mfangming
/
xpggame
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
印度包网
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
183 Commits
5 Branches
0 Tags
27 MiB
 
 
 
Tag: Branch: Tree: 614e42e956
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '614e42e956'
${ noResults }
xpggame/modules/pay/base/signrsa.go

343 lines
8.3 KiB
Raw Blame History

package base
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha1"
"crypto/sha256"
"crypto/sha512"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"errors"
"fmt"
"math/big"
"github.com/liangdas/mqant/log"
"github.com/wenzhenxi/gorsa"
)
// 使用SHA256withRSA算法对数据进行签名
func SignWithSHA256(data []byte, privateKey string) (string, error) {
// 解析私钥
block, _ := pem.Decode([]byte(privateKey))
if block == nil {
return "", errors.New("invalid private key")
}
priKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return "", err
}
// 计算数据的SHA256哈希值
hash := sha256.Sum256(data)
// 对哈希值进行签名
signature, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA256, hash[:])
if err != nil {
return "", err
}
// 将签名结果进行Base64编码
return base64.StdEncoding.EncodeToString(signature), nil
}
// 使用SHA256withRSA算法对数据进行验签
func VerifyWithSHA256(data []byte, signature string, publicKey string) (bool, error) {
// 解析公钥
block, _ := pem.Decode([]byte(publicKey))
if block == nil {
return false, errors.New("invalid public key")
}
pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return false, err
}
// 计算数据的SHA256哈希值
hash := sha256.Sum256(data)
// 对签名进行Base64解码
signatureBytes, err := base64.StdEncoding.DecodeString(signature)
if err != nil {
return false, err
}
// 进行验签操作
err = rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), crypto.SHA256, hash[:], signatureBytes)
if err == nil {
return true, nil
} else {
return false, err
}
}
// 使用SHA512withRSA算法对数据进行签名
func SignWithSHA512(data []byte, privateKey string) (string, error) {
// 解析私钥
block, _ := pem.Decode([]byte(privateKey))
if block == nil {
return "", errors.New("invalid private key")
}
priKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return "", err
}
// 计算数据的SHA256哈希值
hash := sha512.Sum512(data)
// 对哈希值进行签名
signature, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA512, hash[:])
if err != nil {
return "", err
}
// 将签名结果进行Base64编码
return base64.StdEncoding.EncodeToString(signature), nil
}
// 使用SHA512withRSA算法对数据进行验签
func VerifyWithSHA512(data []byte, signature string, publicKey string) (bool, error) {
// 解析公钥
block, _ := pem.Decode([]byte(publicKey))
if block == nil {
return false, errors.New("invalid public key")
}
pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return false, err
}
// 计算数据的SHA512哈希值
hash := sha512.Sum512(data)
// 对签名进行Base64解码
signatureBytes, err := base64.StdEncoding.DecodeString(signature)
if err != nil {
return false, err
}
// 进行验签操作
err = rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), crypto.SHA512, hash[:], signatureBytes)
if err == nil {
return true, nil
} else {
return false, err
}
}
// 私钥签名
func RsaSignSha1(data []byte, privateKey string) ([]byte, error) {
h := sha1.New()
h.Write(data)
hashed := h.Sum(nil)
// 获取私钥
block, _ := pem.Decode([]byte(privateKey))
if block == nil {
return nil, errors.New("private key error")
}
// 解析PKCS1格式的私钥
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA1, hashed)
}
// 公钥验证
func RsaSignVer(data []byte, signature, publicKey string) error {
sign, _ := base64.StdEncoding.DecodeString(signature)
hashed := sha1.Sum(data)
block, _ := pem.Decode([]byte(publicKey))
// 解析公钥
pubInterface, _ := x509.ParsePKIXPublicKey(block.Bytes)
// 类型断言
pub := pubInterface.(*rsa.PublicKey)
// 验证签名
return rsa.VerifyPKCS1v15(pub, crypto.SHA1, hashed[:], sign)
}
func RsaPublicDecrypt(pubKey *rsa.PublicKey, data []byte) []byte {
c := new(big.Int)
m := new(big.Int)
m.SetBytes(data)
e := big.NewInt(int64(pubKey.E))
c.Exp(m, e, pubKey.N)
out := c.Bytes()
skip := 0
for i := 2; i < len(out); i++ {
if i+1 >= len(out) {
break
}
if out[i] == 0xff && out[i+1] == 0 {
skip = i + 2
break
}
}
return out[skip:]
}
// 公钥解密
func RsaDecode(signature, publicKey string) error {
block, _ := pem.Decode([]byte(publicKey))
public, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
log.Error("加载公钥错误 %+v\n", err)
return err
}
decodeBytes, _ := base64.StdEncoding.DecodeString(signature)
var result string
// 因为加密解密用rsa有长度限值,因此这个地方就看具体限值的多少了
for len(decodeBytes) > 0 {
decodePart := decodeBytes[:128]
plain := RsaPublicDecrypt(public.(*rsa.PublicKey), decodePart)
result += string(plain)
decodeBytes = decodeBytes[128:]
}
log.Debug("%+v", result)
if len(result) > 0 {
return nil
}
return errors.New("check sign fail")
}
func SignRSA(prvkey []byte, hash crypto.Hash, data []byte) (string, error) {
block, _ := pem.Decode(prvkey)
if block == nil {
return "", errors.New("decode private key error")
}
privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return "", err
}
// MD5 and SHA1 are not supported as they are not secure.
var hashed []byte
switch hash {
case crypto.SHA224:
h := sha256.Sum224(data)
hashed = h[:]
case crypto.SHA256:
h := sha256.Sum256(data)
hashed = h[:]
case crypto.SHA384:
h := sha512.Sum384(data)
hashed = h[:]
case crypto.SHA512:
h := sha512.Sum512(data)
hashed = h[:]
}
signature, _ := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), hash, hashed)
return base64.StdEncoding.EncodeToString(signature), nil
}
func RsaVerify(pubkey []byte, hash crypto.Hash, data, sig []byte) error {
block, _ := pem.Decode(pubkey)
if block == nil {
return errors.New("decode public key error")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return err
}
// SHA1 and MD5 are not supported as they are not secure.
var hashed []byte
switch hash {
case crypto.SHA224:
h := sha256.Sum224(data)
hashed = h[:]
case crypto.SHA256:
h := sha256.Sum256(data)
hashed = h[:]
case crypto.SHA384:
h := sha512.Sum384(data)
hashed = h[:]
case crypto.SHA512:
h := sha512.Sum512(data)
hashed = h[:]
}
return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), hash, hashed, sig)
}
func SignRSADecode(data string, publicKey string) (string, error) {
dataBs, err := base64.RawURLEncoding.DecodeString(data)
if err != nil {
return "", err
}
gRsa := gorsa.RSASecurity{}
if err := gRsa.SetPublicKey(publicKey); err != nil {
return "", err
}
rsaData, err := gRsa.PubKeyDECRYPT(dataBs)
if err != nil {
return "", err
}
return string(rsaData), nil
}
// 解析 PKCS#8 格式的私钥
func parsePrivateKey(pemStr string) (*rsa.PrivateKey, error) {
block, _ := pem.Decode([]byte(pemStr))
if block == nil || block.Type != "PRIVATE KEY" {
return nil, fmt.Errorf("failed to decode PEM block containing private key")
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
privateKey, ok := key.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("not an RSA private key")
}
return privateKey, nil
}
// 解析公钥
func parsePublicKey(pemStr string) (*rsa.PublicKey, error) {
block, _ := pem.Decode([]byte(pemStr))
if block == nil || block.Type != "PUBLIC KEY" {
return nil, fmt.Errorf("failed to decode PEM block containing public key")
}
pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
publicKey, ok := pubKey.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("not an RSA public key")
}
return publicKey, nil
}
func RsaEncrypt(plaintext string, base64PublicKey []byte) (string, error) {
// keyPem := "-----BEGIN PUBLIC KEY-----\n" + insertLineBreaks(base64PublicKey, 64) + "\n-----END PUBLIC KEY-----"
block, _ := pem.Decode(base64PublicKey)
if block == nil {
return "", errors.New("failed to parse PEM block")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return "", err
}
rsaPub, ok := pub.(*rsa.PublicKey)
if !ok {
return "", errors.New("not RSA public key")
}
encryptedBytes, err := rsa.EncryptPKCS1v15(rand.Reader, rsaPub, []byte(plaintext))
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(encryptedBytes), nil
}