// Create a new Client with specified ClientDescription
func NewClient(d ClientDescription) (*Client, error) {
client := new(http.Client)
encrypter, err := blowfish.NewCipher([]byte(d.EncryptKey))
if err != nil {
return nil, err
}
decrypter, err := blowfish.NewCipher([]byte(d.DecryptKey))
if err != nil {
return nil, err
}
return &Client{
description: d,
http: client,
encrypter: encrypter,
decrypter: decrypter,
}, nil
}
func newBlockCipher(cipherT string, key []byte) (cipher.Block, error) {
switch cipherT {
case "AES-128", "AES-256":
return aes.NewCipher(key)
case "Blowfish":
return bfish.NewCipher(key)
default:
return nil, fmt.Errorf("Unrecognized cipher type: %s", cipherT)
}
}
// Enc encrypts the data with the specified key
func Enc(ppt, key []byte) ([]byte, error) {
ppt = blowfishChecksizeAndPad(ppt)
ecipher, err := blowfish.NewCipher(key)
if err != nil {
return nil, err
}
ciphertext := make([]byte, blowfish.BlockSize+len(ppt))
eiv := ciphertext[:blowfish.BlockSize]
ecbc := cipher.NewCBCEncrypter(ecipher, eiv)
ecbc.CryptBlocks(ciphertext[blowfish.BlockSize:], ppt)
return ciphertext, nil
}
// Dec decrypts the data with the specified key
func Dec(et, key []byte) ([]byte, error) {
dcipher, err := blowfish.NewCipher(key)
if err != nil {
return nil, err
}
div := et[:blowfish.BlockSize]
decrypted := et[blowfish.BlockSize:]
if len(decrypted)%blowfish.BlockSize != 0 {
return nil, errors.New("decrypted is not a multiple of blowfish.BlockSize")
}
dcbc := cipher.NewCBCDecrypter(dcipher, div)
dcbc.CryptBlocks(decrypted, decrypted)
return bytes.Trim(decrypted, "\x00"), nil
}
func encryptFile(source, dst string, key []byte) error {
sourcebytes, err := ioutil.ReadFile(source)
if err != nil {
return err
}
sourceHash := createHash(sourcebytes)
sourcebytes = append(sourcebytes, sourceHash...)
if err != nil {
return err
}
aesCipher, err := aes.NewCipher(key)
blowfishCipher, err := blowfish.NewCipher(key)
if err != nil {
return err
}
iv := make([]byte, 16)
_, err = rand.Read(iv)
aesEncrypter := cipher.NewCFBEncrypter(aesCipher, iv)
blowfishEncrypter := cipher.NewCFBEncrypter(blowfishCipher, iv[0:8])
destbytes := make([]byte, len(sourcebytes))
aesEncrypter.XORKeyStream(destbytes, sourcebytes)
sourcebytes = destbytes
blowfishEncrypter.XORKeyStream(destbytes, sourcebytes)
if err != nil {
return err
}
destbytes = append(destbytes, iv...)
//TODO: Use the same credentials as the source
ioutil.WriteFile(dst, destbytes, 777)
return nil
}
func main() {
key := []byte("my key")
cipher, err := blowfish.NewCipher(key)
if err != nil {
fmt.Println(err.Error())
}
src := []byte("hello\n\n\n")
var enc [512]byte
cipher.Encrypt(enc[0:], src)
//fmt.Println(string(enc[0:]))
var decrypt [8]byte
cipher.Decrypt(decrypt[0:], enc[0:])
result := bytes.NewBuffer(nil)
result.Write(decrypt[0:8])
fmt.Println(string(result.Bytes()))
}
// Generate returns a secure token for use with a request to an Edgecast cache
// host.
//
// The secret is used to encrypt the params string. The params string must not
// be longer than 512 chars.
func Generate(secret, params string) (string, error) {
if len(params) >= maxTokenChars {
return "", errors.New("Input too long")
}
plaintext := []byte(fmt.Sprintf("ec_secure=%03d&%s", len(params)+14, params))
block, err := blowfish.NewCipher([]byte(secret))
if err != nil {
return "", err
}
ivec := make([]byte, blowfish.BlockSize)
stream := cipher.NewCFBEncrypter(block, ivec)
ciphertext := make([]byte, len(plaintext))
stream.XORKeyStream(ciphertext, plaintext)
return fmt.Sprintf("%02x", ciphertext), nil
}
func init() {
_debug = NewDebug(SYSTEM, "formal/padded")
SetNewCipherFunc("aes",
func(key []byte) (c cipher.Block, e error) {
c, e = aes.NewCipher(key)
return
})
SetNewCipherFunc("blowfish",
func(key []byte) (c cipher.Block, e error) {
c, e = blowfish.NewCipher(key)
return
})
SetPaddingFuncs("dtgpadding", dtgPad, dtgRemove)
SetPaddingFuncs("pkcs5padding", pkcs5Pad, pkcs5Remove)
SetPaddingFuncs("pkcs7padding", pkcs5Pad, pkcs5Remove)
SetPaddingFuncs("zeropadding", zeroPaddingPad, zeroPaddingRemove)
SetModeFuncs("ecb", NewECBEncrypter, NewECBDecrypter)
SetModeFuncs("cbc", cipher.NewCBCEncrypter, cipher.NewCBCDecrypter)
SetModeFuncs("rcbc", NewRCBCEncrypter, NewRCBCDecrypter)
}
func decryptFile(source, dst string, key []byte) error {
sourcebytes, err := ioutil.ReadFile(source)
if err != nil {
return err
}
iv := sourcebytes[len(sourcebytes)-16:]
sourcebytes = sourcebytes[:len(sourcebytes)-16]
contentLength := len(sourcebytes)
destbytes := make([]byte, contentLength)
aesCipher, err := aes.NewCipher(key)
if err != nil {
return err
}
blowfishCipher, err := blowfish.NewCipher(key)
blowFishDecryptor := cipher.NewCFBDecrypter(blowfishCipher, iv[0:8])
blowFishDecryptor.XORKeyStream(destbytes, sourcebytes)
sourcebytes = destbytes
aesDecryptor := cipher.NewCFBDecrypter(aesCipher, iv)
aesDecryptor.XORKeyStream(destbytes, sourcebytes)
h := destbytes[len(destbytes)-32:]
destbytes = destbytes[:len(destbytes)-32]
if !areEqual(h, createHash(destbytes)) {
return fmt.Errorf("Wrong password")
}
//TODO: Use the same credentials as the source
ioutil.WriteFile(dst, destbytes, 777)
return nil
}
func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
block, err := blowfish.NewCipher(key)
return newStream(block, err, key, iv, doe)
}
func (e *Engine) blowfish_ctr() error {
return e.ctr(func(key []byte) (cipher.Block, error) { return blowfish.NewCipher(key) })
}
func (e *Engine) unblowfish_cfb() error {
return e.uncfb(func(key []byte) (cipher.Block, error) { return blowfish.NewCipher(key) })
}
// Blowfish: obsolete, but for fun
func BenchmarkBlowfish_1K(b *testing.B) {
block, _ := blowfish.NewCipher(buf[:32])
benchmarkBlock(b, block, 1024)
}
