-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrsa.go
120 lines (109 loc) · 2.87 KB
/
rsa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package client
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/binary"
"encoding/pem"
"errors"
)
var LicenseFileErr = errors.New("License file error")
const pwdbit = 10
func (c client) encrypt(plainText []byte, publicKey []byte) ([]byte, error) {
password := RandomPassword()
block, _ := pem.Decode(publicKey)
pub, err := x509.ParsePKCS1PublicKey(block.Bytes)
if err != nil {
return nil, err
}
passwordEncrypt, err := rsa.EncryptOAEP(c.h, rand.Reader, pub, password, nil)
if err != nil {
return nil, err
}
pwdLen := len(passwordEncrypt)
// AESEncrypt
ciphertext, err := AESEncrypt(plainText, password)
if err != nil {
return nil, err
}
iByte := intToBytes(pwdLen, pwdbit)
res := append(iByte, passwordEncrypt...)
res = append(res, ciphertext...)
return res, nil
}
func (c client) decrypt(cipherByte []byte, privateKey []byte) ([]byte, error) {
if len(cipherByte) < pwdbit {
return nil, LicenseFileErr
}
pwdLenByte := cipherByte[:pwdbit]
pwdLen := bytesToInt(pwdLenByte)
if len(cipherByte) < pwdbit+pwdLen {
return nil, LicenseFileErr
}
passwordEncrypt := cipherByte[pwdbit : pwdLen+pwdbit]
ciphertext := cipherByte[pwdbit+pwdLen:]
block, _ := pem.Decode(privateKey)
pri, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
password, err := rsa.DecryptOAEP(c.h, rand.Reader, pri, passwordEncrypt, nil)
if err != nil {
return nil, err
}
decrypted, err := AESDecrypt(ciphertext, password)
if err != nil {
return nil, err
}
return decrypted, err
}
func RandomPassword() []byte {
randomPasswords := make([]byte, 16)
rand.Read(randomPasswords)
return randomPasswords
}
func intToBytes(n int, length int) []byte {
bytes := make([]byte, length)
binary.BigEndian.PutUint64(bytes, uint64(n))
return bytes
}
func bytesToInt(bytes []byte) int {
return int(binary.BigEndian.Uint64(bytes))
}
// AESEncrypt encryption
func AESEncrypt(data []byte, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
blockSize := block.BlockSize()
// pkcs7Padding
padding := blockSize - len(data)%blockSize
padText := bytes.Repeat([]byte{byte(padding)}, padding)
encryptBytes := append(data, padText...)
crypted := make([]byte, len(encryptBytes))
//cbc
blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
blockMode.CryptBlocks(crypted, encryptBytes)
return crypted, nil
}
// AESDecrypt Decryption
func AESDecrypt(data []byte, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
blockSize := block.BlockSize()
//cbc
blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
crypted := make([]byte, len(data))
blockMode.CryptBlocks(crypted, data)
// pkcs7UnPadding
length := len(crypted)
unPadding := int(crypted[length-1])
crypted = crypted[:(length - unPadding)]
return crypted, nil
}