Update decrypt for backward compatibility

2025-02-02 04:51:22 +01:00 · 2016-08-05 13:22:24 +08:00 · 2016-08-05 13:22:24 +08:00 · fde17725d5
commit fde17725d5
parent 36914f566a
2 changed files with 36 additions and 2 deletions
--- a/utils/encrypt.go
+++ b/utils/encrypt.go
@ -24,6 +24,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"strings"

 	"golang.org/x/crypto/pbkdf2"
 )
@ -33,6 +34,11 @@ func Encrypt(content string, salt string) string {
 	return fmt.Sprintf("%x", pbkdf2.Key([]byte(content), []byte(salt), 4096, 16, sha1.New))
 }

+const (
+	// EncryptHeaderV1 ...
+	EncryptHeaderV1 = "<enc-v1>"
+)
+
 // ReversibleEncrypt encrypts the str with aes/base64
 func ReversibleEncrypt(str, key string) (string, error) {
 	keyBytes := []byte(key)
@ -50,12 +56,26 @@ func ReversibleEncrypt(str, key string) (string, error) {

 	cfb := cipher.NewCFBEncrypter(block, iv)
 	cfb.XORKeyStream(cipherText[aes.BlockSize:], []byte(str))
-	encrypted := base64.StdEncoding.EncodeToString(cipherText)
+	encrypted := EncryptHeaderV1 + base64.StdEncoding.EncodeToString(cipherText)
 	return encrypted, nil
 }

-// ReversibleDecrypt decrypts the str with aes/base64
+// ReversibleDecrypt decrypts the str with aes/base64 or base 64 depending on "header"
 func ReversibleDecrypt(str, key string) (string, error) {
+	if strings.HasPrefix(str, EncryptHeaderV1) {
+		str = str[len(EncryptHeaderV1):]
+		return decryptAES(str, key)
+	}
+	//fallback to base64
+	return decodeB64(str)
+}
+
+func decodeB64(str string) (string, error) {
+	cipherText, err := base64.StdEncoding.DecodeString(str)
+	return string(cipherText), err
+}
+
+func decryptAES(str, key string) (string, error) {
 	keyBytes := []byte(key)
 	var block cipher.Block
 	var cipherText []byte
--- a/utils/utils_test.go
+++ b/utils/utils_test.go
@ -16,6 +16,8 @@
 package utils

 import (
+	"encoding/base64"
+	"strings"
 	"testing"
 )

@ -73,6 +75,9 @@ func TestReversibleEncrypt(t *testing.T) {
 	if encrypted == password {
 		t.Errorf("Encrypted password is identical to the original")
 	}
+	if !strings.HasPrefix(encrypted, EncryptHeaderV1) {
+		t.Errorf("Encrypted password does not have v1 header")
+	}
 	decrypted, err := ReversibleDecrypt(encrypted, key)
 	if err != nil {
 		t.Errorf("Failed to decrypt: %v", err)
@ -80,4 +85,13 @@ func TestReversibleEncrypt(t *testing.T) {
 	if decrypted != password {
 		t.Errorf("decrypted password: %s, is not identical to original", decrypted)
 	}
+	//Test b64 for backward compatibility
+	b64password := base64.StdEncoding.EncodeToString([]byte(password))
+	decrypted, err = ReversibleDecrypt(b64password, key)
+	if err != nil {
+		t.Errorf("Failed to decrypt: %v", err)
+	}
+	if decrypted != password {
+		t.Errorf("decrypted password: %s, is not identical to original", decrypted)
+	}
 }