Ejemplo n.º 1
func NewBlock(method string, keyfile string) (c cipher.Block, err error) {
	logger.Debugf("Crypt Wrapper with %s preparing.", method)

	file, err := os.Open(keyfile)
	if err != nil {
	defer file.Close()

	key := make([]byte, KEYSIZE)
	_, err = io.ReadFull(file, key)
	if err != nil {

	switch method {
	case "aes":
		c, err = aes.NewCipher(key)
	case "des":
		c, err = des.NewCipher(key)
	case "tripledes":
		c, err = des.NewTripleDESCipher(key)
Ejemplo n.º 2
func (p *PasswordAuth) encrypt(key string, bytes []byte) ([]byte, error) {
	keyBytes := []byte{0, 0, 0, 0, 0, 0, 0, 0}

	if len(key) > 8 {
		key = key[:8]

	for i := 0; i < len(key); i++ {
		keyBytes[i] = p.reverseBits(key[i])

	block, err := des.NewCipher(keyBytes)

	if err != nil {
		return nil, err

	result1 := make([]byte, 8)
	block.Encrypt(result1, bytes)
	result2 := make([]byte, 8)
	block.Encrypt(result2, bytes[8:])

	crypted := append(result1, result2...)

	return crypted, nil
Ejemplo n.º 3
func cipherDES(key, iv []byte, isRead bool) interface{} {
	block, _ := des.NewCipher(key)
	if isRead {
		return cipher.NewCBCDecrypter(block, iv)
	return cipher.NewCBCEncrypter(block, iv)
Ejemplo n.º 4
func (s *descbc) Sign(algo, usage int, data ...[]byte) ([]byte, error) {
	var h hash.Hash

	switch algo {
	case signGssDes:
		sz := 0
		for _, d := range data {
			sz += len(d)
		sz = (sz + 7) &^ 7
		u := make([]byte, sz)
		v := u[:0]
		for _, d := range data {
			v = append(v, d...)

		iv := [8]byte{}
		b, _ := des.NewCipher(s.key)
		c := cipher.NewCBCEncrypter(b, iv[:])
		c.CryptBlocks(u, u)
		return u[len(u)-8:], nil

	case signGssMd5Des:
		h = md5.New()
		for _, d := range data {
		return s.Sign(signGssDes, usage, h.Sum(nil))

	case signMd5Des:
		h = md5.New()
	case signMd4Des:
		h = md4.New()
		return unkeyedSign(algo, usage, data...)

	var key [8]byte
	for i := 0; i < 8; i++ {
		key[i] = s.key[i] ^ 0xF0

	chk := make([]byte, 24)
	io.ReadFull(rand.Reader, chk[:8])

	for _, d := range data {

	iv := [8]byte{}
	b, _ := des.NewCipher(s.key)
	c := cipher.NewCBCEncrypter(b, iv[:])
	c.CryptBlocks(chk, chk)
	return chk, nil
Ejemplo n.º 5
介绍:创建默认DESCipher,使用ECB工作模式、pkcs57填充,算法秘钥长度64位 , 使用秘钥作为初始向量

func NewDES(key []byte) (Cipher, error) {
	block, err := des.NewCipher(key)
	if err != nil {
		return nil, err
	return NewECBMode().Cipher(block, key[:block.BlockSize()]), nil
Ejemplo n.º 6
func main() {
	plainText := []byte("Bob loves Alice.")

	// Key must be 8 bytes
	key := []byte("passw0rd")

	// Create Cipher block for DES
	block, err := des.NewCipher(key)
	if err != nil {
		fmt.Printf("err: %s", err)

	// Create initialization vector from rand.reader
	iv := make([]byte, des.BlockSize)
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		fmt.Printf("err: %s", err)

	// Encrypt with CBC mode
	cipherText := make([]byte, len(plainText))
	encryptMode := cipher.NewCBCEncrypter(block, iv)
	encryptMode.CryptBlocks(cipherText, plainText)
	fmt.Printf("Cipher text: %v\n", cipherText)

	// Decrypt with CBC mode
	decryptedText := make([]byte, len(cipherText))
	decryptMode := cipher.NewCBCDecrypter(block, iv)
	decryptMode.CryptBlocks(decryptedText, cipherText)
	fmt.Printf("Decrypted text: %s\n", string(decryptedText))
Ejemplo n.º 7
func check(key []byte, original uint64) {
	cipher, err := des.NewCipher(key)
	if err != nil {

	i2b := func(i uint64) (b []byte) {
		b = make([]byte, 8)
		binary.BigEndian.PutUint64(b, i)

		return b

	originalPlainText := i2b(original)
	originalCipherText := make([]byte, 8)
	cipher.Encrypt(originalCipherText, originalPlainText)

	var (
		updated          uint64
		updatedPlainText []byte
	updatedCipherText := make([]byte, 8)

	sum := 0.0
	for i := 0; i < 64; i++ {
		updated = original ^ (1 << uint64(i))
		updatedPlainText = i2b(updated)
		cipher.Encrypt(updatedCipherText, updatedPlainText)
		diffed := diff(originalCipherText, updatedCipherText)
		fmt.Printf("%d -> %d\n", i+1, diffed)
		sum += float64(diffed)
	fmt.Printf("original: %d\n", original)
	fmt.Printf("mean: %f\n", sum/64)
Ejemplo n.º 8
func (t *SubkeyTest) WrongBlockSize() {
	ciph, err := des.NewCipher(make([]byte, 8))
	AssertEq(nil, err)

	f := func() { generateSubkeys(ciph) }
	ExpectThat(f, Panics(HasSubstr("16 bytes")))
Ejemplo n.º 9
func (s *descbc) Decrypt(salt []byte, algo, usage int, data []byte) ([]byte, error) {
	var h hash.Hash

	switch algo {
	case cryptDesCbcMd5:
		h = md5.New()
	case cryptDesCbcMd4:
		h = md4.New()
		return nil, ErrProtocol

	if (len(data) & 7) != 0 {
		return nil, ErrProtocol

	iv := [8]byte{}
	b, _ := des.NewCipher(s.key)
	c := cipher.NewCBCDecrypter(b, iv[:])
	c.CryptBlocks(data, data)

	chk := make([]byte, h.Size())
	h.Write(chk) // Just need h.Size() zero bytes instead of the checksum

	if subtle.ConstantTimeCompare(chk, data[8:8+len(chk)]) != 1 {
		return nil, ErrProtocol

	return data[8+len(chk):], nil
Ejemplo n.º 10
//[golang ECB 3DES Encrypt]
func TripleEcbDesEncrypt(origData, key []byte) ([]byte, error) {
	tkey := make([]byte, 24, 24)
	copy(tkey, key)
	k1 := tkey[:8]
	k2 := tkey[8:16]
	k3 := tkey[16:]

	block, err := des.NewCipher(k1)
	if err != nil {
		return nil, err
	bs := block.BlockSize()
	origData = PKCS5Padding(origData, bs)

	buf1, err := encrypt(origData, k1)
	if err != nil {
		return nil, err
	buf2, err := decrypt(buf1, k2)
	if err != nil {
		return nil, err
	out, err := encrypt(buf2, k3)
	if err != nil {
		return nil, err
	return out, nil
Ejemplo n.º 11

func NewDESWith(key []byte, mode CipherMode) (Cipher, error) {
	block, err := des.NewCipher(key)
	if err != nil {
		return nil, err
	return mode.Cipher(block, key[:block.BlockSize()]), nil
Ejemplo n.º 12
// Decrypt decrypts ciphertext in CBC mode and returns plaintext.
// ciphertext's length must be a multiple of 8. key is a 24 byte des key.
// iv is an 8 byte initialization vector. If iv is nil, zeros
// will be used as the initialization vector.
func Decrypt(ciphertext, key, iv []byte) ([]byte, error) {
	switch {
	case len(ciphertext)%8 != 0:
		return nil, errors.New("invalid ciphertext length")
	case len(key) != 24:
		return nil, errors.New("invalid key length")
	case iv == nil:
		iv = defaultIV
	case len(iv) != 8:
		return nil, errors.New("invalid iv length")

	out := make([]byte, 0, len(ciphertext))
	prevXor := make([]byte, 8)
	temp := make([]byte, 8)

	preWhiten := key[8:16]
	postWhiten := key[16:24]
	cipher, err := des.NewCipher(key[:8])
	if err != nil {
	copy(prevXor, iv)

	for i := 0; i < len(ciphertext)/8; i++ {
		curCipher := ciphertext[i*8 : i*8+8]
		cipher.Decrypt(temp, xorBlock2(postWhiten, curCipher))
		curPlain := xorBlock3(prevXor, preWhiten, temp)
		out = append(out, curPlain...)
		copy(prevXor, curCipher)

	return out, nil
Ejemplo n.º 13
func DesEncrypt(src, key []byte) ([]byte, error) {
	block, err := des.NewCipher(key)
	if err != nil {
		log.Printf("[des encrypt] NewCipher error, %v", err)
		return nil, err

	bs := block.BlockSize()

	src = ZeroPadding(src, bs)
	// src = PKCS5Padding(src, bs)
	if len(src)%bs != 0 {
		return nil, errors.New("Need a multiple of the blocksize")

	out := make([]byte, len(src))
	dst := out
	for len(src) > 0 {
		block.Encrypt(dst, src[:bs])
		src = src[bs:]
		dst = dst[bs:]

	return out, nil

Ejemplo n.º 14
func main() {
	key, _ := hex.DecodeString("0000000000000000")
	block, _ := des.NewCipher(key)
	data := make([]byte, 8)
	block.Encrypt(data, key)
Ejemplo n.º 15
func main() {
	plaintext := []byte("My name is Astaxie")
	if len(os.Args) > 1 {
		plaintext = []byte(os.Args[1])

	key_text := "12345678"
	if len(os.Args) > 2 {
		key_text = os.Args[2]


	// 创建加密算法des
	c, err := des.NewCipher([]byte(key_text))
	if err != nil {
		fmt.Printf("Error: NewCipher(%d bytes) = %s", len(key_text), err)

	cfb := cipher.NewCFBEncrypter(c, commonIV)
	ciphertext := make([]byte, len(plaintext))
	cfb.XORKeyStream(ciphertext, plaintext)
	fmt.Printf("%s=>%x\n", plaintext, ciphertext)

	// 解密字符串
	cfbdec := cipher.NewCFBDecrypter(c, commonIV)
	plaintextCopy := make([]byte, len(plaintext))
	cfbdec.XORKeyStream(plaintextCopy, ciphertext)
	fmt.Printf("%x=>%s\n", ciphertext, plaintextCopy)
Ejemplo n.º 16
func decryptDES(src, key, privParam []byte) (dst []byte, err error) {

	if len(src)%des.BlockSize != 0 {
		err = ArgumentError{
			Value:   len(src),
			Message: "Invalid DES cipher length",
	if len(privParam) != 8 {
		err = ArgumentError{
			Value:   len(privParam),
			Message: "Invalid DES PrivParameter length",

	block, err := des.NewCipher(key[:8])
	if err != nil {

	iv := xor(key[8:16], privParam)
	dst = make([]byte, len(src))

	mode := cipher.NewCBCDecrypter(block, iv)
	mode.CryptBlocks(dst, src)
func main() {
	c, err := des.NewCipher([]byte("32129232"))
	if err != nil {

	message := bytes.NewBufferString("this isn't a really secret, do you know that? no secret is best secret.")

	fmt.Println("original bytes:")

	encrypted := bytes.NewBuffer(nil)

	// var encrypted bytes.Buffer

	b8 := make([]byte, 8)

	w := cipher.StreamWriter{S: cipher.NewOFB(c, b8), W: encrypted}

	io.Copy(w, message)

	fmt.Println("encrypted bytes:")

	encryptedOutput := fmt.Sprintf("%02x", encrypted.Bytes())


	digital := fmt.Sprintf("%x", []byte("that's cool!"))

	var m []byte
	fmt.Sscanf(digital, "%x", &m)


	c2, err := des.NewCipher([]byte("32129232"))

	w2 := cipher.StreamReader{S: cipher.NewOFB(c2, b8), R: encrypted}

	decrypted_message := bytes.NewBuffer(nil)

	io.Copy(decrypted_message, w2)


Ejemplo n.º 18
func DecryptDESCBC(dst, src, key, iv []byte) error {
	desBlockEncrypter, err := des.NewCipher([]byte(key))
	if err != nil {
		return err
	desDecrypter := cipher.NewCBCDecrypter(desBlockEncrypter, iv)
	desDecrypter.CryptBlocks(dst, src)
	return nil
Ejemplo n.º 19
func encryptDes(key []byte, cleartext []byte, ciphertext []byte) {
	var desKey [8]byte
	createDesKey(key, desKey[:])
	cipher, err := des.NewCipher(desKey[:])
	if err != nil {
	cipher.Encrypt(ciphertext, cleartext)
Ejemplo n.º 20
func calcLanManResponse(nonce [8]byte, password string) [24]byte {
	var lmpass [14]byte
	var key [16]byte
	var hash [21]byte

	copy(lmpass[:14], []byte(strings.ToUpper(password)))

	des56To64(key[:8], lmpass[:7])
	des56To64(key[8:], lmpass[7:])

	blk, _ := des.NewCipher(key[:8])
	blk.Encrypt(hash[:8], []byte("KGS!@#$%"))

	blk, _ = des.NewCipher(key[8:])
	blk.Encrypt(hash[8:], []byte("KGS!@#$%"))

	return calcNTLMResponse(nonce, hash)
Ejemplo n.º 21
func NewDesConn(conn net.Conn, key []byte, iv []byte) (sc net.Conn, err error) {
	block, err := des.NewCipher(key)
	if err != nil {
	in := cipher.NewCFBDecrypter(block, iv)
	out := cipher.NewCFBEncrypter(block, iv)
	return CryptConn{conn.(*net.TCPConn), in, out}, nil
Ejemplo n.º 22
func calcNTLMResponse(nonce [8]byte, hash [21]byte) [24]byte {
	var ret [24]byte
	var key [24]byte

	des56To64(key[:8], hash[:7])
	des56To64(key[8:16], hash[7:14])
	des56To64(key[16:], hash[14:])

	blk, _ := des.NewCipher(key[:8])
	blk.Encrypt(ret[:8], nonce[:])

	blk, _ = des.NewCipher(key[8:16])
	blk.Encrypt(ret[8:16], nonce[:])

	blk, _ = des.NewCipher(key[16:])
	blk.Encrypt(ret[16:], nonce[:])

	return ret
Ejemplo n.º 23
func NewDESCFBCipher(rwc io.ReadWriteCloser, password []byte) (*DESCFBCipher, error) {
	block, err := des.NewCipher(password)
	if err != nil {
		return nil, err
	return &DESCFBCipher{
		block: block,
		rwc:   rwc,
	}, nil
Ejemplo n.º 24
func (eci encryptedContentInfo) decrypt(key []byte) ([]byte, error) {
	alg := eci.ContentEncryptionAlgorithm.Algorithm
	if !alg.Equal(oidEncryptionAlgorithmDESCBC) && !alg.Equal(oidEncryptionAlgorithmDESEDE3CBC) && !alg.Equal(oidEncryptionAlgorithmAES256CBC) {
		fmt.Printf("Unsupported Content Encryption Algorithm: %s\n", alg)
		return nil, ErrUnsupportedAlgorithm

	// EncryptedContent can either be constructed of multple OCTET STRINGs
	// or _be_ a tagged OCTET STRING
	var cyphertext []byte
	if eci.EncryptedContent.IsCompound {
		// Complex case to concat all of the children OCTET STRINGs
		var buf bytes.Buffer
		cypherbytes := eci.EncryptedContent.Bytes
		for {
			var part []byte
			cypherbytes, _ = asn1.Unmarshal(cypherbytes, &part)
			if cypherbytes == nil {
		cyphertext = buf.Bytes()
	} else {
		// Simple case, the bytes _are_ the cyphertext
		cyphertext = eci.EncryptedContent.Bytes

	var block cipher.Block
	var err error

	switch {
	case alg.Equal(oidEncryptionAlgorithmDESCBC):
		block, err = des.NewCipher(key)
	case alg.Equal(oidEncryptionAlgorithmDESEDE3CBC):
		block, err = des.NewTripleDESCipher(key)
	case alg.Equal(oidEncryptionAlgorithmAES256CBC):
		block, err = aes.NewCipher(key)
	if err != nil {
		return nil, err

	iv := eci.ContentEncryptionAlgorithm.Parameters.Bytes
	if len(iv) != block.BlockSize() {
		return nil, errors.New("pkcs7: encryption algorithm parameters are malformed")
	mode := cipher.NewCBCDecrypter(block, iv)
	plaintext := make([]byte, len(cyphertext))
	mode.CryptBlocks(plaintext, cyphertext)
	if plaintext, err = unpad(plaintext, mode.BlockSize()); err != nil {
		return nil, err
	return plaintext, nil
Ejemplo n.º 25
// Create Response for comparison
func ntChallengeResponse(challenge []byte, passHash []byte) ([]byte, error) {
	// Pass is already encoded (NTPasswordHash)
	// ChallengeResponse
	res := make([]byte, 24)
	zPasswordHash := make([]byte, 21)

	// Set ZPasswordHash to PasswordHash zero-padded to 21 octets
	for i := 0; i < len(passHash); i++ {
		zPasswordHash[i] = passHash[i]

	// DesEncrypt first 7 bytes
		block, e := des.NewCipher(strToKey(zPasswordHash[:7]))
		if e != nil {
			return nil, e
		mode := newECBEncrypter(block)
		mode.CryptBlocks(res, challenge)

	// DesEncrypt second 7 bytes
		block, e := des.NewCipher(strToKey(zPasswordHash[7:14]))
		if e != nil {
			return nil, e
		mode := newECBEncrypter(block)
		mode.CryptBlocks(res[8:], challenge)

	// DesEncrypt last 7 bytes
		block, e := des.NewCipher(strToKey(zPasswordHash[14:]))
		if e != nil {
			return nil, e
		mode := newECBEncrypter(block)
		mode.CryptBlocks(res[16:], challenge)
	return res, nil
Ejemplo n.º 26
func DesDecrypt(crypted, key []byte) ([]byte, error) {
	block, err := des.NewCipher(key)
	if err != nil {
		return nil, err
	blockMode := cipher.NewCBCDecrypter(block, key)
	origData := make([]byte, len(crypted))
	blockMode.CryptBlocks(origData, crypted)
	origData = PKCS5UnPadding(origData)
	return origData, nil
Ejemplo n.º 27
func (sp *UsmSecurityParameters) encryptPacket(scopedPdu []byte) ([]byte, error) {
	var b []byte

	var privkey = genlocalkey(sp.AuthenticationProtocol,

	switch sp.PrivacyProtocol {
	case AES:
		var iv [16]byte
		binary.BigEndian.PutUint32(iv[:], sp.AuthoritativeEngineBoots)
		binary.BigEndian.PutUint32(iv[4:], sp.AuthoritativeEngineTime)
		copy(iv[8:], sp.PrivacyParameters)

		block, err := aes.NewCipher(privkey[:16])
		if err != nil {
			return nil, err
		stream := cipher.NewCFBEncrypter(block, iv[:])
		ciphertext := make([]byte, len(scopedPdu))
		stream.XORKeyStream(ciphertext, scopedPdu)
		pduLen, err := marshalLength(len(ciphertext))
		if err != nil {
			return nil, err
		b = append([]byte{byte(OctetString)}, pduLen...)
		scopedPdu = append(b, ciphertext...)
		preiv := privkey[8:]
		var iv [8]byte
		for i := 0; i < len(iv); i++ {
			iv[i] = preiv[i] ^ sp.PrivacyParameters[i]
		block, err := des.NewCipher(privkey[:8])
		if err != nil {
			return nil, err
		mode := cipher.NewCBCEncrypter(block, iv[:])

		pad := make([]byte, des.BlockSize-len(scopedPdu)%des.BlockSize)
		scopedPdu = append(scopedPdu, pad...)

		ciphertext := make([]byte, len(scopedPdu))
		mode.CryptBlocks(ciphertext, scopedPdu)
		pduLen, err := marshalLength(len(ciphertext))
		if err != nil {
			return nil, err
		b = append([]byte{byte(OctetString)}, pduLen...)
		scopedPdu = append(b, ciphertext...)

	return scopedPdu, nil
Ejemplo n.º 28
func desHash(clear []byte) ([]byte, error) {
	block, e := des.NewCipher(strToKey(clear)) // clear=secret
	if e != nil {
		return nil, e

	res := make([]byte, 8)
	mode := newECBEncrypter(block)
	mode.CryptBlocks(res, []byte(`KGS!@#$%`))
	return res, nil
Ejemplo n.º 29
func E(key, plaintext []byte) []byte {
	cipher, err := des.NewCipher(key)
	if err != nil {
		fmt.Println("ERROR: failed to create DES cipher.", err)

	ciphertext := make([]byte, len(plaintext))
	cipher.Encrypt(ciphertext, plaintext)
	return ciphertext
Ejemplo n.º 30
func encryptDESCBC(content []byte) ([]byte, *encryptedContentInfo, error) {
	// Create DES key & CBC IV
	key := make([]byte, 8)
	iv := make([]byte, des.BlockSize)
	_, err := rand.Read(key)
	if err != nil {
		return nil, nil, err
	_, err = rand.Read(iv)
	if err != nil {
		return nil, nil, err

	// Encrypt padded content
	block, err := des.NewCipher(key)
	if err != nil {
		return nil, nil, err
	mode := cipher.NewCBCEncrypter(block, iv)
	plaintext, err := pad(content, mode.BlockSize())
	cyphertext := make([]byte, len(plaintext))
	mode.CryptBlocks(cyphertext, plaintext)

	// Prepare ASN.1 Encrypted Content Info
	eci := encryptedContentInfo{
		ContentType: oidData,
		ContentEncryptionAlgorithm: pkix.AlgorithmIdentifier{
			Algorithm:  oidEncryptionAlgorithmDESCBC,
			Parameters: asn1.RawValue{Tag: 4, Bytes: iv},
		EncryptedContent: marshalEncryptedContent(cyphertext),

	return key, &eci, nil