#include <openssl/aes.h>
/* AES_CBC_PKCS5_Encrypt
* 入参:
* src:明文
* srcLen:明文长度
* key:密钥 长度只能是16/24/32字节 否则OPENSSL会对key进行截取或PKCS0填充
* keyLen:密钥长度
* outLen:密文长度
* 返回值:
* 密文 需要free
*/
unsigned char *AES_CBC_PKCS5_Encrypt(unsigned char *src, int srcLen, unsigned char *key, int keyLen, int *outLen)
{
int blockCount = 0;
int quotient = srcLen / AES_BLOCK_SIZE;
int mod = srcLen % AES_BLOCK_SIZE;
blockCount = quotient + 1;
int padding = AES_BLOCK_SIZE - mod;
char *in = (char *)malloc(AES_BLOCK_SIZE*blockCount);
memset(in, padding, AES_BLOCK_SIZE*blockCount);
memcpy(in, src, srcLen);
//out
char *out = (char *)malloc(AES_BLOCK_SIZE*blockCount);
memset(out, 0x00, AES_BLOCK_SIZE*blockCount);
*outLen = AES_BLOCK_SIZE*blockCount;
//初始向量为全0
unsigned char iv[AES_BLOCK_SIZE];
memset(iv, 0x00, AES_BLOCK_SIZE);
//开始加密
AES_KEY aes;
if (AES_set_encrypt_key((unsigned char*)key, keyLen*8, &aes) < 0)
{
printf("AES_set_encrypt_key error\n");
return NULL;
}
AES_cbc_encrypt((unsigned char*)in, (unsigned char*)out, AES_BLOCK_SIZE*blockCount, &aes, iv, AES_ENCRYPT);
free(in);
return (unsigned char*)out;
}
/* AES_CBC_PKCS5_Decrypt
* 入参:
* src:密文
* srcLen:密文长度
* key:密钥 长度只能是16/24/32字节 否则OPENSSL会对key进行截取或PKCS0填充
* keyLen:密钥长度
* outLen:明文长度
* 返回值:
* 明文 需要free
*/
unsigned char *AES_CBC_PKCS5_Decrypt(unsigned char *src, int srcLen, unsigned char *key, int keyLen, int *outLen)
{
//初始向量为全0
unsigned char iv[AES_BLOCK_SIZE];
memset(iv, 0x00, AES_BLOCK_SIZE);
//开始加密
AES_KEY aes;
if (AES_set_decrypt_key((unsigned char*)key, keyLen * 8, &aes) < 0)
{
return NULL;
}
char *tmp = (char *)malloc(srcLen);
memset(tmp, 0x00, srcLen);
AES_cbc_encrypt((unsigned char*)src, (unsigned char*)tmp, srcLen, &aes, iv, AES_DECRYPT);
//PKCS5 UNPADDING
int unpadding = tmp[srcLen - 1];
*outLen = srcLen - unpadding;
char *out = (char *)malloc(*outLen);
memcpy(out, tmp, *outLen);
free(tmp);
return (unsigned char*)out;
}
package crypto
import (
"crypto/aes"
"crypto/cipher"
"errors"
)
//AESDecrypt AES加密 初始向量16字节空 PKCS5 CBC
//入参:src 待加密[]byte
// key:密钥[]byte 16/24/32
// 返回:加密后[]byte
func AESEncrypt(src, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
src = pkcs5Padding(src, block.BlockSize())
srcLen := len(src)
if srcLen%block.BlockSize() != 0 {
return nil, errors.New("Need a multiple of the blocksize")
}
dst := make([]byte, srcLen)
iv := make([]byte, 16)
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(dst, src)
return dst, nil
}
//AESEncrypt AES解密 初始向量16字节空 PKCS5 CBC
//入参:src 已加密[]byte
// key:密钥[]byte 16/24/32
// 返回:解密后[]byte
func AESDecrypt(src, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
srcLen := len(src)
if srcLen%block.BlockSize() != 0 {
return nil, errors.New("crypto/cipher: input not full blocks")
}
dst := make([]byte, srcLen)
iv := make([]byte, 16)
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(dst, src)
return pkcs5UnPadding(dst), nil
}
func pkcs5Padding(ciphertext []byte, blockSize int) []byte {
padding := blockSize - len(ciphertext)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(ciphertext, padtext...)
}
func pkcs5UnPadding(origData []byte) []byte {
length := len(origData)
// 去掉最后一个字节 unpadding 次
unpadding := int(origData[length-1])
return origData[:(length - unpadding)]
}