From b9fe8c9ef23e3a437884380d13d687fd7a0cd3ac Mon Sep 17 00:00:00 2001 From: Stanly Date: Tue, 2 Nov 2021 23:28:26 +0800 Subject: [PATCH] Update crypto 1. Add Md5 encrypt 2. Add NewKeyRSA 3. Update aes with key, iv --- crypto/aes.go | 47 +++++++++++++++++++++++++++++ crypto/crypto.go | 87 ++++++------------------------------------------------ crypto/password.go | 20 +++++++++++++ crypto/rsa.go | 70 +++++++++++++++++++++++++++++++++++++++++++ go.mod | 1 - go.sum | 3 -- 6 files changed, 146 insertions(+), 82 deletions(-) create mode 100644 crypto/aes.go create mode 100644 crypto/password.go create mode 100644 crypto/rsa.go diff --git a/crypto/aes.go b/crypto/aes.go new file mode 100644 index 0000000..9c29830 --- /dev/null +++ b/crypto/aes.go @@ -0,0 +1,47 @@ +package crypto + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" +) + +func paddingPKCS7(ciphertext []byte, blockSize int) []byte { + padding := blockSize - len(ciphertext)%blockSize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(ciphertext, padtext...) +} + +func unpaddingPKCS7(origData []byte) []byte { + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +} + +//EncryptAES 加密函式 +func EncryptAES(plaintext, key, iv []byte) ([]byte, error) { + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + blockSize := block.BlockSize() + plaintext = paddingPKCS7(plaintext, blockSize) + blockMode := cipher.NewCBCEncrypter(block, iv) + crypted := make([]byte, len(plaintext)) + blockMode.CryptBlocks(crypted, plaintext) + return crypted, nil +} + +// DecryptAES 解密函式 +func DecryptAES(ciphertext, key, iv []byte) ([]byte, error) { + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + blockSize := block.BlockSize() + blockMode := cipher.NewCBCDecrypter(block, iv[:blockSize]) + origData := make([]byte, len(ciphertext)) + blockMode.CryptBlocks(origData, ciphertext) + origData = unpaddingPKCS7(origData) + return origData, nil +} diff --git a/crypto/crypto.go b/crypto/crypto.go index bf2f7cf..1d7a569 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -1,19 +1,20 @@ package crypto import ( - "crypto/rand" - "crypto/rsa" + "crypto/md5" "crypto/sha1" "crypto/sha256" - "crypto/x509" - "encoding/pem" - "errors" "fmt" - - "github.com/Luzifer/go-openssl/v3" - "golang.org/x/crypto/bcrypt" ) +// MD5 回傳md5加密 +func MD5(v string) string { + h := md5.New() + h.Write([]byte(v)) + bs := h.Sum(nil) + return fmt.Sprintf("%x", bs) +} + // SHA1 回傳sha1加密 func SHA1(v string) string { h := sha1.New() @@ -29,73 +30,3 @@ func SHA256(v string) string { bs := h.Sum(nil) return fmt.Sprintf("%x", bs) } - -// EncryptPassword 加密密碼 -func EncryptPassword(pwd string) (string, error) { - hash, err := bcrypt.GenerateFromPassword([]byte(pwd), bcrypt.DefaultCost) - if err != nil { - return "", err - } - - return string(hash), nil -} - -// CheckPassword 檢查密碼 -func CheckPassword(pwd, hash string) error { - return bcrypt.CompareHashAndPassword([]byte(hash), []byte(pwd)) -} - -// EncryptAES aes加密 -func EncryptAES(value, key string) ([]byte, error) { - o := openssl.New() - - enc, err := o.EncryptBytes(key, []byte(value), openssl.DigestMD5Sum) - if err != nil { - return nil, err - } - - return enc, nil -} - -// DecryptAES aes解密 -func DecryptAES(value, key string) ([]byte, error) { - o := openssl.New() - - dec, err := o.DecryptBytes(key, []byte(value), openssl.DigestMD5Sum) - if err != nil { - return nil, err - } - - return dec, nil -} - -// EncryptRSA rsa加密 -func EncryptRSA(value, publicKey []byte) ([]byte, error) { - block, _ := pem.Decode(publicKey) - if block == nil { - return nil, errors.New("public key error") - } - - pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - return nil, err - } - - pub := pubInterface.(*rsa.PublicKey) - return rsa.EncryptPKCS1v15(rand.Reader, pub, value) -} - -// DecryptRSA rsa解密 -func DecryptRSA(ciphertext, privateKey []byte) ([]byte, error) { - block, _ := pem.Decode(privateKey) - if block == nil { - return nil, errors.New("private key error") - } - - priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - return nil, err - } - - return rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext) -} diff --git a/crypto/password.go b/crypto/password.go new file mode 100644 index 0000000..1ab8d4b --- /dev/null +++ b/crypto/password.go @@ -0,0 +1,20 @@ +package crypto + +import ( + "golang.org/x/crypto/bcrypt" +) + +// EncryptPassword 加密密碼 +func EncryptPassword(pwd string) (string, error) { + hash, err := bcrypt.GenerateFromPassword([]byte(pwd), bcrypt.DefaultCost) + if err != nil { + return "", err + } + + return string(hash), nil +} + +// CheckPassword 檢查密碼 +func CheckPassword(pwd, hash string) error { + return bcrypt.CompareHashAndPassword([]byte(hash), []byte(pwd)) +} diff --git a/crypto/rsa.go b/crypto/rsa.go new file mode 100644 index 0000000..1266c30 --- /dev/null +++ b/crypto/rsa.go @@ -0,0 +1,70 @@ +package crypto + +import ( + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "errors" +) + +func NewKeyRSA(bitSize int) (pubPEM []byte, keyPEM []byte, err error) { + // Generate RSA key. + key, err := rsa.GenerateKey(rand.Reader, bitSize) + if err != nil { + return nil, nil, err + } + + // Extract public component. + pubBytes, err := x509.MarshalPKIXPublicKey(key.Public()) + if err != nil { + return nil, nil, err + } + pubPEM = pem.EncodeToMemory( + &pem.Block{ + Type: "RSA PUBLIC KEY", + Bytes: pubBytes, + }, + ) + + // Encode private key to PKCS#1 ASN.1 PEM. + keyPEM = pem.EncodeToMemory( + &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(key), + }, + ) + + return pubPEM, keyPEM, nil +} + +// EncryptRSA rsa加密 +func EncryptRSA(value, publicKey []byte) ([]byte, error) { + block, _ := pem.Decode(publicKey) + if block == nil { + return nil, errors.New("public key error") + } + + pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return nil, err + } + + pub := pubInterface.(*rsa.PublicKey) + return rsa.EncryptPKCS1v15(rand.Reader, pub, value) +} + +// DecryptRSA rsa解密 +func DecryptRSA(ciphertext, privateKey []byte) ([]byte, error) { + block, _ := pem.Decode(privateKey) + if block == nil { + return nil, errors.New("private key error") + } + + priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, err + } + + return rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext) +} diff --git a/go.mod b/go.mod index 7e79c24..f3dfc4b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,6 @@ module git.simts.cc/common/lib go 1.14 require ( - github.com/Luzifer/go-openssl/v3 v3.1.0 github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/mojocn/base64Captcha v1.3.1 go.uber.org/zap v1.15.0 diff --git a/go.sum b/go.sum index eadcfbb..78cbaf1 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,5 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/Luzifer/go-openssl/v3 v3.1.0 h1:QqKqo6kYXGGUsvtUoCpRZm8lHw+jDfhbzr36gVj+/gw= -github.com/Luzifer/go-openssl/v3 v3.1.0/go.mod h1:liy3FXuuS8hfDlYh1T+l78AwQ/NjZflJz0NDvjKhwDs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -36,7 +34,6 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529 h1:iMGN4xG0cnqj3t+zOM8wUB0BiPKHEwSxEZCvzcbZuvk= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=