Added Rijndael encryption for python pandoraPlugintools and PandoraFMS::Tools

2025-07-28 00:04:37 +02:00 · 2023-11-02 11:24:50 +01:00 · 2023-11-02 11:24:50 +01:00 · 1a021c9689
commit 1a021c9689
parent 3031e7ddbd
2 changed files with 132 additions and 49 deletions
--- a/pandora_server/extras/pandoraPlugintools/encryption.py
+++ b/pandora_server/extras/pandoraPlugintools/encryption.py
@ -39,7 +39,7 @@ def _print_debug(
 ####
 # Internal use only: Get AES cipher
 #########################################################################################
-def _get_cipher(
+def _get_cipher_AES(
        password: str = _PASSWORD
    ) -> AES:
    '''
@ -78,7 +78,7 @@ def encrypt_AES(
    Returns:
        str: The encrypted string in base64 encoding.
    '''
-    cipher = _get_cipher(password)
+    cipher = _get_cipher_AES(password)
    
    try:
        msg_padded = pad(str_to_encrypt.encode(), AES.block_size, style='pkcs7')
@ -106,11 +106,94 @@ def decrypt_AES(
    Returns:
        str: The decrypted string.
    '''
-    cipher = _get_cipher(password)
+    cipher = _get_cipher_AES(password)
    
    try:
        decrypted_str = unpad(cipher.decrypt(base64.b64decode(str_to_decrypt)), AES.block_size, style='pkcs7').decode().strip()
    except:
        decrypted_str = ''

+    return decrypted_str
+
+####
+# Internal use only: Get Rijndael cipher
+#########################################################################################
+def _get_cipher_Rijndael(
+        password: str = _PASSWORD
+    ) -> AES:
+    '''
+    Internal use only: Get Rijndael cipher for encryption and decryption.
+
+    Args:
+        password (str): The password used to derive the encryption key.
+
+    Returns:
+        AES: An AES cipher instance for encryption and decryption.
+    '''
+    key = b''
+    msg = password.encode('utf-8')
+    hash_obj = hmac.new(key, msg, hashlib.sha256)
+    hash_result = hash_obj.digest()
+    hash_base64 = base64.b64encode(hash_result)[:16].decode()
+    
+    iv = b'0000000000000000'
+    
+    return AES.new(hash_base64.encode(), AES.MODE_CBC, iv)
+
+####
+# Return encrypted string
+#########################################################################################
+def encrypt_Rijndael(
+        str_to_encrypt: str = "",
+        password: str = _PASSWORD
+    ) -> str:
+    '''
+    Encrypt a string using Rijndael encryption.
+
+    Args:
+        str_to_encrypt (str): The string to be encrypted.
+        password (str): The password used to derive the encryption key.
+
+    Returns:
+        str: The encrypted string in base64 encoding.
+    '''
+    cipher = _get_cipher_Rijndael(password)
+    
+    block_size = 16  # Rijndael block size is 16 bytes
+    padding_length = block_size - (len(str_to_encrypt) % block_size)
+    padded_data = str_to_encrypt + chr(padding_length) * padding_length
+
+    try:
+        b64str = base64.b64encode(cipher.encrypt(padded_data.encode())).decode()
+    except Exception as e:
+        b64str = ''
+    
+    return b64str
+
+####
+# Return decrypted string
+#########################################################################################
+def decrypt_Rijndael(
+        str_to_decrypt: str = "",
+        password: str = _PASSWORD
+    ) -> str:
+    '''
+    Decrypt an encrypted string using Rijndael decryption.
+
+    Args:
+        str_to_decrypt (str): The encrypted string to be decrypted.
+        password (str): The password used to derive the encryption key.
+
+    Returns:
+        str: The decrypted string.
+    '''
+    cipher = _get_cipher_Rijndael(password)
+    
+    try:
+        decrypted_data = cipher.decrypt(base64.b64decode(str_to_decrypt)).decode().strip()
+        padding_length = ord(decrypted_data[-1])
+        decrypted_str = decrypted_data[:-padding_length]
+    except:
+        decrypted_str = ''
+
    return decrypted_str
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@ -31,7 +31,7 @@ use LWP::UserAgent;
 use threads;
 use threads::shared;
 use MIME::Base64;
-use Crypt::CBC;
+use Crypt::Rijndael;
 use Digest::SHA qw(hmac_sha256_base64);

 use JSON;
@ -2989,62 +2989,62 @@ sub get_server_name {
 }

 ###############################################################################
-# Encrypt with AES cypher
+# Get cipher for Rijndael encrypt and decrypt
 ###############################################################################
-sub encrypt_AES {
-    my ($str_to_encrypt, $password) = @_;
-
-    if (!defined($password)) {
-        $password = "default_salt";
-    }
-    my $cipher = _get_cipher($password);
-
-    my $cipher_text = $cipher->encrypt($str_to_encrypt);
-    my $b64str = encode_base64($cipher_text, '');
-
-    return $b64str;
-}
-
-###############################################################################
-# Decrypt with AES cypher
-###############################################################################
-sub decrypt_AES {
-    my ($str_to_decrypt, $password) = @_;
-
-    if (!defined($password)) {
-        $password = "default_salt";
-    }
-    my $cipher = _get_cipher($password);
-
-    my $cipher_text = decode_base64($str_to_decrypt);
-    my $decrypted_str = $cipher->decrypt($cipher_text);
-
-    return $decrypted_str;
-}
-
-###############################################################################
-# Get cipher for AES encrypt and decrypt
-###############################################################################
-sub _get_cipher {
+sub _get_cipher_Rijndael {
    my ($password) = @_;

    my $hash_base64 = substr(Digest::SHA::hmac_sha256_base64($password,''), 0, 16);

    my $iv = '0000000000000000';

-    my $cipher = Crypt::CBC->new(
-        -key         => $hash_base64,
-        -cipher      => 'Cipher::AES',
-        -iv          => $iv,
-        -header      => 'none',
-        -padding     => 'standard',  # PKCS7 padding
-        -keysize     => 16,
-        -literal_key => 1
-    );
+    my $cipher = Crypt::Rijndael->new($hash_base64, Crypt::Rijndael::MODE_CBC());
+    $cipher->set_iv($iv);

    return $cipher;
 }

+###############################################################################
+# Encrypt with Rijndael cypher
+###############################################################################
+sub encrypt_Rijndael {
+    my ($str_to_encrypt, $password) = @_;
+
+    if (!defined($password)) {
+        $password = "default_salt";
+    }
+    my $cipher = _get_cipher_Rijndael($password);
+
+    my $block_size = 16; # Rijndael block size is 16 bytes
+    my $padding_length = $block_size - (length($str_to_encrypt) % $block_size);
+    my $padded_data = $str_to_encrypt . chr($padding_length) x $padding_length;
+
+    my $cipher_text = $cipher->encrypt($padded_data);
+    my $b64str = encode_base64($cipher_text, '');
+
+    return $b64str;
+}
+
+###############################################################################
+# Decrypt with Rijndael cypher
+###############################################################################
+sub decrypt_Rijndael {
+    my ($str_to_decrypt, $password) = @_;
+
+    if (!defined($password)) {
+        $password = "default_salt";
+    }
+    my $cipher = _get_cipher_Rijndael($password);
+
+    my $cipher_text = decode_base64($str_to_decrypt);
+    my $decrypted_data = $cipher->decrypt($cipher_text);
+
+    my $padding_length = ord(substr($decrypted_data, -1));
+    my $decrypted_str = substr($decrypted_data, 0, -$padding_length);
+    
+    return $decrypted_str;
+}
+
 1;
 __END__