adm-ads/common.in/utils/crypto.go

package utils

import (
	"bytes"
	"crypto"
	//"crypto/aes"
	"crypto/cipher"
	"crypto/des"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"errors"
	//"io"
	"strings"
	//"fmt"
)

//des加密
func DesEncrypt(key, iv, plainText []byte) ([]byte, error) {
	block, err := des.NewCipher(key)
	if err != nil {
		return nil, err
	}

	blockSize := block.BlockSize()
	origData := pkcs5Padding(plainText, blockSize)
	blockMode := cipher.NewCBCEncrypter(block, iv)
	cryted := make([]byte, len(origData))
	blockMode.CryptBlocks(cryted, origData)
	return cryted, nil
}

//des解密
func DesDecrypt(key, iv, cipherText []byte) ([]byte, error) {
	block, err := des.NewCipher(key)
	if err != nil {
		return nil, err
	}

	blockMode := cipher.NewCBCDecrypter(block, iv)
	origData := make([]byte, len(cipherText))
	blockMode.CryptBlocks(origData, cipherText)
	origData = pkcs5UnPadding(origData)
	return origData, nil
}

//func AesEncrypt(key []byte, plaintext string) (string, error) {
//	block, err := aes.NewCipher(key)
//	if err != nil {
//		return "", err
//	}
//	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
//	iv := ciphertext[:aes.BlockSize]
//	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
//		return "", err
//	}
//	cipher.NewCFBEncrypter(block, iv).XORKeyStream(ciphertext[aes.BlockSize:],
//		[]byte(plaintext))
//
//	return base64.StdEncoding.EncodeToString(ciphertext), nil
//}
//
//func AesDecrypt(key []byte, cipherText string) (string, error) {
//	// ciphertext, err := hex.DecodeString(cipherText)
//	ciphertext, err := base64.StdEncoding.DecodeString(cipherText)
//	if err != nil {
//		return "", err
//	}
//	block, err := aes.NewCipher(key)
//	if err != nil {
//		return "", err
//	}
//	if len(ciphertext) < aes.BlockSize {
//		return "", errors.New("ciphertext too short")
//	}
//	iv := ciphertext[:aes.BlockSize]
//	ciphertext = ciphertext[aes.BlockSize:]
//	cipher.NewCFBDecrypter(block, iv).XORKeyStream(ciphertext, ciphertext)
//	return string(ciphertext), nil
//}
//
//func AesEncrypt1(origData, key []byte) ([]byte, error) {
//	block, err := aes.NewCipher(key)
//	if err != nil {
//		return nil, err
//	}
//	blockSize := block.BlockSize()
//	origData = pkcs5Padding(origData, blockSize)
//	// origData = ZeroPadding(origData, block.BlockSize())
//	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
//	crypted := make([]byte, len(origData))
//	// 根据CryptBlocks方法的说明，如下方式初始化crypted也可以
//	// crypted := origData
//	blockMode.CryptBlocks(crypted, origData)
//
//	return crypted, nil
//}
//
//func AesDecrypt1(crypted, key []byte) ([]byte, error) {
//	block, err := aes.NewCipher(key)
//	if err != nil {
//		return nil, err
//	}
//	blockSize := block.BlockSize()
//	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
//	origData := make([]byte, len(crypted))
//	// origData := crypted
//	blockMode.CryptBlocks(origData, crypted)
//	origData = pkcs5UnPadding(origData)
//	// origData = ZeroUnPadding(origData)
//	return origData, nil
//}
//
//func AesEncrypt2(origData, key []byte) ([]byte, error) {
//	txt := string(origData)
//	block, err := aes.NewCipher(key)
//	if err != nil {
//		return nil, err
//	}
//	encrypter := cipher.NewECBEncrypter(block)
//	blockSize := block.BlockSize()
//	origData = pkcs5Padding(origData, blockSize)
//
//	dest := make([]byte, (len(txt)/len(key)+1)*len(key))
//	encrypter.CryptBlocks(dest, origData)
//	return dest, nil
//}
//
//func AesDecrypt2(crypted, key []byte) ([]byte, error) {
//	block, err := aes.NewCipher(key)
//	if err != nil {
//		return nil, err
//	}
//
//	blockMode := cipher.NewECBDecrypter(block)
//	origData := make([]byte, len(crypted))
//	// origData := crypted
//	blockMode.CryptBlocks(origData, crypted)
//	origData = pkcs5UnPadding(origData)
//	// origData = ZeroUnPadding(origData)
//	return origData, nil
//}

func RSASign(data string, privKey string) (string, error) {
	pemBlock, _ := pem.Decode([]byte(privKey))

	if pemBlock == nil {
		return "", errors.New("PARSE PRIVATE KEY FAILED")
	}

	if pemBlock.Type != "RSA PRIVATE KEY" {
		return "", errors.New("RSA PRIVATE KEY")
	}

	key, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes)

	if err != nil {
		return "", err
	}

	h := sha1.New()
	h.Write([]byte(data))

	signature, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA1, h.Sum(nil))
	if err != nil {
		return "", err
	}

	return string(Base64Encode(signature)), nil
}

func SignPKCS1v15(src, key []byte, hash crypto.Hash) ([]byte, error) {
	var h = hash.New()
	h.Write(src)
	var hashed = h.Sum(nil)

	var err error
	var block *pem.Block
	block, _ = pem.Decode(key)
	if block == nil {
		return nil, errors.New("private key error")
	}

	var pri *rsa.PrivateKey
	pri, err = x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	return rsa.SignPKCS1v15(rand.Reader, pri, hash, hashed)
}

func SignRSA2(keys []string, param map[string]string, privateKey []byte) (s string, err error) {
	var pList = make([]string, 0, 0)
	for _, key := range keys {
		var value = strings.TrimSpace(param[key])
		if len(value) > 0 {
			pList = append(pList, key+"="+value)
		}
	}

	var src = strings.Join(pList, "&")
	sig, err := SignPKCS1v15([]byte(src), privateKey, crypto.SHA256)
	if err != nil {
		return "", err
	}
	s = base64.StdEncoding.EncodeToString(sig)
	return s, nil
}

func VerifyPKCS1v15(src, sig, key []byte, hash crypto.Hash) error {
	var h = hash.New()
	h.Write(src)
	var hashed = h.Sum(nil)

	var err error
	var block *pem.Block
	block, _ = pem.Decode(key)
	if block == nil {
		return errors.New("public key error")
	}

	var pubInterface interface{}
	pubInterface, err = x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return err
	}
	var pub = pubInterface.(*rsa.PublicKey)

	return rsa.VerifyPKCS1v15(pub, hash, hashed, sig)
}

func pkcs5Padding(src []byte, blockSize int) []byte {
	padding := blockSize - len(src)%blockSize
	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
	return append(src, padtext...)
}

func pkcs5UnPadding(src []byte) []byte {
	length := len(src)
	unpadding := int(src[length-1])
	return src[:(length - unpadding)]
}