Merge pull request #692 from lastpass/crypto-improvements-iv-aes

Replaced logic of reusing key as an IV
lastpass · Jul 4, 2024 · 4a6e1da · 4a6e1da
2 parents d94825a + 5f0ba02
commit 4a6e1da
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/cipher.c b/cipher.c
@@ -470,15 +470,15 @@ void cipher_decrypt_private_key(const char *key_hex,
 }
 
 /*
- * Encrypt RSA sharing key.  Encrypted key is returned as a hex-encoded string.
+ * Encrypt RSA sharing key.  Encrypted key is returned as a base64 string.
  */
 char *cipher_encrypt_private_key(struct private_key *private_key,
 				 unsigned const char key[KDF_HASH_LEN])
 {
 	unsigned char *key_ptext;
 	unsigned char *ctext = NULL;
 	char *key_hex_dst;
-	char *ctext_hex = NULL;
+	char *encrypted_base64 = NULL;
 	size_t len, ctext_len, hex_len;
 
 	if (!private_key->len)
@@ -495,12 +495,15 @@ char *cipher_encrypt_private_key(struct private_key *private_key,
 
 	memcpy(key_ptext + strlen(LP_PKEY_PREFIX) + hex_len,
 	       LP_PKEY_SUFFIX, strlen(LP_PKEY_SUFFIX));
+
+	ctext_len = cipher_aes_encrypt(key_ptext, key, &ctext);
 
-	ctext_len = cipher_aes_encrypt_bytes(key_ptext, len, key, key, &ctext);
-	bytes_to_hex(ctext, &ctext_hex, ctext_len);
+	encrypted_base64 = cipher_base64(ctext, ctext_len);
 
 	free(ctext);
-	return ctext_hex;
+	free(key_ptext);
+
+	return encrypted_base64;
 }
 
 /*