Validate rand key length before 3des operations
Signed-off-by: Sean Du <do4suki@gmail.com>
This commit is contained in:
@@ -33,7 +33,11 @@ func initialize(ctx *gin.Context) {
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), ss.GetRandKey()[0:24], openssl.PKCS7_PADDING)
|
||||
randKey, err := ss.Get3DESRandKey()
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey, openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -34,8 +34,11 @@ func login(ctx *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
randKey := ss.GetRandKey()
|
||||
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey[0:24], openssl.PKCS7_PADDING)
|
||||
randKey, err := ss.Get3DESRandKey()
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey, openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
@@ -249,7 +252,7 @@ func login(ctx *gin.Context) {
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey[0:24], openssl.PKCS7_PADDING)
|
||||
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey, openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -28,8 +28,11 @@ func loginAuto(ctx *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
randKey := ss.GetRandKey()
|
||||
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey[0:24], openssl.PKCS7_PADDING)
|
||||
randKey, err := ss.Get3DESRandKey()
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
decryptedData, err := openssl.Des3ECBDecrypt(data, randKey, openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
@@ -68,7 +71,7 @@ func loginAuto(ctx *gin.Context) {
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey[0:24], openssl.PKCS7_PADDING)
|
||||
encryptedData, err := openssl.Des3ECBEncrypt([]byte(data), randKey, openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -14,9 +14,12 @@ func reportRole(ctx *gin.Context) {
|
||||
ss := session.New(ctx)
|
||||
defer ss.Finalize()
|
||||
|
||||
randKey := ss.GetRandKey()
|
||||
randKey, err := ss.Get3DESRandKey()
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
token := `{"message":"ok"}`
|
||||
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), randKey[0:24], openssl.PKCS7_PADDING)
|
||||
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), randKey, openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package basic
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"honoka-chan/internal/router"
|
||||
ghomeschema "honoka-chan/internal/schema/ghome"
|
||||
@@ -31,13 +32,20 @@ func handshake(ctx *gin.Context) {
|
||||
|
||||
decryptedData := encrypt.RSADecrypt(data)
|
||||
|
||||
params, _ := url.ParseQuery(string(decryptedData))
|
||||
params, err := url.ParseQuery(string(decryptedData))
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
|
||||
randKey := params.Get("randkey")
|
||||
if len(randKey) < 24 {
|
||||
ss.Abort(errors.New("invalid rand key"))
|
||||
return
|
||||
}
|
||||
ss.SetRandKey(randKey)
|
||||
|
||||
token := fmt.Sprintf(`{"message":"ok","result":0,"token":"%s"}`, strings.ToUpper(honokautils.RandomStr(33)))
|
||||
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), []byte(randKey)[0:24], openssl.PKCS7_PADDING)
|
||||
encryptedToken, err := openssl.Des3ECBEncrypt([]byte(token), []byte(randKey[:24]), openssl.PKCS7_PADDING)
|
||||
if ss.CheckErr(err) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package session
|
||||
|
||||
import (
|
||||
"errors"
|
||||
ghomemodel "honoka-chan/internal/model/ghome"
|
||||
)
|
||||
|
||||
@@ -37,3 +38,11 @@ func (ss *Session) SetRandKey(key string) {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func (ss *Session) Get3DESRandKey() ([]byte, error) {
|
||||
randKey := ss.GetRandKey()
|
||||
if len(randKey) < 24 {
|
||||
return nil, errors.New("invalid rand key")
|
||||
}
|
||||
return randKey[:24], nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user