98 lines
2.1 KiB
Go
98 lines
2.1 KiB
Go
|
package utils
|
|||
|
|
|||
|
import (
|
|||
|
"crypto/aes"
|
|||
|
"crypto/cipher"
|
|||
|
"crypto/rand"
|
|||
|
"crypto/sha256"
|
|||
|
"encoding/base64"
|
|||
|
"fmt"
|
|||
|
"io"
|
|||
|
|
|||
|
"github.com/pkg/errors"
|
|||
|
)
|
|||
|
|
|||
|
// 使用aes gcm加密信息
|
|||
|
func GcmEncrypt(plaintext []byte, key []byte) (ciphertext []byte, err error) {
|
|||
|
block, err := aes.NewCipher(key[:])
|
|||
|
if err != nil {
|
|||
|
return nil, err
|
|||
|
}
|
|||
|
|
|||
|
gcm, err := cipher.NewGCM(block)
|
|||
|
if err != nil {
|
|||
|
return nil, err
|
|||
|
}
|
|||
|
|
|||
|
nonce := make([]byte, gcm.NonceSize())
|
|||
|
_, err = io.ReadFull(rand.Reader, nonce)
|
|||
|
if err != nil {
|
|||
|
return nil, err
|
|||
|
}
|
|||
|
|
|||
|
return gcm.Seal(nonce, nonce, plaintext, nil), nil
|
|||
|
}
|
|||
|
|
|||
|
// 使用aes gcm解密信息
|
|||
|
func GcmDecrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
|
|||
|
block, err := aes.NewCipher(key[:])
|
|||
|
if err != nil {
|
|||
|
return nil, err
|
|||
|
}
|
|||
|
|
|||
|
gcm, err := cipher.NewGCM(block)
|
|||
|
if err != nil {
|
|||
|
return nil, err
|
|||
|
}
|
|||
|
|
|||
|
if len(ciphertext) < gcm.NonceSize() {
|
|||
|
return nil, errors.New("malformed ciphertext")
|
|||
|
}
|
|||
|
|
|||
|
return gcm.Open(nil,
|
|||
|
ciphertext[:gcm.NonceSize()],
|
|||
|
ciphertext[gcm.NonceSize():],
|
|||
|
nil,
|
|||
|
)
|
|||
|
}
|
|||
|
|
|||
|
// 对字符串进行sha256加密,取前16个字符
|
|||
|
func encryptKey(s string) []byte {
|
|||
|
h := sha256.New()
|
|||
|
h.Write([]byte(s))
|
|||
|
bs := fmt.Sprintf("%x", h.Sum(nil))
|
|||
|
return []byte(bs)[:16]
|
|||
|
}
|
|||
|
|
|||
|
func Encrypt(src []byte, mac string) (crypted []byte, err error) {
|
|||
|
return GcmEncrypt(src, encryptKey(mac))
|
|||
|
}
|
|||
|
|
|||
|
func Decrypt(crypted []byte, mac string) (origData []byte, err error) {
|
|||
|
return GcmDecrypt(crypted, encryptKey(mac))
|
|||
|
}
|
|||
|
|
|||
|
// EncryptAuthPassword 账号密码加密
|
|||
|
func EncryptAuthPassword(rawPassword string, saltKey string) (string, error) {
|
|||
|
bytes := []byte(rawPassword)
|
|||
|
encryptPassword, err := Encrypt(bytes, saltKey)
|
|||
|
if err != nil {
|
|||
|
return "", err
|
|||
|
}
|
|||
|
afterPassword := base64.StdEncoding.EncodeToString(encryptPassword)
|
|||
|
return afterPassword, nil
|
|||
|
}
|
|||
|
|
|||
|
// DecryptAuthPassword 账号密码解密
|
|||
|
func DecryptAuthPassword(encryptPassword string, saltKey string) (string, error) {
|
|||
|
bytesPassword, err := base64.StdEncoding.DecodeString(encryptPassword)
|
|||
|
if err != nil {
|
|||
|
return "", err
|
|||
|
}
|
|||
|
bytesPassword, err = Decrypt(bytesPassword, saltKey)
|
|||
|
if err != nil {
|
|||
|
return "", err
|
|||
|
}
|
|||
|
return string(bytesPassword), nil
|
|||
|
}
|