252 lines
5.5 KiB
Go
252 lines
5.5 KiB
Go
|
package securityUtil
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"crypto"
|
|||
|
|
"crypto/rand"
|
|||
|
|
"crypto/rsa"
|
|||
|
|
"crypto/sha1"
|
|||
|
|
"crypto/x509"
|
|||
|
|
"encoding/base64"
|
|||
|
|
"encoding/pem"
|
|||
|
|
"errors"
|
|||
|
|
"fmt"
|
|||
|
|
"strings"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
// RsaSha256验证签名
|
|||
|
|
// publicKey:公钥
|
|||
|
|
// source:原字符串
|
|||
|
|
// targetSign:用以验证的目标签名(会进行Base64解码)
|
|||
|
|
// 返回值:返回nil为成功
|
|||
|
|
func VerifyRsaWithSha256(publicKey, source, targetSign string) error {
|
|||
|
|
//未加标记的PEM密钥加上公钥标记
|
|||
|
|
if !strings.HasPrefix(publicKey, "-") {
|
|||
|
|
publicKey = fmt.Sprintf(`-----BEGIN PUBLIC KEY-----
|
|||
|
|
%s
|
|||
|
|
-----END PUBLIC KEY-----`, publicKey)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//base64解码目标签名
|
|||
|
|
signBuf, err := base64.StdEncoding.DecodeString(targetSign)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//解码公钥
|
|||
|
|
block, _ := pem.Decode([]byte(publicKey))
|
|||
|
|
if block == nil {
|
|||
|
|
return fmt.Errorf("RSA.VerifyRsaWithSha256,Block is nil,public key error!")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//转化为公钥对象
|
|||
|
|
pubObj, err := x509.ParsePKIXPublicKey(block.Bytes)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
pub := pubObj.(*rsa.PublicKey)
|
|||
|
|
|
|||
|
|
//验证签名
|
|||
|
|
err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, Sha256Bytes([]byte(source)), signBuf)
|
|||
|
|
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// RsaSha1验证签名
|
|||
|
|
// publicKey:公钥
|
|||
|
|
// source:原字符串
|
|||
|
|
// targetSign:用以验证的目标签名(会进行Base64解码)
|
|||
|
|
// 返回值:返回nil为成功
|
|||
|
|
func VerifyRsaWithSha1(publicKey, source, targetSign string) error {
|
|||
|
|
//未加标记的PEM密钥加上公钥标记
|
|||
|
|
if !strings.HasPrefix(publicKey, "-") {
|
|||
|
|
publicKey = fmt.Sprintf(`-----BEGIN PUBLIC KEY-----
|
|||
|
|
%s
|
|||
|
|
-----END PUBLIC KEY-----`, publicKey)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//base64解码目标签名
|
|||
|
|
signBuf, err := base64.StdEncoding.DecodeString(targetSign)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//解码公钥
|
|||
|
|
block, _ := pem.Decode([]byte(publicKey))
|
|||
|
|
if block == nil {
|
|||
|
|
return fmt.Errorf("RSA.VerifyRsaWithSha1,Block is nil,public key error!")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//转化为公钥对象
|
|||
|
|
pubObj, err := x509.ParsePKIXPublicKey(block.Bytes)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
pub := pubObj.(*rsa.PublicKey)
|
|||
|
|
|
|||
|
|
//验证签名
|
|||
|
|
err = rsa.VerifyPKCS1v15(pub, crypto.SHA1, Sha1StringToBytes(source), signBuf)
|
|||
|
|
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 对字符数组进行SHA1加密
|
|||
|
|
// b:输入字符数组
|
|||
|
|
// 返回值:sha1加密后的原数据
|
|||
|
|
func Sha1StringToBytes(b string) []byte {
|
|||
|
|
if len(b) == 0 {
|
|||
|
|
panic(errors.New("input []byte can't be empty"))
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
sha1Instance := sha1.New()
|
|||
|
|
sha1Instance.Write([]byte(b))
|
|||
|
|
result := sha1Instance.Sum(nil)
|
|||
|
|
|
|||
|
|
return result
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func packageData(originalData []byte, packageSize int) (r [][]byte) {
|
|||
|
|
var src = make([]byte, len(originalData))
|
|||
|
|
copy(src, originalData)
|
|||
|
|
|
|||
|
|
r = make([][]byte, 0)
|
|||
|
|
if len(src) <= packageSize {
|
|||
|
|
return append(r, src)
|
|||
|
|
}
|
|||
|
|
for len(src) > 0 {
|
|||
|
|
var p = src[:packageSize]
|
|||
|
|
r = append(r, p)
|
|||
|
|
src = src[packageSize:]
|
|||
|
|
if len(src) <= packageSize {
|
|||
|
|
r = append(r, src)
|
|||
|
|
break
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
return r
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// RSAEncrypt 数据加密
|
|||
|
|
// plaintext:待加密的数据
|
|||
|
|
// key:公钥
|
|||
|
|
// 返回值:
|
|||
|
|
// []byte:加密后的数据
|
|||
|
|
// error:错误信息
|
|||
|
|
func RSAEncrypt(plaintext, key []byte) ([]byte, error) {
|
|||
|
|
var err error
|
|||
|
|
var block *pem.Block
|
|||
|
|
block, _ = pem.Decode(key)
|
|||
|
|
if block == nil {
|
|||
|
|
return nil, errors.New("public key error")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
var pubInterface interface{}
|
|||
|
|
pubInterface, err = x509.ParsePKIXPublicKey(block.Bytes)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
var pub = pubInterface.(*rsa.PublicKey)
|
|||
|
|
|
|||
|
|
var data = packageData(plaintext, pub.N.BitLen()/8-11)
|
|||
|
|
var cipherData []byte = make([]byte, 0, 0)
|
|||
|
|
|
|||
|
|
for _, d := range data {
|
|||
|
|
var c, e = rsa.EncryptPKCS1v15(rand.Reader, pub, d)
|
|||
|
|
if e != nil {
|
|||
|
|
return nil, e
|
|||
|
|
}
|
|||
|
|
cipherData = append(cipherData, c...)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return cipherData, nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// RSADecrypt 数据解密
|
|||
|
|
// plaintext:待解密的数据
|
|||
|
|
// key:私钥
|
|||
|
|
// 返回值:
|
|||
|
|
// []byte:解密后的数据
|
|||
|
|
// error:错误信息
|
|||
|
|
func RSADecrypt(ciphertext, key []byte) ([]byte, error) {
|
|||
|
|
var err error
|
|||
|
|
var block *pem.Block
|
|||
|
|
block, _ = pem.Decode(key)
|
|||
|
|
if block == nil {
|
|||
|
|
return nil, errors.New("private key error")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
var pri *rsa.PrivateKey
|
|||
|
|
pri, err = x509.ParsePKCS1PrivateKey(block.Bytes)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
var data = packageData(ciphertext, pri.PublicKey.N.BitLen()/8)
|
|||
|
|
var plainData []byte = make([]byte, 0, 0)
|
|||
|
|
|
|||
|
|
for _, d := range data {
|
|||
|
|
var p, e = rsa.DecryptPKCS1v15(rand.Reader, pri, d)
|
|||
|
|
if e != nil {
|
|||
|
|
return nil, e
|
|||
|
|
}
|
|||
|
|
plainData = append(plainData, p...)
|
|||
|
|
}
|
|||
|
|
return plainData, nil
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 基于RSA PKCS1V15进行签名
|
|||
|
|
// src:待签名的原始字符串
|
|||
|
|
// key:签名用的私钥
|
|||
|
|
// hash:签名配置
|
|||
|
|
// 返回值:
|
|||
|
|
// []byte:得到的签名字节流
|
|||
|
|
// error:错误信息
|
|||
|
|
func SignPKCS1v15(src, key []byte, hash crypto.Hash) ([]byte, error) {
|
|||
|
|
var h = hash.New()
|
|||
|
|
h.Write(src)
|
|||
|
|
var hashed = h.Sum(nil)
|
|||
|
|
|
|||
|
|
var err error
|
|||
|
|
var block *pem.Block
|
|||
|
|
block, _ = pem.Decode(key)
|
|||
|
|
if block == nil {
|
|||
|
|
return nil, errors.New("private key error")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
var pri *rsa.PrivateKey
|
|||
|
|
pri, err = x509.ParsePKCS1PrivateKey(block.Bytes)
|
|||
|
|
if err != nil {
|
|||
|
|
return nil, err
|
|||
|
|
}
|
|||
|
|
return rsa.SignPKCS1v15(rand.Reader, pri, hash, hashed)
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 验证RSA PKCS1V15进行签名
|
|||
|
|
// src:待签名的原始字符串
|
|||
|
|
// sig:签名字节流
|
|||
|
|
// key:签名用的私钥
|
|||
|
|
// hash:签名配置
|
|||
|
|
// 返回值:
|
|||
|
|
// error:错误信息
|
|||
|
|
func VerifyPKCS1v15(src, sig, key []byte, hash crypto.Hash) error {
|
|||
|
|
var h = hash.New()
|
|||
|
|
h.Write(src)
|
|||
|
|
var hashed = h.Sum(nil)
|
|||
|
|
|
|||
|
|
var err error
|
|||
|
|
var block *pem.Block
|
|||
|
|
block, _ = pem.Decode(key)
|
|||
|
|
if block == nil {
|
|||
|
|
return errors.New("public key error")
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
var pubInterface interface{}
|
|||
|
|
pubInterface, err = x509.ParsePKIXPublicKey(block.Bytes)
|
|||
|
|
if err != nil {
|
|||
|
|
return err
|
|||
|
|
}
|
|||
|
|
var pub = pubInterface.(*rsa.PublicKey)
|
|||
|
|
|
|||
|
|
return rsa.VerifyPKCS1v15(pub, hash, hashed, sig)
|
|||
|
|
}
|