python实现的DES加密算法和3DES加密算法实例

2020-01-04 18:07:55

字体：大中小

来源：转载

供稿：网友

这篇文章主要介绍了python实现的DES加密算法和3DES加密算法,以实例形式较为详细的分析了DES加密算法和3DES加密算法的原理与实现技巧,需要的朋友可以参考下

本文实例讲述了python实现的DES加密算法和3DES加密算法。分享给大家供大家参考。具体实现方法如下：

#############################################################################

# Documentation #

#############################################################################

# Author: Todd Whiteman

# Date: 16th March, 2009

# Verion: 2.0.0

# License: Public Domain - free to do as you wish

# Homepage: http://twhiteman.netfirms.com/des.html

#

# This is a pure python implementation of the DES encryption algorithm.

# It's pure python to avoid portability issues, since most DES

# implementations are programmed in C (for performance reasons).

#

# Triple DES class is also implemented, utilising the DES base. Triple DES

# is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.

#

# See the README.txt that should come with this python module for the

# implementation methods used.

#

# Thanks to:

# * David Broadwell for ideas, comments and suggestions.

# * Mario Wolff for pointing out and debugging some triple des CBC errors.

# * Santiago Palladino for providing the PKCS5 padding technique.

# * Shaya for correcting the PAD_PKCS5 triple des CBC errors.

#

"""A pure python implementation of the DES and TRIPLE DES encryption algorithms.

Class initialization

--------------------

pyDes.des(key, [mode], [IV], [pad], [padmode])

pyDes.triple_des(key, [mode], [IV], [pad], [padmode])

key -> Bytes containing the encryption key. 8 bytes for DES, 16 or 24 bytes

for Triple DES

mode -> Optional argument for encryption type, can be either

pyDes.ECB (Electronic Code Book) or pyDes.CBC (Cypher Block Chaining)

IV -> Optional Initial Value bytes, must be supplied if using CBC mode.

Length must be 8 bytes.

pad -> Optional argument, set the pad character (PAD_NORMAL) to use during

all encrypt/decrpt operations done with this instance.

padmode -> Optional argument, set the padding mode (PAD_NORMAL or PAD_PKCS5)

to use during all encrypt/decrpt operations done with this instance.

I recommend to use PAD_PKCS5 padding, as then you never need to worry about any

padding issues, as the padding can be removed unambiguously upon decrypting

data that was encrypted using PAD_PKCS5 padmode.

Common methods

--------------

encrypt(data, [pad], [padmode])

decrypt(data, [pad], [padmode])

data -> Bytes to be encrypted/decrypted

pad -> Optional argument. Only when using padmode of PAD_NORMAL. For

encryption, adds this characters to the end of the data block when

data is not a multiple of 8 bytes. For decryption, will remove the

trailing characters that match this pad character from the last 8

bytes of the unencrypted data block.

padmode -> Optional argument, set the padding mode, must be one of PAD_NORMAL

or PAD_PKCS5). Defaults to PAD_NORMAL.

Example

-------

from pyDes import *

data = "Please encrypt my data"

k = des("DESCRYPT", CBC, "/0/0/0/0/0/0/0/0", pad=None, padmode=PAD_PKCS5)

# For Python3, you'll need to use bytes, i.e.:

# data = b"Please encrypt my data"

# k = des(b"DESCRYPT", CBC, b"/0/0/0/0/0/0/0/0", pad=None, padmode=PAD_PKCS5)

d = k.encrypt(data)

print "Encrypted: %r" % d

print "Decrypted: %r" % k.decrypt(d)

assert k.decrypt(d, padmode=PAD_PKCS5) == data

See the module source (pyDes.py) for more examples of use.

You can also run the pyDes.py file without and arguments to see a simple test.

Note: This code was not written for high-end systems needing a fast

implementation, but rather a handy portable solution with small usage.

"""

import sys

# _pythonMajorVersion is used to handle Python2 and Python3 differences.

_pythonMajorVersion = sys.version_info[0]

# Modes of crypting / cyphering

ECB = 0

CBC = 1

# Modes of padding

PAD_NORMAL = 1

PAD_PKCS5 = 2

# PAD_PKCS5: is a method that will unambiguously remove all padding

# characters after decryption, when originally encrypted with

# this padding mode.

# For a good description of the PKCS5 padding technique, see:

# http://www.faqs.org/rfcs/rfc1423.html

# The base class shared by des and triple des.

class _baseDes(object):

def __init__(self, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL):

if IV:

IV = self._guardAgainstUnicode(IV)

if pad:

pad = self._guardAgainstUnicode(pad)

self.block_size = 8

# Sanity checking of arguments.

if pad and padmode == PAD_PKCS5:

raise ValueError("Cannot use a pad character with PAD_PKCS5")

if IV and len(IV) != self.block_size:

raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes")

# Set the passed in variables

self._mode = mode

self._iv = IV

self._padding = pad

self._padmode = padmode

def getKey(self):

"""getKey() -> bytes"""

return self.__key

def setKey(self, key):

"""Will set the crypting key for this object."""

key = self._guardAgainstUnicode(key)

self.__key = key

def getMode(self):

"""getMode() -> pyDes.ECB or pyDes.CBC"""

return self._mode

def setMode(self, mode):

"""Sets the type of crypting mode, pyDes.ECB or pyDes.CBC"""

self._mode = mode

def getPadding(self):

"""getPadding() -> bytes of length 1. Padding character."""

return self._padding

def setPadding(self, pad):

"""setPadding() -> bytes of length 1. Padding character."""

if pad is not None:

pad = self._guardAgainstUnicode(pad)

self._padding = pad

def getPadMode(self):

"""getPadMode() -> pyDes.PAD_NORMAL or pyDes.PAD_PKCS5"""

return self._padmode

def setPadMode(self, mode):

"""Sets the type of padding mode, pyDes.PAD_NORMAL or pyDes.PAD_PKCS5"""

self._padmode = mode

def getIV(self):

"""getIV() -> bytes"""

return self._iv

def setIV(self, IV):

"""Will set the Initial Value, used in conjunction with CBC mode"""

if not IV or len(IV) != self.block_size:

raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes")

IV = self._guardAgainstUnicode(IV)

self._iv = IV

def _padData(self, data, pad, padmode):

# Pad data depending on the mode

if padmode is None:

# Get the default padding mode.

padmode = self.getPadMode()

if pad and padmode == PAD_PKCS5:

raise ValueError("Cannot use a pad character with PAD_PKCS5")

if padmode == PAD_NORMAL:

if len(data) % self.block_size == 0:

# No padding required.

return data

if not pad:

# Get the default padding.

pad = self.getPadding()

if not pad:

raise ValueError("Data must be a multiple of " + str(self.block_size) + " bytes in length. Use padmode=PAD_PKCS5 or set the pad character.")

data += (self.block_size - (len(data) % self.block_size)) * pad

elif padmode == PAD_PKCS5:

pad_len = 8 - (len(data) % self.block_size)

if _pythonMajorVersion < 3:

data += pad_len * chr(pad_len)

else:

data += bytes([pad_len] * pad_len)

return data

def _unpadData(self, data, pad, padmode):

# Unpad data depending on the mode.

if not data:

return data

if pad and padmode == PAD_PKCS5:

raise ValueError("Cannot use a pad character with PAD_PKCS5")

if padmode is None:

# Get the default padding mode.

padmode = self.getPadMode()

if padmode == PAD_NORMAL:

if not pad:

# Get the default padding.

pad = self.getPadding()

if pad:

data = data[:-self.block_size] + /

data[-self.block_size:].rstrip(pad)

elif padmode == PAD_PKCS5:

if _pythonMajorVersion < 3:

pad_len = ord(data[-1])

else:

pad_len = data[-1]

data = data[:-pad_len]

return data

def _guardAgainstUnicode(self, data):

# Only accept byte strings or ascii unicode values, otherwise

# there is no way to correctly decode the data into bytes.

if _pythonMajorVersion < 3:

if isinstance(data, unicode):

raise ValueError("pyDes can only work with bytes, not Unicode strings.")

else:

if isinstance(data, str):

# Only accept ascii unicode values.

try:

return data.encode('ascii')

except UnicodeEncodeError:

pass

raise ValueError("pyDes can only work with encoded strings, not Unicode.")

return data

#############################################################################

# DES #

#############################################################################

class des(_baseDes):

"""DES encryption/decrytpion class

Supports ECB (Electronic Code Book) and CBC (Cypher Block Chaining) modes.

pyDes.des(key,[mode], [IV])

key -> Bytes containing the encryption key, must be exactly 8 bytes

mode -> Optional argument for encryption type, can be either pyDes.ECB

(Electronic Code Book), pyDes.CBC (Cypher Block Chaining)

IV -> Optional Initial Value bytes, must be supplied if using CBC mode.

Must be 8 bytes in length.

pad -> Optional argument, set the pad character (PAD_NORMAL) to use

during all encrypt/decrpt operations done with this instance.

padmode -> Optional argument, set the padding mode (PAD_NORMAL or

PAD_PKCS5) to use during all encrypt/decrpt operations done

with this instance.

"""

# Permutation and translation tables for DES

__pc1 = [56, 48, 40, 32, 24, 16, 8,

, 57, 49, 41, 33, 25, 17,

, 1, 58, 50, 42, 34, 26,

, 10, 2, 59, 51, 43, 35,

, 54, 46, 38, 30, 22, 14,

, 61, 53, 45, 37, 29, 21,

, 5, 60, 52, 44, 36, 28,

, 12, 4, 27, 19, 11, 3

]

# number left rotations of pc1

__left_rotations = [

, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1

]

# permuted choice key (table 2)

__pc2 = [

, 16, 10, 23, 0, 4,

, 27, 14, 5, 20, 9,

, 18, 11, 3, 25, 7,

, 6, 26, 19, 12, 1,

, 51, 30, 36, 46, 54,

, 39, 50, 44, 32, 47,

, 48, 38, 55, 33, 52,

, 41, 49, 35, 28, 31

]

# initial permutation IP

__ip = [57, 49, 41, 33, 25, 17, 9, 1,

, 51, 43, 35, 27, 19, 11, 3,

, 53, 45, 37, 29, 21, 13, 5,

, 55, 47, 39, 31, 23, 15, 7,

, 48, 40, 32, 24, 16, 8, 0,

, 50, 42, 34, 26, 18, 10, 2,

, 52, 44, 36, 28, 20, 12, 4,

, 54, 46, 38, 30, 22, 14, 6

]

# Expansion table for turning 32 bit blocks into 48 bits

__expansion_table = [

, 0, 1, 2, 3, 4,

, 4, 5, 6, 7, 8,

, 8, 9, 10, 11, 12,

, 12, 13, 14, 15, 16,

, 16, 17, 18, 19, 20,

, 20, 21, 22, 23, 24,

, 24, 25, 26, 27, 28,

, 28, 29, 30, 31, 0

]

# The (in)famous S-boxes

__sbox = [

# S1

[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,

, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,

, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,

, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13],

# S2

[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,

, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,

, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,

, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9],

# S3

[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,

, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,

, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,

, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12],

# S4

[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,

, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,

, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,

, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14],

# S5

[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,

, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,

, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,

, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3],

# S6

[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,

, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,

, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,

, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13],

# S7

[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,

, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,

, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,

, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12],

# S8

[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,

, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,

, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,

, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11],

]

# 32-bit permutation function P used on the output of the S-boxes

__p = [

, 6, 19, 20, 28, 11,

, 16, 0, 14, 22, 25,

, 17, 30, 9, 1, 7,

,13, 31, 26, 2, 8,

, 12, 29, 5, 21, 10,

, 24

]

# final permutation IP^-1

__fp = [

, 7, 47, 15, 55, 23, 63, 31,

, 6, 46, 14, 54, 22, 62, 30,

, 5, 45, 13, 53, 21, 61, 29,

, 4, 44, 12, 52, 20, 60, 28,

, 3, 43, 11, 51, 19, 59, 27,

, 2, 42, 10, 50, 18, 58, 26,

, 1, 41, 9, 49, 17, 57, 25,

, 0, 40, 8, 48, 16, 56, 24

]

# Type of crypting being done

ENCRYPT = 0x00

DECRYPT = 0x01

# Initialisation

def __init__(self, key, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL):

# Sanity checking of arguments.

if len(key) != 8:

raise ValueError("Invalid DES key size. Key must be exactly 8 bytes long.")

_baseDes.__init__(self, mode, IV, pad, padmode)

self.key_size = 8

self.L = []

self.R = []

self.Kn = [ [0] * 48 ] * 16 # 16 48-bit keys (K1 - K16)

self.final = []

self.setKey(key)

def setKey(self, key):

"""Will set the crypting key for this object. Must be 8 bytes."""

_baseDes.setKey(self, key)

self.__create_sub_keys()

def __String_to_BitList(self, data):

"""Turn the string data, into a list of bits (1, 0)'s"""

if _pythonMajorVersion < 3:

# Turn the strings into integers. Python 3 uses a bytes

# class, which already has this behaviour.

data = [ord(c) for c in data]

l = len(data) * 8

result = [0] * l

pos = 0

for ch in data:

i = 7

while i >= 0:

if ch & (1 << i) != 0:

result[pos] = 1

else:

result[pos] = 0

pos += 1

i -= 1

return result

def __BitList_to_String(self, data):

"""Turn the list of bits -> data, into a string"""

result = []

pos = 0

c = 0

while pos < len(data):

c += data[pos] << (7 - (pos % 8))

if (pos % 8) == 7:

result.append(c)

c = 0

pos += 1

if _pythonMajorVersion < 3:

return ''.join([ chr(c) for c in result ])

else:

return bytes(result)

def __permutate(self, table, block):

"""Permutate this block with the specified table"""

return list(map(lambda x: block[x], table))

# Transform the secret key, so that it is ready for data processing

# Create the 16 subkeys, K[1] - K[16]

def __create_sub_keys(self):

"""Create the 16 subkeys K[1] to K[16] from the given key"""

key = self.__permutate(des.__pc1, self.__String_to_BitList(self.getKey()))

i = 0

# Split into Left and Right sections

self.L = key[:28]

self.R = key[28:]

while i < 16:

j = 0

# Perform circular left shifts

while j < des.__left_rotations[i]:

self.L.append(self.L[0])

del self.L[0]

self.R.append(self.R[0])

del self.R[0]

j += 1

# Create one of the 16 subkeys through pc2 permutation

self.Kn[i] = self.__permutate(des.__pc2, self.L + self.R)

i += 1

# Main part of the encryption algorithm, the number cruncher :)

def __des_crypt(self, block, crypt_type):

"""Crypt the block of data through DES bit-manipulation"""

block = self.__permutate(des.__ip, block)

self.L = block[:32]

self.R = block[32:]

# Encryption starts from Kn[1] through to Kn[16]

if crypt_type == des.ENCRYPT:

iteration = 0

iteration_adjustment = 1

# Decryption starts from Kn[16] down to Kn[1]

else:

iteration = 15

iteration_adjustment = -1

i = 0

while i < 16:

# Make a copy of R[i-1], this will later become L[i]

tempR = self.R[:]

# Permutate R[i - 1] to start creating R[i]

self.R = self.__permutate(des.__expansion_table, self.R)

# Exclusive or R[i - 1] with K[i], create B[1] to B[8] whilst here

self.R = list(map(lambda x, y: x ^ y, self.R, self.Kn[iteration]))

B = [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42], self.R[42:]]

# Optimization: Replaced below commented code with above

#j = 0

#B = []

#while j < len(self.R):

# self.R[j] = self.R[j] ^ self.Kn[iteration][j]

# j += 1

# if j % 6 == 0:

# B.append(self.R[j-6:j])

# Permutate B[1] to B[8] using the S-Boxes

j = 0

Bn = [0] * 32

pos = 0

while j < 8:

# Work out the offsets

m = (B[j][0] << 1) + B[j][5]

n = (B[j][1] << 3) + (B[j][2] << 2) + (B[j][3] << 1) + B[j][4]

# Find the permutation value

v = des.__sbox[j][(m << 4) + n]

# Turn value into bits, add it to result: Bn

Bn[pos] = (v & 8) >> 3

Bn[pos + 1] = (v & 4) >> 2

Bn[pos + 2] = (v & 2) >> 1

Bn[pos + 3] = v & 1

pos += 4

j += 1

# Permutate the concatination of B[1] to B[8] (Bn)

self.R = self.__permutate(des.__p, Bn)

# Xor with L[i - 1]

self.R = list(map(lambda x, y: x ^ y, self.R, self.L))

# Optimization: This now replaces the below commented code

#j = 0

#while j < len(self.R):

# self.R[j] = self.R[j] ^ self.L[j]

# j += 1

# L[i] becomes R[i - 1]

self.L = tempR

i += 1

iteration += iteration_adjustment

# Final permutation of R[16]L[16]

self.final = self.__permutate(des.__fp, self.R + self.L)

return self.final

# Data to be encrypted/decrypted

def crypt(self, data, crypt_type):

"""Crypt the data in blocks, running it through des_crypt()"""

# Error check the data

if not data:

return ''

if len(data) % self.block_size != 0:

if crypt_type == des.DECRYPT: # Decryption must work on 8 byte blocks

raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes/n.")

if not self.getPadding():

raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes/n. Try setting the optional padding character")

else:

data += (self.block_size - (len(data) % self.block_size)) * self.getPadding()

# print "Len of data: %f" % (len(data) / self.block_size)

if self.getMode() == CBC:

if self.getIV():

iv = self.__String_to_BitList(self.getIV())

else:

raise ValueError("For CBC mode, you must supply the Initial Value (IV) for ciphering")

# Split the data into blocks, crypting each one seperately

i = 0

dict = {}

result = []

#cached = 0

#lines = 0

while i < len(data):

# Test code for caching encryption results

#lines += 1

#if dict.has_key(data[i:i+8]):

#print "Cached result for: %s" % data[i:i+8]

# cached += 1

# result.append(dict[data[i:i+8]])

# i += 8

# continue

block = self.__String_to_BitList(data[i:i+8])

# Xor with IV if using CBC mode

if self.getMode() == CBC:

if crypt_type == des.ENCRYPT:

block = list(map(lambda x, y: x ^ y, block, iv))

#j = 0

#while j < len(block):

# block[j] = block[j] ^ iv[j]

# j += 1

processed_block = self.__des_crypt(block, crypt_type)

if crypt_type == des.DECRYPT:

processed_block = list(map(lambda x, y: x ^ y, processed_block, iv))

#j = 0

#while j < len(processed_block):

# processed_block[j] = processed_block[j] ^ iv[j]

# j += 1

iv = block

else:

iv = processed_block

else:

processed_block = self.__des_crypt(block, crypt_type)

# Add the resulting crypted block to our list

#d = self.__BitList_to_String(processed_block)

#result.append(d)

result.append(self.__BitList_to_String(processed_block))

#dict[data[i:i+8]] = d

i += 8

# print "Lines: %d, cached: %d" % (lines, cached)

# Return the full crypted string

if _pythonMajorVersion < 3:

return ''.join(result)

else:

return bytes.fromhex('').join(result)

def encrypt(self, data, pad=None, padmode=None):

"""encrypt(data, [pad], [padmode]) -> bytes

data : Bytes to be encrypted

pad : Optional argument for encryption padding. Must only be one byte

padmode : Optional argument for overriding the padding mode.

The data must be a multiple of 8 bytes and will be encrypted

with the already specified key. Data does not have to be a

multiple of 8 bytes if the padding character is supplied, or

the padmode is set to PAD_PKCS5, as bytes will then added to

ensure the be padded data is a multiple of 8 bytes.

"""

data = self._guardAgainstUnicode(data)

if pad is not None:

pad = self._guardAgainstUnicode(pad)

data = self._padData(data, pad, padmode)

return self.crypt(data, des.ENCRYPT)

def decrypt(self, data, pad=None, padmode=None):

"""decrypt(data, [pad], [padmode]) -> bytes

data : Bytes to be encrypted

pad : Optional argument for decryption padding. Must only be one byte

padmode : Optional argument for overriding the padding mode.

The data must be a multiple of 8 bytes and will be decrypted

with the already specified key. In PAD_NORMAL mode, if the

optional padding character is supplied, then the un-encrypted

data will have the padding characters removed from the end of

the bytes. This pad removal only occurs on the last 8 bytes of

the data (last data block). In PAD_PKCS5 mode, the special

padding end markers will be removed from the data after decrypting.

"""

data = self._guardAgainstUnicode(data)

if pad is not None:

pad = self._guardAgainstUnicode(pad)

data = self.crypt(data, des.DECRYPT)

return self._unpadData(data, pad, padmode)

#############################################################################

# Triple DES #

#############################################################################

class triple_des(_baseDes):

"""Triple DES encryption/decrytpion class

This algorithm uses the DES-EDE3 (when a 24 byte key is supplied) or

the DES-EDE2 (when a 16 byte key is supplied) encryption methods.

Supports ECB (Electronic Code Book) and CBC (Cypher Block Chaining) modes.

pyDes.des(key, [mode], [IV])

key -> Bytes containing the encryption key, must be either 16 or

bytes long

mode -> Optional argument for encryption type, can be either pyDes.ECB

(Electronic Code Book), pyDes.CBC (Cypher Block Chaining)

IV -> Optional Initial Value bytes, must be supplied if using CBC mode.

Must be 8 bytes in length.

pad -> Optional argument, set the pad character (PAD_NORMAL) to use

during all encrypt/decrpt operations done with this instance.

padmode -> Optional argument, set the padding mode (PAD_NORMAL or

PAD_PKCS5) to use during all encrypt/decrpt operations done

with this instance.

"""

def __init__(self, key, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL):

_baseDes.__init__(self, mode, IV, pad, padmode)

self.setKey(key)

def setKey(self, key):

"""Will set the crypting key for this object. Either 16 or 24 bytes long."""

self.key_size = 24 # Use DES-EDE3 mode

if len(key) != self.key_size:

if len(key) == 16: # Use DES-EDE2 mode

self.key_size = 16

else:

raise ValueError("Invalid triple DES key size. Key must be either 16 or 24 bytes long")

if self.getMode() == CBC:

if not self.getIV():

# Use the first 8 bytes of the key

self._iv = key[:self.block_size]

if len(self.getIV()) != self.block_size:

raise ValueError("Invalid IV, must be 8 bytes in length")

self.__key1 = des(key[:8], self._mode, self._iv,

self._padding, self._padmode)

self.__key2 = des(key[8:16], self._mode, self._iv,

self._padding, self._padmode)

if self.key_size == 16:

self.__key3 = self.__key1

else:

self.__key3 = des(key[16:], self._mode, self._iv,

self._padding, self._padmode)

_baseDes.setKey(self, key)

# Override setter methods to work on all 3 keys.

def setMode(self, mode):

"""Sets the type of crypting mode, pyDes.ECB or pyDes.CBC"""

_baseDes.setMode(self, mode)

for key in (self.__key1, self.__key2, self.__key3):

key.setMode(mode)

def setPadding(self, pad):

"""setPadding() -> bytes of length 1. Padding character."""

_baseDes.setPadding(self, pad)

for key in (self.__key1, self.__key2, self.__key3):

key.setPadding(pad)

def setPadMode(self, mode):

"""Sets the type of padding mode, pyDes.PAD_NORMAL or pyDes.PAD_PKCS5"""

_baseDes.setPadMode(self, mode)

for key in (self.__key1, self.__key2, self.__key3):

key.setPadMode(mode)

def setIV(self, IV):

"""Will set the Initial Value, used in conjunction with CBC mode"""

_baseDes.setIV(self, IV)

for key in (self.__key1, self.__key2, self.__key3):

key.setIV(IV)

def encrypt(self, data, pad=None, padmode=None):

"""encrypt(data, [pad], [padmode]) -> bytes

data : bytes to be encrypted

pad : Optional argument for encryption padding. Must only be one byte

padmode : Optional argument for overriding the padding mode.

The data must be a multiple of 8 bytes and will be encrypted

with the already specified key. Data does not have to be a

multiple of 8 bytes if the padding character is supplied, or

the padmode is set to PAD_PKCS5, as bytes will then added to

ensure the be padded data is a multiple of 8 bytes.

"""

ENCRYPT = des.ENCRYPT

DECRYPT = des.DECRYPT

data = self._guardAgainstUnicode(data)

if pad is not None:

pad = self._guardAgainstUnicode(pad)

# Pad the data accordingly.

data = self._padData(data, pad, padmode)

if self.getMode() == CBC:

self.__key1.setIV(self.getIV())

self.__key2.setIV(self.getIV())

self.__key3.setIV(self.getIV())

i = 0

result = []

while i < len(data):

block = self.__key1.crypt(data[i:i+8], ENCRYPT)

block = self.__key2.crypt(block, DECRYPT)

block = self.__key3.crypt(block, ENCRYPT)

self.__key1.setIV(block)

self.__key2.setIV(block)

self.__key3.setIV(block)

result.append(block)

i += 8

if _pythonMajorVersion < 3:

return ''.join(result)

else:

return bytes.fromhex('').join(result)

else:

data = self.__key1.crypt(data, ENCRYPT)

data = self.__key2.crypt(data, DECRYPT)

return self.__key3.crypt(data, ENCRYPT)

def decrypt(self, data, pad=None, padmode=None):

"""decrypt(data, [pad], [padmode]) -> bytes

data : bytes to be encrypted

pad : Optional argument for decryption padding. Must only be one byte

padmode : Optional argument for overriding the padding mode.

The data must be a multiple of 8 bytes and will be decrypted

with the already specified key. In PAD_NORMAL mode, if the

optional padding character is supplied, then the un-encrypted

data will have the padding characters removed from the end of

the bytes. This pad removal only occurs on the last 8 bytes of

the data (last data block). In PAD_PKCS5 mode, the special

padding end markers will be removed from the data after

decrypting, no pad character is required for PAD_PKCS5.

"""

ENCRYPT = des.ENCRYPT

DECRYPT = des.DECRYPT

data = self._guardAgainstUnicode(data)

if pad is not None:

pad = self._guardAgainstUnicode(pad)

if self.getMode() == CBC:

self.__key1.setIV(self.getIV())

self.__key2.setIV(self.getIV())

self.__key3.setIV(self.getIV())

i = 0

result = []

while i < len(data):

iv = data[i:i+8]

block = self.__key3.crypt(iv, DECRYPT)

block = self.__key2.crypt(block, ENCRYPT)

block = self.__key1.crypt(block, DECRYPT)

self.__key1.setIV(iv)

self.__key2.setIV(iv)

self.__key3.setIV(iv)

result.append(block)

i += 8

if _pythonMajorVersion < 3:

data = ''.join(result)

else:

data = bytes.fromhex('').join(result)

else:

data = self.__key3.crypt(data, DECRYPT)

data = self.__key2.crypt(data, ENCRYPT)

data = self.__key1.crypt(data, DECRYPT)

return self._unpadData(data, pad, padmode)