first commit
This commit is contained in:
@@ -0,0 +1,117 @@
|
||||
package mmtls
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/ecdsa"
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/asn1"
|
||||
"encoding/pem"
|
||||
|
||||
"xiawan/wx/clientsdk/baseutils"
|
||||
)
|
||||
|
||||
var verifyPubKey = []byte(`-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8uOhBSSfVijKin+SZO/0IXUrmf8l
|
||||
9sa7VgqOIH/AO3Xb1MF4Xm25bBSb5znHsknQsNPSye3vVo80NUi2gEHw8g==
|
||||
-----END PUBLIC KEY-----`)
|
||||
|
||||
// Sha256 Sha256
|
||||
func Sha256(data []byte) []byte {
|
||||
hash256 := sha256.New()
|
||||
hash256.Write(data)
|
||||
hashRet := hash256.Sum(nil)
|
||||
|
||||
return hashRet
|
||||
}
|
||||
|
||||
// HmacHash256 HmacHash256
|
||||
func HmacHash256(key []byte, data []byte) []byte {
|
||||
hmacTool := hmac.New(sha256.New, key)
|
||||
hmacTool.Write(data)
|
||||
return hmacTool.Sum(nil)
|
||||
}
|
||||
|
||||
// HkdfExpand HkdfExpand
|
||||
func HkdfExpand(key, message []byte, outLen int) []byte {
|
||||
result := make([]byte, 0)
|
||||
count := outLen / 32
|
||||
if outLen%32 != 0 {
|
||||
count = count + 1
|
||||
}
|
||||
for i := 1; i <= count; i++ {
|
||||
h := hmac.New(sha256.New, key)
|
||||
tmp := append(message, byte(i))
|
||||
tmp = append(result, tmp...)
|
||||
h.Write(tmp)
|
||||
result = append(result, h.Sum(nil)...)
|
||||
}
|
||||
return result[:outLen]
|
||||
}
|
||||
|
||||
// AesGcmEncrypt AesGcmEncrypt
|
||||
func AesGcmEncrypt(key, nonce, aad, data []byte) ([]byte, error) {
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return []byte{}, err
|
||||
}
|
||||
aesgcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return []byte{}, nil
|
||||
}
|
||||
ciphertext := aesgcm.Seal(nil, nonce, data, aad)
|
||||
return ciphertext, nil
|
||||
}
|
||||
|
||||
// AesGcmDecrypt AesGcmDecrypt
|
||||
func AesGcmDecrypt(key, nonce, aad, data []byte) ([]byte, error) {
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
aesgcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
plain, err := aesgcm.Open(nil, nonce, data, aad)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return plain, nil
|
||||
}
|
||||
|
||||
// GetNonce GetNonce
|
||||
func GetNonce(data []byte, seq uint32) []byte {
|
||||
ret := make([]byte, len(data))
|
||||
copy(ret, data)
|
||||
seqBytes := baseutils.Int32ToBytes(seq)
|
||||
baseOffset := 8
|
||||
for index := 0; index < 4; index++ {
|
||||
ret[baseOffset+index] = ret[baseOffset+index] ^ byte(seqBytes[index])
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
// ECDSAVerifyData 校验服务端握手数据
|
||||
func ECDSAVerifyData(message []byte, signature []byte) (bool, error) {
|
||||
block, _ := pem.Decode(verifyPubKey)
|
||||
publicStream, err := x509.ParsePKIXPublicKey(block.Bytes)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
//接口转换成公钥
|
||||
publicKey := publicStream.(*ecdsa.PublicKey)
|
||||
|
||||
// 反序列化ecdsaSignature
|
||||
ecdsaSignature := &EcdsaSignature{}
|
||||
_, err = asn1.Unmarshal(signature, ecdsaSignature)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
flag := ecdsa.Verify(publicKey, Sha256(message), ecdsaSignature.R, ecdsaSignature.S)
|
||||
|
||||
return flag, nil
|
||||
}
|
||||
Reference in New Issue
Block a user