-
Notifications
You must be signed in to change notification settings - Fork 155
/
aes.go
306 lines (264 loc) · 7.79 KB
/
aes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
package crypto_utils
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/sha1"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"io"
"strings"
"time"
)
// AES KEY either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256
// var aseKey = "b3c65d06a1cf4dbda57af0af5c63e85f"
func Base64URLDecode(data string) ([]byte, error) {
var missing = (4 - len(data)%4) % 4
data += strings.Repeat("=", missing)
res, err := base64.URLEncoding.DecodeString(data)
fmt.Println(" decodebase64urlsafe is :", string(res), err)
return base64.URLEncoding.DecodeString(data)
}
func Base64UrlSafeEncode(source []byte) string {
// Base64 Url Safe is the same as Base64 but does not contain '/' and '+' (replaced by '_' and '-') and trailing '=' are removed.
bytearr := base64.StdEncoding.EncodeToString(source)
safeurl := strings.Replace(string(bytearr), "/", "_", -1)
safeurl = strings.Replace(safeurl, "+", "-", -1)
safeurl = strings.Replace(safeurl, "=", "", -1)
return safeurl
}
/*
// keyStr 密钥
// value 消息内容
*/
func HMACSHA1(value, keyStr string) string {
key := []byte(keyStr)
mac := hmac.New(sha1.New, key)
mac.Write([]byte(value))
//进行base64编码
res := base64.StdEncoding.EncodeToString(mac.Sum(nil))
return res
}
func HmacEqual(signingString, signature string, key) error {
originalSig, err := base64.StdEncoding.DecodeString(signature)
mac := hmac.New(sha1.New, key)
mac.Write([]byte(value))
if !hmac.Equal(originalSig, mac.Sum(nil)) {
return errors.New("signature is invalid")
}
return nil
}
// key is 32 bytes
func AesEcbPkcs5Decrypt(crypted, key []byte) (origData []byte, err error) {
block, err := aes.NewCipher(key)
if err != nil {
return
}
blockMode := NewECBDecrypter(block)
origData = make([]byte, len(crypted))
blockMode.CryptBlocks(origData, crypted)
origData = PKCS5UnPadding(origData)
return
}
func AesEcbPkcs5Encrypt(src string, key []byte) (crypted []byte, err error) {
block, err := aes.NewCipher(key)
if err != nil {
return
}
ecb := NewECBEncrypter(block)
content := []byte(src)
content = PKCS5Padding(content, block.BlockSize())
crypted = make([]byte, len(content))
ecb.CryptBlocks(crypted, content)
return
}
func PKCS5Padding(ciphertext []byte, blockSize int) []byte {
padding := blockSize - len(ciphertext)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(ciphertext, padtext...)
}
func PKCS5UnPadding(origData []byte) []byte {
length := len(origData)
unpadding := int(origData[length-1])
return origData[:(length - unpadding)]
}
type ecb struct {
b cipher.Block
blockSize int
}
func newECB(b cipher.Block) *ecb {
return &ecb{
b: b,
blockSize: b.BlockSize(),
}
}
type ecbEncrypter ecb
// NewECBEncrypter returns a BlockMode which encrypts in electronic code book
// mode, using the given Block.
func NewECBEncrypter(b cipher.Block) cipher.BlockMode {
return (*ecbEncrypter)(newECB(b))
}
func (x *ecbEncrypter) BlockSize() int { return x.blockSize }
func (x *ecbEncrypter) CryptBlocks(dst, src []byte) {
if len(src)%x.blockSize != 0 {
panic("crypto/cipher: input not full blocks")
}
if len(dst) < len(src) {
panic("crypto/cipher: output smaller than input")
}
for len(src) > 0 {
x.b.Encrypt(dst, src[:x.blockSize])
src = src[x.blockSize:]
dst = dst[x.blockSize:]
}
}
type ecbDecrypter ecb
// NewECBDecrypter returns a BlockMode which decrypts in electronic code book
// mode, using the given Block.
func NewECBDecrypter(b cipher.Block) cipher.BlockMode {
return (*ecbDecrypter)(newECB(b))
}
func (x *ecbDecrypter) BlockSize() int { return x.blockSize }
func (x *ecbDecrypter) CryptBlocks(dst, src []byte) {
if len(src)%x.blockSize != 0 {
panic("crypto/cipher: input not full blocks")
}
if len(dst) < len(src) {
panic("crypto/cipher: output smaller than input")
}
for len(src) > 0 {
x.b.Decrypt(dst, src[:x.blockSize])
src = src[x.blockSize:]
dst = dst[x.blockSize:]
}
}
func PKCS7Padding(ciphertext []byte) []byte {
padding := aes.BlockSize - len(ciphertext)%aes.BlockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(ciphertext, padtext...)
}
func PKCS7UnPadding(plantText []byte) []byte {
length := len(plantText)
unpadding := int(plantText[length-1])
return plantText[:(length - unpadding)]
}
func AES256CBCEncrypt(plantText string, key string, iv []byte) (value string, err error) {
plaintext := PKCS7Padding([]byte(plantText))
ciphertext := make([]byte, len(plaintext))
block, err := aes.NewCipher([]byte(key))
if err != nil {
return
}
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ciphertext, plaintext)
return base64.StdEncoding.EncodeToString(ciphertext), nil
}
func AES256CBCDecrypt(plantText string, key string, iv string) (value string, err error) {
var block cipher.Block
if block, err = aes.NewCipher([]byte(key)); err != nil {
return
}
var iiv []byte
if iiv, err = base64.StdEncoding.DecodeString(iv); err != nil {
return
}
var cipherText []byte
if cipherText, err = base64.StdEncoding.DecodeString(plantText); err != nil {
return
}
mode := cipher.NewCBCDecrypter(block, iiv)
mode.CryptBlocks(cipherText, cipherText)
cipherText = PKCS7UnPadding(cipherText)
return string(cipherText), nil
}
//key is 16 bytes
func AesCbcPkcs5Encrypt(origData, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
blockSize := block.BlockSize()
origData = PKCS5Padding(origData, blockSize)
blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
crypted := make([]byte, len(origData))
blockMode.CryptBlocks(crypted, origData)
return crypted, nil
}
func AesCbcPkcs5Decrypt(crypted, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
blockSize := block.BlockSize()
blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
origData := make([]byte, len(crypted))
blockMode.CryptBlocks(origData, crypted)
origData = PKCS5UnPadding(origData)
return origData, nil
}
func getHmacCode(s string, key []byte) string {
h := hmac.New(sha256.New, key)
_, _ = io.WriteString(h, s)
return fmt.Sprintf("%x", h.Sum(nil))
}
type Crypt struct {
Iv string `json:"iv"`
Value string `json:"value"`
Mac string `json:"mac"`
}
func OpenSslAesEncrypt(value string, key string) (payload string, err error) {
iv := make([]byte, 16)
_, err = rand.Read(iv)
var encode string
if encode, err = AES256CBCEncrypt(value, key, iv); err != nil {
return
}
ivv := base64.StdEncoding.EncodeToString(iv)
crypt := Crypt{Iv: ivv, Value: encode, Mac: getHmacCode(ivv+encode, []byte(key))}
var bs []byte
if bs, err = json.Marshal(crypt); err != nil {
return
}
return base64.StdEncoding.EncodeToString(bs), nil
}
func OpenSslAesDecrypt(payload string, key string) (value string, err error) {
var bs []byte
if bs, err = base64.StdEncoding.DecodeString(payload); err != nil {
return
}
crypt := Crypt{}
if err = json.Unmarshal(bs, &crypt); err != nil {
return
}
return AES256CBCDecrypt(crypt.Value, key, crypt.Iv)
}
// Demo Application
func aesEncryptDemo(content string) string {
aesKey := "b3c65d06a1cf4dbda57af0af5c63e85f"
aesKeyByte, _ := hex.DecodeString(aesKey)
encrypt, _ := AesEcbPkcs5Encrypt(content, aesKeyByte)
return hex.EncodeToString(encrypt)
}
func aesDecryptDemo(crypt string) (reply string, err error) {
if crypt == "" {
return
}
aesKey := "b3c65d06a1cf4dbda57af0af5c63e85f"
aesKeyByte, _ := hex.DecodeString(aesKey)
cryptByte, _ := hex.DecodeString(crypt)
decryptByte, err := AesEcbPkcs5Decrypt(cryptByte, aesKeyByte)
return string(decryptByte), err
}
// generate sign
func genSignDemo(params string) (sign string) {
sha1key := "564826"
time := time.Now().Format("20060102150405")
sourceData := "¶ms=" + params + "&time=" + time
return HMACSHA1(sourceData, sha1key)
}