That's a shame. I am having portability issues with their code, and
was hoping to use a nice library instead.
If anyone was interested, the code is here (I didn't realise
rafb.net/paste posts expire after 24 hours - whoops):
#include <string>
#include <stdexcept>
#include <openssl/evp.h>
typedef std::runtime_error fish_error;
// decrypt text blowfish-encrypted by FiSH or Eggdrop using openssl's libcrypto
std::string
decryptFish(const std::string & key, const std::string & cipher)
{
// init context
EVP_CIPHER_CTX evp_ctx;
::EVP_CIPHER_CTX_init(&evp_ctx);
unsigned char evp_key[EVP_MAX_KEY_LENGTH];
unsigned char evp_iv[EVP_MAX_IV_LENGTH];
const EVP_CIPHER * type = ::EVP_bf_ecb(); // FiSH uses ecb mode
// derive evp_key and evp_iv
::EVP_BytesToKey(type, ::EVP_md5(), NULL,
(unsigned char *) key.c_str(), key.length(),
1, evp_key, evp_iv);
// sets up cipher context ctx
if (!::EVP_DecryptInit_ex(&evp_ctx, type, NULL, evp_key, evp_iv))
throw fish_error(std::string("EVP_DecryptInit_ex()"));
// differences from 'standard' base64 (RFC 2045/RFC 1421) include:
//
// * different character assignments: "./0-9a-zA-Z" instead of
"A-Za-z0-9+/"
// * encoding is done low-order to high-order in 32bit blocks, instead
of
// high-order to low-order in 24bit blocks (this leaves leftovers)
// * no support for padding character (=)
unsigned char out_buf[cipher.length()];
int out_len = 0;
// main decryption stuff
if(!::EVP_EncryptUpdate(&evp_ctx, out_buf, &out_len, (unsigned char
*) cipher.c_str(), cipher.length()))
throw fish_error(std::string("EVP_EncryptUpdate()"));
// concat anything remaining
int tmp_len = 0;
if(!::EVP_EncryptFinal_ex(&evp_ctx, out_buf + out_len, & tmp_len))
throw fish_error(std::string("EVP_EncryptFinal_ex()"));
out_len += tmp_len;
// cleanup
::EVP_CIPHER_CTX_cleanup(&evp_ctx);
return std::string((char *) out_buf, out_len);
}
Cheers,
Richard
On 10/2/06, Aki Tuomi <[EMAIL PROTECTED]> wrote:
On Mon, Oct 02, 2006 at 03:16:31PM +1300, Richard Dingwall wrote:
> Hi,
>
> I'm trying to decrypt messages that are encrypted with Eggdrop's
> blowfish encrypt() method. This method is also used by a
> irssi/mirc/xchat encryption module called FiSH.
>
> I have already written some code to do it using libcrypto's EVP, but
> it produces gibberish output. You can see it here:
>
> http://rafb.net/paste/results/e15Deu53.html
>
Your paste does not exist.
> (ignore the == key.length(); on EVP_BytesToKey, it was part of an
> assertion I forgot to remove).
>
> I have two questions.
>
> Firstly, I understand the eggdrop's blowfish stuff uses a custom
> base64 method. The differences from 'standard base64' RFC 2045
> (inherits RFC 1421) include:
>
> * The character assignments are different ("./0-9a-zA-Z" instead of
> "A-Za-z0-9+/")
> * Encoding is done low-order to high-order in 32bit blocks, instead of
> high-order to low-order in 24bit blocks. This leaves leftovers.
> * No support for padding character (=)
>
> How might I use libcrypto to solve my problem?
>
You can't. Either copy the required code from eggdrop's code (if
permitted) or write your own.
> Secondly, it uses ECB mode, and apparently ECB mode doesn't use an IV.
> Am I initializing the key correctly?
Actually unless I am mistaken, eggdrop uses hacked mode (yack).
From source:
/* Robey: Reset blowfish boxes to initial state
* (I guess normally it just keeps scrambling them, but here it's
* important to get the same encrypted result each time)
*/
Thus I am not convinced at all that this is even possible.
Aki Tuomi
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
