最近由于工作的需要,需要的实现一个go的Blowfish算法。其实go本身有一个加密算法库crypto,其中有Blowfish。但是该算法在很多细节上跟我的需求不同,导致最终加密结果千差万别。
Blowfish算法
BlowFish是对称加密算法的其中一种。在很多场景下,作为DES的替代出现。BlowFish并不是直接用我们指定的密钥对数据加密,而是先对密钥进行预处理,然后用处理的结果再对数据加密。解密过程同理。
BlowFish算法内置两个源密钥:pbox和sbox,pbox18位数组,sbox4个256位数组组成。算法在加密解密时,根据两个盒子大量使用位移运算和逻辑位运算。具体的算法细节自行百度/谷歌,本文就不详述了。
GO实现
1. 生成pbox和sbox
几个重要的变量声明
var (
Pencs string = "!!!这是一个18位长度的串!!!"
Sencs string = "!!!这是一个1024位长度的串!!!"
Penc []uint8 = []uint8(Pencs)
Senc []uint8 = []uint8(Sencs)
Pinit []uint32 = make([]uint32, len(Penc)*7/32)
Sinit []uint32 = make([]uint32, len(Senc)*7/32)
PPP []uint32 = make([]uint32, 18) //p盒子
SSS0 []uint32 = make([]uint32, 256) //第一个盒子
SSS1 []uint32 = make([]uint32, 256) //第二个盒子
SSS2 []uint32 = make([]uint32, 256) //第三个盒子
SSS3 []uint32 = make([]uint32, 256) //第四个盒子
)
生成pbox和sbox
将2个盒子的源串Pencs和Sencs,每个字节右移一定位数,生成中间数组Pinit和Sinit
func initParam() {
var poff int32 = 25
plen := len(Penc)
for i, j := 0, 0; j < plen; j++ {
if j == plen-1 {
Pinit[i] |= uint32(Penc[j]) >> uint32(-poff)
} else if poff < 0 {
Pinit[i] |= uint32(Penc[j]) >> uint32(-poff)
i++
poff += 32
Pinit[i] |= uint32(Penc[j]) << uint32(poff)
} else {
Pinit[i] |= uint32(Penc[j]) << uint32(poff)
}
poff -= 7
}
var soff int32 = 25
slen := len(Senc)
for i, j := 0, 0; j < slen; j++ {
if j == slen-1 {
Sinit[i] |= uint32(Senc[j]) >> uint32(-soff)
} else if soff < 0 {
Sinit[i] |= uint32(Senc[j]) >> uint32(-soff)
i++
soff += 32
Sinit[i] |= uint32(Senc[j]) << uint32(soff)
} else {
Sinit[i] |= uint32(Senc[j]) << uint32(soff)
}
soff -= 7
}
}
2. 密钥预处理
func SetKey(key []uint8) {
ptemp := []uint32{0, 0}
stemp := [][]uint32{SSS0, SSS1, SSS2, SSS3}
copy(PPP, Pinit)
for i, j := 0, 0; i < 4; i++ {
copy(stemp[i], Sinit[j:])
j += 256
}
lenth := len(key)
ll := 0
for i, j := uint32(0), uint32(0); i < 18; i++ {
for k := 0; k < 4; k++ {
ll %= lenth
j = j<<8 | uint32(key[ll])&255
ll++
}
PPP[i] ^= j
}
encryptKey(ptemp, 0, PPP, 0)
for i := uint32(0); i < 16; i += 2 {
encryptKey(PPP, i, PPP, i+2)
}
encryptKey(PPP, 16, stemp[0], 0)
for j := uint32(2); j < 256; j += 2 {
encryptKey(stemp[0], uint32(j-2), stemp[0], uint32(j))
}
k := 0
l := 254
for i := 1; i < 4; i++ {
for j := 0; j < 256; j += 2 {
encryptKey(stemp[k], uint32(l), stemp[i], uint32(j))
k = i
l = j
}
}
}
func encryptKey(in []uint32, inOff uint32, out []uint32, outOff uint32) {
left := in[inOff] ^ PPP[0]
inOff++
right := in[inOff]
for i := 0; i < 16; i++ {
temp := (SSS0[left>>24&255] + SSS1[left>>16&255] ^ SSS2[left>>8&255]) + SSS3[left&255]
i++
right ^= temp ^ PPP[i]
temp = (SSS0[right>>24&255] + SSS1[right>>16&255] ^ SSS2[right>>8&255]) + SSS3[right&255]
left ^= temp ^ PPP[i+1]
}
out[outOff] = right ^ PPP[17]
outOff++
out[outOff] = left
}
3. 加密
func Encrypt(encryptable []uint8) []uint8 {
blocks := len(encryptable) / 64
rem := len(encryptable) % 64
length := blocks * 64
var output []uint8
if rem > 0 {
output = make([]uint8, length+64)
} else {
output = make([]uint8, length)
}
for i := 0; i < 64-rem; i++ {
encryptable = append(encryptable, 0)
}
for i := 0; i < len(encryptable); i += 8 {
encryptBytes(encryptable, uint32(i), output, uint32(i))
}
return output
}
func encryptBytes(in []uint8, inOff uint32, out []uint8, outOff uint32) {
left := ((uint32(in[inOff])&255)<<24 | (uint32(in[inOff+1])&255)<<16 | (uint32(in[inOff+2])&255)<<8 | (uint32(in[inOff+3]) & 255)) ^ PPP[0]
right := (uint32(in[inOff+4])&255)<<24 | (uint32(in[inOff+5])&255)<<16 | (uint32(in[inOff+6])&255)<<8 | uint32(in[inOff+7])&255
for i := 1; i < 17; i += 2 {
right ^= (SSS0[left>>24&255] + SSS1[left>>16&255] ^ SSS2[left>>8&255]) + SSS3[left&255] ^ PPP[i]
left ^= (SSS0[right>>24&255] + SSS1[right>>16&255] ^ SSS2[right>>8&255]) + SSS3[right&255] ^ PPP[i+1]
}
right ^= PPP[17]
out[outOff] = uint8(right >> 24 & 255)
out[outOff+1] = uint8(right >> 16 & 255)
out[outOff+2] = uint8(right >> 8 & 255)
out[outOff+3] = uint8(right & 255)
out[outOff+4] = uint8(left >> 24 & 255)
out[outOff+5] = uint8(left >> 16 & 255)
out[outOff+6] = uint8(left >> 8 & 255)
out[outOff+7] = uint8(left & 255)
}
网友评论