[fix][core] Encrypt函数使用aes-128-gcm加密算法时相同明文生成相同的密文

author: 侯晋川 <[email protected]> 2024-11-05 16:58:04 +0800
committer: 侯晋川 <[email protected]> 2024-11-05 16:58:04 +0800
commit: 97218bb2a20ec7a7230cf6406c1321c59e7d80da (patch)
tree: f21c1160fb7d6df231e5e562cbb516b8533e01b5
parent: f13fd30de4755f517b2c65502769cc77e096cf7c (diff)
2 files changed, 8 insertions, 10 deletions
diff --git a/groot-core/src/main/java/com/geedgenetworks/core/udf/encrypt/AES128GCM.java b/groot-core/src/main/java/com/geedgenetworks/core/udf/encrypt/AES128GCM.java
index 74d6973..f08383a 100644
--- a/groot-core/src/main/java/com/geedgenetworks/core/udf/encrypt/AES128GCM.java
+++ b/groot-core/src/main/java/com/geedgenetworks/core/udf/encrypt/AES128GCM.java
@@ -1,6 +1,5 @@
 package com.geedgenetworks.core.udf.encrypt;
 
-import cn.hutool.core.util.RandomUtil;
 import com.geedgenetworks.core.pojo.DataEncryptionKey;
 
 import javax.crypto.Cipher;
@@ -13,10 +12,9 @@ public class AES128GCM implements Crypto {
     private static final String ALGORITHM = "AES";
     private static final String TRANSFORMATION = "AES/GCM/NoPadding";
     private static final int GCM_TAG_LENGTH = 128;
-    private static final int GCM_96_NONCE_LENGTH = 12;
     private static final int SECRET_KEY_LENGTH = 16;
     private static final byte[] DEFAULT_SECRET_KEY = ".geedgenetworks.".getBytes();
-    private static final byte[] NONCE = RandomUtil.randomBytes(GCM_96_NONCE_LENGTH);
+    private static final byte[] NONCE = "Galaxy2019#*".getBytes();
 
     private DataEncryptionKey dek;
 
@@ -52,9 +50,9 @@ public class AES128GCM implements Crypto {
             GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH, NONCE);
             cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(dek.getData(), ALGORITHM), gcmSpec);
             byte[] encryptedBytes = cipher.doFinal(content.getBytes());
-            byte[] combinedBytes = new byte[GCM_96_NONCE_LENGTH + encryptedBytes.length];
-            System.arraycopy(NONCE, 0, combinedBytes, 0, GCM_96_NONCE_LENGTH);
-            System.arraycopy(encryptedBytes, 0, combinedBytes, GCM_96_NONCE_LENGTH, encryptedBytes.length);
+            byte[] combinedBytes = new byte[NONCE.length + encryptedBytes.length];
+            System.arraycopy(NONCE, 0, combinedBytes, 0, NONCE.length);
+            System.arraycopy(encryptedBytes, 0, combinedBytes, NONCE.length, encryptedBytes.length);
             encryptedString = Base64.getEncoder().encodeToString(combinedBytes);
         } catch (Exception e) {
             throw new RuntimeException(e);
@@ -67,9 +65,9 @@ public class AES128GCM implements Crypto {
         String decryptedString = "";
         try {
             byte[] combined = Base64.getDecoder().decode(content);
-            byte[] encryptedBytes = new byte[combined.length - GCM_96_NONCE_LENGTH];
-            System.arraycopy(combined, 0, NONCE, 0, GCM_96_NONCE_LENGTH);
-            System.arraycopy(combined, GCM_96_NONCE_LENGTH, encryptedBytes, 0, encryptedBytes.length);
+            byte[] encryptedBytes = new byte[combined.length - NONCE.length];
+            System.arraycopy(combined, 0, NONCE, 0, NONCE.length);
+            System.arraycopy(combined, NONCE.length, encryptedBytes, 0, encryptedBytes.length);
             GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH, NONCE);
             Cipher cipher = Cipher.getInstance(TRANSFORMATION);
             cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(dek.getData(), ALGORITHM), gcmSpec);
diff --git a/groot-core/src/test/java/com/geedgenetworks/core/udf/test/simple/EncryptFunctionTest.java b/groot-core/src/test/java/com/geedgenetworks/core/udf/test/simple/EncryptFunctionTest.java
index a631f8a..20f3c0d 100644
--- a/groot-core/src/test/java/com/geedgenetworks/core/udf/test/simple/EncryptFunctionTest.java
+++ b/groot-core/src/test/java/com/geedgenetworks/core/udf/test/simple/EncryptFunctionTest.java
@@ -264,11 +264,11 @@ public class EncryptFunctionTest {
         assertNotNull(crypto);
         crypto.setDataEncryptionKey(new DataEncryptionKey("aaaaaaaaaaaaaaaa".getBytes(), 1));
         encryptData = crypto.encrypt(DATA);
+        assertEquals("R2FsYXh5MjAxOSMq6Q4PFGRvBmtSQ36Ug9XDHyMXB7Oye/OPITNW", encryptData);
         decryptData = crypto.decrypt(encryptData);
         assertEquals(DATA, decryptData);
 
         assertThrows(IllegalArgumentException.class, () -> CryptoProvider.createEncryptionAlgorithm("sm4"));
-
     }
 
     @Test
author	侯晋川 <[email protected]>	2024-11-05 16:58:04 +0800
committer	侯晋川 <[email protected]>	2024-11-05 16:58:04 +0800
commit	97218bb2a20ec7a7230cf6406c1321c59e7d80da (patch)
tree	f21c1160fb7d6df231e5e562cbb516b8533e01b5
parent	f13fd30de4755f517b2c65502769cc77e096cf7c (diff)