From cece13e929934bd6f5ccfcaaf6e73e439a35493d Mon Sep 17 00:00:00 2001 From: dudaodong Date: Wed, 20 Jul 2022 11:42:52 +0800 Subject: [PATCH] fix: fix aes/des cbc crypto iv bug --- cryptor/aes.go | 30 ++++++++++++++++++------------ cryptor/des.go | 25 +++++++++++++++---------- 2 files changed, 33 insertions(+), 22 deletions(-) diff --git a/cryptor/aes.go b/cryptor/aes.go index 58995b0..7754287 100644 --- a/cryptor/aes.go +++ b/cryptor/aes.go @@ -38,7 +38,7 @@ func AesEcbEncrypt(data, key []byte) []byte { func AesEcbDecrypt(encrypted, key []byte) []byte { cipher, _ := aes.NewCipher(generateAesKey(key)) decrypted := make([]byte, len(encrypted)) - // + for bs, be := 0, cipher.BlockSize(); bs < len(encrypted); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() { cipher.Decrypt(decrypted[bs:be], encrypted[bs:be]) } @@ -54,14 +54,18 @@ func AesEcbDecrypt(encrypted, key []byte) []byte { // AesCbcEncrypt encrypt data with key use AES CBC algorithm // len(key) should be 16, 24 or 32 func AesCbcEncrypt(data, key []byte) []byte { - // len(key) should be 16, 24 or 32 block, _ := aes.NewCipher(key) - blockSize := block.BlockSize() - data = pkcs7Padding(data, blockSize) - blockMode := cipher.NewCBCEncrypter(block, key[:blockSize]) + data = pkcs7Padding(data, block.BlockSize()) + + encrypted := make([]byte, aes.BlockSize+len(data)) + iv := encrypted[:aes.BlockSize] + if _, err := io.ReadFull(rand.Reader, iv); err != nil { + panic(err) + } + + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(encrypted[aes.BlockSize:], data) - encrypted := make([]byte, len(data)) - blockMode.CryptBlocks(encrypted, data) return encrypted } @@ -69,12 +73,14 @@ func AesCbcEncrypt(data, key []byte) []byte { // len(key) should be 16, 24 or 32 func AesCbcDecrypt(encrypted, key []byte) []byte { block, _ := aes.NewCipher(key) - blockSize := block.BlockSize() - blockMode := cipher.NewCBCDecrypter(block, key[:blockSize]) - decrypted := make([]byte, len(encrypted)) - blockMode.CryptBlocks(decrypted, encrypted) - decrypted = pkcs7UnPadding(decrypted) + iv := encrypted[:aes.BlockSize] + encrypted = encrypted[aes.BlockSize:] + + mode := cipher.NewCBCDecrypter(block, iv) + mode.CryptBlocks(encrypted, encrypted) + + decrypted := pkcs7UnPadding(encrypted) return decrypted } diff --git a/cryptor/des.go b/cryptor/des.go index 3c238b4..b19de3d 100644 --- a/cryptor/des.go +++ b/cryptor/des.go @@ -55,12 +55,16 @@ func DesEcbDecrypt(encrypted, key []byte) []byte { // len(key) should be 8 func DesCbcEncrypt(data, key []byte) []byte { block, _ := des.NewCipher(key) - blockSize := block.BlockSize() - data = pkcs7Padding(data, blockSize) - blockMode := cipher.NewCBCEncrypter(block, key[:blockSize]) + data = pkcs7Padding(data, block.BlockSize()) - encrypted := make([]byte, len(data)) - blockMode.CryptBlocks(encrypted, data) + encrypted := make([]byte, des.BlockSize+len(data)) + iv := encrypted[:des.BlockSize] + if _, err := io.ReadFull(rand.Reader, iv); err != nil { + panic(err) + } + + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(encrypted[des.BlockSize:], data) return encrypted } @@ -69,13 +73,14 @@ func DesCbcEncrypt(data, key []byte) []byte { // len(key) should be 8 func DesCbcDecrypt(encrypted, key []byte) []byte { block, _ := des.NewCipher(key) - blockSize := block.BlockSize() - blockMode := cipher.NewCBCDecrypter(block, key[:blockSize]) - decrypted := make([]byte, len(encrypted)) - blockMode.CryptBlocks(decrypted, encrypted) - decrypted = pkcs7UnPadding(decrypted) + iv := encrypted[:des.BlockSize] + encrypted = encrypted[des.BlockSize:] + mode := cipher.NewCBCDecrypter(block, iv) + mode.CryptBlocks(encrypted, encrypted) + + decrypted := pkcs7UnPadding(encrypted) return decrypted }