| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // Package aes 提供AES加密解密功能
 | 
					
						
							|  |  |  | // 支持GCM、CBC、ECB等多种加密模式
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | package aes | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"bytes" | 
					
						
							|  |  |  | 	"crypto/aes" | 
					
						
							|  |  |  | 	"crypto/cipher" | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | 	"crypto/rand" | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | 	"encoding/base64" | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | 	"encoding/hex" | 
					
						
							|  |  |  | 	"errors" | 
					
						
							|  |  |  | 	"fmt" | 
					
						
							|  |  |  | 	"io" | 
					
						
							|  |  |  | 	"os" | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // =================== GCM模式 ======================
 | 
					
						
							|  |  |  | // AESGCMEncrypt AES GCM模式加密
 | 
					
						
							|  |  |  | // plaintext: 明文数据
 | 
					
						
							|  |  |  | // key: 加密密钥
 | 
					
						
							|  |  |  | // 返回: 十六进制编码的密文字符串
 | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | func AESGCMEncrypt(plaintext, key []byte) (string, error) { | 
					
						
							|  |  |  | 	block, err := aes.NewCipher(key) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	gcm, err := cipher.NewGCM(block) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	nonce := make([]byte, gcm.NonceSize()) | 
					
						
							|  |  |  | 	if _, err = io.ReadFull(rand.Reader, nonce); err != nil { | 
					
						
							|  |  |  | 		return "", err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	ciphertext := gcm.Seal(nonce, nonce, plaintext, nil) | 
					
						
							|  |  |  | 	return hex.EncodeToString(ciphertext), nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // AESGCMDecrypt AES GCM模式解密
 | 
					
						
							|  |  |  | // ciphertext: 十六进制编码的密文字符串
 | 
					
						
							|  |  |  | // key: 解密密钥
 | 
					
						
							|  |  |  | // 返回: 解密后的明文数据
 | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) { | 
					
						
							|  |  |  | 	data, err := hex.DecodeString(ciphertext) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	block, err := aes.NewCipher(key) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	gcm, err := cipher.NewGCM(block) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	nonceSize := gcm.NonceSize() | 
					
						
							|  |  |  | 	if len(data) < nonceSize { | 
					
						
							|  |  |  | 		return nil, errors.New("密文无效") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	nonce, cipherbyte := data[:nonceSize], data[nonceSize:] | 
					
						
							|  |  |  | 	return gcm.Open(nil, nonce, cipherbyte, nil) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // =================== CBC模式 ======================
 | 
					
						
							|  |  |  | // Encrypt AES CBC模式加密
 | 
					
						
							|  |  |  | // key: Base64编码的密钥
 | 
					
						
							|  |  |  | // iv: Base64编码的初始化向量
 | 
					
						
							|  |  |  | // data: 要加密的数据
 | 
					
						
							|  |  |  | // 返回: Base64编码的密文
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func Encrypt(key string, iv string, data string) string { | 
					
						
							|  |  |  | 	if len(data) == 0 { | 
					
						
							|  |  |  | 		return "" | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	key2, _ := base64.StdEncoding.DecodeString(key) | 
					
						
							|  |  |  | 	iv2, _ := base64.StdEncoding.DecodeString(iv) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	block, _ := aes.NewCipher(key2) | 
					
						
							|  |  |  | 	bs := block.BlockSize() | 
					
						
							|  |  |  | 	originData := _PKCS5Padding([]byte(data), bs) | 
					
						
							|  |  |  | 	cipher.NewCBCEncrypter(block, iv2).CryptBlocks(originData, originData) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	data = base64.StdEncoding.EncodeToString(originData) | 
					
						
							|  |  |  | 	return data | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // Decrypt AES CBC模式解密
 | 
					
						
							|  |  |  | // key: Base64编码的密钥
 | 
					
						
							|  |  |  | // iv: Base64编码的初始化向量
 | 
					
						
							|  |  |  | // data: Base64编码的密文
 | 
					
						
							|  |  |  | // 返回: 解密后的明文
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func Decrypt(key string, iv string, data string) string { | 
					
						
							|  |  |  | 	if len(data) == 0 { | 
					
						
							|  |  |  | 		return "" | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	key2, _ := base64.StdEncoding.DecodeString(key) | 
					
						
							|  |  |  | 	iv2, _ := base64.StdEncoding.DecodeString(iv) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	block, _ := aes.NewCipher(key2) | 
					
						
							|  |  |  | 	originData, err := base64.StdEncoding.DecodeString(data) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return "" | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	cipher.NewCBCDecrypter(block, iv2).CryptBlocks(originData, originData) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	data = string(_PKCS5UnPadding(originData)) | 
					
						
							|  |  |  | 	return data | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // _PKCS5Padding PKCS5填充
 | 
					
						
							|  |  |  | // cipherText: 需要填充的数据
 | 
					
						
							|  |  |  | // blockSize: 块大小
 | 
					
						
							|  |  |  | // 返回: 填充后的数据
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func _PKCS5Padding(cipherText []byte, blockSize int) []byte { | 
					
						
							|  |  |  | 	padding := blockSize - len(cipherText)%blockSize | 
					
						
							|  |  |  | 	padText := bytes.Repeat([]byte{byte(padding)}, padding) | 
					
						
							|  |  |  | 	return append(cipherText, padText...) | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | // _PKCS5UnPadding PKCS5去填充
 | 
					
						
							|  |  |  | // origData: 需要去填充的数据
 | 
					
						
							|  |  |  | // 返回: 去填充后的数据
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func _PKCS5UnPadding(origData []byte) []byte { | 
					
						
							|  |  |  | 	length := len(origData) | 
					
						
							|  |  |  | 	unpadding := int(origData[length-1]) | 
					
						
							|  |  |  | 	if length-unpadding < 0 { | 
					
						
							|  |  |  | 		return origData | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return origData[:(length - unpadding)] | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // =================== ECB模式 ======================
 | 
					
						
							|  |  |  | // AesEncryptECB AES ECB模式加密
 | 
					
						
							|  |  |  | // origData: 原始数据
 | 
					
						
							|  |  |  | // key: 加密密钥
 | 
					
						
							|  |  |  | // 返回: Base64编码的密文
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func AesEncryptECB(origData []byte, key []byte) (data string) { | 
					
						
							|  |  |  | 	cipher, _ := aes.NewCipher(generateKey(key)) | 
					
						
							|  |  |  | 	length := (len(origData) + aes.BlockSize) / aes.BlockSize | 
					
						
							|  |  |  | 	plain := make([]byte, length*aes.BlockSize) | 
					
						
							|  |  |  | 	copy(plain, origData) | 
					
						
							|  |  |  | 	pad := byte(len(plain) - len(origData)) | 
					
						
							|  |  |  | 	for i := len(origData); i < len(plain); i++ { | 
					
						
							|  |  |  | 		plain[i] = pad | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	encrypted := make([]byte, len(plain)) | 
					
						
							|  |  |  | 	// 分组分块加密
 | 
					
						
							|  |  |  | 	for bs, be := 0, cipher.BlockSize(); bs <= len(origData); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() { | 
					
						
							|  |  |  | 		cipher.Encrypt(encrypted[bs:be], plain[bs:be]) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	data = base64.StdEncoding.EncodeToString(encrypted) | 
					
						
							|  |  |  | 	return data | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | // AesDecryptECB AES ECB模式解密
 | 
					
						
							|  |  |  | // encrypted: Base64编码的密文
 | 
					
						
							|  |  |  | // key: 解密密钥
 | 
					
						
							|  |  |  | // 返回: 解密后的明文数据
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func AesDecryptECB(encrypted string, key []byte) (decrypted []byte) { | 
					
						
							|  |  |  | 	decodedCiphertext, _ := base64.StdEncoding.DecodeString(encrypted) | 
					
						
							|  |  |  | 	cipher, _ := aes.NewCipher(generateKey(key)) | 
					
						
							|  |  |  | 	decrypted = make([]byte, len(decodedCiphertext)) | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | 	// 分组分块解密
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | 	for bs, be := 0, cipher.BlockSize(); bs < len(decodedCiphertext); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() { | 
					
						
							|  |  |  | 		cipher.Decrypt(decrypted[bs:be], decodedCiphertext[bs:be]) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	trim := 0 | 
					
						
							|  |  |  | 	if len(decrypted) > 0 { | 
					
						
							|  |  |  | 		trim = len(decrypted) - int(decrypted[len(decrypted)-1]) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return decrypted[:trim] | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | // generateKey 生成标准长度的密钥
 | 
					
						
							|  |  |  | // key: 原始密钥
 | 
					
						
							|  |  |  | // 返回: 16字节的标准密钥
 | 
					
						
							| 
									
										
										
										
											2025-02-07 13:01:38 +08:00
										 |  |  | func generateKey(key []byte) (genKey []byte) { | 
					
						
							|  |  |  | 	genKey = make([]byte, 16) | 
					
						
							|  |  |  | 	copy(genKey, key) | 
					
						
							|  |  |  | 	for i := 16; i < len(key); { | 
					
						
							|  |  |  | 		for j := 0; j < 16 && i < len(key); j, i = j+1, i+1 { | 
					
						
							|  |  |  | 			genKey[j] ^= key[i] | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return genKey | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-10-03 19:55:20 +08:00
										 |  |  | // AesKeyCheck 检查AES密钥环境变量
 | 
					
						
							|  |  |  | // key: 环境变量名
 | 
					
						
							|  |  |  | // 返回: 十六进制编码的密钥字符串
 | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | func AesKeyCheck(key string) (string, error) { | 
					
						
							|  |  |  | 	// 从环境变量获取密钥
 | 
					
						
							| 
									
										
										
										
											2025-07-29 09:48:53 +08:00
										 |  |  | 	keyHex := os.Getenv(key) | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | 	if keyHex == "" { | 
					
						
							| 
									
										
										
										
											2025-09-27 00:41:27 +08:00
										 |  |  | 		// 使用入参作为变量名,避免硬编码误导
 | 
					
						
							|  |  |  | 		fmt.Printf("环境变量 %s 未设置\n", key) | 
					
						
							|  |  |  | 		return "", errors.New("密钥环境变量未设置") | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | 	} | 
					
						
							|  |  |  | 	// 解码十六进制字符串的密钥
 | 
					
						
							|  |  |  | 	byteKey, err := hex.DecodeString(keyHex) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		fmt.Printf("密钥解码失败: %v\n", err) | 
					
						
							|  |  |  | 		return "", errors.New("密钥解码失败") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	// 检查密钥长度
 | 
					
						
							| 
									
										
										
										
											2025-09-27 00:41:27 +08:00
										 |  |  | 	if len(byteKey) != 16 && len(byteKey) != 24 && len(byteKey) != 32 { | 
					
						
							|  |  |  | 		fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(byteKey)) | 
					
						
							| 
									
										
										
										
											2025-07-29 09:43:14 +08:00
										 |  |  | 		return "", errors.New("无效的密钥长度,需要16,24或32字节") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return keyHex, nil | 
					
						
							|  |  |  | } |