From 8be434b6c796c6e1eb89d02e7f10177d01880f47 Mon Sep 17 00:00:00 2001 From: cwchen <1048842385@qq.com> Date: Wed, 11 Sep 2024 10:57:30 +0800 Subject: [PATCH] =?UTF-8?q?SM4=E5=8A=A0=E5=AF=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/core/utils/aes/SM4.java | 281 ++++++++ .../common/core/utils/aes/SM4Context.java | 19 + .../common/core/utils/aes/SM4Utils.java | 222 +++++++ .../common/core/utils/aes/Util.java | 619 ++++++++++++++++++ 4 files changed, 1141 insertions(+) create mode 100644 securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4.java create mode 100644 securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Context.java create mode 100644 securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Utils.java create mode 100644 securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/Util.java diff --git a/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4.java b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4.java new file mode 100644 index 0000000..0d82e89 --- /dev/null +++ b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4.java @@ -0,0 +1,281 @@ +package com.securitycontrol.common.core.utils.aes; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.logging.Level; +import java.util.logging.Logger; + +/** + * @author 徐一杰 + * @date 2022/10/11 + */ +class SM4 { + private static final Logger logger = Logger.getLogger(SM4.class.getPackage().getName()); + + public static final int SM4_ENCRYPT = 1; + + public static final int SM4_DECRYPT = 0; + + private int getUlongBe(byte[] b, int i) { + return (b[i] & 0xff) << 24 | ((b[i + 1] & 0xff) << 16) | ((b[i + 2] & 0xff) << 8) + | b[i + 3] & 0xff & 0xffffffff; + } + + private void putUlongBe(int n, byte[] b, int i) { + b[i] = (byte) (0xFF & n >> 24); + b[i + 1] = (byte) (0xFF & n >> 16); + b[i + 2] = (byte) (0xFF & n >> 8); + b[i + 3] = (byte) (0xFF & n); + } + + private int shl(int x, int n) { + return (x & 0xFFFFFFFF) << n; + } + + private int rotl(int x, int n) { + return shl(x, n) | x >> (32 - n); + } + + protected static final byte[] SBOX_TABLE = {(byte) 0xd6, (byte) 0x90, (byte) 0xe9, (byte) 0xfe, (byte) 0xcc, + (byte) 0xe1, 0x3d, (byte) 0xb7, 0x16, (byte) 0xb6, 0x14, (byte) 0xc2, 0x28, (byte) 0xfb, 0x2c, 0x05, 0x2b, + 0x67, (byte) 0x9a, 0x76, 0x2a, (byte) 0xbe, 0x04, (byte) 0xc3, (byte) 0xaa, 0x44, 0x13, 0x26, 0x49, + (byte) 0x86, 0x06, (byte) 0x99, (byte) 0x9c, 0x42, 0x50, (byte) 0xf4, (byte) 0x91, (byte) 0xef, (byte) 0x98, + 0x7a, 0x33, 0x54, 0x0b, 0x43, (byte) 0xed, (byte) 0xcf, (byte) 0xac, 0x62, (byte) 0xe4, (byte) 0xb3, 0x1c, + (byte) 0xa9, (byte) 0xc9, 0x08, (byte) 0xe8, (byte) 0x95, (byte) 0x80, (byte) 0xdf, (byte) 0x94, + (byte) 0xfa, 0x75, (byte) 0x8f, 0x3f, (byte) 0xa6, 0x47, 0x07, (byte) 0xa7, (byte) 0xfc, (byte) 0xf3, 0x73, + 0x17, (byte) 0xba, (byte) 0x83, 0x59, 0x3c, 0x19, (byte) 0xe6, (byte) 0x85, 0x4f, (byte) 0xa8, 0x68, 0x6b, + (byte) 0x81, (byte) 0xb2, 0x71, 0x64, (byte) 0xda, (byte) 0x8b, (byte) 0xf8, (byte) 0xeb, 0x0f, 0x4b, 0x70, + 0x56, (byte) 0x9d, 0x35, 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, (byte) 0xd1, (byte) 0xa2, 0x25, 0x22, 0x7c, + 0x3b, 0x01, 0x21, 0x78, (byte) 0x87, (byte) 0xd4, 0x00, 0x46, 0x57, (byte) 0x9f, (byte) 0xd3, 0x27, 0x52, + 0x4c, 0x36, 0x02, (byte) 0xe7, (byte) 0xa0, (byte) 0xc4, (byte) 0xc8, (byte) 0x9e, (byte) 0xea, (byte) 0xbf, + (byte) 0x8a, (byte) 0xd2, 0x40, (byte) 0xc7, 0x38, (byte) 0xb5, (byte) 0xa3, (byte) 0xf7, (byte) 0xf2, + (byte) 0xce, (byte) 0xf9, 0x61, 0x15, (byte) 0xa1, (byte) 0xe0, (byte) 0xae, 0x5d, (byte) 0xa4, (byte) 0x9b, + 0x34, 0x1a, 0x55, (byte) 0xad, (byte) 0x93, 0x32, 0x30, (byte) 0xf5, (byte) 0x8c, (byte) 0xb1, (byte) 0xe3, + 0x1d, (byte) 0xf6, (byte) 0xe2, 0x2e, (byte) 0x82, 0x66, (byte) 0xca, 0x60, (byte) 0xc0, 0x29, 0x23, + (byte) 0xab, 0x0d, 0x53, 0x4e, 0x6f, (byte) 0xd5, (byte) 0xdb, 0x37, 0x45, (byte) 0xde, (byte) 0xfd, + (byte) 0x8e, 0x2f, 0x03, (byte) 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51, (byte) 0x8d, 0x1b, (byte) 0xaf, + (byte) 0x92, (byte) 0xbb, (byte) 0xdd, (byte) 0xbc, 0x7f, 0x11, (byte) 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, + (byte) 0xd8, 0x0a, (byte) 0xc1, 0x31, (byte) 0x88, (byte) 0xa5, (byte) 0xcd, 0x7b, (byte) 0xbd, 0x2d, 0x74, + (byte) 0xd0, 0x12, (byte) 0xb8, (byte) 0xe5, (byte) 0xb4, (byte) 0xb0, (byte) 0x89, 0x69, (byte) 0x97, 0x4a, + 0x0c, (byte) 0x96, 0x77, 0x7e, 0x65, (byte) 0xb9, (byte) 0xf1, 0x09, (byte) 0xc5, 0x6e, (byte) 0xc6, + (byte) 0x84, 0x18, (byte) 0xf0, 0x7d, (byte) 0xec, 0x3a, (byte) 0xdc, 0x4d, 0x20, 0x79, (byte) 0xee, 0x5f, + 0x3e, (byte) 0xd7, (byte) 0xcb, 0x39, 0x48}; + + protected static final int[] FK = {0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc}; + + protected static final int[] CK = {0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269, 0x70777e85, 0x8c939aa1, 0xa8afb6bd, + 0xc4cbd2d9, 0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249, 0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9, + 0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229, 0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299, 0xa0a7aeb5, + 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209, 0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279}; + + private byte sm4Sbox(byte inch) { + int i = inch & 0xFF; + return SBOX_TABLE[i]; + } + + private int sm4Lt(int ka) { + int bb; + int c; + byte[] a = new byte[4]; + byte[] b = new byte[4]; + putUlongBe(ka, a, 0); + b[0] = sm4Sbox(a[0]); + b[1] = sm4Sbox(a[1]); + b[2] = sm4Sbox(a[2]); + b[3] = sm4Sbox(a[3]); + bb = getUlongBe(b, 0); + c = bb ^ rotl(bb, 2) ^ rotl(bb, 10) ^ rotl(bb, 18) ^ rotl(bb, 24); + return c; + } + + private int sm4F(int x0, int x1, int x2, int x3, int rk) { + return x0 ^ sm4Lt(x1 ^ x2 ^ x3 ^ rk); + } + + private int sm4CalciRk(int ka) { + int bb; + int rk; + byte[] a = new byte[4]; + byte[] b = new byte[4]; + putUlongBe(ka, a, 0); + b[0] = sm4Sbox(a[0]); + b[1] = sm4Sbox(a[1]); + b[2] = sm4Sbox(a[2]); + b[3] = sm4Sbox(a[3]); + bb = getUlongBe(b, 0); + rk = bb ^ rotl(bb, 13) ^ rotl(bb, 23); + return rk; + } + + private void sm4SetKey(int[] sk, byte[] key) { + int[] mK = new int[4]; + int[] k = new int[36]; + int i = 0; + mK[0] = getUlongBe(key, 0); + mK[1] = getUlongBe(key, 4); + mK[2] = getUlongBe(key, 8); + mK[3] = getUlongBe(key, 12); + k[0] = mK[0] ^ FK[0]; + k[1] = mK[1] ^ FK[1]; + k[2] = mK[2] ^ FK[2]; + k[3] = mK[3] ^ FK[3]; + for (; i < 32; i++) { + k[(i + 4)] = (k[i] ^ sm4CalciRk(k[(i + 1)] ^ k[(i + 2)] ^ k[(i + 3)] ^ CK[i])); + sk[i] = k[(i + 4)]; + } + } + + private void sm4OneRound(int[] sk, byte[] input, byte[] output) { + int i = 0; + int[] ulbuf = new int[36]; + ulbuf[0] = getUlongBe(input, 0); + ulbuf[1] = getUlongBe(input, 4); + ulbuf[2] = getUlongBe(input, 8); + ulbuf[3] = getUlongBe(input, 12); + while (i < 32) { + ulbuf[(i + 4)] = sm4F(ulbuf[i], ulbuf[(i + 1)], ulbuf[(i + 2)], ulbuf[(i + 3)], sk[i]); + i++; + } + putUlongBe(ulbuf[35], output, 0); + putUlongBe(ulbuf[34], output, 4); + putUlongBe(ulbuf[33], output, 8); + putUlongBe(ulbuf[32], output, 12); + } + + private byte[] padding(byte[] input, int mode) { + byte[] ret; + if (mode == SM4_ENCRYPT) { + int p = 16 - input.length % 16; + ret = new byte[input.length + p]; + System.arraycopy(input, 0, ret, 0, input.length); + for (int i = 0; i < p; i++) { + ret[input.length + i] = (byte) p; + } + } else { + int p = input[input.length - 1]; + ret = new byte[input.length - p]; + System.arraycopy(input, 0, ret, 0, input.length - p); + } + return ret; + } + + private void validateDecrypt(SM4Context ctx, byte[] key) throws NullPointerException { + if (ctx == null) { + logger.log(Level.WARNING, "ctx is null"); + throw new NullPointerException("ctx is null!"); + } + if (key == null || key.length != 16) { + logger.log(Level.WARNING, "secretKey必须为 16 位,可包含字母、数字、标点"); + throw new NullPointerException("secretKey必须为 16 位,可包含字母、数字、标点"); + } + } + + private void validateEncrypt(String type, byte[] iv, byte[] input) throws IllegalArgumentException { + if (SM4Utils.CBC.equals(type) && (iv == null || iv.length != 16)) { + logger.log(Level.WARNING, "iv必须为 16 位,可包含字母、数字、标点"); + throw new IllegalArgumentException("iv必须为 16 位,可包含字母、数字、标点"); + } + + if (input == null) { + logger.log(Level.WARNING, "要加解密的数据为null"); + throw new IllegalArgumentException("要加解密的数据为null"); + } + } + + public void sm4SetKeyEnc(SM4Context ctx, byte[] key) { + validateDecrypt(ctx, key); + ctx.mode = SM4_ENCRYPT; + sm4SetKey(ctx.sk, key); + } + + public byte[] sm4CryptEcb(SM4Context ctx, byte[] input) throws IOException { + validateEncrypt(SM4Utils.ECB, null, input); + if ((ctx.isPadding) && (ctx.mode == SM4_ENCRYPT)) { + input = padding(input, SM4_ENCRYPT); + } + + int length = input.length; + ByteArrayInputStream bins = new ByteArrayInputStream(input); + ByteArrayOutputStream bous = new ByteArrayOutputStream(); + for (; length > 0; length -= 16) { + byte[] in = new byte[16]; + byte[] out = new byte[16]; + bins.read(in); + sm4OneRound(ctx.sk, in, out); + bous.write(out); + } + + byte[] output = bous.toByteArray(); + if (ctx.isPadding && ctx.mode == SM4_DECRYPT) { + output = padding(output, SM4_DECRYPT); + } + bins.close(); + bous.close(); + return output; + } + + public void sm4SetKeyDec(SM4Context ctx, byte[] key) { + validateDecrypt(ctx, key); + int i; + ctx.mode = SM4_DECRYPT; + sm4SetKey(ctx.sk, key); + for (i = 0; i < 16; i++) { + swap(ctx.sk, i); + } + } + + private void swap(int[] sk, int i) { + int t = sk[i]; + sk[i] = sk[(31 - i)]; + sk[(31 - i)] = t; + } + + public byte[] sm4CryptCbc(SM4Context ctx, byte[] iv, byte[] input) throws IOException { + validateEncrypt(SM4Utils.CBC, iv, input); + if (ctx.isPadding && ctx.mode == SM4_ENCRYPT) { + input = padding(input, SM4_ENCRYPT); + } + int i; + int length = input.length; + ByteArrayInputStream bins = new ByteArrayInputStream(input); + ByteArrayOutputStream bous = new ByteArrayOutputStream(); + if (ctx.mode == SM4_ENCRYPT) { + for (; length > 0; length -= 16) { + byte[] in = new byte[16]; + byte[] out = new byte[16]; + byte[] out1 = new byte[16]; + bins.read(in); + for (i = 0; i < 16; i++) { + out[i] = ((byte) (in[i] ^ iv[i])); + } + sm4OneRound(ctx.sk, out, out1); + System.arraycopy(out1, 0, iv, 0, 16); + bous.write(out1); + } + } else { + byte[] temp = new byte[16]; + for (; length > 0; length -= 16) { + byte[] in = new byte[16]; + byte[] out = new byte[16]; + byte[] out1 = new byte[16]; + bins.read(in); + System.arraycopy(in, 0, temp, 0, 16); + sm4OneRound(ctx.sk, in, out); + for (i = 0; i < 16; i++) { + out1[i] = ((byte) (out[i] ^ iv[i])); + } + System.arraycopy(temp, 0, iv, 0, 16); + bous.write(out1); + } + } + byte[] output = bous.toByteArray(); + if (ctx.isPadding && ctx.mode == SM4_DECRYPT) { + output = padding(output, SM4_DECRYPT); + } + bins.close(); + bous.close(); + return output; + } + +} diff --git a/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Context.java b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Context.java new file mode 100644 index 0000000..8101823 --- /dev/null +++ b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Context.java @@ -0,0 +1,19 @@ +package com.securitycontrol.common.core.utils.aes; + +/** + * @author 徐一杰 + * @date 2022/10/11 + */ +class SM4Context { + int mode; + + int[] sk; + + boolean isPadding; + + public SM4Context() { + this.mode = 1; + this.isPadding = true; + this.sk = new int[32]; + } +} diff --git a/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Utils.java b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Utils.java new file mode 100644 index 0000000..fad1141 --- /dev/null +++ b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/SM4Utils.java @@ -0,0 +1,222 @@ +package com.securitycontrol.common.core.utils.aes; + +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * @author 徐一杰 + * @date 2022/10/11 + *

+ * ECB 加密模式 + * 不使用自定义 secretKey,一般用于后端自行加解密,如果是前端加密后端解密,则需要自定义secretKey,前后端一致才能正确解密 + * 经过ECB加密的密文为:SM4Utils.encryptData_ECB("123456"); + * 经过ECB解密的密文为:SM4Utils.decryptData_ECB("UQZqWWcVSu7MIrMzWRD/wA=="); + * 使用自定义 secretKey,传入的 secretKey 必须为16位,可包含字母、数字、标点 + * 经过ECB加密的密文为:SM4Utils.encryptData_ECB("123456"); + * 经过ECB解密的密文为:SM4Utils.decryptData_ECB("UQZqWWcVSu7MIrMzWRD/wA=="); + *

+ * CBC 加密模式(更加安全),需要两个密钥 + * 经过CBC加密的密文为:SM4Utils.encryptData_CBC("123456"); + * 经过CBC解密的密文为:SM4Utils.decryptData_CBC("hbMK6/IeJ3UTzaTgLb3f3A=="); + * 同样可以自定义 secretKey 和 iv,需要两个密钥前后端都一致 + * 经过CBC加密的密文为:SM4Utils.encryptData_CBC("123456","asdfghjklzxcvb!_","1234567890123456"); + * 经过CBC解密的密文为:SM4Utils.decryptData_CBC("sTyCl3G6TF311kIENzsKNg==","asdfghjklzxcvb!_","1234567890123456"); + */ +public class SM4Utils { + private SM4Utils() { + + } + + private static final Logger logger = Logger.getLogger(SM4Utils.class.getPackage().getName()); + + /** + * 默认 SECRET_KEY + * 当时用ECB模式的时候,和前端key一致 + * secretKey 必须为16位,可包含字母、数字、标点 + */ + private static final String SECRET_KEY = "zhgd@bonus123456"; + + /** + * 默认 IV + * 当时用CBC模式的时候,SECRET_KEY和IV都需要传值,解密要和加密的SECRET_KEY和IV一致,更加安全 + * iv 必须为 16 位,可包含字母、数字、标点 + */ + private static final String IV = "1234567812345678"; + + static final String ECB = "ECB"; + + static final String CBC = "CBC"; + + private static final boolean HEX_STRING = false; + + private static final Pattern P = Pattern.compile("\\s*|\t|\r|\n"); + + private static String encryptData(String type, String plainText, String secretKey, String iv) { + try { + SM4Context ctx = new SM4Context(); + ctx.isPadding = true; + ctx.mode = SM4.SM4_ENCRYPT; + + byte[] keyBytes = secretKey == null ? SECRET_KEY.getBytes() : secretKey.getBytes(); + SM4 sm4 = new SM4(); + sm4.sm4SetKeyEnc(ctx, keyBytes); + + String cipherText; + if (ECB.equals(type)) { + byte[] encrypted = sm4.sm4CryptEcb(ctx, plainText.getBytes(StandardCharsets.UTF_8)); + cipherText = Base64.getEncoder().encodeToString(encrypted); + if (cipherText != null && !cipherText.trim().isEmpty()) { + Matcher m = P.matcher(cipherText); + cipherText = m.replaceAll(""); + } + } else { + byte[] ivBytes = iv == null ? IV.getBytes() : iv.getBytes(); + byte[] encrypted = sm4.sm4CryptCbc(ctx, ivBytes, plainText.getBytes(StandardCharsets.UTF_8)); + cipherText = Base64.getEncoder().encodeToString(encrypted); + if (cipherText != null && !cipherText.trim().isEmpty()) { + Matcher m = P.matcher(cipherText); + cipherText = m.replaceAll(""); + } + } + return cipherText; + } catch (Exception e) { + logger.log(Level.WARNING, "加密失败!", e); + return null; + } + } + + public static void main(String[] args) { + System.err.println( decryptData_CBC("VlWYLrghArikg+SQKS4obg==")); + } + private static String decryptData(String type, String cipherText, String secretKey, String iv) { + try { + SM4Context ctx = new SM4Context(); + ctx.isPadding = true; + ctx.mode = SM4.SM4_DECRYPT; + + SM4 sm4 = new SM4(); + byte[] bytes = secretKey == null ? SECRET_KEY.getBytes() : secretKey.getBytes(); + if (ECB.equals(type)) { + sm4.sm4SetKeyDec(ctx, bytes); + byte[] decrypted = sm4.sm4CryptEcb(ctx, Base64.getDecoder().decode(cipherText)); + return new String(decrypted, StandardCharsets.UTF_8); + } else { + byte[] keyBytes; + byte[] ivBytes; + if (HEX_STRING) { + keyBytes = Util.hexStringToBytes(secretKey); + ivBytes = Util.hexStringToBytes(iv); + } else { + keyBytes = bytes; + ivBytes = iv == null ? IV.getBytes() : iv.getBytes(); + } + sm4.sm4SetKeyDec(ctx, keyBytes); + byte[] decrypted = sm4.sm4CryptCbc(ctx, ivBytes, Base64.getDecoder().decode(cipherText)); + return new String(decrypted, StandardCharsets.UTF_8); + } + } catch (Exception e) { + logger.log(Level.WARNING, "解密失败!请检查密钥和密文是否对应", e); + return null; + } + } + + + /** + * ECB模式加密,自定义密钥,加解密密钥需一致 + * + * @param plainText 要加密的数据 + * @param secretKey 密钥,必须为 16 位,可包含字母、数字、标点 + * @return 加密后的字符串 + */ + public static String encryptData_ECB(String plainText, String secretKey) { + return encryptData(ECB, plainText, secretKey, null); + } + + /** + * ECB模式加密,默认密钥 + * + * @param plainText 要加密的数据 + * @return 加密后的字符串 + */ + public static String encryptData_ECB(String plainText) { + return encryptData(ECB, plainText, null, null); + } + + /** + * ECB模式解密,自定义密钥,加解密密钥需一致 + * + * @param cipherText 要解密的数据 + * @param secretKey 密钥,必须为 16 位,可包含字母、数字、标点 + * @return 解密后的字符串 + */ + public static String decryptData_ECB(String cipherText, String secretKey) { + return decryptData(ECB, cipherText, secretKey, null); + } + + /** + * ECB模式解密,默认密钥 + * + * @param cipherText 要解密的数据 + * @return 解密后的字符串 + */ + public static String decryptData_ECB(String cipherText) { + return decryptData(ECB, cipherText, null, null); + } + + /** + * CBC模式加密,SECRET_KEY和IV都需要传值,解密要和加密的SECRET_KEY和IV一致,更加安全 + * + * @param plainText 要加密的数据 + * @param secretKey 密钥一,必须为 16 位,可包含字母、数字、标点 + * @param iv 密钥二,必须为 16 位,可包含字母、数字、标点 + * @return 加密后的字符串 + */ + public static String encryptData_CBC(String plainText, String secretKey, String iv) { + return encryptData(CBC, plainText, secretKey, iv); + } + + /** + * CBC模式加密,SECRET_KEY和IV都需要传值,解密要和加密的SECRET_KEY和IV一致,更加安全 + * + * @param plainText 要加密的数据 + * @return 加密后的字符串 + */ + public static String encryptData_CBC(String plainText) { + return encryptData(CBC, plainText, null, null); + } + + /** + * CBC模式解密,SECRET_KEY和IV都需要传值,解密要和加密的SECRET_KEY和IV一致,更加安全 + * + * @param cipherText 要解密的数据 + * @param secretKey 密钥一,必须为 16 位,可包含字母、数字、标点 + * @param iv 密钥二,必须为 16 位,可包含字母、数字、标点 + * @return 解密后的字符串 + */ + public static String decryptData_CBC(String cipherText, String secretKey, String iv) { + return decryptData(CBC, cipherText, secretKey, iv); + } + + /** + * CBC模式解密,SECRET_KEY和IV都需要传值,解密要和加密的SECRET_KEY和IV一致,更加安全 + * + * @param cipherText 要解密的数据 + * @return 解密后的字符串 + */ + public static String decryptData_CBC(String cipherText) { + return decryptData(CBC, cipherText, null, null); + } + +// public static void main(String[] args) { +// System.out.println("经过ECB加密的密文为:" + SM4Utils.encryptData_ECB("41150320000416041X")); +// System.out.println("经过ECB解密的密文为:" + SM4Utils.decryptData_ECB("ZaCySfpl8DLflqpnM67eqBuFHqHevz6NvJY7i77t4zk=")); +// System.out.println("经过CBC自定义密钥加密的密文为:" + SM4Utils.encryptData_CBC("41150320000416041X", "1sdfghjklzxcvbnm", ".234567890@$^-_*")); +// System.out.println("经过CBC自定义密钥解密的密文为:" + SM4Utils.decryptData_CBC("eB/OnKKFHwNLBl7s4QvGX7rtqS0LqfmU8AuXnhqjCbM=", "1sdfghjklzxcvbnm", ".234567890@$^-_*")); +// System.out.println(SM4Utils.encryptData_CBC("圣诞卡是你打死你")); +// System.out.println(SM4Utils.decryptData_CBC("fhMAEzAxdPNTe9I346GNTgQmnjpBfjJHQCFj+TxQDUg=")); +// } +} diff --git a/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/Util.java b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/Util.java new file mode 100644 index 0000000..220ec70 --- /dev/null +++ b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/utils/aes/Util.java @@ -0,0 +1,619 @@ +package com.securitycontrol.common.core.utils.aes; + + +import java.math.BigInteger; +import java.util.logging.Level; +import java.util.logging.Logger; + +/** + * @author 徐一杰 + * @date 2022/10/11 + */ +class Util { + private Util() { + + } + + private static final Logger logger = Logger.getLogger(Util.class.getPackage().getName()); + + /** + * 整形转换成网络传输的字节流(字节数组)型数据 + * + * @param num 一个整型数据 + * @return 4个字节的自己数组 + */ + public static byte[] intToBytes(int num) { + byte[] bytes = new byte[4]; + bytes[0] = (byte) (0xff & (num)); + bytes[1] = (byte) (0xff & (num >> 8)); + bytes[2] = (byte) (0xff & (num >> 16)); + bytes[3] = (byte) (0xff & (num >> 24)); + return bytes; + } + + /** + * 四个字节的字节数据转换成一个整形数据 + * + * @param bytes 4个字节的字节数组 + * @return 一个整型数据 + */ + public static int byteToInt(byte[] bytes) { + int num = 0; + int temp; + temp = (0x000000ff & (bytes[0])); + num = num | temp; + temp = (0x000000ff & (bytes[1])) << 8; + num = num | temp; + temp = (0x000000ff & (bytes[2])) << 16; + num = num | temp; + temp = (0x000000ff & (bytes[3])) << 24; + num = num | temp; + return num; + } + + /** + * 长整形转换成网络传输的字节流(字节数组)型数据 + * + * @param num 一个长整型数据 + * @return 4个字节的自己数组 + */ + public static byte[] longToBytes(long num) { + byte[] bytes = new byte[8]; + for (int i = 0; i < 8; i++) { + bytes[i] = (byte) (0xff & (num >> (i * 8))); + } + return bytes; + } + + /** + * 大数字转换字节流(字节数组)型数据 + * + * @param n 大数字 + * @return 字节流(字节数组) + */ + public static byte[] byteConvert32Bytes(BigInteger n) { + byte[] tmp; + if (n == null) { + return null; + } + + if (n.toByteArray().length == 33) { + tmp = new byte[32]; + System.arraycopy(n.toByteArray(), 1, tmp, 0, 32); + } else if (n.toByteArray().length == 32) { + tmp = n.toByteArray(); + } else { + tmp = new byte[32]; + for (int i = 0; i < 32 - n.toByteArray().length; i++) { + tmp[i] = 0; + } + System.arraycopy(n.toByteArray(), 0, tmp, 32 - n.toByteArray().length, n.toByteArray().length); + } + return tmp; + } + + /** + * 字节流(字节数组)型数据转大数字 + * + * @param b 字节流(字节数组) + * @return 大数字 + */ + public static BigInteger byteConvertInteger(byte[] b) { + if (b[0] < 0) { + byte[] temp = new byte[b.length + 1]; + temp[0] = 0; + System.arraycopy(b, 0, temp, 1, b.length); + return new BigInteger(temp); + } + return new BigInteger(b); + } + + /** + * 根据字节数组获得值(十六进制数字) + * + * @param bytes 字节数组 + * @return 十六进制数字 + */ + public static String getHexString(byte[] bytes) { + return getHexString(bytes, true); + } + + /** + * 根据字节数组获得值(十六进制数字) + * + * @param bytes 字节数组 + * @param upperCase 是否大写 + * @return 十六进制数字 + */ + public static String getHexString(byte[] bytes, boolean upperCase) { + StringBuilder ret = new StringBuilder(); + for (byte aByte : bytes) { + ret.append(Integer.toString((aByte & 0xff) + 0x100, 16).substring(1)); + } + return upperCase ? ret.toString().toUpperCase() : ret.toString(); + } + + /** + * 打印十六进制字符串 + * + * @param bytes 字节数组 + */ + public static void printHexString(byte[] bytes) { + for (byte aByte : bytes) { + String hex = Integer.toHexString(aByte & 0xFF); + if (hex.length() == 1) { + hex = '0' + hex; + } + System.out.println("0x" + hex.toUpperCase() + ","); + } + } + + /** + * Convert hex string to byte[] + * + * @param hexString the hex string + * @return byte[] + */ + public static byte[] hexStringToBytes(String hexString) { + if (hexString == null || hexString.isEmpty()) { + return null; + } + hexString = hexString.toUpperCase(); + int length = hexString.length() / 2; + char[] hexChars = hexString.toCharArray(); + byte[] d = new byte[length]; + for (int i = 0; i < length; i++) { + int pos = i * 2; + d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]) & 0xff); + } + return d; + } + + /** + * Convert char to byte + * + * @param c char + * @return byte + */ + public static byte charToByte(char c) { + return (byte) "0123456789ABCDEF".indexOf(c); + } + + /** + * 用于建立十六进制字符的输出的小写字符数组 + */ + private static final char[] DIGITS_LOWER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; + + /** + * 用于建立十六进制字符的输出的大写字符数组 + */ + private static final char[] DIGITS_UPPER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; + + /** + * 将字节数组转换为十六进制字符数组 + * + * @param data byte[] + * @return 十六进制char[] + */ + public static char[] encodeHex(byte[] data) { + return encodeHex(data, true); + } + + /** + * 将字节数组转换为十六进制字符数组 + * + * @param data byte[] + * @param toLowerCase true 传换成小写格式 , false 传换成大写格式 + * @return 十六进制char[] + */ + public static char[] encodeHex(byte[] data, boolean toLowerCase) { + return encodeHex(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER); + } + + /** + * 将字节数组转换为十六进制字符数组 + * + * @param data byte[] + * @param toDigits 用于控制输出的char[] + * @return 十六进制char[] + */ + protected static char[] encodeHex(byte[] data, char[] toDigits) { + int l = data.length; + char[] out = new char[l << 1]; + // two characters form the hex value. + int j = 0; + for (byte datum : data) { + out[j++] = toDigits[(0xF0 & datum) >>> 4]; + out[j++] = toDigits[0x0F & datum]; + } + return out; + } + + /** + * 将字节数组转换为十六进制字符串 + * + * @param data byte[] + * @return 十六进制String + */ + public static String encodeHexString(byte[] data) { + return encodeHexString(data, true); + } + + /** + * 将字节数组转换为十六进制字符串 + * + * @param data byte[] + * @param toLowerCase true 传换成小写格式 , false 传换成大写格式 + * @return 十六进制String + */ + public static String encodeHexString(byte[] data, boolean toLowerCase) { + return encodeHexString(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER); + } + + /** + * 将字节数组转换为十六进制字符串 + * + * @param data byte[] + * @param toDigits 用于控制输出的char[] + * @return 十六进制String + */ + protected static String encodeHexString(byte[] data, char[] toDigits) { + return new String(encodeHex(data, toDigits)); + } + + /** + * 将十六进制字符数组转换为字节数组 + * + * @param data 十六进制char[] + * @return byte[] + * @throws RuntimeException 如果源十六进制字符数组是一个奇怪的长度,将抛出运行时异常 + */ + public static byte[] decodeHex(char[] data) { + int len = data.length; + if ((len & 0x01) != 0) { + throw new IllegalArgumentException("十六进制char[]不合法"); + } + byte[] out = new byte[len >> 1]; + // two characters form the hex value. + int j = 0; + for (int i = 0; j < len; i++) { + int f = toDigit(data[j], j) << 4; + j++; + f = f | toDigit(data[j], j); + j++; + out[i] = (byte) (f & 0xFF); + } + return out; + } + + /** + * 将十六进制字符转换成一个整数 + * + * @param ch 十六进制char + * @param index 十六进制字符在字符数组中的位置 + * @return 一个整数 + * @throws RuntimeException 当ch不是一个合法的十六进制字符时,抛出运行时异常 + */ + protected static int toDigit(char ch, int index) { + int digit = Character.digit(ch, 16); + if (digit == -1) { + throw new IllegalArgumentException("Illegal hexadecimal character " + ch + " at index " + index); + } + return digit; + } + + /** + * 数字字符串转ASCII码字符串 + * + * @param content 字符串 + * @return ASCII字符串 + */ + public static String stringToAsciiString(String content) { + StringBuilder result = new StringBuilder(); + int max = content.length(); + for (int i = 0; i < max; i++) { + char c = content.charAt(i); + String b = Integer.toHexString(c); + result.append(b); + } + return result.toString(); + } + + /** + * 十六进制转字符串 + * + * @param hexString 十六进制字符串 + * @param encodeType 编码类型4:Unicode,2:普通编码 + * @return 字符串 + */ + public static String hexStringToString(String hexString, int encodeType) { + StringBuilder result = new StringBuilder(); + int max = hexString.length() / encodeType; + for (int i = 0; i < max; i++) { + char c = (char) hexStringToAlgorism(hexString.substring(i * encodeType, (i + 1) * encodeType)); + result.append(c); + } + return result.toString(); + } + + /** + * 十六进制字符串转换十进制 + * + * @param hex 十六进制字符串 + * @return 十进制数值 + */ + public static int hexStringToAlgorism(String hex) { + hex = hex.toUpperCase(); + int max = hex.length(); + int result = 0; + for (int i = max; i > 0; i--) { + char c = hex.charAt(i - 1); + int algorithm; + if (c >= '0' && c <= '9') { + algorithm = c - '0'; + } else { + algorithm = c - 55; + } + result += (int) (Math.pow(16, (max - i)) * algorithm); + } + return result; + } + + /** + * 十六转二进制 + * + * @param hex 十六进制字符串 + * @return 二进制字符串 + */ + public static String hexStringToBinary(String hex) { + hex = hex.toUpperCase(); + StringBuilder result = new StringBuilder(); + int max = hex.length(); + for (int i = 0; i < max; i++) { + char c = hex.charAt(i); + switch (c) { + case '0': + result.append("0000"); + break; + case '1': + result.append("0001"); + break; + case '2': + result.append("0010"); + break; + case '3': + result.append("0011"); + break; + case '4': + result.append("0100"); + break; + case '5': + result.append("0101"); + break; + case '6': + result.append("0110"); + break; + case '7': + result.append("0111"); + break; + case '8': + result.append("1000"); + break; + case '9': + result.append("1001"); + break; + case 'A': + result.append("1010"); + break; + case 'B': + result.append("1011"); + break; + case 'C': + result.append("1100"); + break; + case 'D': + result.append("1101"); + break; + case 'E': + result.append("1110"); + break; + case 'F': + result.append("1111"); + break; + default: + logger.log(Level.WARNING, "hexStringToBinary无匹配项"); + break; + } + } + return result.toString(); + } + + /** + * ASCII码字符串转数字字符串 + * + * @param content ASCII字符串 + * @return 字符串 + */ + public static String asciiStringToString(String content) { + StringBuilder result = new StringBuilder(); + int length = content.length() / 2; + for (int i = 0; i < length; i++) { + String c = content.substring(i * 2, i * 2 + 2); + int a = hexStringToAlgorism(c); + char b = (char) a; + String d = String.valueOf(b); + result.append(d); + } + return result.toString(); + } + + /** + * 将十进制转换为指定长度的十六进制字符串 + * + * @param algorism int 十进制数字 + * @param maxLength int 转换后的十六进制字符串长度 + * @return String 转换后的十六进制字符串 + */ + public static String algorismToHexString(int algorism, int maxLength) { + String result; + result = Integer.toHexString(algorism); + + if (result.length() % 2 == 1) { + result = "0" + result; + } + return patchHexString(result.toUpperCase(), maxLength); + } + + /** + * 字节数组转为普通字符串(ASCII对应的字符) + * + * @param bytearray byte[] + * @return String + */ + public static String byteToString(byte[] bytearray) { + StringBuilder result = new StringBuilder(); + char temp; + + for (byte b : bytearray) { + temp = (char) b; + result.append(temp); + } + return result.toString(); + } + + /** + * 二进制字符串转十进制 + * + * @param binary 二进制字符串 + * @return 十进制数值 + */ + public static int binaryToAlgorism(String binary) { + int max = binary.length(); + int result = 0; + for (int i = max; i > 0; i--) { + char c = binary.charAt(i - 1); + int algorism = c - '0'; + result += (int) (Math.pow(2, (max - i)) * algorism); + } + return result; + } + + /** + * 十进制转换为十六进制字符串 + * + * @param algorism int 十进制的数字 + * @return String 对应的十六进制字符串 + */ + public static String algorismToHexString(int algorism) { + String result; + result = Integer.toHexString(algorism); + + if (result.length() % 2 == 1) { + result = "0" + result; + + } + result = result.toUpperCase(); + + return result; + } + + /** + * HEX字符串前补0,主要用于长度位数不足。 + * + * @param str String 需要补充长度的十六进制字符串 + * @param maxLength int 补充后十六进制字符串的长度 + * @return 补充结果 + */ + public static String patchHexString(String str, int maxLength) { + StringBuilder temp = new StringBuilder(); + for (int i = 0; i < maxLength - str.length(); i++) { + temp.insert(0, "0"); + } + str = (temp + str).substring(0, maxLength); + return str; + } + + /** + * 将一个字符串转换为int + * + * @param s String 要转换的字符串 + * @param defaultInt int 如果出现异常,默认返回的数字 + * @param radix int 要转换的字符串是什么进制的,如16 8 10. + * @return int 转换后的数字 + */ + public static int parseToInt(String s, int defaultInt, int radix) { + int i; + try { + i = Integer.parseInt(s, radix); + } catch (NumberFormatException ex) { + i = defaultInt; + } + return i; + } + + /** + * 将一个十进制形式的数字字符串转换为int + * + * @param s String 要转换的字符串 + * @param defaultInt int 如果出现异常,默认返回的数字 + * @return int 转换后的数字 + */ + public static int parseToInt(String s, int defaultInt) { + int i; + try { + i = Integer.parseInt(s); + } catch (NumberFormatException ex) { + i = defaultInt; + } + return i; + } + + /** + * 十六进制串转化为byte数组 + * + * @return the array of byte + */ + public static byte[] hexToByte(String hex) throws IllegalArgumentException { + if (hex.length() % 2 != 0) { + throw new IllegalArgumentException(); + } + char[] arr = hex.toCharArray(); + byte[] b = new byte[hex.length() / 2]; + for (int i = 0, j = 0, l = hex.length(); i < l; i++, j++) { + String swap = String.valueOf(arr[i++]) + arr[i]; + int byteInt = Integer.parseInt(swap, 16) & 0xFF; + b[j] = (byte) byteInt; + } + return b; + } + + /** + * 字节数组转换为十六进制字符串 + * + * @param b byte[] 需要转换的字节数组 + * @return String 十六进制字符串 + */ + public static String byteToHex(byte[] b) { + if (b == null) { + throw new IllegalArgumentException("Argument b ( byte array ) is null! "); + } + StringBuilder hs = new StringBuilder(); + String stmp; + for (byte value : b) { + stmp = Integer.toHexString(value & 0xff); + if (stmp.length() == 1) { + hs.append("0").append(stmp); + } else { + hs.append(stmp); + } + } + return hs.toString().toUpperCase(); + } + + public static byte[] subByte(byte[] input, int startIndex, int length) { + byte[] bt = new byte[length]; + System.arraycopy(input, startIndex, bt, 0, length); + return bt; + } + +}