123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 |
- package encrypt
- import (
- "bytes"
- "crypto/aes"
- "crypto/cipher"
- "crypto/rand"
- "io"
- )
- /*CBC加密 按照golang标准库的例子代码
- 不过里面没有填充的部分,所以补上
- */
- //使用PKCS7进行填充,IOS也是7
- func PKCS7Padding(ciphertext []byte, blockSize int) []byte {
- padding := blockSize - len(ciphertext)%blockSize
- padtext := bytes.Repeat([]byte{byte(padding)}, padding)
- return append(ciphertext, padtext...)
- }
- func PKCS7UnPadding(origData []byte) []byte {
- length := len(origData)
- unpadding := int(origData[length-1])
- return origData[:(length - unpadding)]
- }
- //aes加密,填充秘钥key的16位,24,32分别对应AES-128, AES-192, or AES-256.
- func AesCBCEncrypt(rawData, key []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- panic(err)
- }
- //填充原文
- blockSize := block.BlockSize()
- rawData = PKCS7Padding(rawData, blockSize)
- //初始向量IV必须是唯一,但不需要保密
- cipherText := make([]byte, blockSize+len(rawData))
- //block大小 16
- iv := cipherText[:blockSize]
- if _, err := io.ReadFull(rand.Reader, iv); err != nil {
- panic(err)
- }
- //block大小和初始向量大小一定要一致
- mode := cipher.NewCBCEncrypter(block, iv)
- mode.CryptBlocks(cipherText[blockSize:], rawData)
- return cipherText, nil
- }
- func AesCBCPKCS7Encrypt(rawData, key []byte, iv []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- panic(err)
- }
- //填充原文
- blockSize := block.BlockSize()
- rawData = PKCS7Padding(rawData, blockSize)
- //初始向量IV必须是唯一,但不需要保密
- cipherText := make([]byte, blockSize+len(rawData))
- //block大小 16
- if _, err := io.ReadFull(rand.Reader, iv); err != nil {
- panic(err)
- }
- //block大小和初始向量大小一定要一致
- mode := cipher.NewCBCEncrypter(block, iv[:blockSize])
- mode.CryptBlocks(cipherText, rawData)
- return cipherText, nil
- }
- func AesCBCEncryptWithIv(rawData, key, iv []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- blockSize := block.BlockSize()
- rawData = PKCS5Padding(rawData, blockSize)
- blockMode := cipher.NewCBCEncrypter(block, iv[:blockSize])
- crypted := make([]byte, len(rawData))
- blockMode.CryptBlocks(crypted, rawData)
- return crypted, nil
- }
- func AesCBCDecrypt(encryptData, iv, key []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- panic(err)
- }
- blockSize := block.BlockSize()
- if len(encryptData) < blockSize {
- panic("ciphertext too short")
- }
- // CBC mode always works in whole blocks.
- if len(encryptData)%blockSize != 0 {
- panic("ciphertext is not a multiple of the block size")
- }
- mode := cipher.NewCBCDecrypter(block, iv)
- // CryptBlocks can work in-place if the two arguments are the same.
- mode.CryptBlocks(encryptData, encryptData)
- //解填充
- encryptData = PKCS7Padding(encryptData, blockSize)
- return encryptData, nil
- }
- func AesCBCDecryptNoIV(encryptData, key []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- panic(err)
- }
- blockSize := block.BlockSize()
- iv := encryptData[0:blockSize]
- encryptData = encryptData[blockSize:]
- if len(encryptData) < blockSize {
- panic("ciphertext too short")
- }
- // CBC mode always works in whole blocks.
- if len(encryptData)%blockSize != 0 {
- panic("ciphertext is not a multiple of the block size")
- }
- mode := cipher.NewCBCDecrypter(block, iv)
- // CryptBlocks can work in-place if the two arguments are the same.
- mode.CryptBlocks(encryptData, encryptData)
- //解填充
- encryptData = PKCS7Padding(encryptData, blockSize)
- return encryptData, nil
- }
- func AesCBCDecryptPKCS5Padding(encryptData, key, iv []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- panic(err)
- }
- blockSize := block.BlockSize()
- if len(encryptData) < blockSize {
- panic("ciphertext too short")
- }
- // CBC mode always works in whole blocks.
- if len(encryptData)%blockSize != 0 {
- panic("ciphertext is not a multiple of the block size")
- }
- mode := cipher.NewCBCDecrypter(block, iv)
- // CryptBlocks can work in-place if the two arguments are the same.
- mode.CryptBlocks(encryptData, encryptData)
- //解填充
- encryptData = PKCS5UnPadding(encryptData)
- return encryptData, nil
- }
- func PKCS5Padding(ciphertext []byte, blockSize int) []byte {
- padding := blockSize - len(ciphertext)%blockSize
- padtext := bytes.Repeat([]byte{byte(padding)}, padding)
- return append(ciphertext, padtext...)
- }
- func PKCS5UnPadding(origData []byte) []byte {
- length := len(origData)
- // 去掉最后一个字节 unpadding 次
- unpadding := int(origData[length-1])
- return origData[:(length - unpadding)]
- }
|