cipher.go 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. // Copyright 2010 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. // Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
  5. //
  6. // Blowfish is a legacy cipher and its short block size makes it vulnerable to
  7. // birthday bound attacks (see https://sweet32.info). It should only be used
  8. // where compatibility with legacy systems, not security, is the goal.
  9. //
  10. // Deprecated: any new system should use AES (from crypto/aes, if necessary in
  11. // an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
  12. // golang.org/x/crypto/chacha20poly1305).
  13. package blowfish // import "golang.org/x/crypto/blowfish"
  14. // The code is a port of Bruce Schneier's C implementation.
  15. // See https://www.schneier.com/blowfish.html.
  16. import "strconv"
  17. // The Blowfish block size in bytes.
  18. const BlockSize = 8
  19. // A Cipher is an instance of Blowfish encryption using a particular key.
  20. type Cipher struct {
  21. p [18]uint32
  22. s0, s1, s2, s3 [256]uint32
  23. }
  24. type KeySizeError int
  25. func (k KeySizeError) Error() string {
  26. return "crypto/blowfish: invalid key size " + strconv.Itoa(int(k))
  27. }
  28. // NewCipher creates and returns a Cipher.
  29. // The key argument should be the Blowfish key, from 1 to 56 bytes.
  30. func NewCipher(key []byte) (*Cipher, error) {
  31. var result Cipher
  32. if k := len(key); k < 1 || k > 56 {
  33. return nil, KeySizeError(k)
  34. }
  35. initCipher(&result)
  36. ExpandKey(key, &result)
  37. return &result, nil
  38. }
  39. // NewSaltedCipher creates a returns a Cipher that folds a salt into its key
  40. // schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
  41. // sufficient and desirable. For bcrypt compatibility, the key can be over 56
  42. // bytes.
  43. func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
  44. if len(salt) == 0 {
  45. return NewCipher(key)
  46. }
  47. var result Cipher
  48. if k := len(key); k < 1 {
  49. return nil, KeySizeError(k)
  50. }
  51. initCipher(&result)
  52. expandKeyWithSalt(key, salt, &result)
  53. return &result, nil
  54. }
  55. // BlockSize returns the Blowfish block size, 8 bytes.
  56. // It is necessary to satisfy the Block interface in the
  57. // package "crypto/cipher".
  58. func (c *Cipher) BlockSize() int { return BlockSize }
  59. // Encrypt encrypts the 8-byte buffer src using the key k
  60. // and stores the result in dst.
  61. // Note that for amounts of data larger than a block,
  62. // it is not safe to just call Encrypt on successive blocks;
  63. // instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
  64. func (c *Cipher) Encrypt(dst, src []byte) {
  65. l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
  66. r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
  67. l, r = encryptBlock(l, r, c)
  68. dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
  69. dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
  70. }
  71. // Decrypt decrypts the 8-byte buffer src using the key k
  72. // and stores the result in dst.
  73. func (c *Cipher) Decrypt(dst, src []byte) {
  74. l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
  75. r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
  76. l, r = decryptBlock(l, r, c)
  77. dst[0], dst[1], dst[2], dst[3] = byte(l>>24), byte(l>>16), byte(l>>8), byte(l)
  78. dst[4], dst[5], dst[6], dst[7] = byte(r>>24), byte(r>>16), byte(r>>8), byte(r)
  79. }
  80. func initCipher(c *Cipher) {
  81. copy(c.p[0:], p[0:])
  82. copy(c.s0[0:], s0[0:])
  83. copy(c.s1[0:], s1[0:])
  84. copy(c.s2[0:], s2[0:])
  85. copy(c.s3[0:], s3[0:])
  86. }