AES Remove Block Padding(AES 移除块填充)

huangapple
go评论85阅读模式
英文:

AES Remove Block Padding

问题

我有一个程序,使用Go文档中的示例(https://pkg.go.dev/crypto/cipher#NewCBCDecrypter)解密一个密文(我无法控制)。问题出在这部分代码上:

// If the original plaintext lengths are not a multiple of the block
// size, padding would have to be added when encrypting, which would be
// removed at this point. For an example, see
// https://tools.ietf.org/html/rfc5246#section-6.2.3.2

我的原始明文长度确实不是块大小的倍数,所以我需要移除填充。我该如何做到这一点?如果我不移除填充,由于https://github.com/golang/go/issues/47809,我无法解压缩明文,因为Go维护者明确表示对gzip的兼容性要求非常严格。目前我的解决方法是作为shell命令调用gunzip,它可以成功解压缩明文(忽略尾部的填充)。

我查看了ietf链接,但没有找到示例(或者至少没有Go示例)。

英文:

I have a program that decrypts a ciphertext (which I don't control) using this example from the go docs: https://pkg.go.dev/crypto/cipher#NewCBCDecrypter

The problem is this part:

// If the original plaintext lengths are not a multiple of the block
// size, padding would have to be added when encrypting, which would be
// removed at this point. For an example, see
// https://tools.ietf.org/html/rfc5246#section-6.2.3.2

My original plaintext length is indeed not a multiple of the block size, so I need to remove the padding. How can I do this? If I do not remove the padding, I can not decompress the plaintext because of https://github.com/golang/go/issues/47809 which go maintainers made clear is very strict about gzip compliance on purpose. Currently my workaround is to invoke gunzip as a shell command which can successfully decompress the plaintext (ignoring the trailing padding).

I checked the ietf link but I found no examples (or at least no go examples)

答案1

得分: 1

原文翻译如下:

原来加密器和解密器在事先必须达成一致的填充方案。在我的情况下,加密器使用的填充方案如下所述:https://www.rfc-editor.org/rfc/rfc5652#section-6.3

换句话说,如果有一个字节的填充,明文将用0x01填充,如果有两个字节的填充,明文将用0x02 0x02填充,以此类推,依次增加填充字节。

因此,以一个示例中块大小为4字节为例,以下是一些示例明文:

明文 ... 带填充的明文
01            01 03 03 03
01 02         01 02 02 02
01 02 03      01 02 03 01
01 02 03 04   01 02 03 04 04 04 04 04

因此,我可以使用以下代码来去除明文的填充:

func removePadding(pt []byte) []byte {
	padLength := int(pt[len(pt)-1])
	return pt[:len(pt)-padLength]
}

另请参阅:https://crypto.stackexchange.com/a/2805

英文:

It turns out the encrypter and decrypter have to agree on a padding scheme in advance. In my case, the encrypter was using the padding scheme described here: https://www.rfc-editor.org/rfc/rfc5652#section-6.3

In other words, the plaintext is padded with 0x01 if there is one byte of padding, 0x02 0x02 if there are 2 bytes of padding, 0x03 0x03 0x03, etc.

So for a toy example, assume block size is 4 bytes. Here are some example plaintexts:

plaintext ... plaintext with padding
01            01 03 03 03
01 02         01 02 02 02
01 02 03      01 02 03 01
01 02 03 04   01 02 03 04 04 04 04 04

Therefore, I was able to remove plaintext padding using:

func removePadding(pt []byte) []byte {
	padLength := int(pt[len(pt)-1])
	return pt[:len(pt)-padLength]
}

See also: https://crypto.stackexchange.com/a/2805

huangapple
  • 本文由 发表于 2022年12月8日 08:05:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/74724155.html
  • aes
  • go
  • gzip
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定