Skip to content

How to extract the IV of AES-GCM in "crypto/cipher" #32742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jyxjjj opened this issue Jun 23, 2019 · 4 comments
Closed

How to extract the IV of AES-GCM in "crypto/cipher" #32742

jyxjjj opened this issue Jun 23, 2019 · 4 comments
Labels
FrozenDueToAge

Comments

@jyxjjj
Copy link

jyxjjj commented Jun 23, 2019

What version of Go are you using (go version)?

go version go1.12.6 linux/amd64

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

go env Output
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/data/Projects/Go/gopath"
GOPROXY=""
GORACE=""
GOROOT="/data/go"
GOTMPDIR=""
GOTOOLDIR="/data/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build319981367=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Developing an "AES-256-GCM" Client Interacting with PHP-openssl-ext

What did you expect to see?

Like this (It's Pseudo-code and only my target):

It's Pseudo-code and only my target:

func encrypt("123"(data),"123"(key))
return encryptedData(hex)+"|"+iv(hex)+"|"+nonce(hex)

then:

encryptedData = split(return)[0]
iv = split(return)[1]
nonce = split(return)[2]
decrypt(encryptedData , iv , nonce)
return decryptedData

What did you see instead?

1.Golang has no iv, only nonce.(I found Python maybe hasn't too. But C and PHP has. And the RFC doc said it should have.)
2.Golang doesn't support un-fixed very short length password.(like "123" will cause error because of its short.)(It doesn't mean i can't do any padding for the password(key), If I do, it can't crypt as well as php.)
@jyxjjj
Copy link
Author

jyxjjj commented Jun 23, 2019

Sorry, due to some personal blogs, maybe i confused the iv/nonce/aad/tag.
But it truely only one 32 length HEX string data.
In php it is tag. I think it is nonce.
Another 24 length HEX string data lost. In php it's IV.

@jyxjjj
Copy link
Author

jyxjjj commented Jun 23, 2019

Searched on Wikipedia.
I think i need tag instead of iv.
The iv in GoLang is nonce.

@FiloSottile
Copy link
Contributor

FiloSottile commented Jun 23, 2019
edited
Loading

IV and nonce are mostly synonyms. AES-GCM is an AEAD and it takes (key, nonce, plaintext[, aad]) and generates a ciphertext, which includes the authentication tag.

Note that the key for AES-256 must be 32 uniform (random-looking) bytes, you don't want to use a password like "123", or even "12345678901234567890123456789012". Use scrypt or something like it to derive the key first.

The golang/go issue tracker is used to develop the Go project, so you'll get more help with questions about using the Go language through the resources listed at https://golang.org/wiki/Questions.

@FiloSottile
Copy link
Contributor

If you are trying to separate ciphertext and tag, the tag is at the end of the ciphertext in Go. There is some discussion about a split API at #24990.

@golang golang locked and limited conversation to collaborators Jun 22, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FiloSottile @gopherbot @jyxjjj