AES-CBC with PKCS#7

Implement CBC mode encryption/decryption with PKCS#7 padding. AES block encryption/decryption is provided in the starter (do not use crypto libraries).

Function signatures

func PKCS7Pad(data []byte, blockSize int) []byte
func PKCS7Unpad(padded []byte, blockSize int) ([]byte, bool)

func EncryptCBC(key [16]byte, iv [16]byte, plaintext []byte) []byte
func DecryptCBC(key [16]byte, iv [16]byte, ciphertext []byte) ([]byte, bool)

Requirements

• PKCS#7 always adds padding, even for aligned plaintext.
• DecryptCBC must validate padding and return (nil, false) on invalid input.
• Ciphertext length must be a multiple of block size or decryption fails.

Notes

• CBC encryption: Ci = Enc(Pi XOR C(i-1)), C0 = IV.
• CBC decryption: Pi = Dec(Ci) XOR C(i-1).
• This mode provides confidentiality only; it is malleable.