mayfly-go/server/pkg/utils/crypto.go

package utils

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/md5"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/base64"
	"encoding/hex"
	"encoding/pem"
	"errors"
	"mayfly-go/pkg/cache"

	"golang.org/x/crypto/bcrypt"
)

// md5
func Md5(str string) string {
	h := md5.New()
	h.Write([]byte(str))
	return hex.EncodeToString(h.Sum(nil))
}

// bcrypt加密密码
func PwdHash(password string) string {
	bytes, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	return string(bytes)
}

// 检查密码是否一致
func CheckPwdHash(password, hash string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
}

// 生成RSA私钥和公钥字符串
// bits 证书大小
// @return privateKeyStr publicKeyStr error
func GenerateRSAKey(bits int) (string, string, error) {
	var privateKeyStr, publicKeyStr string

	//GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥
	//Reader是一个全局、共享的密码用强随机数生成器
	privateKey, err := rsa.GenerateKey(rand.Reader, bits)
	if err != nil {
		return privateKeyStr, publicKeyStr, err
	}
	//保存私钥
	//通过x509标准将得到的ras私钥序列化为ASN.1 的 DER编码字符串
	X509PrivateKey := x509.MarshalPKCS1PrivateKey(privateKey)
	//构建一个pem.Block结构体对象
	privateBlock := pem.Block{Type: "RSA Private Key", Bytes: X509PrivateKey}

	privateBuf := new(bytes.Buffer)
	pem.Encode(privateBuf, &privateBlock)
	privateKeyStr = privateBuf.String()

	//保存公钥
	//获取公钥的数据
	publicKey := privateKey.PublicKey
	//X509对公钥编码
	X509PublicKey, err := x509.MarshalPKIXPublicKey(&publicKey)
	if err != nil {
		return publicKeyStr, privateKeyStr, err
	}
	//创建一个pem.Block结构体对象
	publicBlock := pem.Block{Type: "RSA Public Key", Bytes: X509PublicKey}

	publicBuf := new(bytes.Buffer)
	pem.Encode(publicBuf, &publicBlock)
	publicKeyStr = publicBuf.String()

	return privateKeyStr, publicKeyStr, nil
}

// rsa加密
func RsaEncrypt(publicKeyStr string, data []byte) ([]byte, error) {
	block, _ := pem.Decode([]byte(publicKeyStr))
	if block == nil {
		return nil, errors.New("private key error")
	}

	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	return rsa.EncryptPKCS1v15(rand.Reader, pub.(*rsa.PublicKey), data)
}

// rsa解密
func RsaDecrypt(privateKeyStr string, data []byte) ([]byte, error) {
	block, _ := pem.Decode([]byte(privateKeyStr))
	if block == nil {
		return nil, errors.New("private key error")
	}

	priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	return rsa.DecryptPKCS1v15(rand.Reader, priv, data)
}

// 使用系统默认的私钥解密
// @param base64 字符串是否使用base64编码
func DefaultRsaDecrypt(data string, useBase64 bool) (string, error) {
	// 空字符串不解密
	if data == "" {
		return "", nil
	}
	if useBase64 {
		if decodeBase64, err := base64.StdEncoding.DecodeString(data); err != nil {
			return "", err
		} else {
			data = string(decodeBase64)
		}
	}
	priKey, err := GetRsaPrivateKey()
	if err != nil {
		return "", err
	}
	val, err := RsaDecrypt(priKey, []byte(data))
	if err != nil {
		return "", err
	}
	return string(val), nil
}

const publicKeyK = "mayfly:public-key"
const privateKeyK = "mayfly:private-key"

// 获取系统的RSA公钥
func GetRsaPublicKey() (string, error) {
	publicKey := cache.GetStr(publicKeyK)
	if publicKey != "" {
		return publicKey, nil
	}
	privateKey, publicKey, err := GenerateRSAKey(1024)
	if err != nil {
		return "", err
	}
	cache.SetStr(publicKeyK, publicKey, -1)
	cache.SetStr(privateKeyK, privateKey, -1)
	return publicKey, nil
}

// 获取系统私钥
func GetRsaPrivateKey() (string, error) {
	privateKey := cache.GetStr(privateKeyK)
	if privateKey != "" {
		return privateKey, nil
	}
	privateKey, publicKey, err := GenerateRSAKey(1024)
	if err != nil {
		return "", err
	}
	cache.SetStr(publicKeyK, publicKey, -1)
	cache.SetStr(privateKeyK, privateKey, -1)
	return privateKey, nil
}

// AesEncrypt 加密
func AesEncrypt(data []byte, key []byte) ([]byte, error) {
	//创建加密实例
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	//判断加密快的大小
	blockSize := block.BlockSize()
	//填充
	encryptBytes := pkcs7Padding(data, blockSize)
	//初始化加密数据接收切片
	crypted := make([]byte, len(encryptBytes))
	//使用cbc加密模式
	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
	//执行加密
	blockMode.CryptBlocks(crypted, encryptBytes)
	return crypted, nil
}

// AesDecrypt 解密
func AesDecrypt(data []byte, key []byte) ([]byte, error) {
	//创建实例
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	//获取块的大小
	blockSize := block.BlockSize()
	//使用cbc
	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
	//初始化解密数据接收切片
	crypted := make([]byte, len(data))
	//执行解密
	blockMode.CryptBlocks(crypted, data)
	//去除填充
	crypted, err = pkcs7UnPadding(crypted)
	if err != nil {
		return nil, err
	}
	return crypted, nil
}

// aes加密 后 再base64
func AesEncryptBase64(data []byte, key []byte) (string, error) {
	res, err := AesEncrypt(data, key)
	if err != nil {
		return "", err
	}
	return base64.StdEncoding.EncodeToString(res), nil
}

// base64解码后再 aes解码
func AesDecryptBase64(data string, key []byte) ([]byte, error) {
	dataByte, err := base64.StdEncoding.DecodeString(data)
	if err != nil {
		return nil, err
	}
	return AesDecrypt(dataByte, key)
}

// pkcs7Padding 填充
func pkcs7Padding(data []byte, blockSize int) []byte {
	//判断缺少几位长度。最少1，最多 blockSize
	padding := blockSize - len(data)%blockSize
	//补足位数。把切片[]byte{byte(padding)}复制padding个
	padText := bytes.Repeat([]byte{byte(padding)}, padding)
	return append(data, padText...)
}

// pkcs7UnPadding 填充的反向操作
func pkcs7UnPadding(data []byte) ([]byte, error) {
	length := len(data)
	if length == 0 {
		return nil, errors.New("加密字符串错误！")
	}
	//获取填充的个数
	unPadding := int(data[length-1])
	return data[:(length - unPadding)], nil
}
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								package utils
 								import (
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									"bytes"
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+									"crypto/aes"
 									"crypto/cipher"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									"crypto/md5"
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									"crypto/rand"
 									"crypto/rsa"
 									"crypto/x509"
 									"encoding/base64"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									"encoding/hex"
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									"encoding/pem"
 									"errors"
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									"mayfly-go/pkg/cache"
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
 									"golang.org/x/crypto/bcrypt"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								)
 								// md5
 								func Md5(str string) string {
 									h := md5.New()
 									h.Write([]byte(str))
 									return hex.EncodeToString(h.Sum(nil))
 								}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								// bcrypt加密密码
 								func PwdHash(password string) string {
 									bytes, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 									return string(bytes)
 								}
 								// 检查密码是否一致
 								func CheckPwdHash(password, hash string) bool {
 									return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
 								}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+								// 生成RSA私钥和公钥字符串
 								// bits 证书大小
 								// @return privateKeyStr publicKeyStr error
 								func GenerateRSAKey(bits int) (string, string, error) {
 									var privateKeyStr, publicKeyStr string
 									//GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥
 									//Reader是一个全局、共享的密码用强随机数生成器
 									privateKey, err := rsa.GenerateKey(rand.Reader, bits)
 									if err != nil {
 										return privateKeyStr, publicKeyStr, err
 									}
 									//保存私钥
 									//通过x509标准将得到的ras私钥序列化为ASN.1 的 DER编码字符串
 									X509PrivateKey := x509.MarshalPKCS1PrivateKey(privateKey)
 									//构建一个pem.Block结构体对象
 									privateBlock := pem.Block{Type: "RSA Private Key", Bytes: X509PrivateKey}
 									privateBuf := new(bytes.Buffer)
 									pem.Encode(privateBuf, &privateBlock)
 									privateKeyStr = privateBuf.String()
 									//保存公钥
 									//获取公钥的数据
 									publicKey := privateKey.PublicKey
 									//X509对公钥编码
 									X509PublicKey, err := x509.MarshalPKIXPublicKey(&publicKey)
 									if err != nil {
 										return publicKeyStr, privateKeyStr, err
 									}
 									//创建一个pem.Block结构体对象
 									publicBlock := pem.Block{Type: "RSA Public Key", Bytes: X509PublicKey}
 									publicBuf := new(bytes.Buffer)
 									pem.Encode(publicBuf, &publicBlock)
 									publicKeyStr = publicBuf.String()
 									return privateKeyStr, publicKeyStr, nil
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// rsa加密
 								func RsaEncrypt(publicKeyStr string, data []byte) ([]byte, error) {
 									block, _ := pem.Decode([]byte(publicKeyStr))
 									if block == nil {
 										return nil, errors.New("private key error")
 									}
 									pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 									if err != nil {
 										return nil, err
 									}
 									return rsa.EncryptPKCS1v15(rand.Reader, pub.(*rsa.PublicKey), data)
 								}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+								// rsa解密
 								func RsaDecrypt(privateKeyStr string, data []byte) ([]byte, error) {
 									block, _ := pem.Decode([]byte(privateKeyStr))
 									if block == nil {
 										return nil, errors.New("private key error")
 									}
 									priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
 									if err != nil {
 										return nil, err
 									}
 									return rsa.DecryptPKCS1v15(rand.Reader, priv, data)
 								}
 								// 使用系统默认的私钥解密
 								// @param base64 字符串是否使用base64编码
 								func DefaultRsaDecrypt(data string, useBase64 bool) (string, error) {
 									// 空字符串不解密
 									if data == "" {
 										return "", nil
 									}
 									if useBase64 {
 										if decodeBase64, err := base64.StdEncoding.DecodeString(data); err != nil {
 											return "", err
 										} else {
 											data = string(decodeBase64)
 										}
 									}
 									priKey, err := GetRsaPrivateKey()
 									if err != nil {
 										return "", err
 									}
 									val, err := RsaDecrypt(priKey, []byte(data))
 									if err != nil {
 										return "", err
 									}
 									return string(val), nil
 								}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+								const publicKeyK = "mayfly:public-key"
 								const privateKeyK = "mayfly:private-key"
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+								// 获取系统的RSA公钥
 								func GetRsaPublicKey() (string, error) {
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									publicKey := cache.GetStr(publicKeyK)
 									if publicKey != "" {
 										return publicKey, nil
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									}
 									privateKey, publicKey, err := GenerateRSAKey(1024)
 									if err != nil {
 										return "", err
 									}
-												feat: 新增双因素校验(OTP)

											
										
										
											2023-06-17 15:15:03 +08:00
+									cache.SetStr(publicKeyK, publicKey, -1)
 									cache.SetStr(privateKeyK, privateKey, -1)
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									return publicKey, nil
 								}
 								// 获取系统私钥
 								func GetRsaPrivateKey() (string, error) {
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									privateKey := cache.GetStr(privateKeyK)
 									if privateKey != "" {
 										return privateKey, nil
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									}
 									privateKey, publicKey, err := GenerateRSAKey(1024)
 									if err != nil {
 										return "", err
 									}
-												feat: 新增双因素校验(OTP)

											
										
										
											2023-06-17 15:15:03 +08:00
+									cache.SetStr(publicKeyK, publicKey, -1)
 									cache.SetStr(privateKeyK, privateKey, -1)
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									return privateKey, nil
 								}
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// AesEncrypt 加密
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func AesEncrypt(data []byte, key []byte) ([]byte, error) {
 									//创建加密实例
 									block, err := aes.NewCipher(key)
 									if err != nil {
 										return nil, err
 									}
 									//判断加密快的大小
 									blockSize := block.BlockSize()
 									//填充
 									encryptBytes := pkcs7Padding(data, blockSize)
 									//初始化加密数据接收切片
 									crypted := make([]byte, len(encryptBytes))
 									//使用cbc加密模式
 									blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
 									//执行加密
 									blockMode.CryptBlocks(crypted, encryptBytes)
 									return crypted, nil
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// AesDecrypt 解密
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func AesDecrypt(data []byte, key []byte) ([]byte, error) {
 									//创建实例
 									block, err := aes.NewCipher(key)
 									if err != nil {
 										return nil, err
 									}
 									//获取块的大小
 									blockSize := block.BlockSize()
 									//使用cbc
 									blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
 									//初始化解密数据接收切片
 									crypted := make([]byte, len(data))
 									//执行解密
 									blockMode.CryptBlocks(crypted, data)
 									//去除填充
 									crypted, err = pkcs7UnPadding(crypted)
 									if err != nil {
 										return nil, err
 									}
 									return crypted, nil
 								}
 								// aes加密 后 再base64
 								func AesEncryptBase64(data []byte, key []byte) (string, error) {
 									res, err := AesEncrypt(data, key)
 									if err != nil {
 										return "", err
 									}
 									return base64.StdEncoding.EncodeToString(res), nil
 								}
 								// base64解码后再 aes解码
 								func AesDecryptBase64(data string, key []byte) ([]byte, error) {
 									dataByte, err := base64.StdEncoding.DecodeString(data)
 									if err != nil {
 										return nil, err
 									}
 									return AesDecrypt(dataByte, key)
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// pkcs7Padding 填充
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func pkcs7Padding(data []byte, blockSize int) []byte {
 									//判断缺少几位长度。最少1，最多 blockSize
 									padding := blockSize - len(data)%blockSize
 									//补足位数。把切片[]byte{byte(padding)}复制padding个
 									padText := bytes.Repeat([]byte{byte(padding)}, padding)
 									return append(data, padText...)
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// pkcs7UnPadding 填充的反向操作
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func pkcs7UnPadding(data []byte) ([]byte, error) {
 									length := len(data)
 									if length == 0 {
 										return nil, errors.New("加密字符串错误！")
 									}
 									//获取填充的个数
 									unPadding := int(data[length-1])
 									return data[:(length - unPadding)], nil
 								}