Validate rand key length before 3des operations

Signed-off-by: Sean Du <do4suki@gmail.com>
This commit is contained in:
2026-04-28 11:44:56 +08:00
parent 666388a5ed
commit ae847f5e29
6 changed files with 41 additions and 11 deletions
+5 -1
View File
@@ -33,7 +33,11 @@ func initialize(ctx *gin.Context) {
if ss.CheckErr(err) {
return
}
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), ss.GetRandKey()[0:24], openssl.PKCS7_PADDING)
randKey, err := ss.Get3DESRandKey()
if ss.CheckErr(err) {
return
}
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey, openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}
+6 -3
View File
@@ -34,8 +34,11 @@ func login(ctx *gin.Context) {
return
}
randKey := ss.GetRandKey()
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey[0:24], openssl.PKCS7_PADDING)
randKey, err := ss.Get3DESRandKey()
if ss.CheckErr(err) {
return
}
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey, openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}
@@ -249,7 +252,7 @@ func login(ctx *gin.Context) {
if ss.CheckErr(err) {
return
}
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey[0:24], openssl.PKCS7_PADDING)
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey, openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}
+6 -3
View File
@@ -28,8 +28,11 @@ func loginAuto(ctx *gin.Context) {
return
}
randKey := ss.GetRandKey()
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey[0:24], openssl.PKCS7_PADDING)
randKey, err := ss.Get3DESRandKey()
if ss.CheckErr(err) {
return
}
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey, openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}
@@ -68,7 +71,7 @@ func loginAuto(ctx *gin.Context) {
if ss.CheckErr(err) {
return
}
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey[0:24], openssl.PKCS7_PADDING)
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey, openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}
+5 -2
View File
@@ -14,9 +14,12 @@ func reportRole(ctx *gin.Context) {
ss := session.New(ctx)
defer ss.Finalize()
randKey := ss.GetRandKey()
randKey, err := ss.Get3DESRandKey()
if ss.CheckErr(err) {
return
}
token := `{"message":"ok"}`
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), randKey[0:24], openssl.PKCS7_PADDING)
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), randKey, openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}
+10 -2
View File
@@ -2,6 +2,7 @@ package basic
import (
"encoding/base64"
"errors"
"fmt"
"honoka-chan/internal/router"
ghomeschema "honoka-chan/internal/schema/ghome"
@@ -31,13 +32,20 @@ func handshake(ctx *gin.Context) {
decryptedData := encrypt.RSADecrypt(data)
params, _ := url.ParseQuery(string(decryptedData))
params, err := url.ParseQuery(string(decryptedData))
if ss.CheckErr(err) {
return
}
randKey := params.Get("randkey")
if len(randKey) < 24 {
ss.Abort(errors.New("invalid rand key"))
return
}
ss.SetRandKey(randKey)
token := fmt.Sprintf(`{"message":"ok","result":0,"token":"%s"}`, strings.ToUpper(honokautils.RandomStr(33)))
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), []byte(randKey)[0:24], openssl.PKCS7_PADDING)
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), []byte(randKey[:24]), openssl.PKCS7_PADDING)
if ss.CheckErr(err) {
return
}