Additional Padding in the decrypted string when using the golang utilities for signing and verification #58
Description
During the onboarding process, I used the golang utilities for encrypting and decrypting which can be found on this URL: https://github.com/ONDC-Official/reference-implementations/blob/main/utilities/signing_and_verification/golang/crypto.go#L44
There is a bug when using the decrypt function on the incoming challenge in the on_subscribe call from the gateway. The decryption process does not result in any errors but there is some extra padding at the end of the decrypted string returned from the function. If you return this string to the gateway in the response body under "answer" key, the gateway throws "Encryption verification is failed" error.
To fix the problem, I propose the following changes to the aesDecrypt and the aesEncrypt functions in the utility file:
func aesDecrypt(cipherText []byte, key []byte) ([]byte, error) {
cipher, err := aes.NewCipher(key)
if err != nil {
fmt.Println("Error creating AES cipher", err)
return nil, err
}
blockSize := cipher.BlockSize()
decrypted := make([]byte, len(cipherText))
for i := 0; i < len(cipherText); i += blockSize {
cipher.Decrypt(decrypted[i:i+blockSize], cipherText[i:i+blockSize])
}
padding := decrypted[len(decrypted)-1]
return decrypted[:len(decrypted)-int(padding)], nil
}
func aesEncrypt(payload []byte, key []byte) ([]byte, error) {
cipher, err := aes.NewCipher(key)
if err != nil {
fmt.Println("Error creating AES cipher", err)
return nil, err
}
blockSize := cipher.BlockSize()
padding := blockSize - len(payload)%blockSize
padText := bytes.Repeat([]byte{byte(padding)}, padding)
payload = append(payload, padText...)
encrypted := make([]byte, len(payload))
for i := 0; i < len(payload); i += blockSize {
cipher.Encrypt(encrypted[i:i+blockSize], payload[i:i+blockSize])
}
return encrypted, nil
}
This results in the encryption function properly using PKCS#7 scheme to properly add the padding and the decrypt function to use the same to remove the additional padding. This resolves the beforementioned bug.
You can also use a public package to do the same:
import "github.com/zenazn/pkcs7pad"
func aesEncrypt(payload []byte, key []byte) ([]byte, error) {
cipher, err := aes.NewCipher(key)
if err != nil {
fmt.Println("Error creating AES cipher", err)
return nil, err
}
// Pad the payload using PKCS#7 padding
paddedData := pkcs7.Pad(payload, cipher.BlockSize())
// Encrypt the padded data
encrypted := make([]byte, len(paddedData))
cipher.NewEncrypter(key).CryptBlocks(encrypted, paddedData)
return encrypted, nil
}
func aesDecrypt(cipherText []byte, key []byte) ([]byte, error) {
cipher, err := aes.NewCipher(key)
if err != nil {
fmt.Println("Error creating AES cipher", err)
return nil, err
}
// Decrypt the data
decrypted := make([]byte, len(cipherText))
cipher.NewDecrypter(key).CryptBlocks(decrypted, cipherText)
// Unpad the decrypted data using PKCS#7
unpaddedData, err := pkcs7.Unpad(decrypted)
if err != nil {
fmt.Println("Error removing PKCS#7 padding:", err)
return nil, err
}
return unpaddedData, nil
}