forked from golang/hotime
50 lines
1.2 KiB
Go
50 lines
1.2 KiB
Go
package aes
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
|
|
"github.com/go-pay/gopay/pkg/util"
|
|
)
|
|
|
|
// AES-GCM 加密数据
|
|
func GCMEncrypt(originText, additional, key []byte) (nonce []byte, cipherText []byte, err error) {
|
|
return gcmEncrypt(originText, additional, key)
|
|
}
|
|
|
|
// AES-GCM 解密数据
|
|
func GCMDecrypt(cipherText, nonce, additional, key []byte) ([]byte, error) {
|
|
return gcmDecrypt(cipherText, nonce, additional, key)
|
|
}
|
|
|
|
func gcmDecrypt(secretData, nonce, additional, key []byte) ([]byte, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
gcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("cipher.NewGCM(),error:%w", err)
|
|
}
|
|
originByte, err := gcm.Open(nil, nonce, secretData, additional)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return originByte, nil
|
|
}
|
|
|
|
func gcmEncrypt(originText, additional, key []byte) ([]byte, []byte, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
nonce := []byte(util.RandomString(12))
|
|
gcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("cipher.NewGCM(),error:%w", err)
|
|
}
|
|
cipherBytes := gcm.Seal(nil, nonce, originText, additional)
|
|
return nonce, cipherBytes, nil
|
|
}
|