xt/ag_toolsbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(encryption): 优化 Spiral 加解密算法,移除不必要的 IV 生成逻辑

Browse Source
This commit is contained in:
徐涛
2026-01-27 09:31:19 +08:00
parent b57b3afb2c
commit be1009ef58
1 changed files with 38 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
encryption/spiral/spiral.go
View File

@@ -2,12 +2,13 @@
package spiral package spiral
import ( import (
"crypto/aes"
"crypto/cipher"
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
"archgrid.xyz/ag/toolsbox/encryption" "archgrid.xyz/ag/toolsbox/encryption"
"archgrid.xyz/ag/toolsbox/encryption/aes"
"archgrid.xyz/ag/toolsbox/hash/sha512" "archgrid.xyz/ag/toolsbox/hash/sha512"
verifyCode "archgrid.xyz/ag/toolsbox/random/verify_code" verifyCode "archgrid.xyz/ag/toolsbox/random/verify_code"
"archgrid.xyz/ag/toolsbox/serialize/base64" "archgrid.xyz/ag/toolsbox/serialize/base64"
@@ -21,25 +22,34 @@ const (
) )
// 根据给定的密钥字符串生成加解密使用的密钥。 // 根据给定的密钥字符串生成加解密使用的密钥。
// 与Rust版本兼容使用SHA512 hex字符串的字节表示。
func generateKey(key string) []byte { func generateKey(key string) []byte {
keyBytes := sha512.Sha512([]byte(key)) hexStr := sha512.Sha512Hex([]byte(key))
return keyBytes[4:36] // 取hex字符串的第4-36字节对应Rust版本
return []byte(hexStr[4:36])
} }
// 对给定的数据进行加密。 // 对给定的数据进行加密。
func Encrypt(data string, strength ...Strength) (string, error) { func Encrypt(data string, strength ...Strength) (string, error) {
var ivGen aes.IVGenerator
if append(strength, Enhanced)[0] == Compatible {
ivGen = aes.PrefixIVGenerator
} else {
ivGen = aes.XorIVGenerator
}
key := verifyCode.RandStr(20) key := verifyCode.RandStr(20)
keyBytes := generateKey(key) keyBytes := generateKey(key)
cipherData, err := aes.Encrypt([]byte(data), keyBytes, encryption.PKCS7Padding, ivGen)
// 直接使用crypto/aes避免二次SHA256哈希
block, err := aes.NewCipher(keyBytes)
if err != nil { if err != nil {
return "", fmt.Errorf("加密计算失败,%w", err) return "", fmt.Errorf("创建加密单元失败,%w", err)
} }
// 使用key的前16字节作为IV与Rust版本PrefixIVGenerator对应
iv := keyBytes[:16]
// PKCS7 padding
plainText := encryption.Padding([]byte(data), block.BlockSize(), encryption.PKCS7Padding)
cipherData := make([]byte, len(plainText))
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(cipherData, plainText)
var result strings.Builder var result strings.Builder
result.WriteString("[") result.WriteString("[")
result.WriteString(key) result.WriteString(key)
@@ -49,24 +59,32 @@ func Encrypt(data string, strength ...Strength) (string, error) {
// 对给定的数据进行解密。 // 对给定的数据进行解密。
func Decrypt(data string, strength ...Strength) (string, error) { func Decrypt(data string, strength ...Strength) (string, error) {
var ivGen aes.IVGenerator
if append(strength, Enhanced)[0] == Compatible {
ivGen = aes.PrefixIVGenerator
} else {
ivGen = aes.XorIVGenerator
}
if message, found := strings.CutPrefix(data, "["); found { if message, found := strings.CutPrefix(data, "["); found {
if len(message) > 20 { if len(message) > 20 {
keySeed := message[:20] keySeed := message[:20]
key := generateKey(keySeed) keyBytes := generateKey(keySeed)
cipherData, err := base64.FromBase64(message[20:]) cipherData, err := base64.FromBase64(message[20:])
if err != nil { if err != nil {
return "", fmt.Errorf("密文损坏无法解析,%w", err) return "", fmt.Errorf("密文损坏无法解析,%w", err)
} }
plainText, err := aes.Decrypt(cipherData, key, encryption.PKCS7Padding, ivGen)
// 直接使用crypto/aes避免二次SHA256哈希
block, err := aes.NewCipher(keyBytes)
if err != nil { if err != nil {
return "", fmt.Errorf("密文解密计算失败,%w", err) return "", fmt.Errorf("创建加密单元失败,%w", err)
} }
// 使用key的前16字节作为IV与Rust版本对应
iv := keyBytes[:16]
plainText := make([]byte, len(cipherData))
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(plainText, cipherData)
// PKCS7 unpadding
plainText = encryption.Unpadding(plainText, encryption.PKCS7Padding)
return string(plainText), nil return string(plainText), nil
} }
return "", errors.New("密文缺损,无法完成解密。") return "", errors.New("密文缺损,无法完成解密。")