AES-128-CBC Base64加密——OC,Java,Golang聯調

AES-128-CBC

這裡首先說說AES加密原理
AES密碼編譯演算法採用分組密碼體制，每個分組資料的長度為128位16個位元組，密鑰長度可以是128位16個位元組、192位或256位，一共有四種加密模式（ECB、CBC、CFB、OFB），我們通常採用需要初始向量IV的CBC模式，初始向量的長度規定是128位16個位元組。另外就是Padding，這裡面有大坑。。。。先說一下Padding的三種模式PKCS5、PKCS7和NOPADDING。PKCS5是指分組資料缺少幾個位元組，就在資料的末尾填充幾個位元組的幾，比如缺少5個位元組，就在末尾填充5個位元組的5。PKCS7是指分組資料缺少幾個位元組，就在資料的末尾填充幾個位元組的0，比如缺少7個位元組，就在末尾填充7個位元組的0。NoPadding是指不需要填充，也就是說資料的發送方肯定會保證最後一段資料也正好是16個位元組。而PKCS5如果正好是16個位元組且最後是16的時候則會再填充16個16用來區分，PKC7則是為0時填充16個0。而在iOS的OC方法裡壓根沒提供PKCS5，只有PKCS7更坑的是真正對接時發現iOS上的PKCS7和其他端PKCS5是一樣的。。。。所以才有了現在的想法分享一下踩過的坑，具體啥原因恐怕只有蘋果自家知道，系統方法是真的坑！Java可以直接用系統方法填好設定結束戰鬥。。。Go的話padding這塊自己寫實現其他的系統都能設定。最後說一下密鑰長度這裡只有iOS是要自己設定好位元再對應位元寫密鑰，其他平台直接對應位元寫密鑰即可，所以最好各平台自己在封裝下判斷密鑰長度出事向量長度，不然各端對應起來還是要犯傻。

Base64

下面說一下Base64，這個也是個坑，iOS系統提供的base64可選類型壓根就不是已知領域常用的，正常是padding和websafe，padding會填充=，而websafe則會替換"+"為"-"，"\"為"_"
而iOS提供的則是下邊的，完全不常用的。。。

NSDataBase64Encoding64CharacterLineLength      其作用是將產生的Base64字串按照64個字元長度進行等分換行。  NSDataBase64Encoding76CharacterLineLength      其作用是將產生的Base64字串按照76個字元長度進行等分換行。  NSDataBase64EncodingEndLineWithCarriageReturn  其作用是將產生的Base64字串以斷行符號結束。  NSDataBase64EncodingEndLineWithLineFeed        其作用是將產生的Base64字串以換行結束。  

基本上GTMBase64用定了，然後還要擴充一下padding設定，原版只是把websafe模式開放了padding設定，內部其實有對應邏輯只需要自己加個方法調用一下即可。下面就是添加的和微改的兩個方法

+(NSString *)stringByEncodingData:(NSData *)data padded:(BOOL)padded{    NSString *result = nil;    NSData *converted = [self baseEncode:[data bytes]                                  length:[data length]                                 charset:kBase64EncodeChars                                  padded:padded];    if (converted) {        result = [[[NSString alloc] initWithData:converted                                        encoding:NSUTF8StringEncoding] autorelease];    }    return result;}+(NSData *)decodeString:(NSString *)string {    NSData *result = nil;    NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];    if (data) {        result = [self baseDecode:[data bytes]                           length:[data length]                          charset:kBase64DecodeChars                   requirePadding:NO];    }    return result;}

至於Java，android開發很爽直接用android.util.base64,裡面直接可以設定nopadding和websafe等，而純Java用java.util.base64就要自己寫替換邏輯，具體代碼見源碼部分
最後說一下Go直接系統方法提供完美解決

base64.StdEncodingbase64.URLEncoding        websafe模式base64.RawStdEncoding    nopaddingbase64.RawURLEncoding    websafe模式nopadding

AES-128-CBC +Base64-Nopadding源碼

下面就是3中語言分別實現 AES-128-CBC +Base64-Nopadding，從編碼體驗和對應上很明顯Java最清晰，Go要自己寫點東西，OC則是連對應對和正常理解範圍內有偏差。

OC

#import <Foundation/Foundation.h>#import <CommonCrypto/CommonCryptor.h>@interface NSData (Encryption)- (NSData *)AES128EncryptWithKey:(NSString *)key Iv:(NSString *)Iv;   //加密- (NSData *)AES128DecryptWithKey:(NSString *)key Iv:(NSString *)Iv;   //解密@end@implementation NSData (Encryption)//(key和iv向量這裡是16位的) 這裡是CBC加密模式，安全性更高- (NSData *)AES128EncryptWithKey:(NSString *)key Iv:(NSString *)Iv{//加密    // 'key' should be 32 bytes for AES128, will be null-padded otherwise    char keyPtr[kCCKeySizeAES128+1]; // room for terminator (unused)    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)        // fetch key data    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];            char ivPtr[kCCKeySizeAES128+1];    memset(ivPtr, 0, sizeof(ivPtr));    [Iv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding];    NSUInteger dataLength = [self length];        //See the doc: For block ciphers, the output size will always be less than or    //equal to the input size plus the size of one block.    //That's why we need to add the size of one block here    size_t bufferSize = dataLength + kCCBlockSizeAES128;    void *buffer = malloc(bufferSize);        size_t numBytesEncrypted = 0;    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,                                          keyPtr, kCCKeySizeAES128,                                          ivPtr /* initialization vector (optional) */,                                          [self bytes], dataLength, /* input */                                          buffer, bufferSize, /* output */                                          &numBytesEncrypted);    if (cryptStatus == kCCSuccess) {        //the returned NSData takes ownership of the buffer and will free it on deallocation        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];    }        free(buffer); //free the buffer;    return nil;}- (NSData *)AES128DecryptWithKey:(NSString *)key Iv:(NSString *)Iv{//解密    char keyPtr[kCCKeySizeAES128+1]; // room for terminator (unused)    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)        // fetch key data    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];        char ivPtr[kCCKeySizeAES128+1];    memset(ivPtr, 0, sizeof(ivPtr));    [Iv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding];    NSUInteger dataLength = [self length];        //See the doc: For block ciphers, the output size will always be less than or    //equal to the input size plus the size of one block.    //That's why we need to add the size of one block here    size_t bufferSize = dataLength + kCCBlockSizeAES128;    void *buffer = malloc(bufferSize);        size_t numBytesDecrypted = 0;    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,                                          keyPtr, kCCKeySizeAES128,                                          ivPtr /* initialization vector (optional) */,                                          [self bytes], dataLength, /* input */                                          buffer, bufferSize, /* output */                                          &numBytesDecrypted);        if (cryptStatus == kCCSuccess) {        //the returned NSData takes ownership of the buffer and will free it on deallocation        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];    }        free(buffer); //free the buffer;    return nil;}@end@interface SecurityCore+ (NSString*)encryptAESString:(NSString*)string;+ (NSString*)decryptAESString:(NSString*)string;@end@implementation SecurityCore#pragma mark - AES加密const NSString * skey=@"dde4b1f8a9e6b814"const NSString * ivParameter =@"dde4b1f8a9e6b814"//將string轉成帶密碼的data+(NSString*)encryptAESString:(NSString*)string{    //將nsstring轉化為nsdata    NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];    //使用密碼對nsdata進行加密    NSData *encryptedData = [data AES128EncryptWithKey:skey Iv:ivParameter];    NSString *encryptedString=[GTMBase64 stringByEncodingData:encryptedData padded:NO];        return encryptedString;}+ (NSString*)decryptAESString:(NSString*)string{            //將nsstring轉化為nsdata    NSData *data = [GTMBase64 decodeString:string];    NSData *decryptData = [data AES128DecryptWithKey:skey Iv:ivParameter];    NSString *str = [[NSString alloc] initWithData:decryptData encoding:NSUTF8StringEncoding];    return [str autorelease];}@end

Java

import javax.crypto.Cipher;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;import java.util.Base64;public class SecurityCore {    /*     * 加密用的Key 可以用26個字母和數字組成 此處使用AES-128-CBC加密模式，key需要為16位。     */    private String sKey        = "dde4b1f8a9e6b814";    private String ivParameter = "dde4b1f8a9e6b814";    private static SecurityCore instance = null;    private SecurityCore() {    }    public static SecurityCore getInstance() {        if (instance == null)            instance = new SecurityCore();        return instance;    }    public static String webSafeBase64StringEncoding(byte[] sSrc,boolean padded) throws Exception {        String encodeString=Base64.getEncoder().encodeToString(sSrc);// 此處使用BASE64做轉碼。        //websafe base64        encodeString=encodeString.replace("+","-");        encodeString=encodeString.replace("/","_");        //nopadding base64        if (!padded) {            if (encodeString.endsWith("=")) {                encodeString = encodeString.substring(0, encodeString.length() - 1);                if (encodeString.endsWith("=")) {                    encodeString = encodeString.substring(0, encodeString.length() - 1);                }            }        }        return encodeString;    }    public static byte[] webSafeBase64StringDecoding(String sSrc) throws Exception {        //websafe base64        sSrc=sSrc.replace("-","+");        sSrc=sSrc.replace("_","/");        return Base64.getDecoder().decode(sSrc);    }    public static String base64StringEncoding(byte[] sSrc,boolean padded) throws Exception {        String encodeString=Base64.getEncoder().encodeToString(sSrc);// 此處使用BASE64做轉碼。        //nopadding base64        if (!padded) {            if (encodeString.endsWith("=")) {                encodeString = encodeString.substring(0, encodeString.length() - 1);                if (encodeString.endsWith("=")) {                    encodeString = encodeString.substring(0, encodeString.length() - 1);                }            }        }        return encodeString;    }    public static byte[] base64StringDecoding(String sSrc) throws Exception {        return Base64.getDecoder().decode(sSrc);    }    public static byte[] AES128CBCStringEncoding(String encData ,String secretKey,String vector) throws Exception {        if(secretKey == null) {            return null;        }        if(secretKey.length() != 16) {            return null;        }        if (vector != null && vector.length() != 16) {            return null;        }        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");        byte[] raw = secretKey.getBytes();        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");        IvParameterSpec iv = new IvParameterSpec(vector.getBytes());// 使用CBC模式，需要一個向量iv，可增加密碼編譯演算法的強度        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);        byte[] encrypted = cipher.doFinal(encData.getBytes("utf-8"));        return encrypted;    }    public static String AES128CBCStringDecoding(byte[] sSrc,String key,String ivs) throws Exception {        try {            if(key == null) {                return null;            }            if(key.length() != 16) {                return null;            }            if (ivs != null && ivs.length() != 16) {                return null;            }            byte[] raw = key.getBytes("ASCII");            SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");            IvParameterSpec iv = new IvParameterSpec(ivs.getBytes());            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);            byte[] original = cipher.doFinal(sSrc);            String originalString = new String(original, "utf-8");            return originalString;        } catch (Exception ex) {            return null;        }    }    // 加密    public String encrypt(String sSrc) throws Exception {        try {            String encodeString=base64StringEncoding(AES128CBCStringEncoding(sSrc,sKey,ivParameter),false);            return encodeString;        } catch (Exception ex) {            return null;        }    }    // 解密    public String decrypt(String sSrc) throws Exception {        try {            String decodeString=AES128CBCStringDecoding(base64StringDecoding(sSrc),sKey,ivParameter);            return decodeString;        } catch (Exception ex) {            return null;        }    }    //test    public static void main(String[] args) throws Exception {        // 需要加密的字串        String cSrc = "123";        // 加密        long lStart = System.currentTimeMillis();        String enString = SecurityCore.getInstance().encrypt(cSrc);        System.out.println("加密後的字串是：" + enString);        long lUseTime = System.currentTimeMillis() - lStart;        System.out.println("加密耗時：" + lUseTime + "毫秒");        // 解密        lStart = System.currentTimeMillis();        String DeString = SecurityCore.getInstance().decrypt(enString);        System.out.println("解密後的字串是：" + DeString);        lUseTime = System.currentTimeMillis() - lStart;        System.out.println("解密耗時：" + lUseTime + "毫秒");    }}

Golang

package mainimport(    "fmt"    "crypto/aes"    "crypto/cipher"    "encoding/base64"    "bytes")const (    sKey        = "dde4b1f8a9e6b814"    ivParameter     = "dde4b1f8a9e6b814")/加密func PswEncrypt(src string)(string){    key := []byte(sKey)    iv := []byte(ivParameter)    result, err := Aes128Encrypt([]byte(src), key, iv)    if err != nil {        panic(err)    }    return  base64.RawStdEncoding.EncodeToString(result)}//解密func PswDecrypt(src string)(string) {    key := []byte(sKey)    iv := []byte(ivParameter)    var result []byte    var err error    result,err=base64.RawStdEncoding.DecodeString(src)    if err != nil {        panic(err)    }    origData, err := Aes128Decrypt(result, key, iv)    if err != nil {        panic(err)    }    return string(origData)}func Aes128Encrypt(origData, key []byte,IV []byte) ([]byte, error) {    if key == nil || len(key) != 16 {        return nil, nil    }    if IV != nil && len(IV) != 16 {        return nil, nil    }    block, err := aes.NewCipher(key)    if err != nil {        return nil, err    }    blockSize := block.BlockSize()    origData = PKCS5Padding(origData, blockSize)    blockMode := cipher.NewCBCEncrypter(block, IV[:blockSize])    crypted := make([]byte, len(origData))    // 根據CryptBlocks方法的說明，如下方式初始化crypted也可以    blockMode.CryptBlocks(crypted, origData)    return crypted, nil}func Aes128Decrypt(crypted, key []byte,IV []byte) ([]byte, error) {    if key == nil || len(key) != 16 {        return nil, nil    }    if IV != nil && len(IV) != 16 {        return nil, nil    }    block, err := aes.NewCipher(key)    if err != nil {        return nil, err    }    blockSize := block.BlockSize()    blockMode := cipher.NewCBCDecrypter(block,IV[:blockSize])    origData := make([]byte, len(crypted))    blockMode.CryptBlocks(origData, crypted)    origData = PKCS5UnPadding(origData)    return origData, nil}func PKCS5Padding(ciphertext []byte, blockSize int) []byte {    padding := blockSize - len(ciphertext)%blockSize    padtext := bytes.Repeat([]byte{byte(padding)}, padding)    return append(ciphertext, padtext...)}func PKCS5UnPadding(origData []byte) []byte {    length := len(origData)    // 去掉最後一個位元組 unpadding 次    unpadding := int(origData[length-1])    return origData[:(length - unpadding)]}func main(){    encodingString := PswEncrypt("123")    decodingString := PswDecrypt(encodingString);    fmt.Printf("AES-128-CBC\n加密：%s\n解密：%s\n",encodingString,decodingString)}