bsm-sdk
/
core
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 94 Wiki Activity
core/crypto/aes/aes.go

215 lines
6.0 KiB
Go
Raw Blame History

// Package aes 提供AES加密解密功能
// 支持GCM、CBC、ECB等多种加密模式
package aes
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"encoding/hex"
"errors"
"fmt"
"io"
"os"
)
// =================== GCM模式 ======================
// AESGCMEncrypt AES GCM模式加密
// plaintext: 明文数据
// key: 加密密钥
// 返回: 十六进制编码的密文字符串
func AESGCMEncrypt(plaintext, key []byte) (string, error) {
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
nonce := make([]byte, gcm.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
return "", err
}
ciphertext := gcm.Seal(nonce, nonce, plaintext, nil)
return hex.EncodeToString(ciphertext), nil
}
// AESGCMDecrypt AES GCM模式解密
// ciphertext: 十六进制编码的密文字符串
// key: 解密密钥
// 返回: 解密后的明文数据
func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) {
data, err := hex.DecodeString(ciphertext)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
nonceSize := gcm.NonceSize()
if len(data) < nonceSize {
return nil, errors.New("密文无效")
}
nonce, cipherbyte := data[:nonceSize], data[nonceSize:]
return gcm.Open(nil, nonce, cipherbyte, nil)
}
// =================== CBC模式 ======================
// Encrypt AES CBC模式加密
// key: Base64编码的密钥
// iv: Base64编码的初始化向量
// data: 要加密的数据
// 返回: Base64编码的密文
func Encrypt(key string, iv string, data string) string {
if len(data) == 0 {
return ""
}
key2, _ := base64.StdEncoding.DecodeString(key)
iv2, _ := base64.StdEncoding.DecodeString(iv)
block, _ := aes.NewCipher(key2)
bs := block.BlockSize()
originData := _PKCS5Padding([]byte(data), bs)
cipher.NewCBCEncrypter(block, iv2).CryptBlocks(originData, originData)
data = base64.StdEncoding.EncodeToString(originData)
return data
}
// Decrypt AES CBC模式解密
// key: Base64编码的密钥
// iv: Base64编码的初始化向量
// data: Base64编码的密文
// 返回: 解密后的明文
func Decrypt(key string, iv string, data string) string {
if len(data) == 0 {
return ""
}
key2, _ := base64.StdEncoding.DecodeString(key)
iv2, _ := base64.StdEncoding.DecodeString(iv)
block, _ := aes.NewCipher(key2)
originData, err := base64.StdEncoding.DecodeString(data)
if err != nil {
return ""
}
cipher.NewCBCDecrypter(block, iv2).CryptBlocks(originData, originData)
data = string(_PKCS5UnPadding(originData))
return data
}
// _PKCS5Padding PKCS5填充
// cipherText: 需要填充的数据
// blockSize: 块大小
// 返回: 填充后的数据
func _PKCS5Padding(cipherText []byte, blockSize int) []byte {
padding := blockSize - len(cipherText)%blockSize
padText := bytes.Repeat([]byte{byte(padding)}, padding)
return append(cipherText, padText...)
}
// _PKCS5UnPadding PKCS5去填充
// origData: 需要去填充的数据
// 返回: 去填充后的数据
func _PKCS5UnPadding(origData []byte) []byte {
length := len(origData)
unpadding := int(origData[length-1])
if length-unpadding < 0 {
return origData
}
return origData[:(length - unpadding)]
}
// =================== ECB模式 ======================
// AesEncryptECB AES ECB模式加密
// origData: 原始数据
// key: 加密密钥
// 返回: Base64编码的密文
func AesEncryptECB(origData []byte, key []byte) (data string) {
cipher, _ := aes.NewCipher(generateKey(key))
length := (len(origData) + aes.BlockSize) / aes.BlockSize
plain := make([]byte, length*aes.BlockSize)
copy(plain, origData)
pad := byte(len(plain) - len(origData))
for i := len(origData); i < len(plain); i++ {
plain[i] = pad
}
encrypted := make([]byte, len(plain))
// 分组分块加密
for bs, be := 0, cipher.BlockSize(); bs <= len(origData); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
cipher.Encrypt(encrypted[bs:be], plain[bs:be])
}
data = base64.StdEncoding.EncodeToString(encrypted)
return data
}
// AesDecryptECB AES ECB模式解密
// encrypted: Base64编码的密文
// key: 解密密钥
// 返回: 解密后的明文数据
func AesDecryptECB(encrypted string, key []byte) (decrypted []byte) {
decodedCiphertext, _ := base64.StdEncoding.DecodeString(encrypted)
cipher, _ := aes.NewCipher(generateKey(key))
decrypted = make([]byte, len(decodedCiphertext))
// 分组分块解密
for bs, be := 0, cipher.BlockSize(); bs < len(decodedCiphertext); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
cipher.Decrypt(decrypted[bs:be], decodedCiphertext[bs:be])
}
trim := 0
if len(decrypted) > 0 {
trim = len(decrypted) - int(decrypted[len(decrypted)-1])
}
return decrypted[:trim]
}
// generateKey 生成标准长度的密钥
// key: 原始密钥
// 返回: 16字节的标准密钥
func generateKey(key []byte) (genKey []byte) {
genKey = make([]byte, 16)
copy(genKey, key)
for i := 16; i < len(key); {
for j := 0; j < 16 && i < len(key); j, i = j+1, i+1 {
genKey[j] ^= key[i]
}
}
return genKey
}
// AesKeyCheck 检查AES密钥环境变量
// key: 环境变量名
// 返回: 十六进制编码的密钥字符串
func AesKeyCheck(key string) (string, error) {
// 从环境变量获取密钥
keyHex := os.Getenv(key)
if keyHex == "" {
// 使用入参作为变量名,避免硬编码误导
fmt.Printf("环境变量 %s 未设置\n", key)
return "", errors.New("密钥环境变量未设置")
}
// 解码十六进制字符串的密钥
byteKey, err := hex.DecodeString(keyHex)
if err != nil {
fmt.Printf("密钥解码失败: %v\n", err)
return "", errors.New("密钥解码失败")
}
// 检查密钥长度
if len(byteKey) != 16 && len(byteKey) != 24 && len(byteKey) != 32 {
fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(byteKey))
return "", errors.New("无效的密钥长度,需要16,24或32字节")
}
return keyHex, nil
}
Reference in New Issue View Git Blame Copy Permalink