From 9e4ba18f49287c18ee108856052281cfc86374f7 Mon Sep 17 00:00:00 2001
From: Enrique Martin <enrique.martin@pandorafms.com>
Date: Thu, 2 Nov 2023 12:52:31 +0100
Subject: [PATCH] Changed pandoraPlugintools encryption funcion and removed
 encryption functions from Tools.pm

---
 .../extras/pandoraPlugintools/encryption.py   | 21 +++---
 pandora_server/lib/PandoraFMS/Tools.pm        | 64 +------------------
 2 files changed, 11 insertions(+), 74 deletions(-)

diff --git a/pandora_server/extras/pandoraPlugintools/encryption.py b/pandora_server/extras/pandoraPlugintools/encryption.py
index 576ae31ae3..6e456d2fcd 100644
--- a/pandora_server/extras/pandoraPlugintools/encryption.py
+++ b/pandora_server/extras/pandoraPlugintools/encryption.py
@@ -136,9 +136,7 @@ def _get_cipher_Rijndael(
     hash_result = hash_obj.digest()
     hash_base64 = base64.b64encode(hash_result)[:16].decode()
     
-    iv = b'0000000000000000'
-    
-    return AES.new(hash_base64.encode(), AES.MODE_CBC, iv)
+    return AES.new(hash_base64.encode(), AES.MODE_ECB)
 
 ####
 # Return encrypted string
@@ -159,13 +157,13 @@ def encrypt_Rijndael(
     '''
     cipher = _get_cipher_Rijndael(password)
     
-    block_size = 16  # Rijndael block size is 16 bytes
-    padding_length = block_size - (len(str_to_encrypt) % block_size)
-    padded_data = str_to_encrypt + chr(padding_length) * padding_length
-
     try:
-        b64str = base64.b64encode(cipher.encrypt(padded_data.encode())).decode()
-    except Exception as e:
+        padded_data = str_to_encrypt.encode()
+        missing = 16 - (len(padded_data) % 16)
+        padded_data += bytes([0] * missing) if missing != 16 else b''
+        
+        b64str = base64.b64encode(cipher.encrypt(padded_data)).decode()
+    except:
         b64str = ''
     
     return b64str
@@ -190,9 +188,8 @@ def decrypt_Rijndael(
     cipher = _get_cipher_Rijndael(password)
     
     try:
-        decrypted_data = cipher.decrypt(base64.b64decode(str_to_decrypt)).decode().strip()
-        padding_length = ord(decrypted_data[-1])
-        decrypted_str = decrypted_data[:-padding_length]
+        decrypted_data = cipher.decrypt(base64.b64decode(str_to_decrypt))
+        decrypted_str = decrypted_data.rstrip(b'\x00').decode()
     except:
         decrypted_str = ''
 
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index cb9b78e1b4..61b68cd2ce 100755
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -30,9 +30,6 @@ use Scalar::Util qw(looks_like_number);
 use LWP::UserAgent;
 use threads;
 use threads::shared;
-use MIME::Base64;
-use Crypt::Rijndael;
-use Digest::SHA qw(hmac_sha256_base64);
 
 use JSON;
 use Encode qw/decode_utf8 encode_utf8/;
@@ -184,8 +181,8 @@ our @EXPORT = qw(
 	check_cron_value
 	check_cron_element
 	cron_check
-	decrypt_Rijndael
-	encrypt_Rijndael
+	decrypt_AES
+	encrypt_AES
 );
 
 # ID of the different servers
@@ -2988,63 +2985,6 @@ sub get_server_name {
 	return "UNKNOWN";
 }
 
-###############################################################################
-# Get cipher for Rijndael encrypt and decrypt
-###############################################################################
-sub _get_cipher_Rijndael {
-    my ($password) = @_;
-
-    my $hash_base64 = substr(Digest::SHA::hmac_sha256_base64($password,''), 0, 16);
-
-    my $iv = '0000000000000000';
-
-    my $cipher = Crypt::Rijndael->new($hash_base64, Crypt::Rijndael::MODE_CBC());
-    $cipher->set_iv($iv);
-
-    return $cipher;
-}
-
-###############################################################################
-# Encrypt with Rijndael cypher
-###############################################################################
-sub encrypt_Rijndael {
-    my ($str_to_encrypt, $password) = @_;
-
-    if (!defined($password)) {
-        $password = "default_salt";
-    }
-    my $cipher = _get_cipher_Rijndael($password);
-
-    my $block_size = 16; # Rijndael block size is 16 bytes
-    my $padding_length = $block_size - (length($str_to_encrypt) % $block_size);
-    my $padded_data = $str_to_encrypt . chr($padding_length) x $padding_length;
-
-    my $cipher_text = $cipher->encrypt($padded_data);
-    my $b64str = encode_base64($cipher_text, '');
-
-    return $b64str;
-}
-
-###############################################################################
-# Decrypt with Rijndael cypher
-###############################################################################
-sub decrypt_Rijndael {
-    my ($str_to_decrypt, $password) = @_;
-
-    if (!defined($password)) {
-        $password = "default_salt";
-    }
-    my $cipher = _get_cipher_Rijndael($password);
-
-    my $cipher_text = decode_base64($str_to_decrypt);
-    my $decrypted_data = $cipher->decrypt($cipher_text);
-
-    my $padding_length = ord(substr($decrypted_data, -1));
-    my $decrypted_str = substr($decrypted_data, 0, -$padding_length);
-    
-    return $decrypted_str;
-}
-
 1;
 __END__