refactor(encryption): 优化 Spiral 加解密算法,移除不必要的 IV 生成逻辑
This commit is contained in:
徐涛
@@ -2,12 +2,13 @@
|
||||
package spiral
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"archgrid.xyz/ag/toolsbox/encryption"
|
||||
"archgrid.xyz/ag/toolsbox/encryption/aes"
|
||||
"archgrid.xyz/ag/toolsbox/hash/sha512"
|
||||
verifyCode "archgrid.xyz/ag/toolsbox/random/verify_code"
|
||||
"archgrid.xyz/ag/toolsbox/serialize/base64"
|
||||
@@ -21,25 +22,34 @@ const (
|
||||
)
|
||||
|
||||
// 根据给定的密钥字符串生成加解密使用的密钥。
|
||||
// 与Rust版本兼容:使用SHA512 hex字符串的字节表示。
|
||||
func generateKey(key string) []byte {
|
||||
keyBytes := sha512.Sha512([]byte(key))
|
||||
return keyBytes[4:36]
|
||||
hexStr := sha512.Sha512Hex([]byte(key))
|
||||
// 取hex字符串的第4-36字节(对应Rust版本)
|
||||
return []byte(hexStr[4:36])
|
||||
}
|
||||
|
||||
// 对给定的数据进行加密。
|
||||
func Encrypt(data string, strength ...Strength) (string, error) {
|
||||
var ivGen aes.IVGenerator
|
||||
if append(strength, Enhanced)[0] == Compatible {
|
||||
ivGen = aes.PrefixIVGenerator
|
||||
} else {
|
||||
ivGen = aes.XorIVGenerator
|
||||
}
|
||||
key := verifyCode.RandStr(20)
|
||||
keyBytes := generateKey(key)
|
||||
cipherData, err := aes.Encrypt([]byte(data), keyBytes, encryption.PKCS7Padding, ivGen)
|
||||
|
||||
// 直接使用crypto/aes,避免二次SHA256哈希
|
||||
block, err := aes.NewCipher(keyBytes)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("加密计算失败,%w", err)
|
||||
return "", fmt.Errorf("创建加密单元失败,%w", err)
|
||||
}
|
||||
|
||||
// 使用key的前16字节作为IV(与Rust版本PrefixIVGenerator对应)
|
||||
iv := keyBytes[:16]
|
||||
|
||||
// PKCS7 padding
|
||||
plainText := encryption.Padding([]byte(data), block.BlockSize(), encryption.PKCS7Padding)
|
||||
|
||||
cipherData := make([]byte, len(plainText))
|
||||
mode := cipher.NewCBCEncrypter(block, iv)
|
||||
mode.CryptBlocks(cipherData, plainText)
|
||||
|
||||
var result strings.Builder
|
||||
result.WriteString("[")
|
||||
result.WriteString(key)
|
||||
@@ -49,24 +59,32 @@ func Encrypt(data string, strength ...Strength) (string, error) {
|
||||
|
||||
// 对给定的数据进行解密。
|
||||
func Decrypt(data string, strength ...Strength) (string, error) {
|
||||
var ivGen aes.IVGenerator
|
||||
if append(strength, Enhanced)[0] == Compatible {
|
||||
ivGen = aes.PrefixIVGenerator
|
||||
} else {
|
||||
ivGen = aes.XorIVGenerator
|
||||
}
|
||||
if message, found := strings.CutPrefix(data, "["); found {
|
||||
if len(message) > 20 {
|
||||
keySeed := message[:20]
|
||||
key := generateKey(keySeed)
|
||||
keyBytes := generateKey(keySeed)
|
||||
|
||||
cipherData, err := base64.FromBase64(message[20:])
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("密文损坏无法解析,%w", err)
|
||||
}
|
||||
plainText, err := aes.Decrypt(cipherData, key, encryption.PKCS7Padding, ivGen)
|
||||
|
||||
// 直接使用crypto/aes,避免二次SHA256哈希
|
||||
block, err := aes.NewCipher(keyBytes)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("密文解密计算失败,%w", err)
|
||||
return "", fmt.Errorf("创建加密单元失败,%w", err)
|
||||
}
|
||||
|
||||
// 使用key的前16字节作为IV(与Rust版本对应)
|
||||
iv := keyBytes[:16]
|
||||
|
||||
plainText := make([]byte, len(cipherData))
|
||||
mode := cipher.NewCBCDecrypter(block, iv)
|
||||
mode.CryptBlocks(plainText, cipherData)
|
||||
|
||||
// PKCS7 unpadding
|
||||
plainText = encryption.Unpadding(plainText, encryption.PKCS7Padding)
|
||||
|
||||
return string(plainText), nil
|
||||
}
|
||||
return "", errors.New("密文缺损,无法完成解密。")
|
||||
|
||||
Reference in New Issue
Block a user