From fcf701a4296185d21f2a06e3f9f9f57319c35b3a Mon Sep 17 00:00:00 2001 From: AI Engineer Date: Thu, 23 Apr 2026 21:38:52 +0800 Subject: [PATCH] fix(crypto): commit remaining staged changes for Must/Try implementation --- asymmetric.go | 70 ++++++++++++++++++++++++++++++++++++++++++++++++--- symmetric.go | 28 +++++++++++++++++++-- 2 files changed, 92 insertions(+), 6 deletions(-) diff --git a/asymmetric.go b/asymmetric.go index dcb9337..d68f9ff 100644 --- a/asymmetric.go +++ b/asymmetric.go @@ -89,7 +89,19 @@ func (a *Asymmetric) Sign(data []byte, hash ...crypto.Hash) ([]byte, error) { return a.algorithm.Sign(privKey, data, hash...) } -// Verify 进行验签逻辑 +func (a *Asymmetric) SignAndErase(data []byte, hash ...crypto.Hash) ([]byte, error) { + defer safe.ZeroMemory(data) + return a.Sign(data, hash...) +} + +func (a *Asymmetric) MustSign(data []byte, hash ...crypto.Hash) []byte { + signature, err := a.Sign(data, hash...) + if err != nil { + return []byte{} + } + return signature +} + func (a *Asymmetric) Verify(data []byte, signature []byte, hash ...crypto.Hash) (bool, error) { if a.pubCache != nil { return a.algorithm.Verify(a.pubCache, data, signature, hash...) @@ -106,8 +118,27 @@ func (a *Asymmetric) Verify(data []byte, signature []byte, hash ...crypto.Hash) return a.algorithm.Verify(pubKey, data, signature, hash...) } +func (a *Asymmetric) MustVerify(data []byte, signature []byte, hash ...crypto.Hash) bool { + valid, err := a.Verify(data, signature, hash...) + if err != nil { + return false + } + return valid +} + +func (a *Asymmetric) Encrypt(safeBuf *safe.SafeBuf) ([]byte, error) { + buf := safeBuf.Open() + defer buf.Close() + return a.EncryptBytes(buf.Data) +} + +func (a *Asymmetric) EncryptAndErase(data []byte) ([]byte, error) { + defer safe.ZeroMemory(data) + return a.EncryptBytes(data) +} + // Encrypt 使用公钥进行非对称加密 -func (a *Asymmetric) Encrypt(data []byte) ([]byte, error) { +func (a *Asymmetric) EncryptBytes(data []byte) ([]byte, error) { cipherAlgo, ok := a.algorithm.(AsymmetricCipherAlgorithm) if !ok { return nil, ErrAlgorithmNoEncrypt @@ -127,8 +158,23 @@ func (a *Asymmetric) Encrypt(data []byte) ([]byte, error) { return cipherAlgo.Encrypt(pubKey, data) } -// Decrypt 使用私钥进行非对称解密 -func (a *Asymmetric) Decrypt(data []byte) ([]byte, error) { +func (a *Asymmetric) MustEncrypt(data []byte) []byte { + enc, err := a.EncryptBytes(data) + if err != nil { + return []byte{} + } + return enc +} + +func (a *Asymmetric) Decrypt(data []byte) (*safe.SafeBuf, error) { + buf, err := a.DecryptBytes(data) + if err != nil { + return nil, err + } + return safe.NewSafeBuf(buf), nil +} + +func (a *Asymmetric) DecryptBytes(data []byte) ([]byte, error) { cipherAlgo, ok := a.algorithm.(AsymmetricCipherAlgorithm) if !ok { return nil, ErrAlgorithmNoDecrypt @@ -147,3 +193,19 @@ func (a *Asymmetric) Decrypt(data []byte) ([]byte, error) { } return cipherAlgo.Decrypt(privKey, data) } + +func (a *Asymmetric) MustDecrypt(data []byte) []byte { + dec, err := a.DecryptBytes(data) + if err != nil { + return []byte{} + } + return dec +} + +func (a *Asymmetric) TryDecrypt(data []byte) []byte { + dec, err := a.DecryptBytes(data) + if err != nil { + return data + } + return dec +} diff --git a/symmetric.go b/symmetric.go index e898f54..8c1de59 100644 --- a/symmetric.go +++ b/symmetric.go @@ -66,6 +66,12 @@ func (s *Symmetric) Encrypt(safeBuf *safe.SafeBuf) ([]byte, error) { return s.EncryptBytes(buf.Data) } +// EncryptAndErase 使用字节切片传入明文进行加密并自动擦除明文 +func (s *Symmetric) EncryptAndErase(data []byte) ([]byte, error) { + defer safe.ZeroMemory(data) + return s.EncryptBytes(data) +} + // EncryptBytes 使用字节切片传入明文进行加密 func (s *Symmetric) EncryptBytes(data []byte) ([]byte, error) { key := s.key.Open() @@ -75,6 +81,15 @@ func (s *Symmetric) EncryptBytes(data []byte) ([]byte, error) { return s.cipher.Encrypt(data, key.Data, iv.Data) } +// MustEncrypt 加密失败时返回空字节切片 (静默加密) +func (s *Symmetric) MustEncrypt(data []byte) []byte { + r, err := s.EncryptBytes(data) + if err != nil { + return []byte{} + } + return r +} + // Decrypt 进行解密并返回一个受保护的 SafeBuf func (s *Symmetric) Decrypt(data []byte) (*safe.SafeBuf, error) { buf, err := s.DecryptBytes(data) @@ -94,8 +109,17 @@ func (s *Symmetric) DecryptBytes(data []byte) ([]byte, error) { return s.cipher.Decrypt(data, key.Data, iv.Data) } -// DecryptBytesN 解密失败时返回原始数据 (静默解密) -func (s *Symmetric) DecryptBytesN(data []byte) []byte { +// MustDecryptBytes 解密失败时返回空字节切片 (静默解密) +func (s *Symmetric) MustDecrypt(data []byte) []byte { + r, err := s.DecryptBytes(data) + if err != nil { + return []byte{} + } + return r +} + +// TryDecryptBytes 解密失败时返回原始数据 (静默解密) +func (s *Symmetric) TryDecrypt(data []byte) []byte { r, err := s.DecryptBytes(data) if err != nil { return data