search

golang-module / dongle

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption
https://pkg.go.dev/github.com/golang-module/dongle
MIT License
882 stars 68 forks source link

AES encryption uses CBC or ECB mode, when the padding is PKCS5, the encrypted content is a multiple of 16 and will panic #19

Open xueyc1f opened 1 year ago

xueyc1f commented 1 year ago

Hello,

I encountered an issue with the following code:

func TestAESPKCS5(t *testing.T) {
    key := "0123456789abcdef"
    cipher := dongle.NewCipher()
    cipher.SetMode(dongle.CBC)      // CBC、CFB、OFB、CTR、ECB
    cipher.SetPadding(dongle.PKCS5) // No、Zero、PKCS5、PKCS7、AnsiX923、ISO97971
    cipher.SetKey(key)              // key 长度必须是 16、24 或 32 字节
    cipher.SetIV(key)
    data := "0123456789abcdef0123456789abcdef"
    // data的长度是16的倍数会panic: crypto/aes: output not full block
    res := dongle.Encrypt.FromString(data).ByAes(cipher).ToHexString()
    // data的长度不是16的倍数则正常
    //res := dongle.Encrypt.FromString(data[:len(data)-1]).ByAes(cipher).ToHexString()
    println(res)
}

golang version: go version go1.20.5

dongle version: v0.2.8

I expected to get:

PKCS5填充实际调用的是PKCS7,但blockSize固定为8
改成:paddingText := bytes.Repeat([]byte{byte(blockSize)}, 16)就正常了,不太了解填充方式,不知道有没有其他问题

But I actually get:

panic: crypto/cipher: input not full blocks

Thanks!

JackLeeHal commented 12 months ago

遇到了同样的问题,AES/ECB/PKCS5 模式下,加密串的长度超过16 就会panic。

Issues-translate-bot commented 12 months ago

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Encountered the same problem. In AES/ECB/PKCS5 mode, if the length of the encrypted string exceeds 16, it will panic.

JackLeeHal commented 12 months ago

https://github.com/golang-module/dongle/blob/main/cipher.go#L142

这里第二个参数应该传16而不是8

Issues-translate-bot commented 12 months ago

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

https://github.com/golang-module/dongle/blob/main/cipher.go#L142

The second parameter here should be passed 16 instead of 8

xflcx1991 commented 7 months ago

请尽快发版,这是aes加密模块的重大bug,此功能现在实际不可用

Issues-translate-bot commented 7 months ago

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Please release the version as soon as possible. This is a major bug in the aes encryption module. This function is not actually available now.

gouguoyin commented 7 months ago

请尽快发版,这是aes加密模块的重大bug,此功能现在实际不可用

PKCS5PKCS7 的一种特例,先用 PKCS7 传入16 来取代 PKCS5

Issues-translate-bot commented 7 months ago

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Please release the version as soon as possible. This is a major bug in the aes encryption module. This function is not actually available now.

PKCS5 is a special case of PKCS7. First use PKCS7 to pass in 16 to replace PKCS5