107 lines
2.6 KiB
Go
107 lines
2.6 KiB
Go
|
package security
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"bytes"
|
|||
|
|
"crypto/aes"
|
|||
|
|
"crypto/cipher"
|
|||
|
|
"errors"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
// AESCipher one of Encryptor implement
|
|||
|
|
type AESCipher struct {
|
|||
|
|
key []byte
|
|||
|
|
iv []byte
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// NewAESCipher return a AESCipher
|
|||
|
|
func NewAESCipher(key string) *AESCipher {
|
|||
|
|
size := len(key) / 8
|
|||
|
|
if size < 2 {
|
|||
|
|
//log.Error("incorrect key, need 16(aes-128), 24(aes-192), 32(aes-256) length string")
|
|||
|
|
return nil
|
|||
|
|
} else if size > 4 {
|
|||
|
|
size = 4
|
|||
|
|
}
|
|||
|
|
key = key[:size*8]
|
|||
|
|
return &AESCipher{key: []byte(key), iv: []byte(key[:16])}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// Decode src
|
|||
|
|
func (cipher *AESCipher) Decode(src []byte) []byte {
|
|||
|
|
encrypt, err := aesDeCrypt(src, cipher.key, cipher.iv)
|
|||
|
|
if err != nil {
|
|||
|
|
return src
|
|||
|
|
}
|
|||
|
|
return encrypt
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// Encode src
|
|||
|
|
func (cipher *AESCipher) Encode(src []byte) []byte {
|
|||
|
|
encrypt, err := aesEcrypt(src, cipher.key, cipher.iv)
|
|||
|
|
if err != nil {
|
|||
|
|
//log.Error("Aes Encode error %s", err)
|
|||
|
|
return src
|
|||
|
|
}
|
|||
|
|
return encrypt
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//PKCS7 填充模式
|
|||
|
|
func pKCS7Padding(ciphertext []byte, blockSize int) []byte {
|
|||
|
|
padding := blockSize - len(ciphertext)%blockSize
|
|||
|
|
//Repeat()函数的功能是把切片[]byte{byte(padding)}复制padding个,然后合并成新的字节切片返回
|
|||
|
|
padText := bytes.Repeat([]byte{byte(padding)}, padding)
|
|||
|
|
return append(ciphertext, padText...)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//填充的反向操作,删除填充字符串
|
|||
|
|
func pKCS7UnPadding(origData []byte) ([]byte, error) {
|
|||
|
|
//获取数据长度
|
|||
|
|
length := len(origData)
|
|||
|
|
if length == 0 {
|
|||
|
|
return nil, errors.New("pKCS7UnPadding error")
|
|||
|
|
}
|
|||
|
|
//获取填充字符串长度
|
|||
|
|
unpadding := int(origData[length-1])
|
|||
|
|
//截取切片,删除填充字节,并且返回明文
|
|||
|
|
return origData[:(length - unpadding)], nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//实现加密
|
|||
|
|
func aesEcrypt(origData []byte, key, iv []byte) ([]byte, error) {
|
|||
|
|
//创建加密算法实例
|
|||
|
|
block, err := aes.NewCipher(key)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
//获取块的大小
|
|||
|
|
blockSize := block.BlockSize()
|
|||
|
|
//对数据进行填充,让数据长度满足需求
|
|||
|
|
origData = pKCS7Padding(origData, blockSize)
|
|||
|
|
//采用AES加密方法中CBC加密模式
|
|||
|
|
blocMode := cipher.NewCBCEncrypter(block, iv)
|
|||
|
|
crypted := make([]byte, len(origData))
|
|||
|
|
//执行加密
|
|||
|
|
blocMode.CryptBlocks(crypted, origData)
|
|||
|
|
return crypted, nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//实现解密
|
|||
|
|
func aesDeCrypt(cypted []byte, key, iv []byte) ([]byte, error) {
|
|||
|
|
//创建加密算法实例
|
|||
|
|
block, err := aes.NewCipher(key)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
//创建加密客户端实例
|
|||
|
|
blockMode := cipher.NewCBCDecrypter(block, iv)
|
|||
|
|
origData := make([]byte, len(cypted))
|
|||
|
|
//这个函数也可以用来解密
|
|||
|
|
blockMode.CryptBlocks(origData, cypted)
|
|||
|
|
//去除填充字符串
|
|||
|
|
origData, err = pKCS7UnPadding(origData)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
return origData, err
|
|||
|
|
}
|