Fix encryption utils

Inbal Tako · Inbal Tako · commit f71c4e1607e9 · 2020-08-24T10:05:29.000+03:00
diff --git a/lib/utils/encryption_utils.rb b/lib/utils/encryption_utils.rb
@@ -1,44 +1,49 @@
 # frozen_string_literal: true
 
 require 'openssl'
+require 'digest'
+require 'base64'
 require 'models/client_token'
 
 class EncryptionUtils
-  BLOCK_SIZE = 16
-  KEY_SIZE = 32
-
-  def self.encrypt(text, cipher_key)
-    begin
-      cipher = OpenSSL::Cipher::AES.new(KEY_SIZE, :CBC).encrypt
-      cipher.padding = 0
-
-      if text.size % BLOCK_SIZE != 0
-        return nil
+  def self.padding_key(key, length)
+    if key.length == length
+      key
+    else
+      if key.length > length
+        key.slice(0, length)
+      else
+        (length - key.length).times { key << '0' }
+        key
       end
+    end
+  end
 
-      cipher_key = Digest::SHA1.hexdigest cipher_key
-      cipher.key = cipher_key.slice(0, BLOCK_SIZE)
-      s = cipher.update(text) + cipher.final
-
-      s.unpack('H*')[0].upcase
+  def self.encrypt(plain_text, secret_key)
+    begin
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.encrypt
+      iv = cipher.random_iv
+      cipher.key = padding_key(secret_key, 32)
+      encrypted = cipher.update(plain_text) + cipher.final
+      (iv + encrypted).unpack1('H*')
     rescue StandardError
       ''
     end
   end
 
-  def self.decrypt(encrypted, cipher_key)
+  def self.decrypt(cipher_text, secret_key)
     begin
-      cipher = OpenSSL::Cipher::AES.new(KEY_SIZE, :CBC).decrypt
-      cipher.padding = 0
-
-      cipher_key = Digest::SHA1.hexdigest cipher_key
-      cipher.key = cipher_key.slice(0, BLOCK_SIZE)
-      s = [encrypted].pack('H*').unpack('C*').pack('c*')
-
-      rv = cipher.update(s) + cipher.final
-      rv.strip
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.decrypt
+      raw_data = [cipher_text].pack('H*')
+      cipher.iv = raw_data.slice(0, 16)
+      cipher.key = padding_key(secret_key, 32)
+      decrypted = JSON.parse(cipher.update(raw_data.slice(16, raw_data.length)) + cipher.final)
+
+      return ClientToken.new(decrypted['cid'], decrypted['vid'], decrypted['fp'])
     rescue StandardError
-      ClientToken.new('', '', '')
+      ClientToken.new('', '','')
     end
   end
 end
diff --git a/spec/spec_encryption_utils.rb b/spec/spec_encryption_utils.rb
@@ -5,18 +5,18 @@
 
 RSpec.describe EncryptionUtils do
   it 'encrypts' do
-    secret_key = 'B00C42DAD33EAC6F6572DA756EA4915349C0A4F6'
+    secret_key = 'AFD16D89150FD7FB19EE9E936DC1AE3547CE119B'
     payload = '{"cid":"198a41ff-a10f-4cda-a2f3-a9ca80c0703b","vi":"148a42ff-b40f-4cda-a2f3-a8ca80c0703b","fp":"6d8cabd95987f8318b1fe01593d5c2a5.24700f9f1986800ab4fcc880530dd0ed"}'
     result = EncryptionUtils.encrypt(payload, secret_key)
 
     expect(result).not_to be_nil
   end
 
   it 'decrypts' do
-    secret_key = 'B00C42DAD33EAC6F6572DA756EA4915349C0A4F6'
-    encrypted_payload = '56463564485361554e70763250546e334954565667673d3d246949482f446b72352f6b31316a63466d4c515339703631754b6e54557854546e4a554433634b67744641712f44647356386569636f6a322b4c55354d0a4c6b72504d37464c6f5746632f614f644b542f38585346374566515954355859326a386e576a4439717a7a6a4269744363522f79386851522b7067640a2f67307a6e3264385a5130705a6d44356f4a50396e3236764133635144387379586d6835377475626452783165425976764b6b756952746b79544e350a58477552522f7051706c5a3838646b6a4f44753959626332697a723433564b6b72496943624d584f707770456355316d61662f7256706b3d'
-    cid = '198a41ff-a10f-4cda-a2f3-a9ca80c0703b'
-    fp = '6d8cabd95987f8318b1fe01593d5c2a5.24700f9f1986800ab4fcc880530dd0ed'
+    secret_key = 'AFD16D89150FD7FB19EE9E936DC1AE3547CE119B'
+    encrypted_payload = 'dfcc35bc71653771d4541f08937c35cbc98faea2c061ff7904f80abf7c072f0029157ed97a55b00efe09fb0d2f86f5693ecbba3f6339862ed3908f0d746533133c8c838be641dad76cf3f9cce67dc1b48cbc8574f24637be4aa90f802ec4b7e5d50b5f9cb3d64e6887ef99b8b941e69370ac7994ccafaf17ceff1d7a68ac30e4b0fe4eb1b844460d5f7687f16902cea61d0ccc085f7ea6087fae38482cd1ee1c7574dc4b0e996bc4e5946eeb8e8509fbdd9f1884eb3f02cbbaefe4566c999d50'
+    cid = '12946065-65af-4825-9893-fce901c8da49'
+    fp = '9a6e6a7d636ca772924bd2219853d73c.24700f9f1986800ab4fcc880530dd0ed'
 
     result = EncryptionUtils.decrypt(encrypted_payload, secret_key)
 
