Permalink
Browse files

Added AES initial vector.

  • Loading branch information...
1 parent 9f03732 commit 55ca6caa825d1bb101cb682e29e70e45fa4c4fab @tomatohater committed Oct 4, 2012
Showing with 15 additions and 4 deletions.
  1. +9 −0 unfriendly/settings.py
  2. +1 −0 unfriendly/templatetags/unfriendly_tags.py
  3. +4 −4 unfriendly/utils.py
  4. +1 −0 unfriendly/views.py
View
@@ -1,5 +1,6 @@
from django.conf import settings
+
#
# UNFRIENDLY_SECRET is used for encryption/decryption
# Note: AES keys must be either 16, 24, or 32 bytes long
@@ -9,6 +10,14 @@
#
+# UNFRIENDLY_IV is the initial vector required by AES cipher
+# Note: AES initial vector must be 16 bytes long
+#
+UNFRIENDLY_IV = getattr(settings, 'UNFRIENDLY_IV',
+ getattr(settings, 'SECRET_KEY', 'hush'*4)[:16])
+
+
+#
# UNFRIENDLY_ENFORCE_CHECKSUM whether or not the decrypted data is validated
# against a crc checksum to detect tampering
#
@@ -25,6 +25,7 @@ def obfuscate(value, juice=None):
kwargs = {
'key': encrypt(value,
settings.UNFRIENDLY_SECRET,
+ settings.UNFRIENDLY_IV,
checksum=settings.UNFRIENDLY_ENFORCE_CHECKSUM),
}
if juice:
View
@@ -15,7 +15,7 @@ def _lazysecret(secret, blocksize=32, padding='}'):
return secret
-def encrypt(plaintext, secret, checksum=True, lazy=True):
+def encrypt(plaintext, secret, iv, checksum=True, lazy=True):
"""Encrypts plaintext with secret
plaintext - content to encrypt
secret - secret to encrypt plaintext
@@ -25,7 +25,7 @@ def encrypt(plaintext, secret, checksum=True, lazy=True):
"""
secret = _lazysecret(secret) if lazy else secret
- encobj = AES.new(secret, AES.MODE_CFB)
+ encobj = AES.new(secret, AES.MODE_CFB, iv)
if checksum:
plaintext += base64.urlsafe_b64encode(
@@ -34,7 +34,7 @@ def encrypt(plaintext, secret, checksum=True, lazy=True):
return base64.urlsafe_b64encode(encobj.encrypt(plaintext)).replace('=', '')
-def decrypt(ciphertext, secret, checksum=True, lazy=True):
+def decrypt(ciphertext, secret, iv, checksum=True, lazy=True):
"""Decrypts ciphertext with secret
ciphertext - encrypted content to decrypt
secret - secret to decrypt ciphertext
@@ -44,7 +44,7 @@ def decrypt(ciphertext, secret, checksum=True, lazy=True):
"""
secret = _lazysecret(secret) if lazy else secret
- encobj = AES.new(secret, AES.MODE_CFB)
+ encobj = AES.new(secret, AES.MODE_CFB, iv)
plaintext = encobj.decrypt(base64.urlsafe_b64decode(
ciphertext + ('=' * (len(ciphertext) % 4))))
View
@@ -16,6 +16,7 @@ def deobfuscate(request, key, juice=None):
try:
url = decrypt(str(key),
settings.UNFRIENDLY_SECRET,
+ settings.UNFRIENDLY_IV,
checksum=settings.UNFRIENDLY_ENFORCE_CHECKSUM)
except CheckSumError:
return HttpResponseNotFound()

0 comments on commit 55ca6ca

Please sign in to comment.