Fix AES256 encryption bug requiring initialization vector (IV)

Author: aflorea4

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to `laravel-netopia-payments` will be documented in this file.
 
+## 0.0.2 - 2025-05-25
+
+- Fixed bug with AES256 encryption requiring an initialization vector (IV)
+- Updated controller to handle the IV parameter in payment processing
+
 ## 0.0.1 - 2025-05-25
 
 - Initial release

src/Http/Controllers/NetopiaPaymentController.php

@@ -22,12 +22,13 @@ class NetopiaPaymentController extends Controller
     public function confirm(Request $request)
     {
         try {
-            // Get the env_key and data from the request
+            // Get the env_key, data and iv from the request
             $envKey = $request->input('env_key');
             $data = $request->input('data');
+            $iv = $request->input('iv');
 
             // Process the payment response
-            $response = NetopiaPayments::processResponse($envKey, $data);
+            $response = NetopiaPayments::processResponse($envKey, $data, $iv);
 
             // Log the payment response
             Log::info('Netopia payment response', [
@@ -76,12 +77,13 @@ public function confirm(Request $request)
     public function return(Request $request)
     {
         try {
-            // Get the env_key and data from the request
+            // Get the env_key, data and iv from the request
             $envKey = $request->input('env_key');
             $data = $request->input('data');
+            $iv = $request->input('iv');
 
             // Process the payment response
-            $response = NetopiaPayments::processResponse($envKey, $data);
+            $response = NetopiaPayments::processResponse($envKey, $data, $iv);
 
             // Redirect based on the payment status
             if ($response->isSuccessful() || $response->isPaid()) {

src/NetopiaPayments.php

@@ -207,7 +207,12 @@ protected function encrypt(string $data)
         // Encrypt the data
         $encryptedData = '';
         $envKeys = [];
-        if (!openssl_seal($data, $encryptedData, $envKeys, [$publicKey], 'AES256')) {
+        $iv = '';
+        // Generate a random IV for AES256 cipher
+        $ivLength = openssl_cipher_iv_length('AES256');
+        $iv = openssl_random_pseudo_bytes($ivLength);
+        
+        if (!openssl_seal($data, $encryptedData, $envKeys, [$publicKey], 'AES256', $iv)) {
             throw new Exception('Could not encrypt data');
         }
 
@@ -218,6 +223,7 @@ protected function encrypt(string $data)
         return [
             'env_key' => base64_encode($envKeys[0]),
             'data' => base64_encode($encryptedData),
+            'iv' => base64_encode($iv),
         ];
     }
 
@@ -226,14 +232,18 @@ protected function encrypt(string $data)
      *
      * @param string $envKey
      * @param string $data
+     * @param string|null $iv
      * @return string
      * @throws Exception
      */
-    protected function decrypt(string $envKey, string $data)
+    protected function decrypt(string $envKey, string $data, string $iv = null)
     {
         // Decode the data
         $envKey = base64_decode($envKey);
         $data = base64_decode($data);
+        if ($iv !== null) {
+            $iv = base64_decode($iv);
+        }
 
         // Read the private key
         $privateKey = openssl_pkey_get_private(file_get_contents($this->privateKeyPath));
@@ -243,7 +253,7 @@ protected function decrypt(string $envKey, string $data)
 
         // Decrypt the data
         $decryptedData = '';
-        if (!openssl_open($data, $decryptedData, $envKey, $privateKey, 'AES256')) {
+        if (!openssl_open($data, $decryptedData, $envKey, $privateKey, 'AES256', $iv)) {
             throw new Exception('Could not decrypt data');
         }
 
@@ -259,13 +269,14 @@ protected function decrypt(string $envKey, string $data)
      *
      * @param string $envKey
      * @param string $data
+     * @param string|null $iv
      * @return Response
      * @throws Exception
      */
-    public function processResponse(string $envKey, string $data)
+    public function processResponse(string $envKey, string $data, string $iv = null)
     {
         // Decrypt the data
-        $decryptedData = $this->decrypt($envKey, $data);
+        $decryptedData = $this->decrypt($envKey, $data, $iv);
 
         // Parse the XML
         $xmlDoc = new DOMDocument();

tests/Feature/NetopiaPaymentControllerTest.php

@@ -17,6 +17,7 @@
     // Mock the NetopiaPayments facade
     NetopiaPayments::shouldReceive('processResponse')
         ->once()
+        ->with('test-env-key', 'test-data', 'test-iv')
         ->andReturn(createSuccessfulResponse());
 
     NetopiaPayments::shouldReceive('generatePaymentResponse')
@@ -30,6 +31,7 @@
     $request = Request::create('/netopia/confirm', 'POST', [
         'env_key' => 'test-env-key',
         'data' => 'test-data',
+        'iv' => 'test-iv',
     ]);
 
     // Call the controller method
@@ -47,6 +49,7 @@
     // Mock the NetopiaPayments facade
     NetopiaPayments::shouldReceive('processResponse')
         ->once()
+        ->with('test-env-key', 'test-data', 'test-iv')
         ->andReturn(createPendingResponse());
 
     NetopiaPayments::shouldReceive('generatePaymentResponse')
@@ -60,6 +63,7 @@
     $request = Request::create('/netopia/confirm', 'POST', [
         'env_key' => 'test-env-key',
         'data' => 'test-data',
+        'iv' => 'test-iv',
     ]);
 
     // Call the controller method
@@ -77,6 +81,7 @@
     // Mock the NetopiaPayments facade
     NetopiaPayments::shouldReceive('processResponse')
         ->once()
+        ->with('test-env-key', 'test-data', 'test-iv')
         ->andReturn(createCanceledResponse());
 
     NetopiaPayments::shouldReceive('generatePaymentResponse')
@@ -90,6 +95,7 @@
     $request = Request::create('/netopia/confirm', 'POST', [
         'env_key' => 'test-env-key',
         'data' => 'test-data',
+        'iv' => 'test-iv',
     ]);
 
     // Call the controller method
@@ -107,6 +113,7 @@
     // Mock the NetopiaPayments facade
     NetopiaPayments::shouldReceive('processResponse')
         ->once()
+        ->with('test-env-key', 'test-data', 'test-iv')
         ->andThrow(new Exception('Test error'));
 
     NetopiaPayments::shouldReceive('generatePaymentResponse')
@@ -117,6 +124,7 @@
     $request = Request::create('/netopia/confirm', 'POST', [
         'env_key' => 'test-env-key',
         'data' => 'test-data',
+        'iv' => 'test-iv',
     ]);
 
     // Call the controller method