Golang cipher.BlockMode類代碼示例

func decrypt(block cipher.Block, in io.Reader, size int, out io.WriteCloser) error {
	var err error
	var buf []byte
	var count int
	var decrypter cipher.BlockMode

	defer out.Close()

	buf = make([]byte, block.BlockSize())
	if _, err = io.ReadFull(in, buf); err != nil {
		return err
	}
	decrypter = cipher.NewCBCDecrypter(block, buf)

	count = (size - block.BlockSize()) / block.BlockSize()
	for count > 0 && err == nil {
		if _, err = io.ReadFull(in, buf); err == nil {
			decrypter.CryptBlocks(buf, buf)
			if count == 1 {
				for count = block.BlockSize() - 1; buf[count] == 0x00; count-- {
					continue
				}
				if buf[count] == 0x80 {
					buf = buf[:count]
				}
			}
			_, err = out.Write(buf)
		}
		count--
	}
	if err == io.EOF {
		return nil
	}
	return err
}

// AesOracle prepends and appends 5-10 random bytes to a plaintext,
// encrypts the plaintext under a predetermined BlockMode, then
// returns the detected BlockMode
func AesOracle(plaintext []byte, encrypter cipher.BlockMode) string {
	// Generate random bytes to prepend/append to plaintext
	prependBytes, _ := bytes.Random(r.Intn(5) + 5)
	appendBytes, _ := bytes.Random(r.Intn(5) + 5)

	plaintext = append(prependBytes, plaintext...)
	plaintext = append(plaintext, appendBytes...)
	plaintext, _ = blocks.Pkcs7(plaintext, aes.BlockSize)

	ciphertext := make([]byte, len(plaintext))
	modifiedCiphertext := make([]byte, len(plaintext))

	// Modify the first block of the plaintext
	modified := plaintext
	modified[0] = byte(255)
	encrypter.CryptBlocks(ciphertext, plaintext)
	encrypter.CryptBlocks(modifiedCiphertext, modified)

	// If the second block in the modified ciphertext is affected by a
	// change in the first block of the plaintext, return CBC mode
	if ciphertext[16] != modifiedCiphertext[16] {
		return "CBC"
	}
	return "ECB"
}

// AES-CBC 返回binary結果
func AESCBC(byteKey, src []byte, isEncode bool) (rst []byte) {
	rst = make([]byte, len(src))
	b, err := aes.NewCipher(byteKey)
	if err != nil {
		return
	}
	iv := byteKey[:aes.BlockSize]
	var cc cipher.BlockMode
	var nsrc []byte
	if isEncode {
		cc = cipher.NewCBCEncrypter(b, iv)
		nsrc = PKCS5Padding(src, aes.BlockSize)
	} else {
		cc = cipher.NewCBCDecrypter(b, iv)
		nsrc = src
	}
	dst := make([]byte, len(nsrc))
	cc.CryptBlocks(dst, nsrc)
	if isEncode {
		rst = dst
	} else {
		rst = PKCS5UnPadding(dst)
	}
	return
}

func clientDecryptUnpadDecode(ciphertext []byte, engine cipher.BlockMode) (
	msg *UpaxClientMsg, err error) {

	plaintext := make([]byte, len(ciphertext))
	engine.CryptBlocks(plaintext, ciphertext) // dest <- src

	unpaddedCData, err := xc.StripPKCS7Padding(plaintext, aes.BlockSize)
	if err == nil {
		msg, err = decodeClientPacket(unpaddedCData)
	}
	return
}

func clientEncodePadEncrypt(msg *UpaxClientMsg, engine cipher.BlockMode) (
	ciphertext []byte, err error) {

	var paddedData []byte
	cData, err := encodeClientPacket(msg)
	if err == nil {
		paddedData, err = xc.AddPKCS7Padding(cData, aes.BlockSize)
	}
	if err == nil {
		msgLen := len(paddedData)
		nBlocks := (msgLen + aes.BlockSize - 2) / aes.BlockSize
		ciphertext = make([]byte, nBlocks*aes.BlockSize)
		engine.CryptBlocks(ciphertext, paddedData) // dest <- src
	}
	return
}

func (c *DefaultCryptor) Encrypt(encryptor cipher.BlockMode, msg []byte) (cipherText []byte, err error) {
	if msg != nil {
		// let caller do pkcs7 padding
		msg = padding.PKCS7.Padding(msg, encryptor.BlockSize())
		if len(msg) < encryptor.BlockSize() || len(msg)%encryptor.BlockSize() != 0 {
			err = ErrInputTextSize
			return
		}
		cipherText = msg
		encryptor.CryptBlocks(cipherText, msg)
	}
	return
}

func (c *DefaultCryptor) Decrypt(decryptor cipher.BlockMode, cipherText []byte) (msg []byte, err error) {
	if decryptor != nil {
		if len(cipherText) < decryptor.BlockSize() || len(cipherText)%decryptor.BlockSize() != 0 {
			err = ErrInputTextSize
			return
		}
		msg = cipherText
		decryptor.CryptBlocks(msg, cipherText)
		// let caller do pkcs7 unpadding
		msg, err = padding.PKCS7.Unpadding(msg, decryptor.BlockSize())
	}
	return
}

func writeField(w io.Writer, engine cipher.BlockMode, hmacEngine hash.Hash, ftype uint8, fdata []byte) error {
	if len(fdata) < 1 {
		return nil
	}

	type field struct {
		Length uint32
		Type   uint8
		Data   [11]byte
	}
	var datafield field
	datafield.Length = uint32(len(fdata))
	datafield.Type = ftype
	copy(datafield.Data[:], fdata)

	var buf bytes.Buffer
	binary.Write(&buf, binary.LittleEndian, &datafield)

	if datafield.Length > 11 {
		datafield.Length = datafield.Length - 11
		numBlocksToWrite := datafield.Length / 16
		if datafield.Length%16 != 0 {
			numBlocksToWrite++
		}
		blockData := make([]byte, numBlocksToWrite*16)
		copy(blockData, fdata[11:])
		buf.Write(blockData)
	}

	bufData := buf.Bytes()
	blockData := make([]byte, len(bufData))

	engine.CryptBlocks(blockData[:], bufData[:])

	hmacEngine.Write(fdata)

	_, errw := w.Write(blockData)
	return errw
}

func encrypt(block cipher.Block, in io.Reader, size int, out io.WriteCloser) error {
	var err error
	var rd int
	var buf []byte
	var last bool
	var encrypter cipher.BlockMode

	defer out.Close()

	buf = make([]byte, block.BlockSize())

	if _, err = io.ReadFull(rand.Reader, buf); err != nil {
		return err
	}
	encrypter = cipher.NewCBCEncrypter(block, buf)

	if _, err = out.Write(buf); err != nil {
		return err
	}
	for !last {
		if rd, err = io.ReadFull(in, buf); err != nil {
			if err == io.ErrUnexpectedEOF || err == io.EOF {
				buf = buf[:rd]
				buf = append(buf, 0x80)
				for len(buf) < block.BlockSize() {
					buf = append(buf, 0x00)
				}
				last = true
			} else {
				return err
			}
		}
		encrypter.CryptBlocks(buf, buf)
		if _, err = out.Write(buf); err != nil {
			return err
		}
	}
	return nil
}

func (eng *Engine) serverHandle(connidx uint64, conn *net.TCPConn) {
	var blockEncrypt, blockDecrypt cipher.BlockMode

	// BUG: handle eat up CPUs, and main goroutine is hungry

	// waiting for start signal
	<-eng.workswitch

	aesblock, err := aes.NewCipher(eng.aeskey)
	if err != nil {
		panic(err.Error())
	}
	blockDecrypt = cipher.NewCBCDecrypter(aesblock, eng.ivbuf)

	if eng.conf.twoway {
		blockEncrypt = cipher.NewCBCEncrypter(aesblock, eng.ivbuf)
	}

	// read from peer until error
	for eng.closing == false {
		if eng.conf.QPSLimit > 0 {
			<-eng.qpschannel
		}
		// work load

		atomic.AddInt64(eng.rwCount, 1)

		// read request
		_, err = conn.Read(eng.dummyBuf)
		if err != nil {
			// when peer closed, got EOF.
			break
		}
		blockDecrypt.CryptBlocks(eng.dummyBuf, eng.dummyBuf)

		if eng.conf.twoway {
			blockEncrypt.CryptBlocks(eng.dummyBuf, eng.dummyBuf)
			// write response
			_, err = conn.Write(eng.dummyBuf)
			if err != nil {
				break
			}
		}
	}
	//
	conn.Close()

	conn = nil
	//
	if eng.conf.nomap == false {
		eng.maxLock.Lock()
		delete(eng.conns, connidx)
		eng.maxLock.Unlock()
	}
	atomic.AddInt64(eng.aliveCount, -1)
}

// They are submitted as HTTP GET requests with the following fields:
//
//  - door is the name of the door which is sending updates,
//  - val is 0 or 1 depending on whether the door is closed or open,
//  - ts is the integer timestamp in seconds since January 1, 1970,
//  - hash is a SHA-256 hash of all of the above, and
//  - iv is the initialization vector used for encrypting the hash.
func (w *WriteAPI) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	var hashComputation = sha256.New()
	var secret []byte
	var block cipher.Block
	var mode cipher.BlockMode
	var hashdata []byte
	var orighash []byte
	var door string
	var val bool
	var ts int64
	var iv []byte
	var ok bool
	var err error

	err = req.ParseForm()
	if err != nil {
		invalidForms.Add(1)
		log.Print("Error parsing form: ", err)
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}

	door = req.FormValue("door")
	if !doornameRe.MatchString(door) {
		invalidDoorName.Add(1)
		log.Print("Door name contains invalid characters: ", door)
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}
	val, err = strconv.ParseBool(req.FormValue("val"))
	if err != nil {
		unparseableValue.Add(1)
		log.Print("Error parsing ", req.FormValue("val"), " as boolean: ", err)
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}
	ts, err = strconv.ParseInt(req.FormValue("ts"), 10, 64)
	if err != nil {
		unparseableTimestamp.Add(1)
		log.Print("Error parsing ", req.FormValue("ts"), " as number: ", err)
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}

	hashdata, err = base64.URLEncoding.DecodeString(req.FormValue("hash"))
	if err != nil {
		unparseableHash.Add(1)
		log.Print("Error parsing ", req.FormValue("hash"), " as base64: ", err)
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}

	if len(hashdata) != sha256.Size {
		unparseableHash.Add(1)
		log.Print("Hashdata ", req.FormValue("hash"),
			" is not of expected length")
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}

	secret, ok = w.secrets[door]
	if !ok {
		unknownDoor.Add(1)
		log.Print("Unknown door ", door)
		http.Error(rw, http.StatusText(http.StatusNotFound),
			http.StatusNotFound)
		return
	}

	block, err = aes.NewCipher(secret)
	if err != nil {
		hashVerificationFailed.Add(1)
		log.Print("Error creating AES cipher: ", err)
		http.Error(rw, http.StatusText(http.StatusInternalServerError),
			http.StatusInternalServerError)
		return
	}

	iv, err = hex.DecodeString(req.FormValue("iv"))
	if err != nil {
		unparseableHash.Add(1)
		log.Print("Error decoding IV ", req.FormValue("iv"), ": ", err)
		http.Error(rw, http.StatusText(http.StatusBadRequest),
			http.StatusBadRequest)
		return
	}

//.........這裏部分代碼省略.........

func cryptstream(bm cipher.BlockMode, in io.Reader, out io.Writer, enc bool) (int, os.Error) {
	plaintext := make([]byte, aes.BlockSize)
	ciphertext := make([]byte, aes.BlockSize)
	total := 0
	pad := 0

	delayed := false

	for {
		n, err := in.Read(plaintext)
		if err == os.EOF {
			if n == 0 {
				break
			}
		} else if err != nil {
			return total, err
		}
		if enc {
			pad = aes.BlockSize - n
			for i := 0; i < pad; i++ {
				plaintext[aes.BlockSize-i-1] = byte(pad)
			}
		} else if delayed {
			n, err := out.Write(ciphertext)
			if err != nil {
				return total, err
			}
			total += n
		}

		bm.CryptBlocks(ciphertext, plaintext)
		if enc {
			n, err = out.Write(ciphertext)
			if err != nil {
				return total, err
			}
			total += n
		} else {
			delayed = true
		}
	}
	if pad == 0 && enc {
		for i := 0; i < aes.BlockSize; i++ {
			plaintext[i] = aes.BlockSize
		}
		bm.CryptBlocks(ciphertext, plaintext)
		n, err := out.Write(ciphertext)
		if err != nil {
			return total, err
		}
		total += n
	}
	// last block for decryption
	if !enc && delayed {
		strip := int(ciphertext[len(ciphertext)-1])
		if strip <= aes.BlockSize {
			ciphertext = ciphertext[0 : len(ciphertext)-strip]
			n, err := out.Write(ciphertext)
			if err != nil {
				return total, err
			}
			total += n
		} else if strip > aes.BlockSize {
			return total, fmt.Errorf("Decryption failed (wrong key?)")
		}
	}

	return total, nil
}

func (eng *Engine) clientHandle(idx int, connidx uint64, conn *net.TCPConn) {
	var blockEncrypt, blockDecrypt cipher.BlockMode

	// BUG: handle eat up CPUs, and main goroutine is hungry
	// should we impl goroutine-grouping

	// BUG: blockEncrypt only, qps = 3500000, blockEncrypt + blockDecrypt, qps = 280000, more then 10x decr.

	// waiting for start signal
	<-eng.workswitch

	aesblock, err := aes.NewCipher(eng.aeskey)
	if err != nil {
		panic(err.Error())
	}
	if eng.conf.twoway {
		blockDecrypt = cipher.NewCBCDecrypter(aesblock, eng.ivbuf)
	}
	blockEncrypt = cipher.NewCBCEncrypter(aesblock, eng.ivbuf)

	if eng.conf.noworkload {
		// read from peer until error
		// peer is reading too, so nothing happen
		for eng.closing == false {
			_, err = conn.Read(eng.dummyBuf)
			if err != nil {
				// when peer closed, got EOF.
				break
			}
			atomic.AddInt64(eng.rwCount, 1)
		}
	} else {
		// warite to peer until error
		for eng.closing == false {
			if eng.conf.QPSLimit > 0 {
				<-eng.qpschannel
			}
			// work load

			atomic.AddInt64(eng.rwCount, 1)

			blockEncrypt.CryptBlocks(eng.dummyBuf, eng.dummyBuf)

			// write request
			_, err = conn.Write(eng.dummyBuf)
			if err != nil {
				break
			}
			if eng.conf.twoway {
				// read respose
				_, err = conn.Read(eng.dummyBuf)
				if err != nil {
					// when peer closed, got EOF.
					break
				}
				blockDecrypt.CryptBlocks(eng.dummyBuf, eng.dummyBuf)
			}
		}
	}
	conn.Close()

	conn = nil

	eng.laddrPool[idx] <- connidx

	if eng.conf.nomap == false {
		eng.maxLock.Lock()
		delete(eng.conns, connidx)
		eng.maxLock.Unlock()
	}
	atomic.AddInt64(eng.aliveCount, -1)
}

func main() {
	fmt.Println("visualmoo - illustrate ECB badness through images.")
	flag.Usage = func() {
		fmt.Fprintf(os.Stderr, "Usage: %s [options] <input image> <output image>\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "Options:\n")
		flag.PrintDefaults()
	}
	flag.Parse()

	if flag.NArg() != 2 {
		flag.Usage()
		os.Exit(1)
	}
	inputFile, outputFile := flag.Arg(0), flag.Arg(1)

	reader, err := os.Open(inputFile)
	if err != nil {
		log.Fatal(err)
	}
	defer reader.Close()

	m, _, err := image.Decode(reader)
	imageData := image.NewRGBA(m.Bounds())
	draw.Draw(imageData, imageData.Rect, m, image.ZP, draw.Src)

	key := make([]byte, 16)

	if *fixedKey == "random" {
		// use a random key
		rand.Read(key)
	} else {
		var err error
		key, err = hex.DecodeString(*fixedKey)
		if err != nil {
			log.Fatal("Error decoding key from commandline: ", err)
		}
	}

	bc, err := aes.NewCipher(key)
	if err != nil {
		log.Fatal("Error setting up block cipher: ", err)
	}
	blockSize := bc.BlockSize()

	var blockMode cipher.BlockMode
	switch *mode {
	case "ECB":
		blockMode = NewECBEncrypter(bc)
	case "CBC":
		// Let's simply use all zero IV
		blockMode = cipher.NewCBCEncrypter(bc, make([]byte, blockSize))
	default:
		log.Fatal("Error: unsupported mode-of-operation.")
	}

	numPixels := len(imageData.Pix) / 4
	imageSize := numPixels * 4
	if *skipAlpha {
		imageSize = numPixels * 3
	}

	// Make sure the size of the input/output buffers are a multiple of the block
	// size
	nBlocks := 1 + ((imageSize - 1) / blockSize)
	inputBuffer := make([]byte, nBlocks*blockSize)
	outputBuffer := make([]byte, nBlocks*blockSize)

	// copy the data
	if *skipAlpha {
		// We skip the alpha channel in the RGBA data
		for i := 0; i < numPixels; i++ {
			copy(inputBuffer[i*3:i*3+3], imageData.Pix[i*4:i*4+3])
		}
	} else {
		// We can simply copy the RGBA data
		copy(inputBuffer[:len(imageData.Pix)], imageData.Pix)
	}

	// now encrypt
	blockMode.CryptBlocks(outputBuffer, inputBuffer)

	// And copy back the data into an image
	if *skipAlpha {
		for i := 0; i < numPixels; i++ {
			copy(imageData.Pix[i*4:i*4+3], outputBuffer[i*3:i*3+3])
		}
	} else {
		copy(imageData.Pix, outputBuffer[:len(imageData.Pix)])
	}

	// Write this mangled image to a file
	writer, err := os.Create(outputFile)
	if err != nil {
		log.Fatal(err)
	}
	defer writer.Close()
	newImage := imageData.SubImage(imageData.Rect)
	png.Encode(writer, newImage)
}

// newCipherBlockReader returns an io.Reader that decrypts the given io.Reader using
// the provided block mode cipher.
func newCipherBlockReader(r io.Reader, mode cipher.BlockMode) io.Reader {
	cr := &cipherBlockReader{r: r, mode: mode}
	cr.outbuf = make([]byte, 0, mode.BlockSize())
	cr.inbuf = make([]byte, 0, mode.BlockSize())
	return cr
}