fix: 加密工具aes优化避免panic

2024-04-19 19:55:20 +08:00
parent 4164332755
commit ed94c373ff
1 changed files with 50 additions and 37 deletions
--- a/src/framework/utils/crypto/aes.go
+++ b/src/framework/utils/crypto/aes.go
@@ -10,21 +10,17 @@ import (
 	"io"
 )

-// aesKey 字符串AES加解密密钥
-const aesKey = "AGT66VfY4SMaiT97"
-
 // StringEncryptByAES 字符串AES加密
 func StringEncryptByAES(text string) (string, error) {
 	if len(text) == 0 {
 		return "", nil
 	}
-	pass := []byte(text)
-	xpass, err := aesEncryptWithSalt([]byte(aesKey), pass)
-	if err == nil {
-		pass64 := base64.StdEncoding.EncodeToString(xpass)
-		return pass64, err
+	xpass, err := aesEncryptWithSalt([]byte(text))
+	if err != nil {
+		return "", err
 	}
-	return "", err
+	pass64 := base64.StdEncoding.EncodeToString(xpass)
+	return pass64, nil
 }

 // StringDecryptByAES 字符串AES解密
@@ -36,53 +32,70 @@ func StringDecryptByAES(text string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	var tpass []byte
-	tpass, err = aesDecryptWithSalt([]byte(aesKey), bytesPass)
-	if err == nil {
-		result := string(tpass[:])
-		return result, err
+
+	tpass, err := aesDecryptWithSalt(bytesPass)
+	if err != nil {
+		return "", err
 	}
-	return "", err
+	return string(tpass), nil
 }

-// aesEncryptWithSalt AES加密
-func aesEncryptWithSalt(key, plaintext []byte) ([]byte, error) {
-	blockSize := aes.BlockSize
-	padding := blockSize - len(plaintext)%blockSize
-	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
-	plaintext = append(plaintext, padtext...)
+// aesKey 字符串AES加解密密钥
+const aesKey = "AGT66VfY4SMaiT97a7df0aef1704d5c5"

-	block, err := aes.NewCipher(key)
+// const aesKey = "AGT66VfY4SMaiT97"
+// aesEncryptWithSalt AES加密
+func aesEncryptWithSalt(plaintext []byte) ([]byte, error) {
+	block, err := aes.NewCipher([]byte(aesKey))
 	if err != nil {
 		return nil, err
 	}
+	blockSize := aes.BlockSize
+
+	padding := blockSize - (len(plaintext) % blockSize)
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	plaintext = append(plaintext, padtext...)
+
 	ciphertext := make([]byte, blockSize+len(plaintext))
-	iv := ciphertext[0:blockSize]
+	iv := ciphertext[:blockSize]
 	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
 		return nil, err
 	}
-	cbc := cipher.NewCBCEncrypter(block, iv)
-	cbc.CryptBlocks(ciphertext[blockSize:], plaintext)
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(ciphertext[blockSize:], plaintext)
+
 	return ciphertext, nil
 }

 // aesDecryptWithSalt AES解密
-func aesDecryptWithSalt(key, ciphertext []byte) ([]byte, error) {
+func aesDecryptWithSalt(ciphertext []byte) ([]byte, error) {
 	blockSize := aes.BlockSize
-	var block cipher.Block
-	block, err := aes.NewCipher(key)
+	if len(ciphertext) < blockSize {
+		return nil, fmt.Errorf("ciphertext too short")
+	}
+
+	iv := ciphertext[:blockSize]
+	ciphertext = ciphertext[blockSize:]
+
+	block, err := aes.NewCipher([]byte(aesKey))
 	if err != nil {
 		return nil, err
 	}
-	if len(ciphertext) < blockSize {
-		return nil, fmt.Errorf("iciphertext too short")
+
+	if len(ciphertext)%blockSize != 0 {
+		return nil, fmt.Errorf("ciphertext is not a multiple of the block size")
 	}
-	iv := ciphertext[:blockSize]
-	ciphertext = ciphertext[blockSize:]
-	cbc := cipher.NewCBCDecrypter(block, iv)
-	cbc.CryptBlocks(ciphertext, ciphertext)
-	length := len(ciphertext)
-	unpadding := int(ciphertext[len(ciphertext)-1])
-	ciphertext = ciphertext[:(length - unpadding)]
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(ciphertext, ciphertext)
+
+	// 去除填充
+	padding := int(ciphertext[len(ciphertext)-1])
+	if padding > blockSize || padding == 0 {
+		return nil, fmt.Errorf("invalid padding")
+	}
+	ciphertext = ciphertext[:len(ciphertext)-padding]
+
 	return ciphertext, nil
 }