nixcn/nixcn-cms
1
0
Fork 1
Code Pull Requests Activity
Files
af43b86a61601995c26abd8670c86789a22ed1d9
nixcn-cms/internal/cryptography/aes.go
Asai Neko 27ba3b7bef
All checks were successful
Build Backend (NixCN CMS) TeamCity build finished
Details
Build Frontend (NixCN CMS) TeamCity build finished
Details
Add aes cryptography library 
Signed-off-by: Asai Neko <sugar@sne.moe>
2026-01-01 14:25:44 +08:00

209 lines
4.0 KiB
Go
Raw Blame History

package cryptography
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"errors"
"io"
)
func randomBytes(n int) ([]byte, error) {
b := make([]byte, n)
_, err := io.ReadFull(rand.Reader, b)
return b, err
}
func normalizeKey(key []byte) ([]byte, error) {
switch len(key) {
case 16, 24, 32:
return key, nil
default:
return nil, errors.New("AES key length must be 16, 24, or 32 bytes")
}
}
func AESGCMEncrypt(plaintext, key []byte) (string, error) {
key, err := normalizeKey(key)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
nonce, err := randomBytes(gcm.NonceSize())
if err != nil {
return "", err
}
ciphertext := gcm.Seal(nil, nonce, plaintext, nil)
out := append(nonce, ciphertext...)
return base64.RawURLEncoding.EncodeToString(out), nil
}
func AESGCMDecrypt(encoded string, key []byte) ([]byte, error) {
key, err := normalizeKey(key)
if err != nil {
return nil, err
}
data, err := base64.RawURLEncoding.DecodeString(encoded)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
if len(data) < gcm.NonceSize() {
return nil, errors.New("ciphertext too short")
}
nonce := data[:gcm.NonceSize()]
ciphertext := data[gcm.NonceSize():]
return gcm.Open(nil, nonce, ciphertext, nil)
}
func pkcs7Pad(data []byte, blockSize int) []byte {
padding := blockSize - len(data)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(data, padtext...)
}
func pkcs7Unpad(data []byte) ([]byte, error) {
length := len(data)
if length == 0 {
return nil, errors.New("invalid padding")
}
padding := int(data[length-1])
if padding == 0 || padding > length {
return nil, errors.New("invalid padding")
}
return data[:length-padding], nil
}
func AESCBCEncrypt(plaintext, key []byte) (string, error) {
key, err := normalizeKey(key)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
plaintext = pkcs7Pad(plaintext, block.BlockSize())
iv, err := randomBytes(block.BlockSize())
if err != nil {
return "", err
}
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(plaintext, plaintext)
out := append(iv, plaintext...)
return base64.RawURLEncoding.EncodeToString(out), nil
}
func AESCBCDecrypt(encoded string, key []byte) ([]byte, error) {
key, err := normalizeKey(key)
if err != nil {
return nil, err
}
data, err := base64.RawURLEncoding.DecodeString(encoded)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(data) < block.BlockSize() {
return nil, errors.New("ciphertext too short")
}
iv := data[:block.BlockSize()]
data = data[block.BlockSize():]
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(data, data)
return pkcs7Unpad(data)
}
func AESCFBEncrypt(plaintext, key []byte) (string, error) {
key, err := normalizeKey(key)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
iv, err := randomBytes(block.BlockSize())
if err != nil {
return "", err
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(plaintext, plaintext)
out := append(iv, plaintext...)
return base64.RawURLEncoding.EncodeToString(out), nil
}
func AESCFBDecrypt(encoded string, key []byte) ([]byte, error) {
key, err := normalizeKey(key)
if err != nil {
return nil, err
}
data, err := base64.RawURLEncoding.DecodeString(encoded)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(data) < block.BlockSize() {
return nil, errors.New("ciphertext too short")
}
iv := data[:block.BlockSize()]
data = data[block.BlockSize():]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(data, data)
return data, nil
}
View Git Blame Copy Permalink