duanpan3166
2019-06-22 09:29
浏览 257

Golang使用AES加密数据

I'm not sure if this is the right place to ask this. But I have no experience with C# and have been tasked to convert a security piece of code to Golang

I was wondering if i'm missing out on something here.

The C# code uses a Rijndael class to encrypt a bit of data. The key value and iv value is written out in the byte code like this

   public static byte[] Key = new byte[]{0xx, 0xx, 0xx, 0xx, 0xx,
                    0xx4, 0xxx, 0xxx, 0xxx, 0xxx, xxx, 0xxx,
                    0xxx, 0xxx, 0xxx, 0xxx};

public static byte[] IV = new byte[] // save structure as above with 16 in length

then theres a bit of code which does this

Rijndael alg = Rijndael.Create();
                alg.Key = Key;
                alg.IV = IV;
                CryptoStream cs = new CryptoStream(ms,
                alg.CreateEncryptor(), CryptoStreamMode.Write);
                cs.Write(dataWithoutHeader, 0, dataWithoutHeader.Length);
                cs.Close();

the function sends out byte[] data as output

I'm trying to mimic this is golang like this

func StartEncryption(message []byte) []byte {
    var key = []byte {// same as C# } 

    var iv = []byte{ // same as C# }

    var err error
    fmt.Printf("
 length of key %+v 
, 
 length of iv 
 %+v 
", len(key), len(iv))
    // Encrypt
    encrypted := make([]byte, len(message))
    err = EncryptAESCFB(encrypted, []byte(message), key, iv)
    if err != nil {
        panic(err)
    }
    return encrypted
}

The Encryption function

func EncryptAESCFB(dst, src, key, iv []byte) error {
    aesBlockEncrypter, err := aes.NewCipher([]byte(key))
    if err != nil {
        return err
    }
    aesEncrypter := cipher.NewCFBEncrypter(aesBlockEncrypter, iv)
    aesEncrypter.XORKeyStream(dst, src)
    return nil
}

The output of this is sent over an API whose output needs to be decrypted. I'm using this below

func decryptMessage(message []byte)error{
    var key = []byte{ // same as C# }

    var iv = []byte{ // same as C#  }

    // Remove the head part of the response (45 bytes)
    responseBody := message[45:]

    decrypted := make([]byte, len(responseBody))

    err := DecryptAESCFB(decrypted, responseBody, key, iv)

    if err != nil {
        fmt.Printf("
 error : 
 %+v 
", err)
    }
    return nil
}

func DecryptAESCFB(dst, src, key, iv []byte) error {
    aesBlockDecrypter, err := aes.NewCipher([]byte(key))
    if err != nil {
        return nil
    }
    aesDecrypter := cipher.NewCFBDecrypter(aesBlockDecrypter, iv)
    aesDecrypter.XORKeyStream(dst, src)
    return nil
}

The decryptor gives me gibberish - Am i going wrong somewhere?

My question boils down to 2 questions

  1. Would the C# function using the rijndael class and the golang functiony yield the same output or should i be doing something more/less

  2. Is the byte array the right data to store the key, IV in - i.e its not the same used in C# when copied to GO

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duanshan5259 2019-06-30 15:53
    已采纳

    There's a few problems with the code you posted.

    1. Don't store the key in a byte array, because that means that you are hard-coding it. Instead generate a random 256-bit key, encode it to a hex string, then store that outside of your program and read it in using a config library like viper.
    2. Don't hard-code the IV. You should be generating a new IV for every single message. Reusing the same IV weakens your encryption significantly. For every message that you encrypt, generate a random IV and prepend it to the message. When you attempt to decrypt it, read the IV off of the first n bytes and then decrypt.
    3. You should use authenticated encryption as a measure of protection against chosen ciphertext attacks. GCM mode provides authentication for you.

    Here is an example. Playground Link

    package main
    
    import (
        "crypto/aes"
        "crypto/cipher"
        "crypto/rand"
        "encoding/hex"
        "fmt"
        "os"
    )
    
    var (
        key       = randBytes(256 / 8)
        gcm       cipher.AEAD
        nonceSize int
    )
    
    // Initilze GCM for both encrypting and decrypting on program start.
    func init() {
        block, err := aes.NewCipher(key)
        if err != nil {
            fmt.Printf("Error reading key: %s
    ", err.Error())
            os.Exit(1)
        }
    
        fmt.Printf("Key: %s
    ", hex.EncodeToString(key))
    
        gcm, err = cipher.NewGCM(block)
        if err != nil {
            fmt.Printf("Error initializing AEAD: %s
    ", err.Error())
            os.Exit(1)
        }
    
        nonceSize = gcm.NonceSize()
    }
    
    func randBytes(length int) []byte {
        b := make([]byte, length)
        rand.Read(b)
        return b
    }
    
    func encrypt(plaintext []byte) (ciphertext []byte) {
        nonce := randBytes(nonceSize)
        c := gcm.Seal(nil, nonce, plaintext, nil)
        return append(nonce, c...)
    }
    
    func decrypt(ciphertext []byte) (plaintext []byte, err error) {
        if len(ciphertext) < nonceSize {
            return nil, fmt.Errorf("Ciphertext too short.")
        }
        nonce := ciphertext[0:nonceSize]
        msg := ciphertext[nonceSize:]
        return gcm.Open(nil, nonce, msg, nil)
    }
    
    func main() {
        fmt.Println("Encrypting...")
        msg := []byte("The quick brown fox jumped over the lazy dog.")
        ciphertext := encrypt(msg)
        fmt.Printf("Encrypted message: %v
    ", ciphertext)
    
        fmt.Println("Decrypting...")
        plaintext, err := decrypt(ciphertext)
        if err != nil {
            // Don't display this message to the end-user, as it could potentially
            // give an attacker useful information. Just tell them something like "Failed to decrypt."
            fmt.Printf("Error decryping message: %s
    ", err.Error())
            os.Exit(1)
        }
        fmt.Printf("Decrypted message: %s
    ", string(plaintext))
    }
    
    已采纳该答案
    打赏 评论

相关推荐 更多相似问题