tydata-server/pkg/lzkit/crypto/crypto_url.go

package crypto

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/base64"
	"errors"
	"io"
)

// AES CBC模式加密，Base64传入传出
func AesEncryptURL(plainText, key []byte) (string, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}
	blockSize := block.BlockSize()
	plainText = PKCS7Padding(plainText, blockSize)

	cipherText := make([]byte, blockSize+len(plainText))
	iv := cipherText[:blockSize] // 使用前blockSize字节作为IV
	_, err = io.ReadFull(rand.Reader, iv)
	if err != nil {
		return "", err
	}

	mode := cipher.NewCBCEncrypter(block, iv)
	mode.CryptBlocks(cipherText[blockSize:], plainText)

	return base64.URLEncoding.EncodeToString(cipherText), nil
}

// AES CBC模式解密，Base64传入传出
func AesDecryptURL(cipherTextBase64 string, key []byte) ([]byte, error) {
	cipherText, err := base64.URLEncoding.DecodeString(cipherTextBase64)
	if err != nil {
		return nil, err
	}

	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}

	blockSize := block.BlockSize()
	if len(cipherText) < blockSize {
		return nil, errors.New("ciphertext too short")
	}

	iv := cipherText[:blockSize]
	cipherText = cipherText[blockSize:]

	if len(cipherText)%blockSize != 0 {
		return nil, errors.New("ciphertext is not a multiple of the block size")
	}

	mode := cipher.NewCBCDecrypter(block, iv)
	mode.CryptBlocks(cipherText, cipherText)

	plainText, err := PKCS7UnPadding(cipherText)
	if err != nil {
		return nil, err
	}

	return plainText, nil
}