diff --git a/src/config.go b/src/config.go index 85dd3b1..3cd3618 100644 --- a/src/config.go +++ b/src/config.go @@ -1,6 +1,7 @@ package src import ( + "acme-mana/src/crypto" "github.com/go-acme/lego/v4/log" "github.com/go-acme/lego/v4/platform/config/env" "gopkg.in/yaml.v3" @@ -50,7 +51,8 @@ func InitConfig() { } func defaultConf() *AppConfig { - priKey, pubKey, err := GenRsa() + //priKey, pubKey, err := GenRsa() + priKey, pubKey, err := crypto.GenRSA() if err != nil { log.Fatal(err) } diff --git a/src/crypto/crypto.go b/src/crypto/crypto.go new file mode 100644 index 0000000..3bd4d93 --- /dev/null +++ b/src/crypto/crypto.go @@ -0,0 +1,96 @@ +package crypto + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/base64" + "io" +) + +func EncryptAES(key []byte, plaintext []byte) []byte { + block, err := aes.NewCipher(key) + if err != nil { + panic(err) + } + ciphertext := make([]byte, aes.BlockSize+len(plaintext)) + iv := ciphertext[:aes.BlockSize] + if _, err := io.ReadFull(rand.Reader, iv); err != nil { + panic(err) + } + stream := cipher.NewCFBEncrypter(block, iv) + stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext) + return ciphertext +} + +func DecryptAES(key []byte, ciphertext []byte) []byte { + block, err := aes.NewCipher(key) + if err != nil { + panic(err) + } + if len(ciphertext) < aes.BlockSize { + panic("ciphertext too short") + } + iv := ciphertext[:aes.BlockSize] + ciphertext = ciphertext[aes.BlockSize:] + stream := cipher.NewCFBDecrypter(block, iv) + stream.XORKeyStream(ciphertext, ciphertext) + return ciphertext +} + +func EncryptRSA(publicKey *rsa.PublicKey, message []byte) ([]byte, error) { + ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, message) + if err != nil { + return nil, err + } + return ciphertext, nil +} + +func EncryptRSABase64(publicKey string, content []byte) ([]byte, error) { + pubKey, err := base64.StdEncoding.DecodeString(publicKey) + if err != nil { + return nil, err + } + key, err := x509.ParsePKCS1PublicKey(pubKey) + if err != nil { + return nil, err + } + return EncryptRSA(key, content) +} + +func DecryptRSA(privateKey *rsa.PrivateKey, ciphertext []byte) ([]byte, error) { + plaintext, err := rsa.DecryptPKCS1v15(rand.Reader, privateKey, ciphertext) + if err != nil { + return nil, err + } + return plaintext, nil +} + +func DecryptRSABase64(privateKey string, ciphertext []byte) ([]byte, error) { + priKey, err := base64.StdEncoding.DecodeString(privateKey) + if err != nil { + return nil, err + } + key, err := x509.ParsePKCS1PrivateKey(priKey) + if err != nil { + return nil, err + } + return DecryptRSA(key, ciphertext) +} + +func GenRSA() (priKey string, pubKey string, err error) { + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return "", "", err + } + priKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey) + + publicKey := &privateKey.PublicKey + publicKeyBytes := x509.MarshalPKCS1PublicKey(publicKey) + pubKey = base64.StdEncoding.EncodeToString(publicKeyBytes) + priKey = base64.StdEncoding.EncodeToString(priKeyBytes) + err = nil + return +} diff --git a/src/daemon.go b/src/daemon.go index 2de6cba..a61a39d 100644 --- a/src/daemon.go +++ b/src/daemon.go @@ -21,7 +21,8 @@ func Start() { log.Println("Run Acme Mana...") args := os.Args if len(args) <= 1 { - daemonStart() + //daemonStart() + doTask() return } command := args[1] diff --git a/src/http.go b/src/http.go index 186c77e..a5a533d 100644 --- a/src/http.go +++ b/src/http.go @@ -1,17 +1,12 @@ package src import ( + "acme-mana/src/crypto" "bytes" - "crypto/cipher" - "crypto/des" - "crypto/rand" - "crypto/rsa" - "crypto/x509" "encoding/base64" + "encoding/hex" "encoding/json" - "encoding/pem" "github.com/gin-gonic/gin" - "io" "log" "os" "path" @@ -111,51 +106,66 @@ func refreshCert(c *gin.Context) { } func getToken(c *gin.Context) (token string) { - token = decryptParam(c.Param("token")) + token = c.Query("token") + token = decryptParam(token) return } func decryptParam(param string) string { priKey := GetAppConfig().Encrypt.PriKey + tokenBytes, err := hex.DecodeString(param) + //tokenBytes, err := base64.StdEncoding.DecodeString(param) + //if err != nil { + // log.Fatalln(err) + //} + tokenPlain, err := crypto.DecryptRSABase64(priKey, tokenBytes) + if err != nil { + log.Fatal(err) + } + return string(tokenPlain) + // 使用RSA解密 - block, _ := pem.Decode([]byte(priKey)) - if block == nil { - log.Fatal("failed to parse PEM block containing the private key") - } - privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - log.Fatal(err) - } - paramData := []byte(param) - plaintext, err := rsa.DecryptPKCS1v15(nil, privateKey, paramData) - if err != nil { - log.Fatal(err) - } - return string(plaintext) + //block, _ := pem.Decode([]byte(priKey)) + //if block == nil { + // log.Fatal("failed to parse PEM block containing the private key") + //} + //privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) + //if err != nil { + // log.Fatal(err) + //} + //paramData := []byte(param) + //plaintext, err := rsa.DecryptPKCS1v15(nil, privateKey, paramData) + //if err != nil { + // log.Fatal(err) + //} + //return string(plaintext) } func encryptResult(content string, token string) string { - key := []byte(token) - plaintext := []byte(content) + result := crypto.EncryptAES([]byte(token), []byte(content)) + return base64.StdEncoding.EncodeToString(result) - block, err := des.NewCipher(key) - if err != nil { - log.Fatal(err) - } - - plaintext = pad(plaintext, block.BlockSize()) - - iv := make([]byte, block.BlockSize()) - if _, err := io.ReadFull(rand.Reader, iv); err != nil { - log.Fatal("Error generating random IV:", err) - } - mode := cipher.NewCBCEncrypter(block, iv) - - ciphertext := make([]byte, len(plaintext)) - mode.CryptBlocks(ciphertext, plaintext) - - return base64.StdEncoding.EncodeToString(ciphertext) + //key := []byte(token) + //plaintext := []byte(content) + // + //block, err := des.NewCipher(key) + //if err != nil { + // log.Fatal(err) + //} + // + //plaintext = pad(plaintext, block.BlockSize()) + // + //iv := make([]byte, block.BlockSize()) + //if _, err := io.ReadFull(rand.Reader, iv); err != nil { + // log.Fatal("Error generating random IV:", err) + //} + //mode := cipher.NewCBCEncrypter(block, iv) + // + //ciphertext := make([]byte, len(plaintext)) + //mode.CryptBlocks(ciphertext, plaintext) + // + //return base64.StdEncoding.EncodeToString(ciphertext) } func pad(src []byte, blockSize int) []byte { diff --git a/test/encrypt_test.go b/test/encrypt_test.go index 5a3191b..4896100 100644 --- a/test/encrypt_test.go +++ b/test/encrypt_test.go @@ -1,6 +1,7 @@ package test import ( + "acme-mana/src/crypto" "crypto/rand" "crypto/rsa" "crypto/x509" @@ -20,12 +21,43 @@ func TestGenRsa(t *testing.T) { log.Fatal(err) } pubKey := base64.StdEncoding.EncodeToString(publicKeyBytes) - //publicKey := &privateKey.PublicKey - //publicKeyBytes := x509.MarshalPKCS1PublicKey(publicKey) - //pubKey := base64.StdEncoding.EncodeToString(publicKeyBytes) key := x509.MarshalPKCS1PrivateKey(privateKey) priKey := base64.StdEncoding.EncodeToString(key) fmt.Println(pubKey) fmt.Println() fmt.Println(priKey) } + +func TestAesEncrypt(t *testing.T) { + key := []byte("12345678901234561234567890123456") + encryptd := crypto.EncryptAES(key, []byte("hello")) + fmt.Println(base64.StdEncoding.EncodeToString(encryptd)) + content := crypto.DecryptAES(key, encryptd) + fmt.Println(string(content)) +} + +func TestRSA(t *testing.T) { + priKey, pubKey, err := crypto.GenRSA() + if err != nil { + log.Fatal(err) + } + fmt.Println("---- pri key ---") + fmt.Println(priKey) + fmt.Println("---- pub key ---") + fmt.Println(pubKey) + fmt.Println("---- encrypt ---") + + content := "hello" + encrypted, err := crypto.EncryptRSABase64(pubKey, []byte(content)) + if err != nil { + log.Fatal(err) + } + fmt.Println(base64.StdEncoding.EncodeToString(encrypted)) + fmt.Println("---- decrypt ---") + decryptd, err := crypto.DecryptRSABase64(priKey, encrypted) + if err != nil { + log.Fatal(err) + } + fmt.Println(string(decryptd)) + +}