Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Decrypting using Go a string encrypted in php using MCRYPT_RIJNDAEL_256

In PHP, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); returns a value of 32, thus apparently saying that AES-256 wants an Initialization Vector of 32 bytes. But this is deceiving, as said in the comments for mcrypt_encrypt:

Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. 'aes-128-cbc' vs 'aes-256-ctr').

So of course, with an IV of 32 bytes, the following example does not work in Go (it causes a panic).

score := decodePost(c.PostForm("score"))
iv := decodePost(c.PostForm("iv"))

aesKey := getAESKey()
baseAES, err := aes.NewCipher([]byte(aesKey))
if err != nil {
    c.AbortWithError(500, err)
    return
}
block := cipher.NewCBCDecrypter(baseAES, []byte(iv))
block.CryptBlocks(score, score)

Quoting from the docs of crypto/cipher:

The length of iv must be the same as the Block's block size and must match the iv used to encrypt the data.

(And of course, the AES block size in Go is 16 bytes).

So, finally, how can I decrypt such string in Go?

like image 285
morganbaz Avatar asked Aug 16 '17 11:08

morganbaz


1 Answers

Since in Golang you have only built-in standard AES crypto, you need to implement the Rijndael crypto yourself.

I found one here: https://github.com/celso-wo/rijndael256/blob/master/rijndael256.go

like image 78
itscaro Avatar answered Nov 16 '22 12:11

itscaro