@eryx/crypto/hazmat/pkcs7 Module

PKCS#7 padding helpers for block ciphers.

This library is intended to pair with the raw block-cipher APIs in @eryx/crypto/hazmat/*. It pads arbitrary-length data up to a block boundary and validates/removes PKCS#7 padding explicitly.

local aes = require("@eryx/crypto/hazmat/aes")
local pkcs7 = require("@eryx/crypto/hazmat/pkcs7")

local key = buffer.create(16)
local iv = buffer.create(16)
local padded = pkcs7.pad(buffer.fromstring("hello"), 16)
local encrypt = aes.new(key, "cbc", "encrypt", iv)
local ct = buffer.concat({ encrypt:update(padded), encrypt:final() })
local decrypt = aes.new(key, "cbc", "decrypt", iv)
local pt = pkcs7.unpad(buffer.concat({ decrypt:update(ct), decrypt:final() }), 16)

Summary

Functions

pkcs7.pad(data: buffer, blockSize: number)buffer
pkcs7.unpad(data: buffer, blockSize: number)buffer

API Reference

Functions

pkcs7.pad

Appends PKCS#7 padding to data.

If the input is already aligned, a full block of padding is added.

pkcs7.pad(data: buffer, blockSize: number)buffer

Parameters

data: buffer

Raw input bytes.

blockSize: number

Block size in bytes, typically 8 or 16.

Returns

buffer

New buffer containing the padded data.

pkcs7.unpad

Validates and removes PKCS#7 padding from data.

The input length must be non-zero and a multiple of blockSize.

Padding validation runs in constant time with respect to the buffer contents: every candidate padding byte is examined regardless of the encoded length, and a single generic error is raised on any failure, so an attacker cannot learn which byte was wrong from timing or error text. Note that this does not remove the padding oracle entirely — a caller can still observe success versus failure, and the returned length reveals padLen. To defend against padding-oracle attacks, pair this with authenticated encryption (see @eryx/crypto/secretbox) or verify a MAC before unpadding.

pkcs7.unpad(data: buffer, blockSize: number)buffer

Parameters

data: buffer

Padded input bytes.

blockSize: number

Block size in bytes, typically 8 or 16.

Returns

buffer

New buffer containing the unpadded data.