From 2ce84dc517a65527ab1774f01f0ff268e3a0191b Mon Sep 17 00:00:00 2001 From: ZacharyZcR <2903735704@qq.com> Date: Thu, 19 Dec 2024 14:50:05 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96Shiro.go=E7=9A=84?= =?UTF-8?q?=E4=BB=A3=E7=A0=81=EF=BC=8C=E6=B7=BB=E5=8A=A0=E6=B3=A8=E9=87=8A?= =?UTF-8?q?=EF=BC=8C=E8=A7=84=E8=8C=83=E8=BE=93=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- WebScan/lib/Shiro.go | 69 +++++++++++++++++++++++++++++++------------- 1 file changed, 49 insertions(+), 20 deletions(-) diff --git a/WebScan/lib/Shiro.go b/WebScan/lib/Shiro.go index 4e3503d..ce24978 100644 --- a/WebScan/lib/Shiro.go +++ b/WebScan/lib/Shiro.go @@ -12,62 +12,91 @@ import ( ) var ( + // CheckContent 是经过base64编码的Shiro序列化对象 CheckContent = "rO0ABXNyADJvcmcuYXBhY2hlLnNoaXJvLnN1YmplY3QuU2ltcGxlUHJpbmNpcGFsQ29sbGVjdGlvbqh/WCXGowhKAwABTAAPcmVhbG1QcmluY2lwYWxzdAAPTGphdmEvdXRpbC9NYXA7eHBwdwEAeA==" - Content, _ = base64.StdEncoding.DecodeString(CheckContent) + // Content 是解码后的原始内容 + Content, _ = base64.StdEncoding.DecodeString(CheckContent) ) +// Padding 对明文进行PKCS7填充 func Padding(plainText []byte, blockSize int) []byte { - //计算要填充的长度 - n := (blockSize - len(plainText)%blockSize) - //对原来的明文填充n个n - temp := bytes.Repeat([]byte{byte(n)}, n) - plainText = append(plainText, temp...) - return plainText + // 计算需要填充的长度 + paddingLength := blockSize - len(plainText)%blockSize + + // 使用paddingLength个paddingLength值进行填充 + paddingText := bytes.Repeat([]byte{byte(paddingLength)}, paddingLength) + + return append(plainText, paddingText...) } +// GetShrioCookie 获取加密后的Shiro Cookie值 func GetShrioCookie(key, mode string) string { if mode == "gcm" { return AES_GCM_Encrypt(key) - } else { - //cbc - return AES_CBC_Encrypt(key) } + return AES_CBC_Encrypt(key) } -//AES CBC加密后的payload +// AES_CBC_Encrypt 使用AES-CBC模式加密 func AES_CBC_Encrypt(shirokey string) string { + // 解码密钥 key, err := base64.StdEncoding.DecodeString(shirokey) if err != nil { return "" } + + // 创建AES加密器 block, err := aes.NewCipher(key) if err != nil { return "" } - Content = Padding(Content, block.BlockSize()) - iv := uuid.NewV4().Bytes() //指定初始向量vi,长度和block的块尺寸一致 - blockMode := cipher.NewCBCEncrypter(block, iv) //指定CBC分组模式,返回一个BlockMode接口对象 - cipherText := make([]byte, len(Content)) - blockMode.CryptBlocks(cipherText, Content) //加密数据 - return base64.StdEncoding.EncodeToString(append(iv[:], cipherText[:]...)) + + // PKCS7填充 + paddedContent := Padding(Content, block.BlockSize()) + + // 生成随机IV + iv := uuid.NewV4().Bytes() + + // 创建CBC加密器 + blockMode := cipher.NewCBCEncrypter(block, iv) + + // 加密数据 + cipherText := make([]byte, len(paddedContent)) + blockMode.CryptBlocks(cipherText, paddedContent) + + // 拼接IV和密文并base64编码 + return base64.StdEncoding.EncodeToString(append(iv, cipherText...)) } -//AES GCM 加密后的payload shiro 1.4.2版本更换为了AES-GCM加密方式 +// AES_GCM_Encrypt 使用AES-GCM模式加密(Shiro 1.4.2+) func AES_GCM_Encrypt(shirokey string) string { + // 解码密钥 key, err := base64.StdEncoding.DecodeString(shirokey) if err != nil { return "" } + + // 创建AES加密器 block, err := aes.NewCipher(key) if err != nil { return "" } + + // 生成16字节随机数作为nonce nonce := make([]byte, 16) - _, err = io.ReadFull(rand.Reader, nonce) + if _, err := io.ReadFull(rand.Reader, nonce); err != nil { + return "" + } + + // 创建GCM加密器 + aesgcm, err := cipher.NewGCMWithNonceSize(block, 16) if err != nil { return "" } - aesgcm, _ := cipher.NewGCMWithNonceSize(block, 16) + + // 加密数据 ciphertext := aesgcm.Seal(nil, nonce, Content, nil) + + // 拼接nonce和密文并base64编码 return base64.StdEncoding.EncodeToString(append(nonce, ciphertext...)) }