Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AES encryption uses CBC or ECB mode, when the padding is PKCS5, the encrypted content is a multiple of 16 and will panic #19

Closed
xueyc1f opened this issue Jul 5, 2023 · 9 comments
Closed

AES encryption uses CBC or ECB mode, when the padding is PKCS5, the encrypted content is a multiple of 16 and will panic #19

xueyc1f opened this issue Jul 5, 2023 · 9 comments
Labels
bug Something isn't working

Comments

@xueyc1f
Copy link

xueyc1f commented Jul 5, 2023
edited
Loading

Hello,

I encountered an issue with the following code:

func TestAESPKCS5(t *testing.T) {
	key := "0123456789abcdef"
	cipher := dongle.NewCipher()
	cipher.SetMode(dongle.CBC)      // CBC、CFB、OFB、CTR、ECB
	cipher.SetPadding(dongle.PKCS5) // No、Zero、PKCS5、PKCS7、AnsiX923、ISO97971
	cipher.SetKey(key)              // key 长度必须是 16、24 或 32 字节
	cipher.SetIV(key)
	data := "0123456789abcdef0123456789abcdef"
	// data的长度是16的倍数会panic: crypto/aes: output not full block
	res := dongle.Encrypt.FromString(data).ByAes(cipher).ToHexString()
	// data的长度不是16的倍数则正常
	//res := dongle.Encrypt.FromString(data[:len(data)-1]).ByAes(cipher).ToHexString()
	println(res)
}

golang version: go version go1.20.5

dongle version: v0.2.8

I expected to get:

PKCS5填充实际调用的是PKCS7,但blockSize固定为8
改成:paddingText := bytes.Repeat([]byte{byte(blockSize)}, 16)就正常了,不太了解填充方式,不知道有没有其他问题

But I actually get:

panic: crypto/cipher: input not full blocks

Thanks!
@Issues-translate-bot Issues-translate-bot changed the title AES加密使用CBC或ECB模式,填充为PKCS5时,加密内容是16的倍数会panic AES encryption uses CBC or ECB mode, when the padding is PKCS5, the encrypted content is a multiple of 16 and will panic Jul 5, 2023
@gouguoyin gouguoyin added the bug Something isn't working label Jul 25, 2023
@JackLeeHal
Copy link

遇到了同样的问题,AES/ECB/PKCS5 模式下,加密串的长度超过16 就会panic。

@Issues-translate-bot
Copy link
Collaborator

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Encountered the same problem. In AES/ECB/PKCS5 mode, if the length of the encrypted string exceeds 16, it will panic.

@JackLeeHal
Copy link

https://github.com/golang-module/dongle/blob/main/cipher.go#L142

这里第二个参数应该传16而不是8

@Issues-translate-bot
Copy link
Collaborator

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

https://github.com/golang-module/dongle/blob/main/cipher.go#L142

The second parameter here should be passed 16 instead of 8

alonelucky added a commit to alonelucky/dongle that referenced this issue Jan 30, 2024
@alonelucky
Fixed: AES/ECB/PCKS5padding panic
5497c86 
dromara#19
@alonelucky alonelucky mentioned this issue Jan 30, 2024
Merged
gouguoyin added a commit that referenced this issue Jan 30, 2024
@gouguoyin
Fixed: AES/ECB/PCKS5padding panic #19
fce46a2 
Fixed: AES/ECB/PCKS5padding panic #19
@xflcx1991
Copy link

请尽快发版,这是aes加密模块的重大bug,此功能现在实际不可用

@Issues-translate-bot
Copy link
Collaborator

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Please release the version as soon as possible. This is a major bug in the aes encryption module. This function is not actually available now.

@gouguoyin
Copy link
Collaborator

请尽快发版,这是aes加密模块的重大bug,此功能现在实际不可用

PKCS5PKCS7 的一种特例,先用 PKCS7 传入16 来取代 PKCS5

@Issues-translate-bot
Copy link
Collaborator

The issue body's language is not English, it has been automatically translated, please use English next time. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Please release the version as soon as possible. This is a major bug in the aes encryption module. This function is not actually available now.

PKCS5 is a special case of PKCS7. First use PKCS7 to pass in 16 to replace PKCS5

@gouguoyin
Copy link
Collaborator

v1.0.0 has been fixed and released

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@xflcx1991 @gouguoyin @JackLeeHal @xueyc1f @Issues-translate-bot