external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-12 11:16:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Provide examples how to encode mail address with PHP, decrypt in python, using standard AES for use as local proxy for libravatar image requests

Browse Source
This commit is contained in:
Oliver Falk
2019-10-01 14:28:16 +02:00
parent f45d4cf05d
commit c864c2f115
6 changed files with 220 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
encrypted_proxy/README.md Normal file
View File

@@ -0,0 +1,8 @@
The code in here should be able to help to build up some encrypting proxy.
If your app uses a lot of libravatar and therefore has to do a lot of DNS
lookups, change your app in such a way, that it encodes the mail address,
sends it over to the proxy, which will decrypt it, do the DNS lookup and
return the image binary.
No guarantee for this code. It's untested and just provided as example.

90
encrypted_proxy/lib/MyCypher.php Normal file
View File

@@ -0,0 +1,90 @@
<?php
/**
* Valid encryption methods AES-256-CFB
* Code kindly borrowed from:
* https://github.com/arajapandi/php-python-encrypt-decrypt
*
* $cypher = new MyCypher($iv);
* $php_encrypted = $cypher->encrypt('test');
* $php_decrypted = $cypher->decrypt($php_encrypted);
*/
class MyCypher {
private $key = 'asdfa923aksadsYahoasdw998sdsads';
private $iv = null;
private $method = "AES-256-CFB";
private $blocksize = 32;
private $padwith = '`';
/*
* construct for cypher class - get, set key and iv
*/
function __construct($iv, $key = null) {
if (is_string($key)) {
$this->key = $key;
}
$this->iv = $iv;
}
/*
* get hased key - if key is not set on init, then default key wil be used
*/
private function getKEY() {
if (empty($this->key)) {
die('Key not set!');
}
return substr(hash('sha256', $this->key), 0, 32);
}
/*
* get hashed IV value - if no IV values then it throw error
*/
private function getIV() {
if (empty($this->iv)) {
die('IV not set!');
}
return substr(hash('sha256', $this->iv), 0, 16);
}
/*
* Encrypt given string using AES encryption standard
*/
public function encrypt($secret) {
try {
$padded_secret = $secret . str_repeat($this->padwith, ($this->blocksize - strlen($secret) % $this->blocksize));
$encrypted_string = openssl_encrypt($padded_secret, $this->method, $this->getKEY(), OPENSSL_RAW_DATA, $this->getIV());
$encrypted_secret = base64_encode($encrypted_string);
return $encrypted_secret;
} catch (Exception $e) {
die('Error : ' . $e->getMessage());
}
}
/*
* Decrypt given string using AES standard
*/
public function decrypt($secret) {
try {
$decoded_secret = base64_decode($secret);
$decrypted_secret = openssl_decrypt($decoded_secret, $this->method, $this->getKEY(), OPENSSL_RAW_DATA, $this->getIV());
return rtrim($decrypted_secret, $this->padwith);
} catch (Exception $e) {
die('Error : ' . $e->getMessage());
}
}
}

73
encrypted_proxy/lib/MyCypher.py Normal file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/env python2
#encoding: UTF-8
# Code kindly borrowed from:
# https://github.com/arajapandi/php-python-encrypt-decrypt
# Python Class for AES encryption
"""
Example Usage
enc_str = cipher.encrypt('secret')
enc_str = cipher.decrypt(enc_str)
print(enc_str); #secret
"""
from Crypto.Cipher import AES
import base64
import hashlib
import sys
class MyCypher:
# Default Key for encryption
rawkey = 'asdfa923aksadsYahoasdw998sdsads'
method = AES.MODE_CFB
blocksize = 32 # 16, 32..etc
padwith = '`'.encode('utf-8') # padding value for string
#lambda function for padding
pad = lambda self, s: s + (self.blocksize - len(s) % self.blocksize) * self.padwith
"""
construct for cypher class - get, set key and iv
"""
def __init__(self, iv, key=''):
if(not key):
key = self.rawkey
self.key = key.encode('utf-8')
self.iv = iv.encode('utf-8')
"""
get hased key - if key is not set on init, then default key wil be used
"""
def getKEY(self):
if(not self.key):
sys.exit()
return hashlib.sha256(self.key).hexdigest()[:32]
"""
get hashed IV value - if no IV values then it throw error
"""
def getIV(self):
if(not self.iv):
sys.exit()
self.iv = self.iv
return hashlib.sha256(self.iv).hexdigest()[:16]
"""
Encrypt given string using AES encryption standard
"""
def encrypt(self, raw):
cipher = AES.new(self.getKEY(), self.method, self.getIV(), segment_size=128)
return base64.b64encode(cipher.encrypt(self.pad(raw)))
"""
Decrypt given string using AES standard
"""
def decrypt(self, encrypted):
encrypted = base64.b64decode(encrypted)
cipher = AES.new(self.getKEY(), self.method, self.getIV(), segment_size=128)
return cipher.decrypt(encrypted).rstrip(self.padwith)

32
encrypted_proxy/proxy.py Executable file
View File

@@ -0,0 +1,32 @@
#!/usr/bin/env python3
import urllib.request
import sys
import os
from lib.MyCypher import MyCypher
import libravatar
# Both need to be the same as in your client code that encrypts the
# mail address
iv = 'asdf'
key = 'Hallo123'
#sys.stderr.buffer.write(b'%s' % bytes(os.environ.get("QUERY_STRING", "No Query String in url"), 'utf-8'))
cypher = MyCypher(iv = iv, key = key)
mail = cypher.decrypt(os.environ.get('QUERY_STRING').encode('utf-8')).decode('utf-8')
link = libravatar.libravatar_url(mail)
sys.stderr.buffer.write(b'%s' % bytes(link, 'utf-8'))
data = None
with urllib.request.urlopen(link) as f:
data = f.read()
for header in f.headers._headers:
if header[0] == 'Content-Type':
sys.stdout.buffer.write(b"%s: %s\n\n" % (bytes(header[0], 'utf-8'), bytes(header[1], 'utf-8')))
sys.stdout.flush()
break
sys.stdout.buffer.write(data)

9
encrypted_proxy/test_code/decrypt.py Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env python
from MyCypher import MyCypher
encstr = bytes('drEN/LqPBu1wJYHpN5eCjZXqVgvDEP3rZnXJt85Ma0k=', 'utf-8')
cypher = MyCypher(iv = str('asdf'))
print(cypher.decrypt(encstr))

8
encrypted_proxy/test_code/encrypt.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
include 'lib/MyCypher.php';
$iv = 'asdf';
$key = 'Hallo123';
$cypher = new MyCypher($iv=$iv, $key=$key);
$php_encrypted = $cypher->encrypt('oliver@linux-kernel.at');
print($php_encrypted);