func NewBlock(method string, keyfile string) (c cipher.Block, err error) {
logger.Debugf("Crypt Wrapper with %s preparing.", method)
file, err := os.Open(keyfile)
if err != nil {
return
}
defer file.Close()
key := make([]byte, KEYSIZE)
_, err = io.ReadFull(file, key)
if err != nil {
return
}
switch method {
case "aes":
c, err = aes.NewCipher(key)
case "des":
c, err = des.NewCipher(key)
case "tripledes":
c, err = des.NewTripleDESCipher(key)
}
return
}
func desDecode(b []byte) ([]byte, error) {
td, err := des.NewTripleDESCipher(deskey)
if err != nil {
logger.Println(err)
return nil, err
}
// blockMode := cipher.NewCBCDecrypter(block, key)
// orig := make([]byte, len(b))
// blockMode.CryptBlocks(orig, b)
// logger.Println(string(orig))
n := len(b) / td.BlockSize()
var rb []byte
for i := 0; i < n; i++ {
dst := make([]byte, td.BlockSize())
td.Decrypt(dst, b[i*8:(i+1)*8])
rb = append(rb, dst[:]...)
}
lastValue := int(rb[len(rb)-1])
logger.Println(string(rb[0 : len(rb)-lastValue]))
// 移除最后的0
return bytes.TrimRight(rb, string([]byte{0})), nil
}
func init() {
var err error
block3DES, err = des.NewTripleDESCipher(make([]byte, 24))
if err != nil {
panic(err)
}
}
func tripleDESDecode(key, src string) string {
if len(key) != 16 && len(key) != 24 {
panic("key length error, must be 16 or 24")
}
data, err := coder.DecodeString(src)
if err != nil {
panic(err)
}
tripleDESKey := make([]byte, 0, 24)
if len(key) == 16 {
tripleDESKey = append(tripleDESKey, key[:16]...)
tripleDESKey = append(tripleDESKey, key[:8]...)
} else {
tripleDESKey = append(tripleDESKey, key[:]...)
}
td, err := des.NewTripleDESCipher(tripleDESKey)
if err != nil {
panic(err)
}
n := len(data) / td.BlockSize()
var rb []byte
for i := 0; i < n; i++ {
dst := make([]byte, td.BlockSize())
td.Decrypt(dst, data[i*8:(i+1)*8])
rb = append(rb, dst[:]...)
}
lastValue := int(rb[len(rb)-1])
return string(rb[0 : len(rb)-lastValue])
}
func Encrypt3DESECB(input []byte, key []byte) []byte {
if len(key) != 24 {
log.Panic("Key must be 24 bytes")
}
block, err := des.NewTripleDESCipher(key)
if err != nil {
log.Panic(err)
}
bs := block.BlockSize()
//log.Printf("Block size: %d", bs)
if len(input)%bs != 0 {
log.Panic("Input should be a multiple of blocksize")
}
//log.Printf("Input length: %d", len(input))
m := len(input) / bs
//log.Printf("Going for %d cycles", m)
data := []byte{}
buf := make([]byte, bs)
for i := 0; i < m; i++ {
//log.Printf("%d: byte: %s", i, hex.EncodeToString(input[0:bs]))
block.Encrypt(buf, input)
input = input[bs:]
data = append(data, buf...)
}
return data
}
func cipher3DES(key, iv []byte, isRead bool) interface{} {
block, _ := des.NewTripleDESCipher(key)
if isRead {
return cipher.NewCBCDecrypter(block, iv)
}
return cipher.NewCBCEncrypter(block, iv)
}
func main() {
plainText := []byte("Bob loves Alice.")
// Key must be 24(8*3) bytes because tdes runs des 3 times
// plain text -> (DES encrypt) -> (DES decrypt) -> (DES encrypt) -> cipher text
// DES-EDE2 uses the same key for first and the third encrypt
// DES-EDE3 uses different key for all encrypt/decrypt
key := []byte("passw0rdpassw0rdpassw0rd")
// Create Cipher block for TDES
block, err := des.NewTripleDESCipher(key)
if err != nil {
fmt.Printf("err: %s", err)
return
}
// Create initialization vector from rand.reader
iv := make([]byte, des.BlockSize)
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
fmt.Printf("err: %s", err)
return
}
// Encrypt with CBC mode
cipherText := make([]byte, len(plainText))
encryptMode := cipher.NewCBCEncrypter(block, iv)
encryptMode.CryptBlocks(cipherText, plainText)
fmt.Printf("Cipher text: %v\n", cipherText)
// Decrypt with CBC mode
decryptedText := make([]byte, len(cipherText))
decryptMode := cipher.NewCBCDecrypter(block, iv)
decryptMode.CryptBlocks(decryptedText, cipherText)
fmt.Printf("Decrypted text: %s\n", string(decryptedText))
}
// 3DES decode
// Just like encode
func TripleDESDecode(plaintext string) string {
ciphertext, err := base64.StdEncoding.DecodeString(plaintext)
if err != nil {
panic(err)
}
block, err := des.NewTripleDESCipher(de2key)
if err != nil {
panic(err)
}
bs := block.BlockSize()
if len(ciphertext) < bs {
panic("ciphertext too short")
}
// CBC mode always works in whole blocks.
if len(ciphertext)%bs != 0 {
panic("ciphertext is not a multiple of the block size")
}
mode := cipher.NewCBCDecrypter(block, iv)
// CryptBlocks can work in-place if the two arguments are the same.
mode.CryptBlocks(ciphertext, ciphertext)
ciphertext = PKCS5UnPadding(ciphertext)
return string(ciphertext)
}
func init() {
var err error
block3DES, err = des.NewTripleDESCipher(make([]byte, 24))
if err != nil {
panic(err)
}
planbuilder.Register("hash", NewHashVindex)
}
func NewTripleDesConn(conn net.Conn, key []byte, iv []byte) (sc net.Conn, err error) {
block, err := des.NewTripleDESCipher(key)
if err != nil {
return
}
in := cipher.NewCFBDecrypter(block, iv)
out := cipher.NewCFBEncrypter(block, iv)
return CryptConn{conn.(*net.TCPConn), in, out}, nil
}
func encryptPinAP(decPin []byte, passLen int, strCardNo string, cardNoLen int,
encPin []byte, pinKey string, als Logger) error {
strPin := make([]byte, 16)
pinCardNo := make([]byte, 32)
byteCopy(pinCardNo, []byte("0000"), 4)
iLen := len(strCardNo)
byteCopy(pinCardNo[4:], []byte(strCardNo[iLen-13:]), 12)
myStr := fmt.Sprintf("CardPan:[%d][%s]", 16, string(pinCardNo[:16]))
als.WriteLog(hlog.DEBUG_LEVEL, myStr, hlog.RPT_TO_FILE, nil, 0)
byteSet(strPin, 'F', 16)
if decPin[7] == 0 {
passLen = 6
}
myStr = fmt.Sprintf("%02d%s", passLen, string(decPin[:passLen]))
byteCopy(strPin, []byte(myStr), len(myStr))
bcdCardNo, err := hex.DecodeString(string(pinCardNo[:16]))
if err != nil {
als.WriteLog(hlog.ERR_LEVEL, err.Error(), hlog.RPT_TO_FILE, nil, 0)
return err
}
pinBlock, err1 := hex.DecodeString(string(strPin[:16]))
if err1 != nil {
als.WriteLog(hlog.ERR_LEVEL, err1.Error(), hlog.RPT_TO_FILE, nil, 0)
return err1
}
binKey, err2 := hex.DecodeString(pinKey)
if err2 != nil {
als.WriteLog(hlog.ERR_LEVEL, err2.Error(), hlog.RPT_TO_FILE, nil, 0)
return err2
}
iLen = len(binKey)
for i := 0; i < 8; i++ {
pinBlock[i] ^= bcdCardNo[i]
}
if iLen == 8 {
hDes(pinBlock, encPin, binKey, ENCRYPT)
} else {
x, err := des.NewTripleDESCipher(binKey)
if err != nil {
als.WriteLog(hlog.ERR_LEVEL, err.Error(), hlog.RPT_TO_FILE, nil, 0)
return err
}
x.Encrypt(encPin, pinBlock)
// hDes3(pinBlock, encPin, binKey, iLen, ENCRYPT)
}
als.WriteLog(hlog.DEBUG_LEVEL, "加密前密码", hlog.RPT_TO_FILE, decPin, passLen)
als.WriteLog(hlog.DEBUG_LEVEL, "加密后密码", hlog.RPT_TO_FILE, encPin, 8)
return nil
}
func (eci encryptedContentInfo) decrypt(key []byte) ([]byte, error) {
alg := eci.ContentEncryptionAlgorithm.Algorithm
if !alg.Equal(oidEncryptionAlgorithmDESCBC) && !alg.Equal(oidEncryptionAlgorithmDESEDE3CBC) && !alg.Equal(oidEncryptionAlgorithmAES256CBC) {
fmt.Printf("Unsupported Content Encryption Algorithm: %s\n", alg)
return nil, ErrUnsupportedAlgorithm
}
// EncryptedContent can either be constructed of multple OCTET STRINGs
// or _be_ a tagged OCTET STRING
var cyphertext []byte
if eci.EncryptedContent.IsCompound {
// Complex case to concat all of the children OCTET STRINGs
var buf bytes.Buffer
cypherbytes := eci.EncryptedContent.Bytes
for {
var part []byte
cypherbytes, _ = asn1.Unmarshal(cypherbytes, &part)
buf.Write(part)
if cypherbytes == nil {
break
}
}
cyphertext = buf.Bytes()
} else {
// Simple case, the bytes _are_ the cyphertext
cyphertext = eci.EncryptedContent.Bytes
}
var block cipher.Block
var err error
switch {
case alg.Equal(oidEncryptionAlgorithmDESCBC):
block, err = des.NewCipher(key)
case alg.Equal(oidEncryptionAlgorithmDESEDE3CBC):
block, err = des.NewTripleDESCipher(key)
case alg.Equal(oidEncryptionAlgorithmAES256CBC):
block, err = aes.NewCipher(key)
}
if err != nil {
return nil, err
}
iv := eci.ContentEncryptionAlgorithm.Parameters.Bytes
if len(iv) != block.BlockSize() {
return nil, errors.New("pkcs7: encryption algorithm parameters are malformed")
}
mode := cipher.NewCBCDecrypter(block, iv)
plaintext := make([]byte, len(cyphertext))
mode.CryptBlocks(plaintext, cyphertext)
if plaintext, err = unpad(plaintext, mode.BlockSize()); err != nil {
return nil, err
}
return plaintext, nil
}
// new returns a fresh instance of the given cipher.
func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
switch cipher {
case Cipher3DES:
block, _ = des.NewTripleDESCipher(key)
case CipherCAST5:
block, _ = cast5.NewCipher(key)
case CipherAES128, CipherAES192, CipherAES256:
block, _ = aes.NewCipher(key)
}
return
}
func TripleDesEncrypt(origData, key []byte) ([]byte, error) {
block, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
origData = PKCS5Padding(origData, block.BlockSize())
blockMode := cipher.NewCBCEncrypter(block, key[:8])
crypted := make([]byte, len(origData))
blockMode.CryptBlocks(crypted, origData)
return crypted, nil
}
func TripleDesDecrypt(crypted, key []byte) ([]byte, error) {
block, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
blockMode := cipher.NewCBCDecrypter(block, key[:8])
origData := make([]byte, len(crypted))
blockMode.CryptBlocks(origData, crypted)
origData = PKCS5UnPadding(origData)
return origData, nil
}
func newBlockCipher(name string, key []byte) (cipher.Block, error) {
switch name {
case "aes128":
return aes.NewCipher(key)
case "aes256":
return aes.NewCipher(key)
case "3des":
return des.NewTripleDESCipher(key)
default:
return nil, fmt.Errorf("unknown cipher '%s'", name)
}
}
func (this *Pub) DeData(cryptData []byte) ([]byte, error) {
return cryptData, nil
block, err := des.NewTripleDESCipher(DES_KEY)
if err != nil {
return nil, err
}
blockMode := cipher.NewCBCDecrypter(block, DES_KEY[:8])
origData := make([]byte, len(cryptData))
blockMode.CryptBlocks(origData, cryptData)
origData = this.unPadding(origData)
return origData, nil
}
func (this *Pub) EnData(originData []byte) ([]byte, error) {
return originData, nil
block, err := des.NewTripleDESCipher(DES_KEY)
if err != nil {
return nil, err
}
originData = this.padding(originData, block.BlockSize())
blockMode := cipher.NewCBCEncrypter(block, DES_KEY[:8])
crypted := make([]byte, len(originData))
blockMode.CryptBlocks(crypted, originData)
return crypted, nil
}
func (this *SecurityTripleDES) Decrypt(key, data []byte) ([]byte, error) {
key = this.GetKey(key, this.keySize)
block, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
blockMode := cipher.NewCBCDecrypter(block, this.GetIV(key, this.ivSize))
originalData := make([]byte, len(data))
blockMode.CryptBlocks(originalData, data)
originalData = ZeroUnPadding(originalData)
return originalData, nil
}
func (this *SecurityTripleDES) Encrypt(key, data []byte) ([]byte, error) {
key = this.GetKey(key, this.keySize)
block, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
originalData := PKCS5Padding(data, block.BlockSize())
blockMode := cipher.NewCBCEncrypter(block, this.GetIV(key, this.ivSize))
crypted := make([]byte, len(originalData))
blockMode.CryptBlocks(crypted, originalData)
return crypted, nil
}
func newTripleDESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
c, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
cbc, err := newCBCCipher(c, iv, key, macKey, algs)
if err != nil {
return nil, err
}
return cbc, nil
}
func MakeCipher() cipher.Block {
var c cipher.Block
var err error
if *triple {
c, err = des.NewTripleDESCipher(Key())
} else {
c, err = des.NewCipher(Key())
}
if err != nil {
log.Fatalf("failed making the DES cipher: %s", err)
}
return c
}
func new3DESCBC(dir cryptDirection, key, iv []byte) (cipher.BlockMode, error) {
c, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
if dir == encrypt {
return cipher.NewCBCEncrypter(c, iv), nil
} else if dir == decrypt {
return cipher.NewCBCDecrypter(c, iv), nil
} else {
panic(fmt.Sprintf("invalid crypt direction: %v", dir))
}
}
// 3DES加密
func (this *Des) TripleDesEncrypt(origData []byte, key string, iv string) ([]byte, error) {
block, err := des.NewTripleDESCipher([]byte(key))
if err != nil {
return nil, err
}
origData = this.PKCS5Padding(origData, block.BlockSize())
// origData = ZeroPadding(origData, block.BlockSize())
//blockMode := cipher.NewCBCEncrypter(block, key[:8])
blockMode := cipher.NewCBCEncrypter(block, []byte(iv))
crypted := make([]byte, len(origData))
blockMode.CryptBlocks(crypted, origData)
return crypted, nil
}
// 3DES解密
func (this *Des) TripleDesDecrypt(crypted []byte, key string, iv string) ([]byte, error) {
block, err := des.NewTripleDESCipher([]byte(key))
if err != nil {
return nil, err
}
//blockMode := cipher.NewCBCDecrypter(block, key[:8])
blockMode := cipher.NewCBCDecrypter(block, []byte(iv))
origData := make([]byte, len(crypted))
// origData := crypted
blockMode.CryptBlocks(origData, crypted)
origData = this.PKCS5UnPadding(origData)
// origData = ZeroUnPadding(origData)
return origData, nil
}
// 3DES加密
func (this *TripleDesEncrypt) Encrypt(strMesg string) ([]byte, error) {
key := this.getKey()
origData := []byte(strMesg)
block, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
origData = PKCS5Padding(origData, block.BlockSize())
blockMode := cipher.NewCBCEncrypter(block, key[:8])
crypted := make([]byte, len(origData))
blockMode.CryptBlocks(crypted, origData)
return crypted, nil
}
func EncryptPassword(key, str string) (string, error) {
strBytes := []byte(str)
null := make([]byte, 8-len(strBytes)%des.BlockSize)
strBytes = append(strBytes, null...)
block, err := des.NewTripleDESCipher([]byte(key))
if err != nil {
return "", err
}
ciphertext := make([]byte, len(strBytes))
mode := newECBEncrypter(block)
mode.CryptBlocks(ciphertext, strBytes)
return string(ciphertext), nil
}
// 3DES解密
func (this *TripleDesEncrypt) Decrypt(crypted []byte) ([]byte, error) {
key := this.getKey()
block, err := des.NewTripleDESCipher(key)
if err != nil {
return nil, err
}
crypted, err = base64.StdEncoding.DecodeString(string(crypted))
if err != nil {
return nil, err
}
blockMode := cipher.NewCBCDecrypter(block, key[:8])
origData := make([]byte, len(crypted))
blockMode.CryptBlocks(origData, crypted)
origData = PKCS5UnPadding(origData)
return origData, nil
}
func ExampleNewTripleDESCipher() {
// NewTripleDESCipher can also be used when EDE2 is required by
// duplicating the first 8 bytes of the 16-byte key.
ede2Key := []byte("example key 1234")
var tripleDESKey []byte
tripleDESKey = append(tripleDESKey, ede2Key[:16]...)
tripleDESKey = append(tripleDESKey, ede2Key[:8]...)
_, err := des.NewTripleDESCipher(tripleDESKey)
if err != nil {
panic(err)
}
// See crypto/cipher for how to use a cipher.Block for encryption and
// decryption.
}
func NewBlock(method string, key string) (c cipher.Block, err error) {
log.Debug("Crypt Wrapper with %s preparing.", method)
byteKey, err := base64.StdEncoding.DecodeString(key)
if err != nil {
return
}
switch method {
default:
c, err = aes.NewCipher(byteKey)
case "aes":
c, err = aes.NewCipher(byteKey)
case "des":
c, err = des.NewCipher(byteKey)
case "tripledes":
c, err = des.NewTripleDESCipher(byteKey)
}
return
}
