core/crypto/aes/aes.go

package aes

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/base64"
	"encoding/hex"
	"errors"
	"fmt"
	"io"
	"os"
)

// =================== GCM ======================
// AEC GCM 加密
func AESGCMEncrypt(plaintext, key []byte) (string, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return "", err
	}
	nonce := make([]byte, gcm.NonceSize())
	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
		return "", err
	}
	ciphertext := gcm.Seal(nonce, nonce, plaintext, nil)
	return hex.EncodeToString(ciphertext), nil
}

// AEC GCM 解密
func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) {
	data, err := hex.DecodeString(ciphertext)
	if err != nil {
		return nil, err
	}
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	nonceSize := gcm.NonceSize()
	if len(data) < nonceSize {
		return nil, errors.New("密文无效")
	}
	nonce, cipherbyte := data[:nonceSize], data[nonceSize:]
	return gcm.Open(nil, nonce, cipherbyte, nil)
}

// =================== CBC ======================
// AES CBC加密
func Encrypt(key string, iv string, data string) string {
	if len(data) == 0 {
		return ""
	}
	key2, _ := base64.StdEncoding.DecodeString(key)
	iv2, _ := base64.StdEncoding.DecodeString(iv)

	block, _ := aes.NewCipher(key2)
	bs := block.BlockSize()
	originData := _PKCS5Padding([]byte(data), bs)
	cipher.NewCBCEncrypter(block, iv2).CryptBlocks(originData, originData)

	data = base64.StdEncoding.EncodeToString(originData)
	return data
}

// AES CBC解密
func Decrypt(key string, iv string, data string) string {
	if len(data) == 0 {
		return ""
	}
	key2, _ := base64.StdEncoding.DecodeString(key)
	iv2, _ := base64.StdEncoding.DecodeString(iv)

	block, _ := aes.NewCipher(key2)
	originData, err := base64.StdEncoding.DecodeString(data)
	if err != nil {
		return ""
	}
	cipher.NewCBCDecrypter(block, iv2).CryptBlocks(originData, originData)

	data = string(_PKCS5UnPadding(originData))
	return data
}

func _PKCS5Padding(cipherText []byte, blockSize int) []byte {
	padding := blockSize - len(cipherText)%blockSize
	padText := bytes.Repeat([]byte{byte(padding)}, padding)
	return append(cipherText, padText...)
}
func _PKCS5UnPadding(origData []byte) []byte {
	length := len(origData)
	unpadding := int(origData[length-1])
	if length-unpadding < 0 {
		return origData
	}
	return origData[:(length - unpadding)]
}

// =================== ECB ======================
func AesEncryptECB(origData []byte, key []byte) (data string) {
	cipher, _ := aes.NewCipher(generateKey(key))
	length := (len(origData) + aes.BlockSize) / aes.BlockSize
	plain := make([]byte, length*aes.BlockSize)
	copy(plain, origData)
	pad := byte(len(plain) - len(origData))
	for i := len(origData); i < len(plain); i++ {
		plain[i] = pad
	}
	encrypted := make([]byte, len(plain))
	// 分组分块加密
	for bs, be := 0, cipher.BlockSize(); bs <= len(origData); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
		cipher.Encrypt(encrypted[bs:be], plain[bs:be])
	}

	data = base64.StdEncoding.EncodeToString(encrypted)
	return data
}
func AesDecryptECB(encrypted string, key []byte) (decrypted []byte) {
	decodedCiphertext, _ := base64.StdEncoding.DecodeString(encrypted)
	cipher, _ := aes.NewCipher(generateKey(key))
	decrypted = make([]byte, len(decodedCiphertext))
	//
	for bs, be := 0, cipher.BlockSize(); bs < len(decodedCiphertext); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
		cipher.Decrypt(decrypted[bs:be], decodedCiphertext[bs:be])
	}

	trim := 0
	if len(decrypted) > 0 {
		trim = len(decrypted) - int(decrypted[len(decrypted)-1])
	}

	return decrypted[:trim]
}
func generateKey(key []byte) (genKey []byte) {
	genKey = make([]byte, 16)
	copy(genKey, key)
	for i := 16; i < len(key); {
		for j := 0; j < 16 && i < len(key); j, i = j+1, i+1 {
			genKey[j] ^= key[i]
		}
	}
	return genKey
}

func AesKeyCheck(key string) (string, error) {
	// 从环境变量获取密钥
	keyHex := os.Getenv(key)
	if keyHex == "" {
		fmt.Println("环境变量 RST_KEY 未设置")
		return "", errors.New("环境变量 RST_KEY 未设置")
	}
	// 解码十六进制字符串的密钥
	byteKey, err := hex.DecodeString(keyHex)
	if err != nil {
		fmt.Printf("密钥解码失败: %v\n", err)
		return "", errors.New("密钥解码失败")
	}
	// 检查密钥长度
	if len(byteKey) != 16 && len(key) != 24 && len(key) != 32 {
		fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(key))
		return "", errors.New("无效的密钥长度,需要16,24或32字节")
	}
	return keyHex, nil
}