-
Notifications
You must be signed in to change notification settings - Fork 0
/
block.go
120 lines (106 loc) · 3.23 KB
/
block.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
// Copyright 2020 thinkgos ([email protected]). All rights reserved.
// Use of this source code is governed by a MIT style
// license that can be found in the LICENSE file.
package aesext
import (
"bytes"
"crypto/cipher"
"errors"
)
// error defined
var (
ErrInputNotMultipleBlocks = errors.New("decoded message length must be multiple of block size")
ErrInvalidIvSize = errors.New("iv length must equal block size")
ErrUnPaddingOutOfRange = errors.New("unPadding out of range")
)
// BlockCrypt block crypt interface
type BlockCrypt interface {
// BlockSize returns the mode's block size.
BlockSize() int
// Encrypt plain text. return cipher text, not contains iv.
Encrypt(plainText []byte) ([]byte, error)
// Encrypt cipher text cipher text. plain text, not contains iv.
Decrypt(cipherText []byte) ([]byte, error)
}
// Option option
type Option func(bs *blockBlock)
// WithBlockCodec option encrypt and decrypt
func WithBlockCodec(newEncrypt, newDecrypt func(block cipher.Block, iv []byte) cipher.BlockMode) Option {
return func(bs *blockBlock) {
bs.newEncrypt = newEncrypt
bs.newDecrypt = newDecrypt
}
}
// NewBlockCrypt new with newCipher, key, iv and custom option
// newCipher support follow or implement func(key []byte) (cipher.Block, error):
// aes
// cipher
// des
// blowfish
// cast5
// twofish
// xtea
// tea
// support:
// cbc(default): cipher.NewCBCEncrypter, cipher.NewCBCDecrypter
func NewBlockCrypt(key, iv []byte, newCipher func(key []byte) (cipher.Block, error), opts ...Option) (BlockCrypt, error) {
block, err := newCipher(key)
if err != nil {
return nil, err
}
if len(iv) != block.BlockSize() {
return nil, ErrInvalidIvSize
}
bb := &blockBlock{
block: block,
iv: iv,
newEncrypt: cipher.NewCBCEncrypter,
newDecrypt: cipher.NewCBCDecrypter,
}
for _, opt := range opts {
opt(bb)
}
return bb, nil
}
type blockBlock struct {
block cipher.Block
iv []byte
newEncrypt func(block cipher.Block, iv []byte) cipher.BlockMode
newDecrypt func(block cipher.Block, iv []byte) cipher.BlockMode
}
func (sf *blockBlock) BlockSize() int {
return sf.block.BlockSize()
}
// Encrypt encrypt
func (sf *blockBlock) Encrypt(plainText []byte) ([]byte, error) {
orig := PCKSPadding(plainText, sf.block.BlockSize())
sf.newEncrypt(sf.block, sf.iv).CryptBlocks(orig, orig)
return orig, nil
}
// Decrypt decrypt
func (sf *blockBlock) Decrypt(cipherText []byte) ([]byte, error) {
blockSize := sf.block.BlockSize()
if len(cipherText) == 0 || len(cipherText)%blockSize != 0 {
return nil, ErrInputNotMultipleBlocks
}
sf.newDecrypt(sf.block, sf.iv).CryptBlocks(cipherText, cipherText)
return PCKSUnPadding(cipherText)
}
// PCKSPadding PKCS#5和PKCS#7 填充
func PCKSPadding(origData []byte, blockSize int) []byte {
padSize := blockSize - len(origData)%blockSize
padText := bytes.Repeat([]byte{byte(padSize)}, padSize)
return append(origData, padText...)
}
// PCKSUnPadding PKCS#5和PKCS#7 解填充
func PCKSUnPadding(origData []byte) ([]byte, error) {
length := len(origData)
if length == 0 {
return nil, ErrUnPaddingOutOfRange
}
unPadSize := int(origData[length-1])
if unPadSize > length {
return nil, ErrUnPaddingOutOfRange
}
return origData[:(length - unPadSize)], nil
}