added AES support

63fed8f7 · marcus-tun · edb88c64 · 63fed8f7
Commit 63fed8f7 authored Oct 14, 2014 by marcus-tun
--- a/server/sso.py
+++ b/server/sso.py
@@ -7,6 +7,7 @@ import hashlib
 from base64 import b64encode, b64decode

 from Crypto.Cipher import Blowfish
+from Crypto.Cipher import AES
 from Crypto import Random
 from struct import pack

@@ -176,15 +177,22 @@ def handler(req):
            write_var(req, encrypted_assertion, 'encrypted_assertion')

            if client == 'perl':
-                cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
-                num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
-                header_length = 0
-                cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
-                plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
+                # we need to initialise cipher twice: once to get the
+                # amount of padding, and then to actually decrypt
+                if encryption_algorithm == 'Blowfish':
+                    cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
+                    num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
+                    cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
+                    plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
+
+                if encryption_algorithm == 'AES':
+                    cipher = AES.new(key, AES.MODE_CBC, iv)
+                    num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
+                    cipher = AES.new(key, AES.MODE_CBC, iv)
+                    plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
            if client == 'javascript':
                iv='asdasdff'
                num_padding = 8
-                header_length = 0
                #key = 'this';
                key = base64.decode
                cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)