package encrypt import ( "bytes" "crypto/aes" "crypto/cipher" "crypto/rand" "io" ) /*CBC加密 按照golang标准库的例子代码 不过里面没有填充的部分,所以补上 */ //使用PKCS7进行填充,IOS也是7 func PKCS7Padding(ciphertext []byte, blockSize int) []byte { padding := blockSize - len(ciphertext)%blockSize padtext := bytes.Repeat([]byte{byte(padding)}, padding) return append(ciphertext, padtext...) } func PKCS7UnPadding(origData []byte) []byte { length := len(origData) unpadding := int(origData[length-1]) return origData[:(length - unpadding)] } //aes加密,填充秘钥key的16位,24,32分别对应AES-128, AES-192, or AES-256. func AesCBCEncrypt(rawData, key []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { panic(err) } //填充原文 blockSize := block.BlockSize() rawData = PKCS7Padding(rawData, blockSize) //初始向量IV必须是唯一,但不需要保密 cipherText := make([]byte, blockSize+len(rawData)) //block大小 16 iv := cipherText[:blockSize] if _, err := io.ReadFull(rand.Reader, iv); err != nil { panic(err) } //block大小和初始向量大小一定要一致 mode := cipher.NewCBCEncrypter(block, iv) mode.CryptBlocks(cipherText[blockSize:], rawData) return cipherText, nil } func AesCBCPKCS7Encrypt(rawData, key []byte, iv []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { panic(err) } //填充原文 blockSize := block.BlockSize() rawData = PKCS7Padding(rawData, blockSize) //初始向量IV必须是唯一,但不需要保密 cipherText := make([]byte, blockSize+len(rawData)) //block大小 16 if _, err := io.ReadFull(rand.Reader, iv); err != nil { panic(err) } //block大小和初始向量大小一定要一致 mode := cipher.NewCBCEncrypter(block, iv[:blockSize]) mode.CryptBlocks(cipherText, rawData) return cipherText, nil } func AesCBCEncryptWithIv(rawData, key, iv []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { return nil, err } blockSize := block.BlockSize() rawData = PKCS5Padding(rawData, blockSize) blockMode := cipher.NewCBCEncrypter(block, iv[:blockSize]) crypted := make([]byte, len(rawData)) blockMode.CryptBlocks(crypted, rawData) return crypted, nil } func AesCBCDecrypt(encryptData, iv, key []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { panic(err) } blockSize := block.BlockSize() if len(encryptData) < blockSize { panic("ciphertext too short") } // CBC mode always works in whole blocks. if len(encryptData)%blockSize != 0 { panic("ciphertext is not a multiple of the block size") } mode := cipher.NewCBCDecrypter(block, iv) // CryptBlocks can work in-place if the two arguments are the same. mode.CryptBlocks(encryptData, encryptData) //解填充 encryptData = PKCS7Padding(encryptData, blockSize) return encryptData, nil } func AesCBCDecryptNoIV(encryptData, key []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { panic(err) } blockSize := block.BlockSize() iv := encryptData[0:blockSize] encryptData = encryptData[blockSize:] if len(encryptData) < blockSize { panic("ciphertext too short") } // CBC mode always works in whole blocks. if len(encryptData)%blockSize != 0 { panic("ciphertext is not a multiple of the block size") } mode := cipher.NewCBCDecrypter(block, iv) // CryptBlocks can work in-place if the two arguments are the same. mode.CryptBlocks(encryptData, encryptData) //解填充 encryptData = PKCS7Padding(encryptData, blockSize) return encryptData, nil } func AesCBCDecryptPKCS5Padding(encryptData, key, iv []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { panic(err) } blockSize := block.BlockSize() if len(encryptData) < blockSize { panic("ciphertext too short") } // CBC mode always works in whole blocks. if len(encryptData)%blockSize != 0 { panic("ciphertext is not a multiple of the block size") } mode := cipher.NewCBCDecrypter(block, iv) // CryptBlocks can work in-place if the two arguments are the same. mode.CryptBlocks(encryptData, encryptData) //解填充 encryptData = PKCS5UnPadding(encryptData) return encryptData, nil } func PKCS5Padding(ciphertext []byte, blockSize int) []byte { padding := blockSize - len(ciphertext)%blockSize padtext := bytes.Repeat([]byte{byte(padding)}, padding) return append(ciphertext, padtext...) } func PKCS5UnPadding(origData []byte) []byte { length := len(origData) // 去掉最后一个字节 unpadding 次 unpadding := int(origData[length-1]) return origData[:(length - unpadding)] }