feat: crypto

crypto/aes.go

@@ -6,8 +6,7 @@ import (
 
 	"crypto/aes"
 	"crypto/cipher"
-
-	"math/rand/v2"
+	"crypto/rand"
 )
 
 // DefaultAESKey 默认AES密钥(16字节)
@@ -19,8 +18,7 @@ func GenerateAESKey(length int) ([]byte, error) {
 		return nil, fmt.Errorf("invalid key length: %d, must be 16, 24, or 32 bytes", length)
 	}
 	key := make([]byte, length)
-	src := rand.ChaCha8{}
-	_, err := src.Read(key)
+	_, err := rand.Read(key)
 	if err != nil {
 		return nil, err
 	}
@@ -42,23 +40,44 @@ func PKCS5UnPadding(origData []byte) []byte {
 }
 
 // AesEncrypt AES加密
-func AesEncrypt(origData, key []byte) ([]byte, error) {
+func AesEncrypt(plainText, key, iv []byte) ([]byte, error) {
+	if plainText == nil {
+		return nil, fmt.Errorf("plain text is nil")
+	}
+	if key == nil {
+		return nil, fmt.Errorf("key is nil")
+	}
+
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
 
-	//AES分组长度为128位，所以blockSize=16，单位字节
+	// AES分组长度为128位，所以blockSize=16，单位字节
 	blockSize := block.BlockSize()
-	origData = PKCS5Padding(origData, blockSize)
-	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize]) //初始向量的长度必须等于块block的长度16字节
-	crypted := make([]byte, len(origData))
-	blockMode.CryptBlocks(crypted, origData)
-	return crypted, nil
+
+	if iv == nil {
+		// 初始向量的长度必须等于块block的长度16字节
+		iv = key[:blockSize]
+	}
+
+	plainText = PKCS5Padding(plainText, blockSize)
+
+	blockMode := cipher.NewCBCEncrypter(block, iv)
+	cryptedText := make([]byte, len(plainText))
+	blockMode.CryptBlocks(cryptedText, plainText)
+	return cryptedText, nil
 }
 
 // AesDecrypt AES解密
-func AesDecrypt(crypted, key []byte) ([]byte, error) {
+func AesDecrypt(cryptedText, key, iv []byte) ([]byte, error) {
+	if cryptedText == nil {
+		return nil, fmt.Errorf("crypted text is nil")
+	}
+	if key == nil {
+		return nil, fmt.Errorf("key is nil")
+	}
+
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
@@ -66,9 +85,16 @@ func AesDecrypt(crypted, key []byte) ([]byte, error) {
 
 	//AES分组长度为128位，所以blockSize=16，单位字节
 	blockSize := block.BlockSize()
-	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize]) //初始向量的长度必须等于块block的长度16字节
-	origData := make([]byte, len(crypted))
-	blockMode.CryptBlocks(origData, crypted)
-	origData = PKCS5UnPadding(origData)
-	return origData, nil
+
+	if iv == nil {
+		// 初始向量的长度必须等于块block的长度16字节
+		iv = key[:blockSize]
+	}
+
+	blockMode := cipher.NewCBCDecrypter(block, iv)
+
+	plainText := make([]byte, len(cryptedText))
+	blockMode.CryptBlocks(plainText, cryptedText)
+	plainText = PKCS5UnPadding(plainText)
+	return plainText, nil
 }

crypto/aes_test.go

@@ -15,7 +15,7 @@ func TestDecryptAES(t *testing.T) {
 	aesKey = DefaultAESKey
 
 	plainText := []byte("cloud123456")
-	encryptText, err := AesEncrypt(plainText, aesKey)
+	encryptText, err := AesEncrypt(plainText, aesKey, nil)
 	if err != nil {
 		fmt.Println(err)
 		return
@@ -30,7 +30,7 @@ func TestDecryptAES(t *testing.T) {
 		return
 	}
 
-	decryptText, err := AesDecrypt(bytesPass, aesKey)
+	decryptText, err := AesDecrypt(bytesPass, aesKey, nil)
 	if err != nil {
 		fmt.Println(err)
 		return

crypto/crypto.go

@@ -1,14 +1,9 @@
 package crypto
 
 import (
-	"fmt"
-
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
 
-	"encoding/base64"
 	"encoding/hex"
 
 	"golang.org/x/crypto/bcrypt"
@@ -59,44 +54,3 @@ func GenerateSalt(length int) (string, error) {
 	}
 	return hex.EncodeToString(salt), nil
 }
-
-// DecryptAES AES解密函数
-func DecryptAES(cipherText, key string) (string, error) {
-	// 将密文从Base64解码
-	cipherData, err := base64.StdEncoding.DecodeString(cipherText)
-	if err != nil {
-		return "", err
-	}
-
-	// 创建AES块
-	block, err := aes.NewCipher([]byte(key))
-	if err != nil {
-		return "", err
-	}
-
-	// 检查密文长度是否为块大小的倍数
-	if len(cipherData)%aes.BlockSize != 0 {
-		return "", fmt.Errorf("ciphertext is not a multiple of the block size")
-	}
-
-	// 创建CBC解密器
-	iv := cipherData[:aes.BlockSize] // 提取IV
-	cipherData = cipherData[aes.BlockSize:]
-	mode := cipher.NewCBCDecrypter(block, iv)
-
-	// 解密
-	plainText := make([]byte, len(cipherData))
-	mode.CryptBlocks(plainText, cipherData)
-
-	// 去除填充
-	plainText = pkcs7Unpad(plainText)
-
-	return string(plainText), nil
-}
-
-// pkcs7Unpad PKCS7填充去除
-func pkcs7Unpad(data []byte) []byte {
-	length := len(data)
-	padding := int(data[length-1])
-	return data[:length-padding]
-}

crypto/crypto_test.go

@@ -26,6 +26,15 @@ func TestVerifyPassword(t *testing.T) {
 	assert.True(t, bMatched)
 }
 
+func TestVerifyPasswordWithSalt_CorrectPassword(t *testing.T) {
+	password := "securePassword"
+	salt, _ := GenerateSalt(16)
+	hashedPassword, _ := HashPasswordWithSalt(password, salt)
+
+	result := VerifyPasswordWithSalt(password, salt, hashedPassword)
+	assert.True(t, result, "Password verification should succeed with correct password and salt")
+}
+
 func TestJwtToken(t *testing.T) {
 	const bearerWord string = "Bearer"
 	token := "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjowfQ.XgcKAAjHbA6o4sxxbEaMi05ingWvKdCNnyW9wowbJvs"

entgo/go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/go-kratos/kratos/v2 v2.8.4
 	github.com/google/uuid v1.6.0
 	github.com/stretchr/testify v1.10.0
-	github.com/tx7do/go-utils v1.1.16
+	github.com/tx7do/go-utils v1.1.18
 	go.opentelemetry.io/otel v1.35.0
 	google.golang.org/protobuf v1.36.6
 )

tag.bat

@@ -1,9 +1,9 @@
-git tag v1.1.17
+git tag v1.1.19
 
 git tag bank_card/v1.1.5
 git tag geoip/v1.1.5
 
-git tag entgo/v1.1.26
+git tag entgo/v1.1.27
 git tag gorm/v1.1.5
 
 git push origin --tags