Home Explore Help
Sign In
TC
/
Zoraxy
mirror of https://git.hkwtc.org/TC/ReverseProxy
1
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
Zoraxy
/
mod
/
expose
/
security.go

security.go 2.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. package expose
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/rand"
    5. 

  5. 	"crypto/rsa"
    6. 

  6. 	"crypto/sha512"
    7. 

  7. 	"crypto/x509"
    8. 

  8. 	"encoding/pem"
    9. 

  9. 	"errors"
    10. 

  10. 	"log"
    11. 

  11. )
    12. 

  12. 

  13. // GenerateKeyPair generates a new key pair
    14. 

  14. func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error) {
    15. 

  15. 	privkey, err := rsa.GenerateKey(rand.Reader, bits)
    16. 

  16. 	if err != nil {
    17. 

  17. 		return nil, nil, err
    18. 

  18. 	}
    19. 

  19. 	return privkey, &privkey.PublicKey, nil
    20. 

  20. }
    21. 

  21. 

  22. // PrivateKeyToBytes private key to bytes
    23. 

  23. func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte {
    24. 

  24. 	privBytes := pem.EncodeToMemory(
    25. 

  25. 		&pem.Block{
    26. 

  26. 			Type:  "RSA PRIVATE KEY",
    27. 

  27. 			Bytes: x509.MarshalPKCS1PrivateKey(priv),
    28. 

  28. 		},
    29. 

  29. 	)
    30. 

  30. 

  31. 	return privBytes
    32. 

  32. }
    33. 

  33. 

  34. // PublicKeyToBytes public key to bytes
    35. 

  35. func PublicKeyToBytes(pub *rsa.PublicKey) ([]byte, error) {
    36. 

  36. 	pubASN1, err := x509.MarshalPKIXPublicKey(pub)
    37. 

  37. 	if err != nil {
    38. 

  38. 		return []byte(""), err
    39. 

  39. 	}
    40. 

  40. 

  41. 	pubBytes := pem.EncodeToMemory(&pem.Block{
    42. 

  42. 		Type:  "RSA PUBLIC KEY",
    43. 

  43. 		Bytes: pubASN1,
    44. 

  44. 	})
    45. 

  45. 

  46. 	return pubBytes, nil
    47. 

  47. }
    48. 

  48. 

  49. // BytesToPrivateKey bytes to private key
    50. 

  50. func BytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
    51. 

  51. 	block, _ := pem.Decode(priv)
    52. 

  52. 	enc := x509.IsEncryptedPEMBlock(block)
    53. 

  53. 	b := block.Bytes
    54. 

  54. 	var err error
    55. 

  55. 	if enc {
    56. 

  56. 		log.Println("is encrypted pem block")
    57. 

  57. 		b, err = x509.DecryptPEMBlock(block, nil)
    58. 

  58. 		if err != nil {
    59. 

  59. 			return nil, err
    60. 

  60. 		}
    61. 

  61. 	}
    62. 

  62. 	key, err := x509.ParsePKCS1PrivateKey(b)
    63. 

  63. 	if err != nil {
    64. 

  64. 		return nil, err
    65. 

  65. 	}
    66. 

  66. 	return key, nil
    67. 

  67. }
    68. 

  68. 

  69. // BytesToPublicKey bytes to public key
    70. 

  70. func BytesToPublicKey(pub []byte) (*rsa.PublicKey, error) {
    71. 

  71. 	block, _ := pem.Decode(pub)
    72. 

  72. 	enc := x509.IsEncryptedPEMBlock(block)
    73. 

  73. 	b := block.Bytes
    74. 

  74. 	var err error
    75. 

  75. 	if enc {
    76. 

  76. 		log.Println("is encrypted pem block")
    77. 

  77. 		b, err = x509.DecryptPEMBlock(block, nil)
    78. 

  78. 		if err != nil {
    79. 

  79. 			return nil, err
    80. 

  80. 		}
    81. 

  81. 	}
    82. 

  82. 	ifc, err := x509.ParsePKIXPublicKey(b)
    83. 

  83. 	if err != nil {
    84. 

  84. 		return nil, err
    85. 

  85. 	}
    86. 

  86. 	key, ok := ifc.(*rsa.PublicKey)
    87. 

  87. 	if !ok {
    88. 

  88. 		return nil, errors.New("key not valid")
    89. 

  89. 	}
    90. 

  90. 	return key, nil
    91. 

  91. }
    92. 

  92. 

  93. // EncryptWithPublicKey encrypts data with public key
    94. 

  94. func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error) {
    95. 

  95. 	hash := sha512.New()
    96. 

  96. 	ciphertext, err := rsa.EncryptOAEP(hash, rand.Reader, pub, msg, nil)
    97. 

  97. 	if err != nil {
    98. 

  98. 		return []byte(""), err
    99. 

  99. 	}
    100. 

  100. 	return ciphertext, nil
    101. 

  101. }
    102. 

  102. 

  103. // DecryptWithPrivateKey decrypts data with private key
    104. 

  104. func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error) {
    105. 

  105. 	hash := sha512.New()
    106. 

  106. 	plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
    107. 

  107. 	if err != nil {
    108. 

  108. 		return []byte(""), err
    109. 

  109. 	}
    110. 

  110. 	return plaintext, nil
    111. 

  111. }
    112.