first commit

pkg/lzkit/crypto/bcrypt.go

@@ -0,0 +1,28 @@
+package crypto
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+// PasswordHash 使用bcrypt对密码进行加密
+// cost参数确定加密的复杂度，默认为10，越高越安全但性能消耗越大
+func PasswordHash(password string, cost ...int) (string, error) {
+	defaultCost := 10
+	if len(cost) > 0 && cost[0] > 0 {
+		defaultCost = cost[0]
+	}
+
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), defaultCost)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes), nil
+}
+
+// PasswordVerify 验证密码是否匹配
+// password是用户输入的明文密码，hash是存储的加密密码
+func PasswordVerify(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}

pkg/lzkit/crypto/crypto.go

@@ -0,0 +1,105 @@
+package crypto
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/md5"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"io"
+)
+
+// PKCS7填充
+func PKCS7Padding(ciphertext []byte, blockSize int) []byte {
+	padding := blockSize - len(ciphertext)%blockSize
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(ciphertext, padtext...)
+}
+
+// 去除PKCS7填充
+func PKCS7UnPadding(origData []byte) ([]byte, error) {
+	length := len(origData)
+	if length == 0 {
+		return nil, errors.New("input data error")
+	}
+	unpadding := int(origData[length-1])
+	if unpadding > length {
+		return nil, errors.New("unpadding size is invalid")
+	}
+
+	// 检查填充字节是否一致
+	for i := 0; i < unpadding; i++ {
+		if origData[length-1-i] != byte(unpadding) {
+			return nil, errors.New("invalid padding")
+		}
+	}
+
+	return origData[:(length - unpadding)], nil
+}
+
+// AES CBC模式加密，Base64传入传出
+func AesEncrypt(plainText, key []byte) (string, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+	blockSize := block.BlockSize()
+	plainText = PKCS7Padding(plainText, blockSize)
+
+	cipherText := make([]byte, blockSize+len(plainText))
+	iv := cipherText[:blockSize] // 使用前blockSize字节作为IV
+	_, err = io.ReadFull(rand.Reader, iv)
+	if err != nil {
+		return "", err
+	}
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(cipherText[blockSize:], plainText)
+
+	return base64.StdEncoding.EncodeToString(cipherText), nil
+}
+
+// AES CBC模式解密，Base64传入传出
+func AesDecrypt(cipherTextBase64 string, key []byte) ([]byte, error) {
+	cipherText, err := base64.StdEncoding.DecodeString(cipherTextBase64)
+	if err != nil {
+		return nil, err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	blockSize := block.BlockSize()
+	if len(cipherText) < blockSize {
+		return nil, errors.New("ciphertext too short")
+	}
+
+	iv := cipherText[:blockSize]
+	cipherText = cipherText[blockSize:]
+
+	if len(cipherText)%blockSize != 0 {
+		return nil, errors.New("ciphertext is not a multiple of the block size")
+	}
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(cipherText, cipherText)
+
+	plainText, err := PKCS7UnPadding(cipherText)
+	if err != nil {
+		return nil, err
+	}
+
+	return plainText, nil
+}
+
+// Md5Encrypt 用于对传入的message进行MD5加密
+func Md5Encrypt(message string) string {
+	hash := md5.New()
+	hash.Write([]byte(message))              // 将字符串转换为字节切片并写入
+	return hex.EncodeToString(hash.Sum(nil)) // 将哈希值转换为16进制字符串并返回
+}

pkg/lzkit/crypto/crypto_url.go

@@ -0,0 +1,67 @@
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"io"
+)
+
+// AES CBC模式加密，Base64传入传出
+func AesEncryptURL(plainText, key []byte) (string, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+	blockSize := block.BlockSize()
+	plainText = PKCS7Padding(plainText, blockSize)
+
+	cipherText := make([]byte, blockSize+len(plainText))
+	iv := cipherText[:blockSize] // 使用前blockSize字节作为IV
+	_, err = io.ReadFull(rand.Reader, iv)
+	if err != nil {
+		return "", err
+	}
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(cipherText[blockSize:], plainText)
+
+	return base64.URLEncoding.EncodeToString(cipherText), nil
+}
+
+// AES CBC模式解密，Base64传入传出
+func AesDecryptURL(cipherTextBase64 string, key []byte) ([]byte, error) {
+	cipherText, err := base64.URLEncoding.DecodeString(cipherTextBase64)
+	if err != nil {
+		return nil, err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	blockSize := block.BlockSize()
+	if len(cipherText) < blockSize {
+		return nil, errors.New("ciphertext too short")
+	}
+
+	iv := cipherText[:blockSize]
+	cipherText = cipherText[blockSize:]
+
+	if len(cipherText)%blockSize != 0 {
+		return nil, errors.New("ciphertext is not a multiple of the block size")
+	}
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(cipherText, cipherText)
+
+	plainText, err := PKCS7UnPadding(cipherText)
+	if err != nil {
+		return nil, err
+	}
+
+	return plainText, nil
+}

pkg/lzkit/crypto/ecb.go

@@ -0,0 +1,274 @@
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/md5"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+)
+
+// ECB模式是一种基本的加密模式，每个明文块独立加密
+// 警告：ECB模式存在安全问题，仅用于需要确定性加密的场景，如数据库字段查询
+// 不要用于加密大段文本或安全要求高的场景
+
+// 验证密钥长度是否有效 (AES-128, AES-192, AES-256)
+func validateAESKey(key []byte) error {
+	switch len(key) {
+	case 16, 24, 32:
+		return nil
+	default:
+		return errors.New("AES密钥长度必须是16、24或32字节(对应AES-128、AES-192、AES-256)")
+	}
+}
+
+// AesEcbEncrypt AES-ECB模式加密，返回Base64编码的密文
+// 使用已有的ECB实现，但提供更易用的接口
+func AesEcbEncrypt(plainText, key []byte) (string, error) {
+	if err := validateAESKey(key); err != nil {
+		return "", err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	// 使用PKCS7填充
+	plainText = PKCS7Padding(plainText, block.BlockSize())
+
+	// 创建密文数组
+	cipherText := make([]byte, len(plainText))
+
+	// ECB模式加密，使用west_crypto.go中已有的实现
+	mode := newECBEncrypter(block)
+	mode.CryptBlocks(cipherText, plainText)
+
+	// 返回Base64编码的密文
+	return base64.StdEncoding.EncodeToString(cipherText), nil
+}
+
+// AesEcbDecrypt AES-ECB模式解密，输入Base64编码的密文
+func AesEcbDecrypt(cipherTextBase64 string, key []byte) ([]byte, error) {
+	if err := validateAESKey(key); err != nil {
+		return nil, err
+	}
+
+	// Base64解码
+	cipherText, err := base64.StdEncoding.DecodeString(cipherTextBase64)
+	if err != nil {
+		return nil, err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// 检查密文长度
+	if len(cipherText)%block.BlockSize() != 0 {
+		return nil, errors.New("密文长度必须是块大小的整数倍")
+	}
+
+	// 创建明文数组
+	plainText := make([]byte, len(cipherText))
+
+	// ECB模式解密，使用west_crypto.go中已有的实现
+	mode := newECBDecrypter(block)
+	mode.CryptBlocks(plainText, cipherText)
+
+	// 去除PKCS7填充
+	plainText, err = PKCS7UnPadding(plainText)
+	if err != nil {
+		return nil, err
+	}
+
+	return plainText, nil
+}
+
+// AesEcbEncryptHex AES-ECB模式加密，返回十六进制编码的密文
+func AesEcbEncryptHex(plainText, key []byte) (string, error) {
+	if err := validateAESKey(key); err != nil {
+		return "", err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	// 使用PKCS7填充
+	plainText = PKCS7Padding(plainText, block.BlockSize())
+
+	// 创建密文数组
+	cipherText := make([]byte, len(plainText))
+
+	// ECB模式加密
+	mode := newECBEncrypter(block)
+	mode.CryptBlocks(cipherText, plainText)
+
+	// 返回十六进制编码的密文
+	return hex.EncodeToString(cipherText), nil
+}
+
+// AesEcbDecryptHex AES-ECB模式解密，输入十六进制编码的密文
+func AesEcbDecryptHex(cipherTextHex string, key []byte) ([]byte, error) {
+	if err := validateAESKey(key); err != nil {
+		return nil, err
+	}
+
+	// 十六进制解码
+	cipherText, err := hex.DecodeString(cipherTextHex)
+	if err != nil {
+		return nil, err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// 检查密文长度
+	if len(cipherText)%block.BlockSize() != 0 {
+		return nil, errors.New("密文长度必须是块大小的整数倍")
+	}
+
+	// 创建明文数组
+	plainText := make([]byte, len(cipherText))
+
+	// ECB模式解密
+	mode := newECBDecrypter(block)
+	mode.CryptBlocks(plainText, cipherText)
+
+	// 去除PKCS7填充
+	plainText, err = PKCS7UnPadding(plainText)
+	if err != nil {
+		return nil, err
+	}
+
+	return plainText, nil
+}
+
+// 以下是专门用于处理手机号等敏感数据的实用函数
+
+// EncryptMobile 使用AES-ECB加密手机号，返回Base64编码
+// 该方法保证对相同手机号总是产生相同密文，便于数据库查询
+func EncryptMobile(mobile string, secretKey string) (string, error) {
+	key, decodeErr := hex.DecodeString(secretKey)
+	if decodeErr != nil {
+		return "", decodeErr
+	}
+	if mobile == "" {
+		return "", errors.New("手机号不能为空")
+	}
+	return AesEcbEncrypt([]byte(mobile), key)
+}
+
+// DecryptMobile 解密手机号
+func DecryptMobile(encryptedMobile string, secretKey string) (string, error) {
+	key, decodeErr := hex.DecodeString(secretKey)
+	if decodeErr != nil {
+		return "", decodeErr
+	}
+	if encryptedMobile == "" {
+		return "", errors.New("加密手机号不能为空")
+	}
+
+	bytes, err := AesEcbDecrypt(encryptedMobile, key)
+	if err != nil {
+		return "", fmt.Errorf("解密手机号失败: %v", err)
+	}
+
+	return string(bytes), nil
+}
+
+// EncryptMobileHex 使用AES-ECB加密手机号，返回十六进制编码(适用于URL参数)
+func EncryptMobileHex(mobile string, key []byte) (string, error) {
+	if mobile == "" {
+		return "", errors.New("手机号不能为空")
+	}
+	return AesEcbEncryptHex([]byte(mobile), key)
+}
+
+// DecryptMobileHex 解密十六进制编码的手机号
+func DecryptMobileHex(encryptedMobileHex string, key []byte) (string, error) {
+	if encryptedMobileHex == "" {
+		return "", errors.New("加密手机号不能为空")
+	}
+
+	bytes, err := AesEcbDecryptHex(encryptedMobileHex, key)
+	if err != nil {
+		return "", fmt.Errorf("解密手机号失败: %v", err)
+	}
+
+	return string(bytes), nil
+}
+
+// EncryptIDCard 使用AES-ECB加密身份证号
+func EncryptIDCard(idCard string, key []byte) (string, error) {
+	if idCard == "" {
+		return "", errors.New("身份证号不能为空")
+	}
+	return AesEcbEncrypt([]byte(idCard), key)
+}
+
+// DecryptIDCard 解密身份证号
+func DecryptIDCard(encryptedIDCard string, key []byte) (string, error) {
+	if encryptedIDCard == "" {
+		return "", errors.New("加密身份证号不能为空")
+	}
+
+	bytes, err := AesEcbDecrypt(encryptedIDCard, key)
+	if err != nil {
+		return "", fmt.Errorf("解密身份证号失败: %v", err)
+	}
+
+	return string(bytes), nil
+}
+
+// IsEncrypted 检查字符串是否为Base64编码的加密数据
+func IsEncrypted(data string) bool {
+	// 检查是否是有效的Base64编码
+	_, err := base64.StdEncoding.DecodeString(data)
+	return err == nil && len(data) >= 20 // 至少20个字符的Base64字符串
+}
+
+// GenerateAESKey 生成AES密钥
+// keySize: 可选16, 24, 32字节(对应AES-128, AES-192, AES-256)
+func GenerateAESKey(keySize int) ([]byte, error) {
+	if keySize != 16 && keySize != 24 && keySize != 32 {
+		return nil, errors.New("密钥长度必须是16、24或32字节")
+	}
+
+	key := make([]byte, keySize)
+	_, err := rand.Read(key)
+	if err != nil {
+		return nil, err
+	}
+
+	return key, nil
+}
+
+// DeriveKeyFromPassword 基于密码派生固定长度的AES密钥
+func DeriveKeyFromPassword(password string, keySize int) ([]byte, error) {
+	if keySize != 16 && keySize != 24 && keySize != 32 {
+		return nil, errors.New("密钥长度必须是16、24或32字节")
+	}
+
+	// 使用PBKDF2或简单的方法从密码派生密钥
+	// 这里使用简单的MD5方法，实际生产环境应使用更安全的PBKDF2
+	hash := md5.New()
+	hash.Write([]byte(password))
+	key := hash.Sum(nil) // 16字节
+
+	// 如果需要24或32字节，继续哈希
+	if keySize > 16 {
+		hash.Reset()
+		hash.Write(key)
+		key = append(key, hash.Sum(nil)[:keySize-16]...)
+	}
+
+	return key, nil
+}

pkg/lzkit/crypto/ecb_test.go

@@ -0,0 +1,186 @@
+package crypto
+
+import (
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"testing"
+)
+
+func TestAesEcbMobileEncryption(t *testing.T) {
+	// 测试手机号加密
+	mobile := "17776203797 "
+	key := []byte("ff83609b2b24fc73196aac3d3dfb874f") // 16字节AES-128密钥
+
+	keyStr := hex.EncodeToString(key)
+	// 测试加密
+	encrypted, err := EncryptMobile(mobile, keyStr)
+	if err != nil {
+		t.Fatalf("手机号加密失败: %v", err)
+	}
+	fmt.Printf("encrypted: %s\n", encrypted)
+	jmStr := "m9EEeW9ZBBJmi1hx1k1uIQ=="
+	// 测试解密
+	decrypted, err := DecryptMobile(jmStr, keyStr)
+	if err != nil {
+		t.Fatalf("手机号解密失败: %v", err)
+	}
+	fmt.Printf("decrypted: %s\n", decrypted)
+	// 验证结果
+	if decrypted != mobile {
+		t.Errorf("解密结果不匹配，期望: %s, 实际: %s", mobile, decrypted)
+	}
+
+	// 测试相同输入产生相同输出（确定性）
+	encrypted2, _ := EncryptMobile(mobile, keyStr)
+	if encrypted != encrypted2 {
+		t.Errorf("AES-ECB不是确定性的，两次加密结果不同: %s vs %s", encrypted, encrypted2)
+	}
+}
+
+func TestAesEcbHexEncryption(t *testing.T) {
+	// 测试十六进制编码加密
+	idCard := "440101199001011234"
+	key := []byte("1234567890abcdef") // 16字节AES-128密钥
+
+	// 测试HEX加密
+	encryptedHex, err := EncryptIDCard(idCard, key)
+	if err != nil {
+		t.Fatalf("身份证加密失败: %v", err)
+	}
+
+	// 测试HEX解密
+	decrypted, err := DecryptIDCard(encryptedHex, key)
+	if err != nil {
+		t.Fatalf("身份证解密失败: %v", err)
+	}
+
+	// 验证结果
+	if decrypted != idCard {
+		t.Errorf("解密结果不匹配，期望: %s, 实际: %s", idCard, decrypted)
+	}
+}
+
+func TestAesEcbKeyValidation(t *testing.T) {
+	// 测试不同长度的密钥
+	validKeys := [][]byte{
+		make([]byte, 16), // AES-128
+		make([]byte, 24), // AES-192
+		make([]byte, 32), // AES-256
+	}
+
+	invalidKeys := [][]byte{
+		make([]byte, 15),
+		make([]byte, 20),
+		make([]byte, 33),
+	}
+
+	text := []byte("test text")
+
+	// 测试有效密钥
+	for _, key := range validKeys {
+		_, err := AesEcbEncrypt(text, key)
+		if err != nil {
+			t.Errorf("有效密钥(%d字节)校验失败: %v", len(key), err)
+		}
+	}
+
+	// 测试无效密钥
+	for _, key := range invalidKeys {
+		_, err := AesEcbEncrypt(text, key)
+		if err == nil {
+			t.Errorf("无效密钥(%d字节)未被检测出", len(key))
+		}
+	}
+}
+
+func TestIsEncrypted(t *testing.T) {
+	// 有效的Base64编码字符串
+	validBase64 := base64.StdEncoding.EncodeToString([]byte("这是一个足够长的字符串，以通过IsEncrypted检查"))
+
+	// 无效的字符串
+	invalidStrings := []string{
+		"",
+		"abc",
+		"not-base64!@#",
+		hex.EncodeToString([]byte("hexstring")),
+	}
+
+	// 测试有效的加密数据
+	if !IsEncrypted(validBase64) {
+		t.Errorf("有效的Base64未被识别为加密数据: %s", validBase64)
+	}
+
+	// 测试无效的数据
+	for _, s := range invalidStrings {
+		if IsEncrypted(s) {
+			t.Errorf("无效字符串被错误识别为加密数据: %s", s)
+		}
+	}
+}
+
+func TestDeriveKeyFromPassword(t *testing.T) {
+	password := "my-secure-password"
+
+	// 测试不同长度的派生密钥
+	keySizes := []int{16, 24, 32}
+
+	for _, size := range keySizes {
+		key, err := DeriveKeyFromPassword(password, size)
+		if err != nil {
+			t.Errorf("从密码派生%d字节密钥失败: %v", size, err)
+			continue
+		}
+
+		if len(key) != size {
+			t.Errorf("派生的密钥长度错误，期望: %d, 实际: %d", size, len(key))
+		}
+
+		// 测试相同密码总是产生相同密钥
+		key2, _ := DeriveKeyFromPassword(password, size)
+		if string(key) != string(key2) {
+			t.Errorf("从相同密码派生的密钥不一致")
+		}
+
+		// 使用派生的密钥加密测试
+		_, err = AesEcbEncrypt([]byte("test"), key)
+		if err != nil {
+			t.Errorf("使用派生的密钥加密失败: %v", err)
+		}
+	}
+
+	// 测试无效的密钥大小
+	_, err := DeriveKeyFromPassword(password, 18)
+	if err == nil {
+		t.Error("无效的密钥大小未被检测出")
+	}
+}
+
+func TestGenerateAESKey(t *testing.T) {
+	// 测试生成不同长度的密钥
+	keySizes := []int{16, 24, 32}
+
+	for _, size := range keySizes {
+		key, err := GenerateAESKey(size)
+		if err != nil {
+			t.Errorf("生成%d字节密钥失败: %v", size, err)
+			continue
+		}
+
+		if len(key) != size {
+			t.Errorf("生成的密钥长度错误，期望: %d, 实际: %d", size, len(key))
+		}
+
+		// 使用生成的密钥加密测试
+		_, err = AesEcbEncrypt([]byte("test"), key)
+		if err != nil {
+			t.Errorf("使用生成的密钥加密失败: %v", err)
+		}
+	}
+
+	// 测试无效的密钥大小
+	_, err := GenerateAESKey(18)
+	if err == nil {
+		t.Error("无效的密钥大小未被检测出")
+	}
+}

pkg/lzkit/crypto/generate.go

@@ -0,0 +1,63 @@
+package crypto
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"io"
+	mathrand "math/rand"
+	"strconv"
+	"time"
+)
+
+// 生成AES-128密钥的函数，符合市面规范
+func GenerateSecretKey() (string, error) {
+	key := make([]byte, 16) // 16字节密钥
+	_, err := io.ReadFull(rand.Reader, key)
+	if err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(key), nil
+}
+
+func GenerateSecretId() (string, error) {
+	// 创建一个字节数组，用于存储随机数据
+	bytes := make([]byte, 8) // 因为每个字节表示两个16进制字符
+
+	// 读取随机字节到数组中
+	_, err := rand.Read(bytes)
+	if err != nil {
+		return "", err
+	}
+
+	// 将字节数组转换为16进制字符串
+	return hex.EncodeToString(bytes), nil
+}
+
+// GenerateTransactionID 生成16位数的交易单号
+func GenerateTransactionID() string {
+	length := 16
+	// 获取当前时间戳
+	timestamp := time.Now().UnixNano()
+
+	// 转换为字符串
+	timeStr := strconv.FormatInt(timestamp, 10)
+
+	// 生成随机数
+	mathrand.Seed(time.Now().UnixNano())
+	randomPart := strconv.Itoa(mathrand.Intn(1000000))
+
+	// 组合时间戳和随机数
+	combined := timeStr + randomPart
+
+	// 如果长度超出指定值，则截断；如果不够，则填充随机字符
+	if len(combined) >= length {
+		return combined[:length]
+	}
+
+	// 如果长度不够，填充0
+	for len(combined) < length {
+		combined += strconv.Itoa(mathrand.Intn(10)) // 填充随机数
+	}
+
+	return combined
+}

pkg/lzkit/crypto/tianyuan_crypto.go

@@ -0,0 +1,102 @@
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"io"
+)
+
+// TianyuanEncrypt 天远数据AES-128-CBC加密，返回Base64编码的字符串
+// 与Node.js中的aesEncrypt函数对应
+func TianyuanEncrypt(plainText []byte, keyHex string) (string, error) {
+	// 将16进制密钥转换为字节
+	keyBuffer, err := hex.DecodeString(keyHex)
+	if err != nil {
+		return "", err
+	}
+
+	// 创建AES密码器
+	block, err := aes.NewCipher(keyBuffer)
+	if err != nil {
+		return "", err
+	}
+
+	blockSize := block.BlockSize() // AES块大小为16字节
+
+	// 生成随机IV
+	iv := make([]byte, blockSize)
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return "", err
+	}
+
+	// 创建CBC加密器
+	mode := cipher.NewCBCEncrypter(block, iv)
+
+	// PKCS7填充
+	paddedText := PKCS7Padding(plainText, blockSize)
+
+	// 加密
+	encrypted := make([]byte, len(paddedText))
+	mode.CryptBlocks(encrypted, paddedText)
+
+	// 将IV和加密数据连接在一起，然后Base64编码
+	result := append(iv, encrypted...)
+	return base64.StdEncoding.EncodeToString(result), nil
+}
+
+// TianyuanDecrypt 天远数据AES-128-CBC解密，返回解密后的字节数组
+// 与Node.js中的aesDecrypt函数对应
+func TianyuanDecrypt(encryptedText, keyHex string) ([]byte, error) {
+	// 将16进制密钥转换为字节
+	keyBuffer, err := hex.DecodeString(keyHex)
+	if err != nil {
+		return nil, err
+	}
+
+	// Base64解码
+	encryptedBuffer, err := base64.StdEncoding.DecodeString(encryptedText)
+	if err != nil {
+		return nil, err
+	}
+
+	// 创建AES密码器
+	block, err := aes.NewCipher(keyBuffer)
+	if err != nil {
+		return nil, err
+	}
+
+	blockSize := block.BlockSize()
+
+	// 检查数据长度
+	if len(encryptedBuffer) < blockSize {
+		return nil, errors.New("encrypted text too short")
+	}
+
+	// 提取IV和加密数据
+	iv := encryptedBuffer[:blockSize]
+	encryptedData := encryptedBuffer[blockSize:]
+
+	// 检查加密数据长度是否为块大小的倍数
+	if len(encryptedData)%blockSize != 0 {
+		return nil, errors.New("encrypted data is not a multiple of the block size")
+	}
+
+	// 创建CBC解密器
+	mode := cipher.NewCBCDecrypter(block, iv)
+
+	// 解密
+	decrypted := make([]byte, len(encryptedData))
+	mode.CryptBlocks(decrypted, encryptedData)
+
+	// 去除PKCS7填充
+	result, err := PKCS7UnPadding(decrypted)
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}

pkg/lzkit/crypto/west_crypto.go

@@ -0,0 +1,150 @@
+package crypto
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/sha1"
+	"encoding/base64"
+)
+
+const (
+	KEY_SIZE = 16 // AES-128, 16 bytes
+)
+
+// Encrypt encrypts the given data using AES encryption in ECB mode with PKCS5 padding
+func WestDexEncrypt(data, secretKey string) (string, error) {
+	key := generateAESKey(KEY_SIZE*8, []byte(secretKey))
+	ciphertext, err := aesEncrypt([]byte(data), key)
+	if err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(ciphertext), nil
+}
+
+// Decrypt decrypts the given base64-encoded string using AES encryption in ECB mode with PKCS5 padding
+func WestDexDecrypt(encodedData, secretKey string) ([]byte, error) {
+	ciphertext, err := base64.StdEncoding.DecodeString(encodedData)
+	if err != nil {
+		return nil, err
+	}
+	key := generateAESKey(KEY_SIZE*8, []byte(secretKey))
+	plaintext, err := aesDecrypt(ciphertext, key)
+	if err != nil {
+		return nil, err
+	}
+	return plaintext, nil
+}
+
+// generateAESKey generates a key for AES encryption using a SHA-1 based PRNG
+func generateAESKey(length int, password []byte) []byte {
+	h := sha1.New()
+	h.Write(password)
+	state := h.Sum(nil)
+
+	keyBytes := make([]byte, 0, length/8)
+	for len(keyBytes) < length/8 {
+		h := sha1.New()
+		h.Write(state)
+		state = h.Sum(nil)
+		keyBytes = append(keyBytes, state...)
+	}
+
+	return keyBytes[:length/8]
+}
+
+// aesEncrypt encrypts plaintext using AES in ECB mode with PKCS5 padding
+func aesEncrypt(plaintext, key []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	paddedPlaintext := pkcs5Padding(plaintext, block.BlockSize())
+	ciphertext := make([]byte, len(paddedPlaintext))
+	mode := newECBEncrypter(block)
+	mode.CryptBlocks(ciphertext, paddedPlaintext)
+	return ciphertext, nil
+}
+
+// aesDecrypt decrypts ciphertext using AES in ECB mode with PKCS5 padding
+func aesDecrypt(ciphertext, key []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	plaintext := make([]byte, len(ciphertext))
+	mode := newECBDecrypter(block)
+	mode.CryptBlocks(plaintext, ciphertext)
+	return pkcs5Unpadding(plaintext), nil
+}
+
+// pkcs5Padding pads the input to a multiple of the block size using PKCS5 padding
+func pkcs5Padding(src []byte, blockSize int) []byte {
+	padding := blockSize - len(src)%blockSize
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(src, padtext...)
+}
+
+// pkcs5Unpadding removes PKCS5 padding from the input
+func pkcs5Unpadding(src []byte) []byte {
+	length := len(src)
+	unpadding := int(src[length-1])
+	return src[:(length - unpadding)]
+}
+
+// ECB mode encryption/decryption
+type ecb struct {
+	b         cipher.Block
+	blockSize int
+}
+
+func newECB(b cipher.Block) *ecb {
+	return &ecb{
+		b:         b,
+		blockSize: b.BlockSize(),
+	}
+}
+
+type ecbEncrypter ecb
+
+func newECBEncrypter(b cipher.Block) cipher.BlockMode {
+	return (*ecbEncrypter)(newECB(b))
+}
+
+func (x *ecbEncrypter) BlockSize() int { return x.blockSize }
+
+func (x *ecbEncrypter) CryptBlocks(dst, src []byte) {
+	if len(src)%x.blockSize != 0 {
+		panic("crypto/cipher: input not full blocks")
+	}
+	if len(dst) < len(src) {
+		panic("crypto/cipher: output smaller than input")
+	}
+	for len(src) > 0 {
+		x.b.Encrypt(dst, src[:x.blockSize])
+		src = src[x.blockSize:]
+		dst = dst[x.blockSize:]
+	}
+}
+
+type ecbDecrypter ecb
+
+func newECBDecrypter(b cipher.Block) cipher.BlockMode {
+	return (*ecbDecrypter)(newECB(b))
+}
+
+func (x *ecbDecrypter) BlockSize() int { return x.blockSize }
+
+func (x *ecbDecrypter) CryptBlocks(dst, src []byte) {
+	if len(src)%x.blockSize != 0 {
+		panic("crypto/cipher: input not full blocks")
+	}
+	if len(dst) < len(src) {
+		panic("crypto/cipher: output smaller than input")
+	}
+	for len(src) > 0 {
+		x.b.Decrypt(dst, src[:x.blockSize])
+		src = src[x.blockSize:]
+		dst = dst[x.blockSize:]
+	}
+}