You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
235 lines
5.6 KiB
235 lines
5.6 KiB
package base |
|
|
|
import ( |
|
"crypto" |
|
"crypto/rand" |
|
"crypto/rsa" |
|
"crypto/sha1" |
|
"crypto/sha256" |
|
"crypto/sha512" |
|
"crypto/x509" |
|
"encoding/base64" |
|
"encoding/pem" |
|
"errors" |
|
"math/big" |
|
|
|
"github.com/liangdas/mqant/log" |
|
"github.com/wenzhenxi/gorsa" |
|
) |
|
|
|
// 使用SHA256withRSA算法对数据进行签名 |
|
func SignWithSHA256(data []byte, privateKey string) (string, error) { |
|
// 解析私钥 |
|
block, _ := pem.Decode([]byte(privateKey)) |
|
if block == nil { |
|
return "", errors.New("invalid private key") |
|
} |
|
priKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) |
|
if err != nil { |
|
return "", err |
|
} |
|
|
|
// 计算数据的SHA256哈希值 |
|
hash := sha256.Sum256(data) |
|
|
|
// 对哈希值进行签名 |
|
signature, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA256, hash[:]) |
|
if err != nil { |
|
return "", err |
|
} |
|
|
|
// 将签名结果进行Base64编码 |
|
return base64.StdEncoding.EncodeToString(signature), nil |
|
} |
|
|
|
// 使用SHA256withRSA算法对数据进行验签 |
|
func VerifyWithSHA256(data []byte, signature string, publicKey string) (bool, error) { |
|
// 解析公钥 |
|
block, _ := pem.Decode([]byte(publicKey)) |
|
if block == nil { |
|
return false, errors.New("invalid public key") |
|
} |
|
pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) |
|
if err != nil { |
|
return false, err |
|
} |
|
|
|
// 计算数据的SHA256哈希值 |
|
hash := sha256.Sum256(data) |
|
|
|
// 对签名进行Base64解码 |
|
signatureBytes, err := base64.StdEncoding.DecodeString(signature) |
|
if err != nil { |
|
return false, err |
|
} |
|
|
|
// 进行验签操作 |
|
err = rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), crypto.SHA256, hash[:], signatureBytes) |
|
if err == nil { |
|
return true, nil |
|
} else { |
|
return false, err |
|
} |
|
} |
|
|
|
// 使用SHA512withRSA算法对数据进行签名 |
|
func SignWithSHA512(data []byte, privateKey string) (string, error) { |
|
// 解析私钥 |
|
block, _ := pem.Decode([]byte(privateKey)) |
|
if block == nil { |
|
return "", errors.New("invalid private key") |
|
} |
|
priKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) |
|
if err != nil { |
|
return "", err |
|
} |
|
|
|
// 计算数据的SHA256哈希值 |
|
hash := sha512.Sum512(data) |
|
|
|
// 对哈希值进行签名 |
|
signature, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA512, hash[:]) |
|
if err != nil { |
|
return "", err |
|
} |
|
|
|
// 将签名结果进行Base64编码 |
|
return base64.StdEncoding.EncodeToString(signature), nil |
|
} |
|
|
|
// 使用SHA512withRSA算法对数据进行验签 |
|
func VerifyWithSHA512(data []byte, signature string, publicKey string) (bool, error) { |
|
// 解析公钥 |
|
block, _ := pem.Decode([]byte(publicKey)) |
|
if block == nil { |
|
return false, errors.New("invalid public key") |
|
} |
|
pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) |
|
if err != nil { |
|
return false, err |
|
} |
|
|
|
// 计算数据的SHA512哈希值 |
|
hash := sha512.Sum512(data) |
|
|
|
// 对签名进行Base64解码 |
|
signatureBytes, err := base64.StdEncoding.DecodeString(signature) |
|
if err != nil { |
|
return false, err |
|
} |
|
|
|
// 进行验签操作 |
|
err = rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), crypto.SHA512, hash[:], signatureBytes) |
|
if err == nil { |
|
return true, nil |
|
} else { |
|
return false, err |
|
} |
|
} |
|
|
|
// 私钥签名 |
|
func RsaSignSha1(data []byte, privateKey string) ([]byte, error) { |
|
h := sha1.New() |
|
h.Write(data) |
|
hashed := h.Sum(nil) |
|
//获取私钥 |
|
block, _ := pem.Decode([]byte(privateKey)) |
|
if block == nil { |
|
return nil, errors.New("private key error") |
|
} |
|
//解析PKCS1格式的私钥 |
|
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) |
|
if err != nil { |
|
return nil, err |
|
} |
|
return rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA1, hashed) |
|
} |
|
|
|
// 公钥验证 |
|
func RsaSignVer(data []byte, signature, publicKey string) error { |
|
sign, _ := base64.StdEncoding.DecodeString(signature) |
|
hashed := sha1.Sum(data) |
|
block, _ := pem.Decode([]byte(publicKey)) |
|
// 解析公钥 |
|
pubInterface, _ := x509.ParsePKIXPublicKey(block.Bytes) |
|
|
|
// 类型断言 |
|
pub := pubInterface.(*rsa.PublicKey) |
|
//验证签名 |
|
return rsa.VerifyPKCS1v15(pub, crypto.SHA1, hashed[:], sign) |
|
} |
|
|
|
func RSA_public_decrypt(pubKey *rsa.PublicKey, data []byte) []byte { |
|
c := new(big.Int) |
|
m := new(big.Int) |
|
m.SetBytes(data) |
|
e := big.NewInt(int64(pubKey.E)) |
|
c.Exp(m, e, pubKey.N) |
|
out := c.Bytes() |
|
skip := 0 |
|
for i := 2; i < len(out); i++ { |
|
if i+1 >= len(out) { |
|
break |
|
} |
|
if out[i] == 0xff && out[i+1] == 0 { |
|
skip = i + 2 |
|
break |
|
} |
|
} |
|
return out[skip:] |
|
} |
|
|
|
// 公钥解密 |
|
func RsaDecode(signature, publicKey string) error { |
|
block, _ := pem.Decode([]byte(publicKey)) |
|
public, err := x509.ParsePKIXPublicKey(block.Bytes) |
|
if err != nil { |
|
log.Error("加载公钥错误 %+v\n", err) |
|
return err |
|
} |
|
decodeBytes, _ := base64.StdEncoding.DecodeString(signature) |
|
var result string |
|
// 因为加密解密用rsa有长度限值,因此这个地方就看具体限值的多少了 |
|
for len(decodeBytes) > 0 { |
|
decodePart := decodeBytes[:128] |
|
plain := RSA_public_decrypt(public.(*rsa.PublicKey), decodePart) |
|
result += string(plain) |
|
decodeBytes = decodeBytes[128:] |
|
} |
|
log.Debug("%+v", result) |
|
if len(result) > 0 { |
|
return nil |
|
} |
|
return errors.New("check sign fail") |
|
} |
|
|
|
// 私钥加密 |
|
func SignRSA(data string, privateKey string) (string, error) { |
|
gRsa := gorsa.RSASecurity{} |
|
gRsa.SetPrivateKey(privateKey) |
|
|
|
rsaData, err := gRsa.PriKeyENCTYPT([]byte(data)) |
|
if err != nil { |
|
return "", err |
|
} |
|
return base64.StdEncoding.EncodeToString(rsaData), nil |
|
} |
|
|
|
func SignRSADecode(data string, publicKey string) (string, error) { |
|
dataBs, err := base64.RawURLEncoding.DecodeString(data) |
|
if err != nil { |
|
return "", err |
|
} |
|
|
|
gRsa := gorsa.RSASecurity{} |
|
if err := gRsa.SetPublicKey(publicKey); err != nil { |
|
return "", err |
|
} |
|
|
|
rsaData, err := gRsa.PubKeyDECRYPT(dataBs) |
|
if err != nil { |
|
return "", err |
|
} |
|
|
|
return string(rsaData), nil |
|
}
|
|
|