xt/ag_toolsbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(encryption): 实现原始密钥的AES-CBC-256加解密,添加解密单元测试

Browse Source
This commit is contained in:
徐涛
2026-01-27 10:05:53 +08:00
parent be1009ef58
commit 6d21740c90
2 changed files with 67 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
encryption/spiral/spiral.go
View File

@@ -2,13 +2,14 @@
package spiral package spiral
import ( import (
"crypto/aes" stdaes "crypto/aes"
"crypto/cipher" "crypto/cipher"
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
"archgrid.xyz/ag/toolsbox/encryption" "archgrid.xyz/ag/toolsbox/encryption"
"archgrid.xyz/ag/toolsbox/encryption/aes"
"archgrid.xyz/ag/toolsbox/hash/sha512" "archgrid.xyz/ag/toolsbox/hash/sha512"
verifyCode "archgrid.xyz/ag/toolsbox/random/verify_code" verifyCode "archgrid.xyz/ag/toolsbox/random/verify_code"
"archgrid.xyz/ag/toolsbox/serialize/base64" "archgrid.xyz/ag/toolsbox/serialize/base64"
@@ -22,34 +23,59 @@ const (
) )
// 根据给定的密钥字符串生成加解密使用的密钥。 // 根据给定的密钥字符串生成加解密使用的密钥。
// 与Rust版本兼容使用SHA512 hex字符串的字节表示。
func generateKey(key string) []byte { func generateKey(key string) []byte {
hexStr := sha512.Sha512Hex([]byte(key)) keyBytes := sha512.Sha512([]byte(key))
// 取hex字符串的第4-36字节对应Rust版本 return keyBytes[4:36]
return []byte(hexStr[4:36]) }
// 使用原始密钥进行AES-CBC-256加密不经过二次SHA256处理
func encryptWithRawKey(data []byte, key []byte, ivGenerator aes.IVGenerator) ([]byte, error) {
block, err := stdaes.NewCipher(key)
if err != nil {
return nil, fmt.Errorf("创建加密单元失败,%w", err)
}
var key32 [32]byte
copy(key32[:], key)
iv := ivGenerator(key32)
plainText := encryption.Padding(data, block.BlockSize(), encryption.PKCS7Padding)
cipherText := make([]byte, len(plainText))
mode := cipher.NewCBCEncrypter(block, iv[:])
mode.CryptBlocks(cipherText, plainText)
return cipherText, nil
}
// 使用原始密钥进行AES-CBC-256解密不经过二次SHA256处理
func decryptWithRawKey(data []byte, key []byte, ivGenerator aes.IVGenerator) ([]byte, error) {
block, err := stdaes.NewCipher(key)
if err != nil {
return nil, fmt.Errorf("创建加密单元失败,%w", err)
}
var key32 [32]byte
copy(key32[:], key)
iv := ivGenerator(key32)
plainText := make([]byte, len(data))
mode := cipher.NewCBCDecrypter(block, iv[:])
mode.CryptBlocks(plainText, data)
return encryption.Unpadding(plainText, encryption.PKCS7Padding), nil
} }
// 对给定的数据进行加密。 // 对给定的数据进行加密。
func Encrypt(data string, strength ...Strength) (string, error) { func Encrypt(data string, strength ...Strength) (string, error) {
// 为了与Rust版本兼容固定使用PrefixIVGenerator
ivGen := aes.PrefixIVGenerator
key := verifyCode.RandStr(20) key := verifyCode.RandStr(20)
keyBytes := generateKey(key) keyBytes := generateKey(key)
// 直接使用keyBytes不经过aes包的二次SHA256处理
// 直接使用crypto/aes避免二次SHA256哈希 cipherData, err := encryptWithRawKey([]byte(data), keyBytes, ivGen)
block, err := aes.NewCipher(keyBytes)
if err != nil { if err != nil {
return "", fmt.Errorf("创建加密单元失败,%w", err) return "", fmt.Errorf("加密计算失败,%w", err)
} }
// 使用key的前16字节作为IV与Rust版本PrefixIVGenerator对应
iv := keyBytes[:16]
// PKCS7 padding
plainText := encryption.Padding([]byte(data), block.BlockSize(), encryption.PKCS7Padding)
cipherData := make([]byte, len(plainText))
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(cipherData, plainText)
var result strings.Builder var result strings.Builder
result.WriteString("[") result.WriteString("[")
result.WriteString(key) result.WriteString(key)
@@ -59,32 +85,21 @@ func Encrypt(data string, strength ...Strength) (string, error) {
// 对给定的数据进行解密。 // 对给定的数据进行解密。
func Decrypt(data string, strength ...Strength) (string, error) { func Decrypt(data string, strength ...Strength) (string, error) {
// 为了与Rust版本兼容固定使用PrefixIVGenerator
ivGen := aes.PrefixIVGenerator
if message, found := strings.CutPrefix(data, "["); found { if message, found := strings.CutPrefix(data, "["); found {
if len(message) > 20 { if len(message) > 20 {
keySeed := message[:20] keySeed := message[:20]
keyBytes := generateKey(keySeed) key := generateKey(keySeed)
cipherData, err := base64.FromBase64(message[20:]) cipherData, err := base64.FromBase64(message[20:])
if err != nil { if err != nil {
return "", fmt.Errorf("密文损坏无法解析,%w", err) return "", fmt.Errorf("密文损坏无法解析,%w", err)
} }
// 直接使用key不经过aes包的二次SHA256处理
// 直接使用crypto/aes避免二次SHA256哈希 plainText, err := decryptWithRawKey(cipherData, key, ivGen)
block, err := aes.NewCipher(keyBytes)
if err != nil { if err != nil {
return "", fmt.Errorf("创建加密单元失败,%w", err) return "", fmt.Errorf("密文解密计算失败,%w", err)
} }
// 使用key的前16字节作为IV与Rust版本对应
iv := keyBytes[:16]
plainText := make([]byte, len(cipherData))
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(plainText, cipherData)
// PKCS7 unpadding
plainText = encryption.Unpadding(plainText, encryption.PKCS7Padding)
return string(plainText), nil return string(plainText), nil
} }
return "", errors.New("密文缺损,无法完成解密。") return "", errors.New("密文缺损,无法完成解密。")

15
encryption/spiral/spiral_test.go Normal file
View File

@@ -0,0 +1,15 @@
package spiral
import "testing"
func TestDecode(t *testing.T) {
var origin = "[q3XvNHL7oTfVpHmZ2bOAnyVY/Q1Bm2dqsI8hfVA74R9CQb4vyksTD+Y9l4TT62o="
decoded, err := Decrypt(origin)
if err != nil {
t.Fatalf("Decode failed: %v", err)
}
expected := "TmFRS0w6BIrAPA1Raj"
if decoded != expected {
t.Fatalf("Decoded value mismatch. Got: %s, Expected: %s", decoded, expected)
}
}