Golang PKCS7 Padding/Unpadding

pkcs7padding.go

// pkcs7strip remove pkcs7 padding
func pkcs7strip(data []byte, blockSize int) ([]byte, error) {
	length := len(data)
	if length == 0 {
		return nil, errors.New("pkcs7: Data is empty")
	}
	if length%blockSize != 0 {
		return nil, errors.New("pkcs7: Data is not block-aligned")
	}
	padLen := int(data[length-1])
	ref := bytes.Repeat([]byte{byte(padLen)}, padLen)
	if padLen > blockSize || padLen == 0 || !bytes.HasSuffix(data, ref) {
		return nil, errors.New("pkcs7: Invalid padding")
	}
	return data[:length-padLen], nil
}

// pkcs7pad add pkcs7 padding
func pkcs7pad(data []byte, blockSize int) ([]byte, error) {
	if blockSize <= 1 || blockSize >= 256 {
		return nil, fmt.Errorf("pkcs7: Invalid block size %d", blockSize)
	} else {
		padLen := blockSize - len(data) % blockSize
		padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
		return append(data, padding...), nil
	}
}

What's the meaning of the 16 on line 23? Shouldn't it be equal to blockSize?

What's the meaning of the 16 on line 23? Shouldn't it be equal to blockSize?

Opps, I was using it only for AES.

You are right, thanks for notification. I have altered it to blockSize.

Cool. It helped me.

Nice, thanks

This has a subtle off by one bug in line 20. The block size must fit in a byte; the condition should be >= 256 (also, zero is invalid)

There is a bug at line 23.
It should be
padLen := (blockSize - len(data)) % blockSize

There is a bug at line 23.
It should be
padLen := (blockSize - len(data)) % blockSize

I failed to see the reason. Why?

There is a bug at line 23.
It should be
padLen := (blockSize - len(data)) % blockSize

The original code is correct. If the data is an integral number of blocks there should be a full block of padding. It’s necessary in order for the last byte to make sense.

So current implementation is correct, yes?

padLen := blockSize - len(data) % blockSize

It is effectively the same as:

padLen := blockSize - (len(data) % blockSize)

if we use

padLen := (blockSize - len(data)) % blockSize

len(data) could be greater than blockSize and produces minus result.

https://www.rfc-editor.org/rfc/rfc2315

There is an error in line 20 of the code, as described on page 21 of this link.

Kaliski                      Informational                     [Page 21]


[RFC 2315](https://www.rfc-editor.org/rfc/rfc2315)          PKCS #7: Crytographic Message Syntax        March 1998


        2.   Some content-encryption algorithms assume the
             input length is a multiple of k octets, where k > 1, and
             let the application define a method for handling inputs
             whose lengths are not a multiple of k octets. For such
             algorithms, the method shall be to pad the input at the
             trailing end with k - (l mod k) octets all having value k -
             (l mod k), where l is the length of the input. In other
             words, the input is padded at the trailing end with one of
             the following strings:

                      01 -- if l mod k = k-1
                     02 02 -- if l mod k = k-2
                                 .
                                 .
                                 .
                   k k ... k k -- if l mod k = 0

             The padding can be removed unambiguously since all input is
             padded and no padding string is a suffix of another. This
             padding method is well-defined if and only if k < 256;
             methods for larger k are an open issue for further study.

https://www.rfc-editor.org/rfc/rfc2315

There is an error in line 20 of the code, as described on page 21 of this link.

Hi @aimuz , thanks for your feedback. What change should be made? Is it this?

if blockSize <= 1 || blockSize >= 256 {

Yes, I think that should be the case

Yes, I think that should be the case

Thanks, I have updated the gist per your suggestion.