<?php

namespace app\lib\BOC;

class BocCipherUtil {
    private const ENCODING = 'UTF-8';
    private const ALGORITHM_NAME = 'SM4';
    private const ALGORITHM_NAME_ECB_PADDING = 'SM4-ECB';
    private const DEFAULT_KEY_SIZE = 128;

    /**
     * 生成ECB模式的SM4加密器/解密器
     * @param string $algorithmName 算法名称
     * @param int $mode 模式：OPENSSL_ENCRYPT或OPENSSL_DECRYPT
     * @param string $key 密钥
     * @return array 加密/解密参数
     */
    private static function generateEcbCipher($algorithmName, $mode, $key) {
        return [
            'cipher' => $algorithmName,
            'key' => $key,
            'options' => OPENSSL_RAW_DATA,
            'iv' => '' // ECB模式不需要IV
        ];
    }

    /**
     * 生成SM4密钥
     * @param int $keySize 密钥大小
     * @return string 随机密钥
     */
    public static function generateKey($keySize = self::DEFAULT_KEY_SIZE) {
        return openssl_random_pseudo_bytes($keySize / 8);
    }

    /**
     * SM4 ECB模式加密
     * @param string $hexKey 16进制密钥
     * @param string $paramStr 待加密字符串
     * @return string 16进制加密结果
     */
    public static function encryptEcb($hexKey, $paramStr) {
        $key = hex2bin($hexKey);
        $srcData = $paramStr;

        $cipherParams = self::generateEcbCipher(self::ALGORITHM_NAME_ECB_PADDING, OPENSSL_ENCRYPT, $key);
        $cipherArray = openssl_encrypt($srcData, $cipherParams['cipher'], $cipherParams['key'], $cipherParams['options'], $cipherParams['iv']);

        return bin2hex($cipherArray);
    }

    /**
     * SM4 ECB模式加密（字节数组接口）
     * @param string $data 待加密数据
     * @param string $key 密钥
     * @return string 加密结果
     */
    public static function encrypt_Ecb($data, $key) {
        $cipherParams = self::generateEcbCipher(self::ALGORITHM_NAME_ECB_PADDING, OPENSSL_ENCRYPT, $key);
        return openssl_encrypt($data, $cipherParams['cipher'], $cipherParams['key'], $cipherParams['options'], $cipherParams['iv']);
    }

    /**
     * SM4 ECB模式解密
     * @param string $hexKey 16进制密钥
     * @param string $cipherText 16进制加密字符串
     * @return string 解密后的字符串
     */
    public static function decryptEcb($hexKey, $cipherText) {
        $key = hex2bin($hexKey);
        $cipherData = hex2bin($cipherText);

        $cipherParams = self::generateEcbCipher(self::ALGORITHM_NAME_ECB_PADDING, OPENSSL_DECRYPT, $key);
        $srcData = openssl_decrypt($cipherData, $cipherParams['cipher'], $cipherParams['key'], $cipherParams['options'], $cipherParams['iv']);

        return $srcData;
    }

    /**
     * SM4 ECB模式解密（字节数组接口）
     * @param string $cipherText 加密数据
     * @param string $key 密钥
     * @return string 解密结果
     */
    public static function decrypt_Ecb($cipherText, $key) {
        $cipherParams = self::generateEcbCipher(self::ALGORITHM_NAME_ECB_PADDING, OPENSSL_DECRYPT, $key);
        return openssl_decrypt($cipherText, $cipherParams['cipher'], $cipherParams['key'], $cipherParams['options'], $cipherParams['iv']);
    }

    /**
     * 验证加密前后的字符串是否为同一数据
     * @param string $hexKey 16进制密钥
     * @param string $cipherText 16进制加密后的字符串
     * @param string $paramStr 加密前的字符串
     * @return bool 是否为同一数据
     */
    public static function verifyEcb($hexKey, $cipherText, $paramStr) {
        $decryptStr = self::decryptEcb($hexKey, $cipherText);
        return $decryptStr === $paramStr;
    }
}