography
[Fact]
public void Aes128DataTest()
{
string secret = "426KOBTS66KYLFLQ";
string key = "8fj3Ff83nfQoe01";
string secret = "WXEYUXXH7X6OUVPK";
string key = "df9Nfjhq89KAwvs";

// Get the Encryption Key from the git secret key
byte[] keyBytes = MD5.Hash(Encoding.UTF8.GetBytes(key));
@@ -27,7 +27,6 @@ namespace Teknik.Tests.UtilitiesTests.Cryptography
byte[] encValue = Aes128CFB.Encrypt(secBytes, keyBytes);
string finalSecret = Convert.ToBase64String(encValue);

// Decode it
byte[] decodedSecret = Convert.FromBase64String(finalSecret);
byte[] val = Aes128CFB.Decrypt(decodedSecret, keyBytes);
string verify = Encoding.UTF8.GetString(val);

Loading…
Cancel
Save