Feature request: PKCS7 padding
mfbx9da4 opened this issue · 3 comments
I'm new to C++ so sorry if there's something obvious here.
After decryption there are some rogue return characters \r (and some other characters). As seen below
std::string keyString = "68sGk5CADl8MaSHjGAwEwxiismMmA1CuMqaiZAPXuNg=";
std::string ivString = "SEHUOmHzgqBZZdIjWvFmAg==";
std::string dataInString = "UQamOAvnwxzfrDY6UMZfJw==";
auto decodedKey = base64_decode(keyString);
auto decodedIv = base64_decode(ivString);
auto decodedDataIn = base64_decode(dataInString);
std::vector<unsigned char> key(decodedKey.begin(), decodedKey.end());
key.push_back('\0');
std::vector<unsigned char> iv(decodedIv.begin(), decodedIv.end());
iv.push_back('\0');
std::vector<unsigned char> dataIn(decodedDataIn.begin(), decodedDataIn.end());
dataIn.push_back('\0');
auto decrypted = aes.DecryptCBC(dataIn, key, iv);
std::string decryptedString;
for (auto letter : decrypted)
decryptedString += letter;
decryptedString std::string "Hey\r\r\r\r\r\r\r\r\r\r\r\r\rR"
Presumably this is a padding issue but I don't see where I have gone wrong. Anything which stands out?
Note using base64.cpp for decoding
Update
I've read
I don't have the option of appending the size of the plain text to the plain text. I've used CommonCrypto/CommonCryptor.h/CCCrypt in objective C for exactly the same example cipher text and the output is the right length. How is that possible that CCCrypt is able to determine the correct length? Anyway I can configure this library to work like CCCrypt?
NSString *keyString = @"68sGk5CADl8MaSHjGAwEwxiismMmA1CuMqaiZAPXuNg=";
NSString* ivString = @"SEHUOmHzgqBZZdIjWvFmAg==";
NSString* dataInString = @"UQamOAvnwxzfrDY6UMZfJw==";
NSData *key = [[NSData alloc] initWithBase64EncodedString:keyString options:NSDataBase64DecodingIgnoreUnknownCharacters];
NSData *iv = [[NSData alloc] initWithBase64EncodedString:ivString options:NSDataBase64DecodingIgnoreUnknownCharacters];
NSData *dataIn = [[NSData alloc] initWithBase64EncodedString:dataInString options:NSDataBase64DecodingIgnoreUnknownCharacters];
CCCryptorStatus ccStatus = kCCSuccess;
size_t cryptBytes = 0;
NSMutableData *dataOut = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];
NSString* dataOutString;
dataOutString = [[NSString alloc] initWithData:dataOut encoding:NSASCIIStringEncoding];
NSLog(dataOutString);
ccStatus = CCCrypt(kCCDecrypt,
kCCAlgorithmAES,
kCCOptionPKCS7Padding,
key.bytes,
kCCKeySizeAES256,
iv.bytes,
dataIn.bytes,
dataIn.length,
dataOut.mutableBytes,
dataOut.length,
&cryptBytes);
dataOut.length = cryptBytes;
Update 2
Looks like the encrypt counterpart is using PKCS7 so I will try removing the padding according to that standard. It would be great if this library provided a util for that!
I've found some code to do the padding which looks fairly simple but struggled to get it to compile https://github.com/GRISHNOV/PKCS7-Padding
I don't remember this library using PKCS5 or PKCS7 instead it uses Zero Null padding so the decryption will actually not remove the zero paddings (maybe that's the extra characters you are getting) , and it seems that you are doing base64 encoding are you sure you are encoding and decoding your strings properly in base64?
@mrdcvlsc you're 100% right. I've realized the library I'm using for encryption uses PKCS7 padding which explains the trailing excess characters. I've seen quite a few other people were caught by the null padding default and I am requesting that PKCS7 be bundled in with the source.
However encoding wise everything is fine FYI.
I see that default zero padding is very confusing. Because of it I decide to delete any padding from this library. You can use any padding from any library before encrypt\decrypt without limitations