Go中的AES-GCM + Base64后无法解密

Situation

I'm trying to implement a structure (the CryptoService) hiding en/decryption from the main program flow. I have implemented "normal" functions and base64 variants that should encode the cipher to it's base64 equivalent and visa-versa in decryption. This is done because our internal network protocol uses line-feed as delimiter.

See code of implementation below

Problem

After writing the code below i started testing it. At first it went well and en- and decryption worked but soon I started noticing "randomly occurring" errors during the decryption process: cipher: message authentication failed. Now the important fact: the errors ONLY returned from the DecryptBase64 func. But the base64 usage in go is pretty straight-forward and not much to worry about so I don't have any idea where the problems lies.

Code

Below you see the code for my CryptoService implementation and the associated test file. I have tried to clean the code up as much as possible (remove comments, additional input checks, etc.) without removing context. Nevertheless it's much code so thanks to all that read it - really appreciate your help!

cryptoservice.go

type CryptoService struct {
    gcm cipher.AEAD
}

func NewCryptoService(key []byte) (cs *CryptoService, err error) {
    block, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }
    gcm, err := cipher.NewGCM(block)
    if err != nil {
        return nil, err
    }
    return &CryptoService{
        gcm: gcm,
    }, nil
}

func (cs CryptoService) Encrypt(plain []byte) (cipher []byte, err error) {
    nonce := make([]byte, cs.gcm.NonceSize())
    _, err = io.ReadFull(rand.Reader, nonce)
    if err != nil {
        return nil, err
    }

    cipher = cs.gcm.Seal(nil, nonce, plain, nil)
    cipher = append(nonce, cipher...)

    return cipher, nil
}

func (cs CryptoService) EncryptBase64(plain []byte) (base64Cipher []byte, err error) {
    cipher, err := cs.Encrypt(plain)
    if err != nil {
        return nil, err
    }

    base64Cipher = make([]byte, base64.StdEncoding.EncodedLen(len(cipher)))
    base64.StdEncoding.Encode(base64Cipher, cipher)

    return
}

func (cs CryptoService) Decrypt(cipher []byte) (plain []byte, err error) {
    nonce := cipher[0:cs.gcm.NonceSize()]
    ciphertext := cipher[cs.gcm.NonceSize():]

    plain, err = cs.gcm.Open(nil, nonce, ciphertext, nil)
    if err != nil {
        return nil, err
    }

    return
}

func (cs CryptoService) DecryptBase64(base64Cipher []byte) (plain []byte, err error) {
    cipher := make([]byte, base64.StdEncoding.DecodedLen(len(base64Cipher)))
    _, err = base64.StdEncoding.Decode(cipher, base64Cipher)
    if err != nil {
        return nil, err
    }

    return cs.Decrypt(cipher)
}

cryptoservice_test.go

TestCryptoService_EncryptDecryptRoundtrip works fine
TestCryptoService_EncryptBase64DecryptBase64Roundtrip fails "sometimes" (also note that it doesn't always fail on the same test-cases)

Additional info: The FastRandomString(n int) func in the Dynamic-Test-Case creation is effectively only a copy-and-past from the accepted answer at: How to generate a random string of a fixed length in golang?

func TestCryptoService_EncryptDecryptRoundtrip(t *testing.T) {
    tests := []struct {
        name   string
        aeskey string
        text   string
    }{
        {"Simple 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Text"},
        {"Simple 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Some random content"},
        {"Simple 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua."},

        {"Dynamic 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(32)},
        {"Dynamic 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024)},
        {"Dynamic 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 64)},
        {"Dynamic 4", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 256)},
    }
    for _, tt := range tests {
        t.Run(tt.name, func(t *testing.T) {
            for i := 0; i < 1000; i++ {
                key, _ := hex.DecodeString(tt.aeskey)
                cs, _ := NewCryptoService(key)
                cipher, err := cs.Encrypt([]byte(tt.text))
                if err != nil {
                    t.Errorf("CryptoService.Encrypt() error = %v", err)
                    return
                }

                plain, err := cs.Decrypt(cipher)
                if err != nil {
                    t.Errorf("CryptoService.Decrypt() error = %v", err)
                    return
                }

                plainStr := string(plain)
                if plainStr != tt.text {
                    t.Errorf("CryptoService.Decrypt() plain = %v, want = %v", plainStr, tt.text)
                    return
                }
            }
        })
    }
}

func TestCryptoService_EncryptBase64DecryptBase64Roundtrip(t *testing.T) {
    tests := []struct {
        name   string
        aeskey string
        text   string
    }{
        {"Simple 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Text"},
        {"Simple 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Some random content"},
        {"Simple 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua."},

        {"Dynamic 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(32)},
        {"Dynamic 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024)},
        {"Dynamic 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 64)},
        {"Dynamic 4", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 256)},
    }
    for _, tt := range tests {
        t.Run(tt.name, func(t *testing.T) {
            for i := 0; i < 1000; i++ {
                key, _ := hex.DecodeString(tt.aeskey)
                cs, _ := NewCryptoService(key)
                cipher, err := cs.EncryptBase64([]byte(tt.text))
                if err != nil {
                    t.Errorf("CryptoService.EncryptBase64() error = %v", err)
                    return
                }

                plain, err := cs.DecryptBase64(cipher)
                if err != nil {
                    t.Errorf("CryptoService.DecryptBase64() error = %v", err)
                    return
                }

                plainStr := string(plain)
                if plainStr != tt.text {
                    t.Errorf("CryptoService.DecryptBase64() plain = %v, want = %v", plainStr, tt.text)
                    return
                }
            }
        })
    }
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douji4948 2017-11-19 22:14
关注
Someone from the GopherSlack community came up with the solution:

StdEncoding pads it's results which in this case caused decryption problems when (during the encryption process) padding the output was necessary. Therefore you should use RawStdEncoding in this example.

Thanks for the help! :)

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Go中的AES-GCM + Base64后无法解密
2017-11-19 21:10

回答 1 已采纳 Someone from the GopherSlack community came up with the solution: StdEncoding pads it's results w
Python中的AES-GCM解密 python
2018-08-25 21:31

回答 1 已采纳 Worked like a charm for me. from Crypto.Cipher import AES import binascii key = binascii.unhexli
有熟悉aes-256-gcm 加密解密算法的朋友吗 c# python
2021-07-20 10:21

回答 1 已采纳你是要加密的还是解密的Ｃ＃代码还是下面贴出来的实现就行了我看看
Golang AES-128/GCM + BASE64 加密
2021-03-15 10:40

liyuan丶的博客需求背景：接入网络游戏防沉迷系统，其中请求体body需要进行加密废话不多说，就直接上源码 func GCMEncrypt(secretKey, originalText string) (string, error) { // 密钥需要解码 ... aesGcm, err := cipher
从PHP到Golang的aes-256-gcm解密 php
2018-10-01 22:45

回答 1 已采纳 Normally an encrypted message looks like IV+ciphertext+tag, not ciphertext+IV+tag. When one deviat
window.crypto.subtle 关于AES加密的GCM模式 html5 javascript node.js 有问必答
2022-04-28 09:15

回答 2 已采纳 a，c应该也是一个Promise Promise.all()方法用于将多个 Promise 实例，包装成一个新的 Promise 实例。 ES6 入门教程
如何在Golang中使用AES256-GCM加密文件？
2016-09-06 10:50

回答 2 已采纳 AEADs should not be used to encrypt large amounts of data in one go. The API is designed to discou
Go 实现aes-256-gcm加解密处理过程
2022-07-27 15:43

yjr_aaron的博客包含的go知识点：sha1、hex.EncodeToString、strconv.ParseUint、base64.StdEncoding.DecodeString、base64.StdEncoding.在对接美团小游戏的时候，支付回调使用了【sha1】的签名还有【aes-256-gcm】的加密数据。...
在Java和golang中使用AES时获得不同的结果（密文） java
2019-03-27 05:59

回答 1 已采纳 In the go code, you are using AES in GCM mode with 12 bytes of zero as IV, but in java code you ar
如何限定唯一的加密套件ECDHE-ECDSA-AES128-CCM8？ c语言 linux
2021-05-13 15:49

回答 1 已采纳这三个套件是tls1.3版本的默认套件。在编译openssl时排除tls1.3即可。参数为no-tls1_3。 sudo ./Configure linux-generic32 no-asm
如何在Golang中使用rsa密钥对进行AES加密和解密
2017-04-18 03:45

回答 1 已采纳 As suggested in comments, i searched "hybrid cryptography" . And this example has solved my proble
aes-gcm-256 php加密 java解密 chatgpt的回答！
2023-03-30 16:23

死狗等夜狼的博客 aes-gcm-256 php加密 java解密 chatgpt的回答比我快多了我用了3天！！！
使用带有cypher / aes的if-construction不一致的Go错误返回
2017-09-25 07:20

回答 1 已采纳 This is to do with scoping rules, here is a simplified example: https://play.golang.org/p/1dCaUB
aes-gcm-256 php加密 java解密成功 java php有区别！！
2022-10-08 14:12

死狗等夜狼的博客 aes-gcm-256 php加密 java解密案例
java gcm_Java实现AES-GCM解密，JS实现AES-GCM加密。
2021-03-20 08:51

weixin_40001395的博客 JS实现AES-GCM加密首先我们先引用asmcrypto.js来实现JS端的加密。const asmcrypto = require('asmcrypto.js')有了asmcrypto 对象我们就可以调用它的加密方法const encText = asmcrypto.AES_GCM.encrypt(text, key, ...
java与go对接AES-GCM加解密
2022-11-21 15:51

Fisher3652的博客 java与go对接AES-GCM加解密
PHP aes-128-gcm加密方式
2021-02-06 16:22

邂逅你的那个3-29的博客需求背景：在做游戏防沉迷操作中，需要先做前置的接口验证过程，在文档中示例中，给出的是java代码 /** * <p>@title aesGcmEncrypt</p> * <p>@description Aes-Gcm加密</p> * * @...
php 调用python解密 AES-128-GCM
2024-01-17 13:43

prz0590的博客 php 调用 python 解密 AES-128-GCM PHP解密AES
aes-gcm模式前端(vue)加解密（使用node.js crypto模块）
2022-03-22 15:13

孙梦biubiu的博客 AES-GCM介绍常见的加密主要分为两类：对称加密和非对称加密。 AES属于对称加密的一种，即加密和解密使用相同的一把密钥。根据密钥长度可分为128 bits、192 bits或256 bits。 GCM是认证加密模式中的一种，能...
没有解决我的问题, 去提问

悬赏问题

¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场部分对应不上
¥15 如何在scanpy上做差异基因和通路富集？
¥20 关于#硬件工程#的问题，请各位专家解答！
¥15 关于#matlab#的问题：期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707，使系统具有较小的超调量
¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
¥30 截图中的mathematics程序转换成matlab
¥15 动力学代码报错，维度不匹配
¥15 Power query添加列问题
¥50 Kubernetes&Fission&Eleasticsearch
¥15 報錯：Person is not mapped，如何解決？