Go中的AES-GCM + Base64后无法解密

Situation

I'm trying to implement a structure (the CryptoService) hiding en/decryption from the main program flow. I have implemented "normal" functions and base64 variants that should encode the cipher to it's base64 equivalent and visa-versa in decryption. This is done because our internal network protocol uses line-feed as delimiter.

See code of implementation below

Problem

After writing the code below i started testing it. At first it went well and en- and decryption worked but soon I started noticing "randomly occurring" errors during the decryption process: cipher: message authentication failed. Now the important fact: the errors ONLY returned from the DecryptBase64 func. But the base64 usage in go is pretty straight-forward and not much to worry about so I don't have any idea where the problems lies.

Code

Below you see the code for my CryptoService implementation and the associated test file. I have tried to clean the code up as much as possible (remove comments, additional input checks, etc.) without removing context. Nevertheless it's much code so thanks to all that read it - really appreciate your help!

cryptoservice.go

type CryptoService struct {
    gcm cipher.AEAD
}

func NewCryptoService(key []byte) (cs *CryptoService, err error) {
    block, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }
    gcm, err := cipher.NewGCM(block)
    if err != nil {
        return nil, err
    }
    return &CryptoService{
        gcm: gcm,
    }, nil
}

func (cs CryptoService) Encrypt(plain []byte) (cipher []byte, err error) {
    nonce := make([]byte, cs.gcm.NonceSize())
    _, err = io.ReadFull(rand.Reader, nonce)
    if err != nil {
        return nil, err
    }

    cipher = cs.gcm.Seal(nil, nonce, plain, nil)
    cipher = append(nonce, cipher...)

    return cipher, nil
}

func (cs CryptoService) EncryptBase64(plain []byte) (base64Cipher []byte, err error) {
    cipher, err := cs.Encrypt(plain)
    if err != nil {
        return nil, err
    }

    base64Cipher = make([]byte, base64.StdEncoding.EncodedLen(len(cipher)))
    base64.StdEncoding.Encode(base64Cipher, cipher)

    return
}

func (cs CryptoService) Decrypt(cipher []byte) (plain []byte, err error) {
    nonce := cipher[0:cs.gcm.NonceSize()]
    ciphertext := cipher[cs.gcm.NonceSize():]

    plain, err = cs.gcm.Open(nil, nonce, ciphertext, nil)
    if err != nil {
        return nil, err
    }

    return
}

func (cs CryptoService) DecryptBase64(base64Cipher []byte) (plain []byte, err error) {
    cipher := make([]byte, base64.StdEncoding.DecodedLen(len(base64Cipher)))
    _, err = base64.StdEncoding.Decode(cipher, base64Cipher)
    if err != nil {
        return nil, err
    }

    return cs.Decrypt(cipher)
}

cryptoservice_test.go

TestCryptoService_EncryptDecryptRoundtrip works fine
TestCryptoService_EncryptBase64DecryptBase64Roundtrip fails "sometimes" (also note that it doesn't always fail on the same test-cases)

Additional info: The FastRandomString(n int) func in the Dynamic-Test-Case creation is effectively only a copy-and-past from the accepted answer at: How to generate a random string of a fixed length in golang?

func TestCryptoService_EncryptDecryptRoundtrip(t *testing.T) {
    tests := []struct {
        name   string
        aeskey string
        text   string
    }{
        {"Simple 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Text"},
        {"Simple 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Some random content"},
        {"Simple 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua."},

        {"Dynamic 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(32)},
        {"Dynamic 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024)},
        {"Dynamic 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 64)},
        {"Dynamic 4", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 256)},
    }
    for _, tt := range tests {
        t.Run(tt.name, func(t *testing.T) {
            for i := 0; i < 1000; i++ {
                key, _ := hex.DecodeString(tt.aeskey)
                cs, _ := NewCryptoService(key)
                cipher, err := cs.Encrypt([]byte(tt.text))
                if err != nil {
                    t.Errorf("CryptoService.Encrypt() error = %v", err)
                    return
                }

                plain, err := cs.Decrypt(cipher)
                if err != nil {
                    t.Errorf("CryptoService.Decrypt() error = %v", err)
                    return
                }

                plainStr := string(plain)
                if plainStr != tt.text {
                    t.Errorf("CryptoService.Decrypt() plain = %v, want = %v", plainStr, tt.text)
                    return
                }
            }
        })
    }
}

func TestCryptoService_EncryptBase64DecryptBase64Roundtrip(t *testing.T) {
    tests := []struct {
        name   string
        aeskey string
        text   string
    }{
        {"Simple 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Text"},
        {"Simple 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Some random content"},
        {"Simple 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua."},

        {"Dynamic 1", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(32)},
        {"Dynamic 2", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024)},
        {"Dynamic 3", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 64)},
        {"Dynamic 4", "c4cc0dfc4ae0e45c045727f84ffd373127453bc232230bf1386972ac692436c1", FastRandomString(1024 * 256)},
    }
    for _, tt := range tests {
        t.Run(tt.name, func(t *testing.T) {
            for i := 0; i < 1000; i++ {
                key, _ := hex.DecodeString(tt.aeskey)
                cs, _ := NewCryptoService(key)
                cipher, err := cs.EncryptBase64([]byte(tt.text))
                if err != nil {
                    t.Errorf("CryptoService.EncryptBase64() error = %v", err)
                    return
                }

                plain, err := cs.DecryptBase64(cipher)
                if err != nil {
                    t.Errorf("CryptoService.DecryptBase64() error = %v", err)
                    return
                }

                plainStr := string(plain)
                if plainStr != tt.text {
                    t.Errorf("CryptoService.DecryptBase64() plain = %v, want = %v", plainStr, tt.text)
                    return
                }
            }
        })
    }
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douji4948 2017-11-19 22:14
关注
Someone from the GopherSlack community came up with the solution:

StdEncoding pads it's results which in this case caused decryption problems when (during the encryption process) padding the output was necessary. Therefore you should use RawStdEncoding in this example.

Thanks for the help! :)

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Python中的AES-GCM解密 python
2018-08-25 21:31

回答 1 已采纳 Worked like a charm for me. from Crypto.Cipher import AES import binascii key = binascii.unhexli
从PHP到Golang的aes-256-gcm解密 php
2018-10-01 22:45

回答 1 已采纳 Normally an encrypted message looks like IV+ciphertext+tag, not ciphertext+IV+tag. When one deviat
有熟悉aes-256-gcm 加密解密算法的朋友吗 c# python
2021-07-20 10:21

回答 1 已采纳你是要加密的还是解密的Ｃ＃代码还是下面贴出来的实现就行了我看看
Golang AES-128/GCM + BASE64 加密
2021-03-15 10:40

liyuan丶的博客需求背景：接入网络游戏防沉迷系统，其中请求体body需要进行加密废话不多说，就直接上源码 func GCMEncrypt(secretKey, originalText string) (string, error) { // 密钥需要解码 ... aesGcm, err := cipher
如何在Golang中使用AES256-GCM加密文件？
2016-09-06 10:50

回答 2 已采纳 AEADs should not be used to encrypt large amounts of data in one go. The API is designed to discou
window.crypto.subtle 关于AES加密的GCM模式 html5 javascript node.js 有问必答
2022-04-28 09:15

回答 2 已采纳 a，c应该也是一个Promise Promise.all()方法用于将多个 Promise 实例，包装成一个新的 Promise 实例。 ES6 入门教程
如何限定唯一的加密套件ECDHE-ECDSA-AES128-CCM8？ c语言 linux
2021-05-13 15:49

回答 1 已采纳这三个套件是tls1.3版本的默认套件。在编译openssl时排除tls1.3即可。参数为no-tls1_3。 sudo ./Configure linux-generic32 no-asm
AES-128/GCM + BASE64
2021-03-12 11:14

初级后端工程师的博客 func aes128GCM(aesKey string, plainText []byte) (cipherText string, err error) { key, err := hex.DecodeString(aesKey) if err != nil { return } block, err := aes.NewCipher(key) if err != nil { ...
在Java和golang中使用AES时获得不同的结果（密文） java
2019-03-27 05:59

回答 1 已采纳 In the go code, you are using AES in GCM mode with 12 bytes of zero as IV, but in java code you ar
如何在Golang中使用rsa密钥对进行AES加密和解密
2017-04-18 03:45

回答 1 已采纳 As suggested in comments, i searched "hybrid cryptography" . And this example has solved my proble
使用带有cypher / aes的if-construction不一致的Go错误返回
2017-09-25 07:20

回答 1 已采纳 This is to do with scoping rules, here is a simplified example: https://play.golang.org/p/1dCaUB
Go 实现aes-256-gcm加解密处理过程
2022-07-27 15:43

yjr_aaron的博客包含的go知识点：sha1、hex.EncodeToString、strconv.ParseUint、base64.StdEncoding.DecodeString、base64.StdEncoding.在对接美团小游戏的时候，支付回调使用了【sha1】的签名还有【aes-256-gcm】的加密数据。...
aes-gcm-256 php加密 java解密 chatgpt的回答！
2023-03-30 16:23

死狗等夜狼的博客 aes-gcm-256 php加密 java解密 chatgpt的回答比我快多了我用了3天！！！
加密与安全_优雅存储二要素（AES-256-GCM ）
2024-09-17 15:09

小小工匠的博客二要素（姓名和身份证）是敏感数据，，很多网站仅仅依靠二要素来确认你是谁，若以明文形式存储在数据库中，存在被攻破的风险。若这些信息被不法分子获取，后果严重。单向散列算法，如MD5、SHA-256等，虽然可以对...
java gcm_Java实现AES-GCM解密，JS实现AES-GCM加密。
2021-03-20 08:51

weixin_40001395的博客 JS实现AES-GCM加密首先我们先引用asmcrypto.js来实现JS端的加密。const asmcrypto = require('asmcrypto.js')有了asmcrypto 对象我们就可以调用它的加密方法const encText = asmcrypto.AES_GCM.encrypt(text, key, ...
aes-gcm-256 php加密 java解密成功 java php有区别！！
2022-10-08 14:12

死狗等夜狼的博客 aes-gcm-256 php加密 java解密案例
php 调用python解密 AES-128-GCM
2024-01-17 13:43

prz0590的博客 php 调用 python 解密 AES-128-GCM PHP解密AES
AES-GCM在NODEJS和JAVA加解密的坑
2020-03-24 09:55

Lisa11321的博客最终成果是AES-128-GCM，先上代码 NODEJS import crypto from 'crypto' //crypto是nodejs内置模块 const iv = "0123456789ABCDEF"; //加密方法 function encodeAes(word, aesKey) { if (!word) { return '' ...
java与go对接AES-GCM加解密
2022-11-21 15:51

Fisher3652的博客 java与go对接AES-GCM加解密
没有解决我的问题, 去提问

悬赏问题

¥30 Matlab打开默认名称带有/的光谱数据
¥50 easyExcel模板动态单元格合并列
¥15 res.rows如何取值使用
¥15 在odoo17开发环境中，怎么实现库存管理系统，或独立模块设计与AGV小车对接？开发方面应如何设计和开发？请详细解释MES或WMS在与AGV小车对接时需完成的设计和开发
¥15 CSP算法实现EEG特征提取，哪一步错了？
¥15 游戏盾如何溯源服务器真实ip?需要30个字。后面的字是凑数的
¥15 vue3前端取消收藏的不会引用collectId
¥15 delphi7 HMAC_SHA256方式加密
¥15 关于#qt#的问题：我想实现qcustomplot完成坐标轴
¥15 下列c语言代码为何输出了多余的空格