diff --git a/CHANGELOG.md b/CHANGELOG.md index fb642fd..bee04de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog: @go/keys +## v1.0.2 (2026-06-02) + +### 🛠 Improvements +- **Security & Compatibility**: + - 修复 AES-CBC / SM4-CBC 算法下 IV 长度处理逻辑,仅在 IV 为 12 字节时进行补零。 + - 恢复对 16 字节历史遗留 IV 的完整支持,确保与旧版工具生成的加密数据完全兼容。 + ## v1.0.1 (2026-05-06) ### 🚀 Features diff --git a/go.mod b/go.mod index ee182d0..0338cb6 100644 --- a/go.mod +++ b/go.mod @@ -3,19 +3,21 @@ module apigo.cc/go/keys go 1.25.0 require ( - apigo.cc/go/crypto v1.3.1 - apigo.cc/go/crypto-sm v1.3.1 - apigo.cc/go/encoding v1.3.1 - apigo.cc/go/file v1.3.2 - apigo.cc/go/safe v1.3.1 - apigo.cc/go/shell v1.3.1 + apigo.cc/go/crypto v1.5.0 + apigo.cc/go/crypto-sm v1.5.0 + apigo.cc/go/encoding v1.5.0 + apigo.cc/go/file v1.5.0 + apigo.cc/go/safe v1.5.0 + apigo.cc/go/shell v1.5.0 github.com/c-bata/go-prompt v0.2.6 golang.org/x/term v0.43.0 ) +require apigo.cc/go/jsmod v1.5.0 // indirect + require ( - apigo.cc/go/cast v1.3.3 // indirect - apigo.cc/go/rand v1.3.1 // indirect + apigo.cc/go/cast v1.5.0 // indirect + apigo.cc/go/rand v1.5.0 // indirect github.com/clipperhouse/uax29/v2 v2.6.0 // indirect github.com/emmansun/gmsm v0.28.0 // indirect github.com/kr/text v0.2.0 // indirect diff --git a/go.sum b/go.sum index dc657e0..d540ba3 100644 --- a/go.sum +++ b/go.sum @@ -1,19 +1,21 @@ -apigo.cc/go/cast v1.3.3 h1:aln5eDR5DZVWVzZ/y5SJh1gQNgWv2sT82I25NaO9g34= -apigo.cc/go/cast v1.3.3/go.mod h1:lGlwImiOvHxG7buyMWhFzcdvQzmSaoKbmr7bcDfUpHk= -apigo.cc/go/crypto v1.3.1 h1:ulQ2zX9bUWirk0sEacx1Srsjs2Jow7HlZq7ED7msNcg= -apigo.cc/go/crypto v1.3.1/go.mod h1:SwHlBFDPddttWgFFtzsEMla8CM/rcFy9nvdsJjW4CIs= -apigo.cc/go/crypto-sm v1.3.1 h1:XIndwrQSWEl2rsa2uCJ8rZFSDhvKuAaCxcbrk2gdK2g= -apigo.cc/go/crypto-sm v1.3.1/go.mod h1:G85MgTCFo9asyB3KcWVOROzc/8r6OUaAUInJDJCuvWQ= -apigo.cc/go/encoding v1.3.1 h1:y8O58KYAyulkThg1O2ji2BqjnFoSvk42sit9I3z+K7Y= -apigo.cc/go/encoding v1.3.1/go.mod h1:xAJk5b83VZ31mXMTnyp0dfMoBKfT/AHDn0u+cQfojgY= -apigo.cc/go/file v1.3.2 h1:pu4oiDyiqgj3/eykfnJf+/6+A9v/Z0b3ClP5XK+lwG4= -apigo.cc/go/file v1.3.2/go.mod h1:vci4h0Pz94mV6dkniQkuyBYERVYeq7/LX4jJVuCg9hs= -apigo.cc/go/rand v1.3.1 h1:7FvsI6PtQ5XrWER0dTiLVo0p7GIxRidT/TBKhVy93j8= -apigo.cc/go/rand v1.3.1/go.mod h1:mZ/4Soa3bk+XvDaqPWJuUe1bfEi4eThBj1XmEAuYxsk= -apigo.cc/go/safe v1.3.1 h1:irTCqPAC97gGsX/Lw5AzLelDt1xXLEZIAaVhLELWe9Q= -apigo.cc/go/safe v1.3.1/go.mod h1:XdOpBhN2vkImalaykYXXmEpczqWa1y3ah6/Q72cdRqE= -apigo.cc/go/shell v1.3.1 h1:M8oD0b2HcJuCC6frQFx11b3UTcTx3lATX8XK+YXSVm8= -apigo.cc/go/shell v1.3.1/go.mod h1:ZMdJjpCpWdvsHKUXlelh/AxsV/nWdkH/k3lISfzMdUw= +apigo.cc/go/cast v1.5.0 h1:UBGJtFQ8eJPMQXs37cUgqd7YQo1zI9opuSDBDmn2/pE= +apigo.cc/go/cast v1.5.0/go.mod h1:z2GW5p5WCZGEqVVIJUdhl232vRbLf2Qu4EDlEakX/D8= +apigo.cc/go/crypto v1.5.0 h1:Nxz7a6VKCdvaF258IU0NkjQyureOLxfR308Sy2iftUI= +apigo.cc/go/crypto v1.5.0/go.mod h1:F9M6nXv+5328r1ZwbTvI6fcr8VdgqHVzALOcsdv6ntE= +apigo.cc/go/crypto-sm v1.5.0 h1:bU4BzhngB4768ZZaVeMmZvZWa0nKJkLmtNHuJekzQlk= +apigo.cc/go/crypto-sm v1.5.0/go.mod h1:rSfy7SYb1eG4CXHrJhr4AzWJ2Ci8R67ZUzLEJICr6qg= +apigo.cc/go/encoding v1.5.0 h1:EJNdRVDOMoI2DAvZwQNQTbYuqB/6zsEzvg7lS5pQI+I= +apigo.cc/go/encoding v1.5.0/go.mod h1:8++NfZj3hWig0qh2g7GQRw/4LpSvCYMWUZ+8J+x58cA= +apigo.cc/go/file v1.5.0 h1:Fh1NSDBqaxjuXYJ71yPHPXVJ8BFEv/AGS3l+jkLi5uw= +apigo.cc/go/file v1.5.0/go.mod h1:4YhOGgBINTpmmmgws3H8LAyXQQBGzBp44hYUoCS+kr0= +apigo.cc/go/jsmod v1.5.0 h1:JgQtJNiJWy1NOP9AzE8NX5VXJkpO/x3GqLsCCSny5Ec= +apigo.cc/go/jsmod v1.5.0/go.mod h1:bmyeZtOAP/j5am+YRnaiM89smysK24K7ebk0koFtsSw= +apigo.cc/go/rand v1.5.0 h1:1o8hh8fhdBuk1/h02IvugvamuT3dkWbVJrqEJVQKB2E= +apigo.cc/go/rand v1.5.0/go.mod h1:Lh98S2dm9UY0X+M+kNQQEKyXHG5pcCKSFPyXN0QCGdk= +apigo.cc/go/safe v1.5.0 h1:W1NblmcU8cex1f9Y5z8mNLUJOzZTE1s6fszb3FbhGnk= +apigo.cc/go/safe v1.5.0/go.mod h1:OfQ5d6COePSGEuPvMeOk6KagX2sezw7nvKh7exj9SeM= +apigo.cc/go/shell v1.5.0 h1:WLDMMqUU0INeaBDmQsTPr0h/NfB2RknAtiJ5NL467+Q= +apigo.cc/go/shell v1.5.0/go.mod h1:rYHA77d5hEsQHcJrbAWf1pHy0sxayeJ0gU55LA/JWQk= github.com/c-bata/go-prompt v0.2.6 h1:POP+nrHE+DfLYx370bedwNhsqmpCUynWPxuHi0C5vZI= github.com/c-bata/go-prompt v0.2.6/go.mod h1:/LMAke8wD2FsNu9EXNdHxNLbd9MedkPnCdfpU9wwHfY= github.com/clipperhouse/uax29/v2 v2.6.0 h1:z0cDbUV+aPASdFb2/ndFnS9ts/WNXgTNNGFoKXuhpos= diff --git a/keys_tool b/keys_tool new file mode 100755 index 0000000..f2d9a90 Binary files /dev/null and b/keys_tool differ diff --git a/lib/password.go b/lib/password.go index a1a56d4..bcd5e48 100644 --- a/lib/password.go +++ b/lib/password.go @@ -120,11 +120,19 @@ func createSymmetric(key, keyIv, fileIv []byte, algo string) (*crypto.Symmetric, case "aes-gcm", "gcm", "": return crypto.NewAESGCMWithoutEraseKey(k, v) case "aes-cbc", "cbc": - return crypto.NewAESCBCWithoutEraseKey(k, append(v, 0, 0, 0, 0)) + cbcIv := v + if len(cbcIv) == 12 { + cbcIv = append(cbcIv, 0, 0, 0, 0) + } + return crypto.NewAESCBCWithoutEraseKey(k, cbcIv) case "sm4-gcm", "sm4": return sm.NewSM4GCMWithoutEraseKey(k, v) case "sm4-cbc": - return sm.NewSM4CBCWithoutEraseKey(k, append(v, 0, 0, 0, 0)) + cbcIv := v + if len(cbcIv) == 12 { + cbcIv = append(cbcIv, 0, 0, 0, 0) + } + return sm.NewSM4CBCWithoutEraseKey(k, cbcIv) default: return nil, errors.New("unsupported algorithm: " + algo) }