252 lines
5.5 KiB
Plaintext
252 lines
5.5 KiB
Plaintext
package securityUtil
|
||
|
||
import (
|
||
"crypto"
|
||
"crypto/rand"
|
||
"crypto/rsa"
|
||
"crypto/sha1"
|
||
"crypto/x509"
|
||
"encoding/base64"
|
||
"encoding/pem"
|
||
"errors"
|
||
"fmt"
|
||
"strings"
|
||
)
|
||
|
||
// RsaSha256验证签名
|
||
// publicKey:公钥
|
||
// source:原字符串
|
||
// targetSign:用以验证的目标签名(会进行Base64解码)
|
||
// 返回值:返回nil为成功
|
||
func VerifyRsaWithSha256(publicKey, source, targetSign string) error {
|
||
//未加标记的PEM密钥加上公钥标记
|
||
if !strings.HasPrefix(publicKey, "-") {
|
||
publicKey = fmt.Sprintf(`-----BEGIN PUBLIC KEY-----
|
||
%s
|
||
-----END PUBLIC KEY-----`, publicKey)
|
||
}
|
||
|
||
//base64解码目标签名
|
||
signBuf, err := base64.StdEncoding.DecodeString(targetSign)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
|
||
//解码公钥
|
||
block, _ := pem.Decode([]byte(publicKey))
|
||
if block == nil {
|
||
return fmt.Errorf("RSA.VerifyRsaWithSha256,Block is nil,public key error!")
|
||
}
|
||
|
||
//转化为公钥对象
|
||
pubObj, err := x509.ParsePKIXPublicKey(block.Bytes)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
|
||
pub := pubObj.(*rsa.PublicKey)
|
||
|
||
//验证签名
|
||
err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, Sha256Bytes([]byte(source)), signBuf)
|
||
|
||
return err
|
||
}
|
||
|
||
// RsaSha1验证签名
|
||
// publicKey:公钥
|
||
// source:原字符串
|
||
// targetSign:用以验证的目标签名(会进行Base64解码)
|
||
// 返回值:返回nil为成功
|
||
func VerifyRsaWithSha1(publicKey, source, targetSign string) error {
|
||
//未加标记的PEM密钥加上公钥标记
|
||
if !strings.HasPrefix(publicKey, "-") {
|
||
publicKey = fmt.Sprintf(`-----BEGIN PUBLIC KEY-----
|
||
%s
|
||
-----END PUBLIC KEY-----`, publicKey)
|
||
}
|
||
|
||
//base64解码目标签名
|
||
signBuf, err := base64.StdEncoding.DecodeString(targetSign)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
|
||
//解码公钥
|
||
block, _ := pem.Decode([]byte(publicKey))
|
||
if block == nil {
|
||
return fmt.Errorf("RSA.VerifyRsaWithSha1,Block is nil,public key error!")
|
||
}
|
||
|
||
//转化为公钥对象
|
||
pubObj, err := x509.ParsePKIXPublicKey(block.Bytes)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
|
||
pub := pubObj.(*rsa.PublicKey)
|
||
|
||
//验证签名
|
||
err = rsa.VerifyPKCS1v15(pub, crypto.SHA1, Sha1StringToBytes(source), signBuf)
|
||
|
||
return err
|
||
}
|
||
|
||
// 对字符数组进行SHA1加密
|
||
// b:输入字符数组
|
||
// 返回值:sha1加密后的原数据
|
||
func Sha1StringToBytes(b string) []byte {
|
||
if len(b) == 0 {
|
||
panic(errors.New("input []byte can't be empty"))
|
||
}
|
||
|
||
sha1Instance := sha1.New()
|
||
sha1Instance.Write([]byte(b))
|
||
result := sha1Instance.Sum(nil)
|
||
|
||
return result
|
||
}
|
||
|
||
func packageData(originalData []byte, packageSize int) (r [][]byte) {
|
||
var src = make([]byte, len(originalData))
|
||
copy(src, originalData)
|
||
|
||
r = make([][]byte, 0)
|
||
if len(src) <= packageSize {
|
||
return append(r, src)
|
||
}
|
||
for len(src) > 0 {
|
||
var p = src[:packageSize]
|
||
r = append(r, p)
|
||
src = src[packageSize:]
|
||
if len(src) <= packageSize {
|
||
r = append(r, src)
|
||
break
|
||
}
|
||
}
|
||
return r
|
||
}
|
||
|
||
// RSAEncrypt 数据加密
|
||
// plaintext:待加密的数据
|
||
// key:公钥
|
||
// 返回值:
|
||
// []byte:加密后的数据
|
||
// error:错误信息
|
||
func RSAEncrypt(plaintext, key []byte) ([]byte, error) {
|
||
var err error
|
||
var block *pem.Block
|
||
block, _ = pem.Decode(key)
|
||
if block == nil {
|
||
return nil, errors.New("public key error")
|
||
}
|
||
|
||
var pubInterface interface{}
|
||
pubInterface, err = x509.ParsePKIXPublicKey(block.Bytes)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
var pub = pubInterface.(*rsa.PublicKey)
|
||
|
||
var data = packageData(plaintext, pub.N.BitLen()/8-11)
|
||
var cipherData []byte = make([]byte, 0, 0)
|
||
|
||
for _, d := range data {
|
||
var c, e = rsa.EncryptPKCS1v15(rand.Reader, pub, d)
|
||
if e != nil {
|
||
return nil, e
|
||
}
|
||
cipherData = append(cipherData, c...)
|
||
}
|
||
|
||
return cipherData, nil
|
||
}
|
||
|
||
// RSADecrypt 数据解密
|
||
// plaintext:待解密的数据
|
||
// key:私钥
|
||
// 返回值:
|
||
// []byte:解密后的数据
|
||
// error:错误信息
|
||
func RSADecrypt(ciphertext, key []byte) ([]byte, error) {
|
||
var err error
|
||
var block *pem.Block
|
||
block, _ = pem.Decode(key)
|
||
if block == nil {
|
||
return nil, errors.New("private key error")
|
||
}
|
||
|
||
var pri *rsa.PrivateKey
|
||
pri, err = x509.ParsePKCS1PrivateKey(block.Bytes)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
var data = packageData(ciphertext, pri.PublicKey.N.BitLen()/8)
|
||
var plainData []byte = make([]byte, 0, 0)
|
||
|
||
for _, d := range data {
|
||
var p, e = rsa.DecryptPKCS1v15(rand.Reader, pri, d)
|
||
if e != nil {
|
||
return nil, e
|
||
}
|
||
plainData = append(plainData, p...)
|
||
}
|
||
return plainData, nil
|
||
}
|
||
|
||
// 基于RSA PKCS1V15进行签名
|
||
// src:待签名的原始字符串
|
||
// key:签名用的私钥
|
||
// hash:签名配置
|
||
// 返回值:
|
||
// []byte:得到的签名字节流
|
||
// error:错误信息
|
||
func SignPKCS1v15(src, key []byte, hash crypto.Hash) ([]byte, error) {
|
||
var h = hash.New()
|
||
h.Write(src)
|
||
var hashed = h.Sum(nil)
|
||
|
||
var err error
|
||
var block *pem.Block
|
||
block, _ = pem.Decode(key)
|
||
if block == nil {
|
||
return nil, errors.New("private key error")
|
||
}
|
||
|
||
var pri *rsa.PrivateKey
|
||
pri, err = x509.ParsePKCS1PrivateKey(block.Bytes)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
return rsa.SignPKCS1v15(rand.Reader, pri, hash, hashed)
|
||
}
|
||
|
||
// 验证RSA PKCS1V15进行签名
|
||
// src:待签名的原始字符串
|
||
// sig:签名字节流
|
||
// key:签名用的私钥
|
||
// hash:签名配置
|
||
// 返回值:
|
||
// error:错误信息
|
||
func VerifyPKCS1v15(src, sig, key []byte, hash crypto.Hash) error {
|
||
var h = hash.New()
|
||
h.Write(src)
|
||
var hashed = h.Sum(nil)
|
||
|
||
var err error
|
||
var block *pem.Block
|
||
block, _ = pem.Decode(key)
|
||
if block == nil {
|
||
return errors.New("public key error")
|
||
}
|
||
|
||
var pubInterface interface{}
|
||
pubInterface, err = x509.ParsePKIXPublicKey(block.Bytes)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
var pub = pubInterface.(*rsa.PublicKey)
|
||
|
||
return rsa.VerifyPKCS1v15(pub, hash, hashed, sig)
|
||
}
|