mirror of
https://github.com/yunionio/cloudpods.git
synced 2026-05-22 12:32:36 +08:00
132 lines
3.5 KiB
Go
132 lines
3.5 KiB
Go
// Copyright 2019 Yunion
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package seclib2
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/dsa"
|
|
"crypto/ecdsa"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/sha1"
|
|
"encoding/base64"
|
|
"fmt"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
"yunion.io/x/log"
|
|
)
|
|
|
|
func exportSshPublicKey(pubkey interface{}) ([]byte, error) {
|
|
pub, err := ssh.NewPublicKey(pubkey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return ssh.MarshalAuthorizedKey(pub), nil
|
|
}
|
|
|
|
func ssh2CryptoPublicKey(key ssh.PublicKey) crypto.PublicKey {
|
|
cryptoPub := key.(ssh.CryptoPublicKey)
|
|
return cryptoPub.CryptoPublicKey()
|
|
}
|
|
|
|
func ssh2rsaPublicKey(key ssh.PublicKey) *rsa.PublicKey {
|
|
cryptoKey := ssh2CryptoPublicKey(key)
|
|
return cryptoKey.(*rsa.PublicKey)
|
|
}
|
|
|
|
func ssh2dsaPublicKey(key ssh.PublicKey) *dsa.PublicKey {
|
|
cryptoKey := ssh2CryptoPublicKey(key)
|
|
return cryptoKey.(*dsa.PublicKey)
|
|
}
|
|
|
|
func ssh2ecdsaPublicKey(key ssh.PublicKey) *ecdsa.PublicKey {
|
|
cryptoKey := ssh2CryptoPublicKey(key)
|
|
return cryptoKey.(*ecdsa.PublicKey)
|
|
}
|
|
|
|
func Encrypt(publicKey, origData []byte) ([]byte, error) {
|
|
pub, _, _, _, err := ssh.ParseAuthorizedKey(publicKey)
|
|
if err != nil {
|
|
log.Errorf("parse authorized key error %s", err)
|
|
return nil, err
|
|
}
|
|
if pub.Type() == ssh.KeyAlgoRSA {
|
|
return rsa.EncryptOAEP(sha1.New(), rand.Reader, ssh2rsaPublicKey(pub), origData, nil)
|
|
} else {
|
|
var pubInf interface{}
|
|
switch pub.Type() {
|
|
case ssh.KeyAlgoDSA:
|
|
pubInf = ssh2dsaPublicKey(pub)
|
|
case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:
|
|
pubInf = ssh2ecdsaPublicKey(pub)
|
|
default:
|
|
return nil, fmt.Errorf("unsupported key type %s", pub.Type())
|
|
}
|
|
pubStr, err := exportSshPublicKey(pubInf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return encryptAES(pubStr, origData)
|
|
}
|
|
}
|
|
|
|
func Decrypt(privateKey, secret []byte) ([]byte, error) {
|
|
priv, err := ssh.ParseRawPrivateKey(privateKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
switch priv.(type) {
|
|
case *rsa.PrivateKey:
|
|
rsaPriv := priv.(*rsa.PrivateKey)
|
|
return rsa.DecryptOAEP(sha1.New(), rand.Reader, rsaPriv, secret, nil)
|
|
case *dsa.PrivateKey:
|
|
dsaPriv := priv.(*dsa.PrivateKey)
|
|
dsaPub, err := exportSshPublicKey(&dsaPriv.PublicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return decryptAES(dsaPub, secret)
|
|
case *ecdsa.PrivateKey:
|
|
ecdsaPriv := priv.(*ecdsa.PrivateKey)
|
|
ecdsaPub, err := exportSshPublicKey(&ecdsaPriv.PublicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return decryptAES(ecdsaPub, secret)
|
|
}
|
|
return nil, fmt.Errorf("unsupported")
|
|
}
|
|
|
|
func EncryptBase64(publicKey string, message string) (string, error) {
|
|
secretBytes, err := Encrypt([]byte(publicKey), []byte(message))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return base64.StdEncoding.EncodeToString(secretBytes), nil
|
|
}
|
|
|
|
func DecryptBase64(privateKey string, secret string) (string, error) {
|
|
secretBytes, err := base64.StdEncoding.DecodeString(secret)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
msgBytes, err := Decrypt([]byte(privateKey), secretBytes)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return string(msgBytes), nil
|
|
}
|