Home Explore Help
Register Sign In
i2
/
go-zero
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f00b5416a3
Branches Tags
go-zero
/
core
/
codec
/
rsa.go

rsa.go 3.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. package codec
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/rand"
    5. 

  5. 	"crypto/rsa"
    6. 

  6. 	"crypto/x509"
    7. 

  7. 	"encoding/base64"
    8. 

  8. 	"encoding/pem"
    9. 

  9. 	"errors"
    10. 

  10. 	"io/ioutil"
    11. 

  11. )
    12. 

  12. 

  13. var (
    14. 

  14. 	ErrPrivateKey = errors.New("private key error")
    15. 

  15. 	ErrPublicKey  = errors.New("failed to parse PEM block containing the public key")
    16. 

  16. 	ErrNotRsaKey  = errors.New("key type is not RSA")
    17. 

  17. )
    18. 

  18. 

  19. type (
    20. 

  20. 	RsaDecrypter interface {
    21. 

  21. 		Decrypt(input []byte) ([]byte, error)
    22. 

  22. 		DecryptBase64(input string) ([]byte, error)
    23. 

  23. 	}
    24. 

  24. 

  25. 	RsaEncrypter interface {
    26. 

  26. 		Encrypt(input []byte) ([]byte, error)
    27. 

  27. 	}
    28. 

  28. 

  29. 	rsaBase struct {
    30. 

  30. 		bytesLimit int
    31. 

  31. 	}
    32. 

  32. 

  33. 	rsaDecrypter struct {
    34. 

  34. 		rsaBase
    35. 

  35. 		privateKey *rsa.PrivateKey
    36. 

  36. 	}
    37. 

  37. 

  38. 	rsaEncrypter struct {
    39. 

  39. 		rsaBase
    40. 

  40. 		publicKey *rsa.PublicKey
    41. 

  41. 	}
    42. 

  42. )
    43. 

  43. 

  44. func NewRsaDecrypter(file string) (RsaDecrypter, error) {
    45. 

  45. 	content, err := ioutil.ReadFile(file)
    46. 

  46. 	if err != nil {
    47. 

  47. 		return nil, err
    48. 

  48. 	}
    49. 

  49. 

  50. 	block, _ := pem.Decode(content)
    51. 

  51. 	if block == nil {
    52. 

  52. 		return nil, ErrPrivateKey
    53. 

  53. 	}
    54. 

  54. 

  55. 	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
    56. 

  56. 	if err != nil {
    57. 

  57. 		return nil, err
    58. 

  58. 	}
    59. 

  59. 

  60. 	return &rsaDecrypter{
    61. 

  61. 		rsaBase: rsaBase{
    62. 

  62. 			bytesLimit: privateKey.N.BitLen() >> 3,
    63. 

  63. 		},
    64. 

  64. 		privateKey: privateKey,
    65. 

  65. 	}, nil
    66. 

  66. }
    67. 

  67. 

  68. func (r *rsaDecrypter) Decrypt(input []byte) ([]byte, error) {
    69. 

  69. 	return r.crypt(input, func(block []byte) ([]byte, error) {
    70. 

  70. 		return rsaDecryptBlock(r.privateKey, block)
    71. 

  71. 	})
    72. 

  72. }
    73. 

  73. 

  74. func (r *rsaDecrypter) DecryptBase64(input string) ([]byte, error) {
    75. 

  75. 	if len(input) == 0 {
    76. 

  76. 		return nil, nil
    77. 

  77. 	}
    78. 

  78. 

  79. 	base64Decoded, err := base64.StdEncoding.DecodeString(input)
    80. 

  80. 	if err != nil {
    81. 

  81. 		return nil, err
    82. 

  82. 	}
    83. 

  83. 

  84. 	return r.Decrypt(base64Decoded)
    85. 

  85. }
    86. 

  86. 

  87. func NewRsaEncrypter(key []byte) (RsaEncrypter, error) {
    88. 

  88. 	block, _ := pem.Decode(key)
    89. 

  89. 	if block == nil {
    90. 

  90. 		return nil, ErrPublicKey
    91. 

  91. 	}
    92. 

  92. 

  93. 	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
    94. 

  94. 	if err != nil {
    95. 

  95. 		return nil, err
    96. 

  96. 	}
    97. 

  97. 

  98. 	switch pubKey := pub.(type) {
    99. 

  99. 	case *rsa.PublicKey:
    100. 

  100. 		return &rsaEncrypter{
    101. 

  101. 			rsaBase: rsaBase{
    102. 

  102. 				// https://www.ietf.org/rfc/rfc2313.txt
    103. 

  103. 				// The length of the data D shall not be more than k-11 octets, which is
    104. 

  104. 				// positive since the length k of the modulus is at least 12 octets.
    105. 

  105. 				bytesLimit: (pubKey.N.BitLen() >> 3) - 11,
    106. 

  106. 			},
    107. 

  107. 			publicKey: pubKey,
    108. 

  108. 		}, nil
    109. 

  109. 	default:
    110. 

  110. 		return nil, ErrNotRsaKey
    111. 

  111. 	}
    112. 

  112. }
    113. 

  113. 

  114. func (r *rsaEncrypter) Encrypt(input []byte) ([]byte, error) {
    115. 

  115. 	return r.crypt(input, func(block []byte) ([]byte, error) {
    116. 

  116. 		return rsaEncryptBlock(r.publicKey, block)
    117. 

  117. 	})
    118. 

  118. }
    119. 

  119. 

  120. func (r *rsaBase) crypt(input []byte, cryptFn func([]byte) ([]byte, error)) ([]byte, error) {
    121. 

  121. 	var result []byte
    122. 

  122. 	inputLen := len(input)
    123. 

  123. 

  124. 	for i := 0; i*r.bytesLimit < inputLen; i++ {
    125. 

  125. 		start := r.bytesLimit * i
    126. 

  126. 		var stop int
    127. 

  127. 		if r.bytesLimit*(i+1) > inputLen {
    128. 

  128. 			stop = inputLen
    129. 

  129. 		} else {
    130. 

  130. 			stop = r.bytesLimit * (i + 1)
    131. 

  131. 		}
    132. 

  132. 		bs, err := cryptFn(input[start:stop])
    133. 

  133. 		if err != nil {
    134. 

  134. 			return nil, err
    135. 

  135. 		}
    136. 

  136. 

  137. 		result = append(result, bs...)
    138. 

  138. 	}
    139. 

  139. 

  140. 	return result, nil
    141. 

  141. }
    142. 

  142. 

  143. func rsaDecryptBlock(privateKey *rsa.PrivateKey, block []byte) ([]byte, error) {
    144. 

  144. 	return rsa.DecryptPKCS1v15(rand.Reader, privateKey, block)
    145. 

  145. }
    146. 

  146. 

  147. func rsaEncryptBlock(publicKey *rsa.PublicKey, msg []byte) ([]byte, error) {
    148. 

  148. 	return rsa.EncryptPKCS1v15(rand.Reader, publicKey, msg)
    149. 

  149. }
    150.