Open Avijeet-Blocsol opened 8 months ago
HI
I am facing same problem.. I tried ur code but it throws 2024/06/02 10:59:34 http: panic serving 10.0.8.139:36126: runtime error: slice bounds out of range [:-164]
padding := decrypted[len(decrypted)-1] return decrypted[:len(decrypted)-int(padding)], nil
Hello Bhanu,
I would request that you join the daily tech integration meetings with ONDC team which happen at about 10 AM each day. They will asssit you with the problem.
---- On Sun, 02 Jun 2024 16:42:05 +0530 Bhanu Marwaha @.***> wrote ---
HI
I am facing same problem.. I tried ur code but it throws 2024/06/02 10:59:34 http: panic serving 10.0.8.139:36126: runtime error: slice bounds out of range [:-164] padding := decrypted[len(decrypted)-1] return decrypted[:len(decrypted)-int(padding)], nil — Reply to this email directly, https://github.com/ONDC-Official/reference-implementations/issues/58#issuecomment-2143806177, or https://github.com/notifications/unsubscribe-auth/AEVSIT3FM3LNYCNVYVNYLSTZFL4YLAVCNFSM6AAAAABB3HHASWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBTHAYDMMJXG4. You are receiving this because you authored the thread.
where is the link to join meets?
During the onboarding process, I used the golang utilities for encrypting and decrypting which can be found on this URL: https://github.com/ONDC-Official/reference-implementations/blob/main/utilities/signing_and_verification/golang/crypto.go#L44
There is a bug when using the decrypt function on the incoming challenge in the on_subscribe call from the gateway. The decryption process does not result in any errors but there is some extra padding at the end of the decrypted string returned from the function. If you return this string to the gateway in the response body under "answer" key, the gateway throws "Encryption verification is failed" error.
To fix the problem, I propose the following changes to the aesDecrypt and the aesEncrypt functions in the utility file:
func aesDecrypt(cipherText []byte, key []byte) ([]byte, error) { cipher, err := aes.NewCipher(key) if err != nil { fmt.Println("Error creating AES cipher", err) return nil, err }
}
func aesEncrypt(payload []byte, key []byte) ([]byte, error) { cipher, err := aes.NewCipher(key) if err != nil { fmt.Println("Error creating AES cipher", err) return nil, err }
}
This results in the encryption function properly using PKCS#7 scheme to properly add the padding and the decrypt function to use the same to remove the additional padding. This resolves the beforementioned bug.
You can also use a public package to do the same:
import "github.com/zenazn/pkcs7pad"
func aesEncrypt(payload []byte, key []byte) ([]byte, error) { cipher, err := aes.NewCipher(key) if err != nil { fmt.Println("Error creating AES cipher", err) return nil, err }
}
func aesDecrypt(cipherText []byte, key []byte) ([]byte, error) { cipher, err := aes.NewCipher(key) if err != nil { fmt.Println("Error creating AES cipher", err) return nil, err }
}