fix: fix aes/des cbc crypto iv bug

2026-02-12 16:52:29 +08:00 · 2022-07-20 11:42:52 +08:00
parent ecf325a06c
commit cece13e929
2 changed files with 33 additions and 22 deletions
--- a/cryptor/aes.go
+++ b/cryptor/aes.go
@@ -38,7 +38,7 @@ func AesEcbEncrypt(data, key []byte) []byte {
 func AesEcbDecrypt(encrypted, key []byte) []byte {
 	cipher, _ := aes.NewCipher(generateAesKey(key))
 	decrypted := make([]byte, len(encrypted))
-	//
+
 	for bs, be := 0, cipher.BlockSize(); bs < len(encrypted); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
 		cipher.Decrypt(decrypted[bs:be], encrypted[bs:be])
 	}
@@ -54,14 +54,18 @@ func AesEcbDecrypt(encrypted, key []byte) []byte {
 // AesCbcEncrypt encrypt data with key use AES CBC algorithm
 // len(key) should be 16, 24 or 32
 func AesCbcEncrypt(data, key []byte) []byte {
 	// len(key) should be 16, 24 or 32
 	block, _ := aes.NewCipher(key)
-	blockSize := block.BlockSize()
+	data = pkcs7Padding(data, block.BlockSize())
-	data = pkcs7Padding(data, blockSize)
+
-	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
+	encrypted := make([]byte, aes.BlockSize+len(data))
 	iv := encrypted[:aes.BlockSize]
 	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
 		panic(err)
 	}
 	mode := cipher.NewCBCEncrypter(block, iv)
 	mode.CryptBlocks(encrypted[aes.BlockSize:], data)
 	encrypted := make([]byte, len(data))
 	blockMode.CryptBlocks(encrypted, data)
 	return encrypted
 }
@@ -69,12 +73,14 @@ func AesCbcEncrypt(data, key []byte) []byte {
 // len(key) should be 16, 24 or 32
 func AesCbcDecrypt(encrypted, key []byte) []byte {
 	block, _ := aes.NewCipher(key)
 	blockSize := block.BlockSize()
 	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
-	decrypted := make([]byte, len(encrypted))
+	iv := encrypted[:aes.BlockSize]
-	blockMode.CryptBlocks(decrypted, encrypted)
+	encrypted = encrypted[aes.BlockSize:]
-	decrypted = pkcs7UnPadding(decrypted)
+
 	mode := cipher.NewCBCDecrypter(block, iv)
 	mode.CryptBlocks(encrypted, encrypted)
 	decrypted := pkcs7UnPadding(encrypted)
 	return decrypted
 }
--- a/cryptor/des.go
+++ b/cryptor/des.go
@@ -55,12 +55,16 @@ func DesEcbDecrypt(encrypted, key []byte) []byte {
 // len(key) should be 8
 func DesCbcEncrypt(data, key []byte) []byte {
 	block, _ := des.NewCipher(key)
-	blockSize := block.BlockSize()
+	data = pkcs7Padding(data, block.BlockSize())
 	data = pkcs7Padding(data, blockSize)
 	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
-	encrypted := make([]byte, len(data))
+	encrypted := make([]byte, des.BlockSize+len(data))
-	blockMode.CryptBlocks(encrypted, data)
+	iv := encrypted[:des.BlockSize]
 	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
 		panic(err)
 	}
 	mode := cipher.NewCBCEncrypter(block, iv)
 	mode.CryptBlocks(encrypted[des.BlockSize:], data)
 	return encrypted
 }
@@ -69,13 +73,14 @@ func DesCbcEncrypt(data, key []byte) []byte {
 // len(key) should be 8
 func DesCbcDecrypt(encrypted, key []byte) []byte {
 	block, _ := des.NewCipher(key)
 	blockSize := block.BlockSize()
 	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
-	decrypted := make([]byte, len(encrypted))
+	iv := encrypted[:des.BlockSize]
-	blockMode.CryptBlocks(decrypted, encrypted)
+	encrypted = encrypted[des.BlockSize:]
 	decrypted = pkcs7UnPadding(decrypted)
 	mode := cipher.NewCBCDecrypter(block, iv)
 	mode.CryptBlocks(encrypted, encrypted)
 	decrypted := pkcs7UnPadding(encrypted)
 	return decrypted
 }