feat(encryption): 实现原始密钥的AES-CBC-256加解密，添加解密单元测试

将 blake2b.New256 替换为 blake2b.New 并传入正确的字节长度参数 28，
以确保生成 224 位的哈希值。同时清理了文件末尾多余的空行。

encryption/spiral/spiral.go

@@ -2,6 +2,8 @@
 package spiral
 
 import (
+	stdaes "crypto/aes"
+	"crypto/cipher"
 	"errors"
 	"fmt"
 	"strings"
@@ -26,17 +28,51 @@ func generateKey(key string) []byte {
 	return keyBytes[4:36]
 }
 
+// 使用原始密钥进行AES-CBC-256加密（不经过二次SHA256处理）
+func encryptWithRawKey(data []byte, key []byte, ivGenerator aes.IVGenerator) ([]byte, error) {
+	block, err := stdaes.NewCipher(key)
+	if err != nil {
+		return nil, fmt.Errorf("创建加密单元失败，%w", err)
+	}
+
+	var key32 [32]byte
+	copy(key32[:], key)
+	iv := ivGenerator(key32)
+
+	plainText := encryption.Padding(data, block.BlockSize(), encryption.PKCS7Padding)
+	cipherText := make([]byte, len(plainText))
+	mode := cipher.NewCBCEncrypter(block, iv[:])
+	mode.CryptBlocks(cipherText, plainText)
+
+	return cipherText, nil
+}
+
+// 使用原始密钥进行AES-CBC-256解密（不经过二次SHA256处理）
+func decryptWithRawKey(data []byte, key []byte, ivGenerator aes.IVGenerator) ([]byte, error) {
+	block, err := stdaes.NewCipher(key)
+	if err != nil {
+		return nil, fmt.Errorf("创建加密单元失败，%w", err)
+	}
+
+	var key32 [32]byte
+	copy(key32[:], key)
+	iv := ivGenerator(key32)
+
+	plainText := make([]byte, len(data))
+	mode := cipher.NewCBCDecrypter(block, iv[:])
+	mode.CryptBlocks(plainText, data)
+
+	return encryption.Unpadding(plainText, encryption.PKCS7Padding), nil
+}
+
 // 对给定的数据进行加密。
 func Encrypt(data string, strength ...Strength) (string, error) {
-	var ivGen aes.IVGenerator
+	// 为了与Rust版本兼容，固定使用PrefixIVGenerator
-	if append(strength, Enhanced)[0] == Compatible {
+	ivGen := aes.PrefixIVGenerator
-		ivGen = aes.PrefixIVGenerator
-	} else {
-		ivGen = aes.XorIVGenerator
-	}
 	key := verifyCode.RandStr(20)
 	keyBytes := generateKey(key)
-	cipherData, err := aes.Encrypt([]byte(data), keyBytes, encryption.PKCS7Padding, ivGen)
+	// 直接使用keyBytes，不经过aes包的二次SHA256处理
+	cipherData, err := encryptWithRawKey([]byte(data), keyBytes, ivGen)
 	if err != nil {
 		return "", fmt.Errorf("加密计算失败，%w", err)
 	}
@@ -49,12 +85,8 @@ func Encrypt(data string, strength ...Strength) (string, error) {
 
 // 对给定的数据进行解密。
 func Decrypt(data string, strength ...Strength) (string, error) {
-	var ivGen aes.IVGenerator
+	// 为了与Rust版本兼容，固定使用PrefixIVGenerator
-	if append(strength, Enhanced)[0] == Compatible {
+	ivGen := aes.PrefixIVGenerator
-		ivGen = aes.PrefixIVGenerator
-	} else {
-		ivGen = aes.XorIVGenerator
-	}
 	if message, found := strings.CutPrefix(data, "["); found {
 		if len(message) > 20 {
 			keySeed := message[:20]
@@ -63,7 +95,8 @@ func Decrypt(data string, strength ...Strength) (string, error) {
 			if err != nil {
 				return "", fmt.Errorf("密文损坏无法解析，%w", err)
 			}
-			plainText, err := aes.Decrypt(cipherData, key, encryption.PKCS7Padding, ivGen)
+			// 直接使用key，不经过aes包的二次SHA256处理
+			plainText, err := decryptWithRawKey(cipherData, key, ivGen)
 			if err != nil {
 				return "", fmt.Errorf("密文解密计算失败，%w", err)
 			}

encryption/spiral/spiral_test.go

@@ -0,0 +1,15 @@
+package spiral
+
+import "testing"
+
+func TestDecode(t *testing.T) {
+	var origin = "[q3XvNHL7oTfVpHmZ2bOAnyVY/Q1Bm2dqsI8hfVA74R9CQb4vyksTD+Y9l4TT62o="
+	decoded, err := Decrypt(origin)
+	if err != nil {
+		t.Fatalf("Decode failed: %v", err)
+	}
+	expected := "TmFRS0w6BIrAPA1Raj"
+	if decoded != expected {
+		t.Fatalf("Decoded value mismatch. Got: %s, Expected: %s", decoded, expected)
+	}
+}

hash/blake2b/blake2b.go

@@ -15,7 +15,7 @@ import (
 func hasherSelect(bitSize int) hash.Hash {
 	switch bitSize {
 	case 224:
-		hasher, _ := blake2b.New256(nil)
+		hasher, _ := blake2b.New(28, nil)
 		return hasher
 	case 256:
 		hasher, _ := blake2b.New256(nil)
@@ -114,4 +114,4 @@ func SumFileHex(file string, bitSize ...int) (string, error) {
 		return "", err
 	}
 	return hex.EncodeToString(hash), nil
-}
+}