-
Notifications
You must be signed in to change notification settings - Fork 43
/
aes_gcm.go
116 lines (97 loc) · 3.16 KB
/
aes_gcm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package codec
import (
"bytes"
"crypto/aes"
"crypto/cipher"
cryptorand "crypto/rand"
"github.com/pkg/errors"
"io"
)
/*
//AES GCM 加密后的payload shiro 1.4.2版本更换为了AES-GCM加密方式
func AES_GCM_Encrypt(key []byte, Content []byte) string {
block, _ := aes.NewCipher(key)
nonce := make([]byte, 16)
io.ReadFull(rand.Reader, nonce)
aesgcm, _ := cipher.NewGCMWithNonceSize(block, 16)
ciphertext := aesgcm.Seal(nil, nonce, Content, nil)
return base64.StdEncoding.EncodeToString(append(nonce, ciphertext...))
}
*/
func AESGCMEncrypt(key []byte, data interface{}, nonceRaw []byte) ([]byte, error) {
nonceSize := 12
if len(nonceRaw) == 16 {
nonceSize = 16
}
return AESGCMEncryptWithNonceSize(key, data, nonceRaw, nonceSize)
}
var AESGCMEncryptWithNonceSize16 = AESGCMEncrypt
func AESGCMEncryptWithNonceSize12(key []byte, data interface{}, nonceRaw []byte) ([]byte, error) {
return AESGCMEncryptWithNonceSize(key, data, nonceRaw, 12)
}
func AESGCMEncryptWithNonceSize(key []byte, data interface{}, nonceRaw []byte, nonceSize int) ([]byte, error) {
dataRaw := interfaceToBytes(data)
c, err := aes.NewCipher(key)
if err != nil {
return nil, errors.Errorf("create aes cipher failed: %s", err)
}
gcm, err := cipher.NewGCMWithNonceSize(c, nonceSize)
if err != nil {
return nil, errors.Errorf("create gcm failed: %s", err)
}
nonce := make([]byte, gcm.NonceSize())
var randomNonce bool
if len(nonceRaw) > 0 {
copy(nonce, nonceRaw)
} else {
if _, err := io.ReadFull(cryptorand.Reader, nonce); err != nil {
return nil, errors.Errorf("read nonce for aes_gcm failed: %s", err)
}
randomNonce = true
}
var buf bytes.Buffer
if randomNonce {
buf.Write(nonce)
}
buf.Write(gcm.Seal(nil, nonce, dataRaw, nil))
return buf.Bytes(), nil
}
func AESGCMDecryptWithNonceSize(key []byte, data interface{}, nonceRaw []byte, nonceSize int) ([]byte, error) {
dataRaw := interfaceToBytes(data)
c, err := aes.NewCipher(key)
if err != nil {
return nil, errors.Errorf("create aes cipher failed: %s", err)
}
gcm, err := cipher.NewGCMWithNonceSize(c, nonceSize)
if err != nil {
return nil, errors.Errorf("create gcm failed: %s", err)
}
// 兼容 nonce
var nonce = make([]byte, nonceSize)
if nonceRaw != nil {
copy(nonce, nonceRaw)
} else {
if len(dataRaw) < nonceSize {
return nil, errors.Errorf("nonce is empty, data[%v] is too short(cannot found nonce), ", StrConvQuote(string(dataRaw)))
}
nonceFromData, encryptedData := dataRaw[:nonceSize], dataRaw[nonceSize:]
copy(nonce, nonceFromData)
if plain, err := gcm.Open(nil, nonce, encryptedData, nil); err == nil {
return plain, nil
}
}
return gcm.Open(nil, nonce, dataRaw, nil)
}
func AESGCMDecryptWithNonceSize12(key []byte, data interface{}, nonce []byte) ([]byte, error) {
return AESGCMDecryptWithNonceSize(key, data, nonce, 12)
}
func AESGCMDecryptWithNonceSize16(key []byte, data interface{}, nonce []byte) ([]byte, error) {
return AESGCMDecryptWithNonceSize(key, data, nonce, 16)
}
func AESGCMDecrypt(key []byte, data interface{}, nonce []byte) ([]byte, error) {
nonceSize := 12
if len(nonce) == 16 {
nonceSize = 16
}
return AESGCMDecryptWithNonceSize(key, data, nonce, nonceSize)
}