168 lines
4.4 KiB
Go
168 lines
4.4 KiB
Go
package util
|
||
|
||
import (
|
||
"crypto"
|
||
"crypto/rand"
|
||
"crypto/rsa"
|
||
"crypto/sha256"
|
||
"encoding/asn1"
|
||
"encoding/base64"
|
||
"encoding/hex"
|
||
"github.com/tjfoc/gmsm/sm2"
|
||
"github.com/tjfoc/gmsm/x509"
|
||
"math/big"
|
||
"qteam/app/third/dfpOpenSdk/config"
|
||
)
|
||
|
||
// SignatureByRSA RSA签名
|
||
func SignatureByRSA(content string, privateKey string) string {
|
||
decodeString, err := base64.StdEncoding.DecodeString(privateKey)
|
||
if err != nil {
|
||
return ""
|
||
}
|
||
hash := sha256.New()
|
||
hash.Write([]byte(content))
|
||
//Step3:获得明文的散列值
|
||
hashText := hash.Sum(nil)
|
||
|
||
private, err := x509.ParsePKCS1PrivateKey(decodeString)
|
||
sign, err := rsa.SignPKCS1v15(
|
||
rand.Reader,
|
||
private,
|
||
crypto.SHA256,
|
||
hashText,
|
||
)
|
||
|
||
return base64.StdEncoding.EncodeToString(sign)
|
||
}
|
||
|
||
type sm2Signature struct {
|
||
R, S *big.Int
|
||
}
|
||
|
||
// SignatureBySM2 SM2签名
|
||
func SignatureBySM2(content string, privateKey string) (string, error) {
|
||
decodeString, _ := base64.StdEncoding.DecodeString(privateKey)
|
||
pri, err := FormatPri(decodeString)
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
|
||
sign, _ := pri.Sign(rand.Reader, []byte(content), nil)
|
||
signature := sm2Signature{}
|
||
_, err = asn1.Unmarshal(sign, &signature)
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
rbytes := signature.R.Bytes()
|
||
sbytes := signature.S.Bytes()
|
||
resultbytes := append(rbytes, sbytes...)
|
||
|
||
return base64.StdEncoding.EncodeToString(resultbytes), nil
|
||
}
|
||
|
||
func VerifyBySM2(contentBytes []byte, sign string, publicKey string) (bool, error) {
|
||
pubKey := FromPublicKey(publicKey)
|
||
//pri, err := FormatPri(decodeString)
|
||
//if err != nil {
|
||
// log.Fatal(err)
|
||
// return false, err
|
||
//}
|
||
bytes, _ := base64.StdEncoding.DecodeString(sign)
|
||
verify := pubKey.Verify(contentBytes, bytes)
|
||
//verify := pri.Verify(contentBytes, bytes)
|
||
return verify, nil
|
||
}
|
||
|
||
// EncryptBySM2PublicKey sm2公钥加密, 结果为base64格式
|
||
func EncryptBySM2PublicKey(encodedPublicKey string, contentBytes []byte) (string, error) {
|
||
decodeString, err2 := base64.StdEncoding.DecodeString(encodedPublicKey)
|
||
if err2 != nil {
|
||
return "", nil
|
||
}
|
||
public, err := x509.ReadPublicKeyFromHex(hex.EncodeToString(decodeString))
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
//
|
||
asn1Encrypt, err := public.EncryptAsn1(contentBytes, rand.Reader)
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
unmarshal, err := sm2.CipherUnmarshal(asn1Encrypt)
|
||
return base64.StdEncoding.EncodeToString(unmarshal), nil
|
||
}
|
||
|
||
// DecryptBySM2PrivateKey sm2私钥解密
|
||
func DecryptBySM2PrivateKey(encodedPrivateKey string, contentBytes []byte) ([]byte, error) {
|
||
privateKeyBytes, err := base64.StdEncoding.DecodeString(encodedPrivateKey)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
privateKey, err := x509.ReadPrivateKeyFromHex(hex.EncodeToString(privateKeyBytes))
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
plaintext, err := privateKey.Decrypt(rand.Reader, contentBytes, nil)
|
||
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
return plaintext, nil
|
||
}
|
||
|
||
// FormatPri 从私钥base64格式生成对应私钥格式
|
||
func FormatPri(priByte []byte) (*sm2.PrivateKey, error) {
|
||
// 椭圆曲线
|
||
c := sm2.P256Sm2()
|
||
// k倍点
|
||
k := new(big.Int).SetBytes(priByte)
|
||
priv := new(sm2.PrivateKey)
|
||
priv.PublicKey.Curve = c
|
||
priv.D = k
|
||
priv.PublicKey.X, priv.PublicKey.Y = c.ScalarBaseMult(k.Bytes())
|
||
return priv, nil
|
||
}
|
||
|
||
func FromPublicKey(publicKey string) *sm2.PublicKey {
|
||
decodeKey, _ := base64.StdEncoding.DecodeString(publicKey)
|
||
|
||
hexPublic := hex.EncodeToString(decodeKey)
|
||
pubKey, _ := x509.ReadPublicKeyFromHex(hexPublic)
|
||
return pubKey
|
||
}
|
||
|
||
func SM2_GenerateKeyPair() (publicKey string, privateKey string, err error) {
|
||
privKey, err := sm2.GenerateKey(nil) // 生成密钥对
|
||
if err != nil {
|
||
return
|
||
}
|
||
privateKey = x509.WritePrivateKeyToHex(privKey)
|
||
publicKey = x509.WritePublicKeyToHex(&privKey.PublicKey)
|
||
return
|
||
}
|
||
|
||
func SM4_GenerateKeyPair() string {
|
||
str := "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890"
|
||
buffer := make([]byte, 16)
|
||
for i := 0; i < 16; i++ {
|
||
nextInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(str))))
|
||
buffer[i] = str[nextInt.Int64()]
|
||
}
|
||
return string(buffer)
|
||
}
|
||
|
||
func encryptBody(bodyParamString string, keyConfigure config.KeyConfigure, flag bool) {
|
||
encryptBodyParamMap := make(map[string]string, 10)
|
||
var encData string
|
||
var encPassword string
|
||
if keyConfigure.RespSignAlgorithm == "sm4" {
|
||
pwd := SM4_GenerateKeyPair()
|
||
encData, _ = Sm4Encrypt(bodyParamString, pwd)
|
||
encPassword, _ = SignatureBySM2(bodyParamString, keyConfigure.PriKey)
|
||
}
|
||
encryptBodyParamMap["encData"] = encData
|
||
encryptBodyParamMap["encPassword"] = encPassword
|
||
}
|