package aes import ( "bytes" "crypto/aes" "crypto/cipher" "crypto/rand" "encoding/base64" "encoding/hex" "errors" "fmt" "io" "os" ) // =================== GCM ====================== // AEC GCM 加密 func AESGCMEncrypt(plaintext, key []byte) (string, error) { block, err := aes.NewCipher(key) if err != nil { return "", err } gcm, err := cipher.NewGCM(block) if err != nil { return "", err } nonce := make([]byte, gcm.NonceSize()) if _, err = io.ReadFull(rand.Reader, nonce); err != nil { return "", err } ciphertext := gcm.Seal(nonce, nonce, plaintext, nil) return hex.EncodeToString(ciphertext), nil } // AEC GCM 解密 func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) { data, err := hex.DecodeString(ciphertext) if err != nil { return nil, err } block, err := aes.NewCipher(key) if err != nil { return nil, err } gcm, err := cipher.NewGCM(block) if err != nil { return nil, err } nonceSize := gcm.NonceSize() if len(data) < nonceSize { return nil, errors.New("密文无效") } nonce, cipherbyte := data[:nonceSize], data[nonceSize:] return gcm.Open(nil, nonce, cipherbyte, nil) } // =================== CBC ====================== // AES CBC加密 func Encrypt(key string, iv string, data string) string { if len(data) == 0 { return "" } key2, _ := base64.StdEncoding.DecodeString(key) iv2, _ := base64.StdEncoding.DecodeString(iv) block, _ := aes.NewCipher(key2) bs := block.BlockSize() originData := _PKCS5Padding([]byte(data), bs) cipher.NewCBCEncrypter(block, iv2).CryptBlocks(originData, originData) data = base64.StdEncoding.EncodeToString(originData) return data } // AES CBC解密 func Decrypt(key string, iv string, data string) string { if len(data) == 0 { return "" } key2, _ := base64.StdEncoding.DecodeString(key) iv2, _ := base64.StdEncoding.DecodeString(iv) block, _ := aes.NewCipher(key2) originData, err := base64.StdEncoding.DecodeString(data) if err != nil { return "" } cipher.NewCBCDecrypter(block, iv2).CryptBlocks(originData, originData) data = string(_PKCS5UnPadding(originData)) return data } func _PKCS5Padding(cipherText []byte, blockSize int) []byte { padding := blockSize - len(cipherText)%blockSize padText := bytes.Repeat([]byte{byte(padding)}, padding) return append(cipherText, padText...) } func _PKCS5UnPadding(origData []byte) []byte { length := len(origData) unpadding := int(origData[length-1]) if length-unpadding < 0 { return origData } return origData[:(length - unpadding)] } // =================== ECB ====================== func AesEncryptECB(origData []byte, key []byte) (data string) { cipher, _ := aes.NewCipher(generateKey(key)) length := (len(origData) + aes.BlockSize) / aes.BlockSize plain := make([]byte, length*aes.BlockSize) copy(plain, origData) pad := byte(len(plain) - len(origData)) for i := len(origData); i < len(plain); i++ { plain[i] = pad } encrypted := make([]byte, len(plain)) // 分组分块加密 for bs, be := 0, cipher.BlockSize(); bs <= len(origData); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() { cipher.Encrypt(encrypted[bs:be], plain[bs:be]) } data = base64.StdEncoding.EncodeToString(encrypted) return data } func AesDecryptECB(encrypted string, key []byte) (decrypted []byte) { decodedCiphertext, _ := base64.StdEncoding.DecodeString(encrypted) cipher, _ := aes.NewCipher(generateKey(key)) decrypted = make([]byte, len(decodedCiphertext)) // for bs, be := 0, cipher.BlockSize(); bs < len(decodedCiphertext); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() { cipher.Decrypt(decrypted[bs:be], decodedCiphertext[bs:be]) } trim := 0 if len(decrypted) > 0 { trim = len(decrypted) - int(decrypted[len(decrypted)-1]) } return decrypted[:trim] } func generateKey(key []byte) (genKey []byte) { genKey = make([]byte, 16) copy(genKey, key) for i := 16; i < len(key); { for j := 0; j < 16 && i < len(key); j, i = j+1, i+1 { genKey[j] ^= key[i] } } return genKey } func AesKeyCheck(key string) (string, error) { // 从环境变量获取密钥 keyHex := os.Getenv("RST_KEY") if keyHex == "" { fmt.Println("环境变量 RST_KEY 未设置") return "", errors.New("环境变量 RST_KEY 未设置") } // 解码十六进制字符串的密钥 byteKey, err := hex.DecodeString(keyHex) if err != nil { fmt.Printf("密钥解码失败: %v\n", err) return "", errors.New("密钥解码失败") } // 检查密钥长度 if len(byteKey) != 16 && len(key) != 24 && len(key) != 32 { fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(key)) return "", errors.New("无效的密钥长度,需要16,24或32字节") } return keyHex, nil }