Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract iv from ciphertext #941

Open
vaboston opened this issue Jul 11, 2024 · 6 comments
Open

Extract iv from ciphertext #941

vaboston opened this issue Jul 11, 2024 · 6 comments
Labels
type: enhancement A value-adding code change that enhances its existing functionality vrl: stdlib Changes to the standard library

Comments

@vaboston
Copy link

Based on what the following Logstash plugin does:
https://github.com/logstash-plugins/logstash-filter-cipher/blob/main/lib/logstash/filters/cipher.rb#L179

  def do_decrypt(ciphertext_with_iv)
    ciphertext_with_iv = Base64.strict_decode64(ciphertext_with_iv) if @base64 == true
    encoded_iv = ciphertext_with_iv.byteslice(0..@iv_random_length)
    ciphertext = ciphertext_with_iv.byteslice(@iv_random_length..-1)

    with_cipher do |cipher|
      cipher.iv = encoded_iv
      plaintext = cipher.update(ciphertext) + cipher.final
      plaintext.force_encoding("UTF-8")
      plaintext
    end
  end

Would it be possible to add an option to specify the IV size, and do the extraction in the code? Currently, I am extracting via slices, but it would be much more convenient to have a dedicated option.
Thanks !
@jszwedko
Copy link
Member

Hi @vaboston ! Can you provide an example of the VRL code you would like to write but can't currently? I think that'll help me understand the request better.

@vaboston
Copy link
Author

Hi, i can decrypt my cipher text, but i need to use slice with bytes manipulation on a raw data, it's not very intuitive. Before i used logstash and there was a dedicated field for the size of the IV, it seemed more logical to me that the extraction operation was done in the code. My code in vector :

      base64_decoded = decode_base64!(.my.data)
      iv = slice!(base64_decoded, 0, 16)
      .encrypted_message = slice!(base64_decoded, 16)
      .test = decrypt!(.encrypted_message, "AES-128-CBC-PKCS7", "my_key", iv)

It's more an improvement proposal than en issue.

@jszwedko
Copy link
Member

Thanks @vaboston . I appreciate you sharing the code you currently have. Could you share the code you want to write? That is, what would your example look like, ideally?

@vaboston
Copy link
Author

Ideally, something like :

iv_key_size = 16
.test = decrypt!(.encrypted_message, "AES-128-CBC-PKCS7", "my_key")

or in a env var or somtehing like that. I don't know the vector configuration well enough to propose something consistent with the rest of the configuration.

@jszwedko
Copy link
Member

Thanks! I think I see. It would need to be a parameter to the decrypt function to indicate that the iv should be extracted from the ciphertext (and what its size is).

Let me move this to the VRL repository.

@jszwedko jszwedko transferred this issue from vectordotdev/vector Jul 15, 2024
@jszwedko jszwedko added vrl: stdlib Changes to the standard library type: enhancement A value-adding code change that enhances its existing functionality labels Jul 15, 2024
@mbouillaud
Copy link

Hi ! Nice idea @vaboston ! Experiencing same problem.
Could be great to implement this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement A value-adding code change that enhances its existing functionality vrl: stdlib Changes to the standard library
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jszwedko @vaboston @mbouillaud