215 lines
		
	
	
		
			6.0 KiB
		
	
	
	
		
			Go
		
	
	
	
			
		
		
	
	
			215 lines
		
	
	
		
			6.0 KiB
		
	
	
	
		
			Go
		
	
	
	
| // Package aes 提供AES加密解密功能
 | |
| // 支持GCM、CBC、ECB等多种加密模式
 | |
| package aes
 | |
| 
 | |
| import (
 | |
| 	"bytes"
 | |
| 	"crypto/aes"
 | |
| 	"crypto/cipher"
 | |
| 	"crypto/rand"
 | |
| 	"encoding/base64"
 | |
| 	"encoding/hex"
 | |
| 	"errors"
 | |
| 	"fmt"
 | |
| 	"io"
 | |
| 	"os"
 | |
| )
 | |
| 
 | |
| // =================== GCM模式 ======================
 | |
| // AESGCMEncrypt AES GCM模式加密
 | |
| // plaintext: 明文数据
 | |
| // key: 加密密钥
 | |
| // 返回: 十六进制编码的密文字符串
 | |
| func AESGCMEncrypt(plaintext, key []byte) (string, error) {
 | |
| 	block, err := aes.NewCipher(key)
 | |
| 	if err != nil {
 | |
| 		return "", err
 | |
| 	}
 | |
| 	gcm, err := cipher.NewGCM(block)
 | |
| 	if err != nil {
 | |
| 		return "", err
 | |
| 	}
 | |
| 	nonce := make([]byte, gcm.NonceSize())
 | |
| 	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
 | |
| 		return "", err
 | |
| 	}
 | |
| 	ciphertext := gcm.Seal(nonce, nonce, plaintext, nil)
 | |
| 	return hex.EncodeToString(ciphertext), nil
 | |
| }
 | |
| 
 | |
| // AESGCMDecrypt AES GCM模式解密
 | |
| // ciphertext: 十六进制编码的密文字符串
 | |
| // key: 解密密钥
 | |
| // 返回: 解密后的明文数据
 | |
| func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) {
 | |
| 	data, err := hex.DecodeString(ciphertext)
 | |
| 	if err != nil {
 | |
| 		return nil, err
 | |
| 	}
 | |
| 	block, err := aes.NewCipher(key)
 | |
| 	if err != nil {
 | |
| 		return nil, err
 | |
| 	}
 | |
| 	gcm, err := cipher.NewGCM(block)
 | |
| 	if err != nil {
 | |
| 		return nil, err
 | |
| 	}
 | |
| 	nonceSize := gcm.NonceSize()
 | |
| 	if len(data) < nonceSize {
 | |
| 		return nil, errors.New("密文无效")
 | |
| 	}
 | |
| 	nonce, cipherbyte := data[:nonceSize], data[nonceSize:]
 | |
| 	return gcm.Open(nil, nonce, cipherbyte, nil)
 | |
| }
 | |
| 
 | |
| // =================== CBC模式 ======================
 | |
| // Encrypt AES CBC模式加密
 | |
| // key: Base64编码的密钥
 | |
| // iv: Base64编码的初始化向量
 | |
| // data: 要加密的数据
 | |
| // 返回: Base64编码的密文
 | |
| func Encrypt(key string, iv string, data string) string {
 | |
| 	if len(data) == 0 {
 | |
| 		return ""
 | |
| 	}
 | |
| 	key2, _ := base64.StdEncoding.DecodeString(key)
 | |
| 	iv2, _ := base64.StdEncoding.DecodeString(iv)
 | |
| 
 | |
| 	block, _ := aes.NewCipher(key2)
 | |
| 	bs := block.BlockSize()
 | |
| 	originData := _PKCS5Padding([]byte(data), bs)
 | |
| 	cipher.NewCBCEncrypter(block, iv2).CryptBlocks(originData, originData)
 | |
| 
 | |
| 	data = base64.StdEncoding.EncodeToString(originData)
 | |
| 	return data
 | |
| }
 | |
| 
 | |
| // Decrypt AES CBC模式解密
 | |
| // key: Base64编码的密钥
 | |
| // iv: Base64编码的初始化向量
 | |
| // data: Base64编码的密文
 | |
| // 返回: 解密后的明文
 | |
| func Decrypt(key string, iv string, data string) string {
 | |
| 	if len(data) == 0 {
 | |
| 		return ""
 | |
| 	}
 | |
| 	key2, _ := base64.StdEncoding.DecodeString(key)
 | |
| 	iv2, _ := base64.StdEncoding.DecodeString(iv)
 | |
| 
 | |
| 	block, _ := aes.NewCipher(key2)
 | |
| 	originData, err := base64.StdEncoding.DecodeString(data)
 | |
| 	if err != nil {
 | |
| 		return ""
 | |
| 	}
 | |
| 	cipher.NewCBCDecrypter(block, iv2).CryptBlocks(originData, originData)
 | |
| 
 | |
| 	data = string(_PKCS5UnPadding(originData))
 | |
| 	return data
 | |
| }
 | |
| 
 | |
| // _PKCS5Padding PKCS5填充
 | |
| // cipherText: 需要填充的数据
 | |
| // blockSize: 块大小
 | |
| // 返回: 填充后的数据
 | |
| func _PKCS5Padding(cipherText []byte, blockSize int) []byte {
 | |
| 	padding := blockSize - len(cipherText)%blockSize
 | |
| 	padText := bytes.Repeat([]byte{byte(padding)}, padding)
 | |
| 	return append(cipherText, padText...)
 | |
| }
 | |
| 
 | |
| // _PKCS5UnPadding PKCS5去填充
 | |
| // origData: 需要去填充的数据
 | |
| // 返回: 去填充后的数据
 | |
| func _PKCS5UnPadding(origData []byte) []byte {
 | |
| 	length := len(origData)
 | |
| 	unpadding := int(origData[length-1])
 | |
| 	if length-unpadding < 0 {
 | |
| 		return origData
 | |
| 	}
 | |
| 	return origData[:(length - unpadding)]
 | |
| }
 | |
| 
 | |
| // =================== ECB模式 ======================
 | |
| // AesEncryptECB AES ECB模式加密
 | |
| // origData: 原始数据
 | |
| // key: 加密密钥
 | |
| // 返回: Base64编码的密文
 | |
| func AesEncryptECB(origData []byte, key []byte) (data string) {
 | |
| 	cipher, _ := aes.NewCipher(generateKey(key))
 | |
| 	length := (len(origData) + aes.BlockSize) / aes.BlockSize
 | |
| 	plain := make([]byte, length*aes.BlockSize)
 | |
| 	copy(plain, origData)
 | |
| 	pad := byte(len(plain) - len(origData))
 | |
| 	for i := len(origData); i < len(plain); i++ {
 | |
| 		plain[i] = pad
 | |
| 	}
 | |
| 	encrypted := make([]byte, len(plain))
 | |
| 	// 分组分块加密
 | |
| 	for bs, be := 0, cipher.BlockSize(); bs <= len(origData); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
 | |
| 		cipher.Encrypt(encrypted[bs:be], plain[bs:be])
 | |
| 	}
 | |
| 
 | |
| 	data = base64.StdEncoding.EncodeToString(encrypted)
 | |
| 	return data
 | |
| }
 | |
| 
 | |
| // AesDecryptECB AES ECB模式解密
 | |
| // encrypted: Base64编码的密文
 | |
| // key: 解密密钥
 | |
| // 返回: 解密后的明文数据
 | |
| func AesDecryptECB(encrypted string, key []byte) (decrypted []byte) {
 | |
| 	decodedCiphertext, _ := base64.StdEncoding.DecodeString(encrypted)
 | |
| 	cipher, _ := aes.NewCipher(generateKey(key))
 | |
| 	decrypted = make([]byte, len(decodedCiphertext))
 | |
| 	// 分组分块解密
 | |
| 	for bs, be := 0, cipher.BlockSize(); bs < len(decodedCiphertext); bs, be = bs+cipher.BlockSize(), be+cipher.BlockSize() {
 | |
| 		cipher.Decrypt(decrypted[bs:be], decodedCiphertext[bs:be])
 | |
| 	}
 | |
| 
 | |
| 	trim := 0
 | |
| 	if len(decrypted) > 0 {
 | |
| 		trim = len(decrypted) - int(decrypted[len(decrypted)-1])
 | |
| 	}
 | |
| 
 | |
| 	return decrypted[:trim]
 | |
| }
 | |
| 
 | |
| // generateKey 生成标准长度的密钥
 | |
| // key: 原始密钥
 | |
| // 返回: 16字节的标准密钥
 | |
| func generateKey(key []byte) (genKey []byte) {
 | |
| 	genKey = make([]byte, 16)
 | |
| 	copy(genKey, key)
 | |
| 	for i := 16; i < len(key); {
 | |
| 		for j := 0; j < 16 && i < len(key); j, i = j+1, i+1 {
 | |
| 			genKey[j] ^= key[i]
 | |
| 		}
 | |
| 	}
 | |
| 	return genKey
 | |
| }
 | |
| 
 | |
| // AesKeyCheck 检查AES密钥环境变量
 | |
| // key: 环境变量名
 | |
| // 返回: 十六进制编码的密钥字符串
 | |
| func AesKeyCheck(key string) (string, error) {
 | |
| 	// 从环境变量获取密钥
 | |
| 	keyHex := os.Getenv(key)
 | |
| 	if keyHex == "" {
 | |
| 		// 使用入参作为变量名,避免硬编码误导
 | |
| 		fmt.Printf("环境变量 %s 未设置\n", key)
 | |
| 		return "", errors.New("密钥环境变量未设置")
 | |
| 	}
 | |
| 	// 解码十六进制字符串的密钥
 | |
| 	byteKey, err := hex.DecodeString(keyHex)
 | |
| 	if err != nil {
 | |
| 		fmt.Printf("密钥解码失败: %v\n", err)
 | |
| 		return "", errors.New("密钥解码失败")
 | |
| 	}
 | |
| 	// 检查密钥长度
 | |
| 	if len(byteKey) != 16 && len(byteKey) != 24 && len(byteKey) != 32 {
 | |
| 		fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(byteKey))
 | |
| 		return "", errors.New("无效的密钥长度,需要16,24或32字节")
 | |
| 	}
 | |
| 	return keyHex, nil
 | |
| }
 |