egoroof / blowfish Goto Github PK

Test data: https://www.schneier.com/wp-content/uploads/2015/12/vectors-2.txt
Alt version of same data: https://www.schneier.com/wp-content/uploads/2015/12/vectors2-1.txt

If I understand the test data correctly, then "clear bytes" means the data to encipher while "cipher bytes" is the ciphered result.

key bytes               clear bytes             cipher bytes
0000000000000000        0000000000000000        4EF997456198DD78

I didn't get any of the tests to work, the first one gives me:
B22FC147 BDFFD6CB which differs from
4EF99745 6198DD78

So I wanted to figure out why this happens, I even implemented my own JS version (based on the Wikipedia pseudo code) and got the same result as yours. Hence I am very confused.

Test code:

let b = new Blowfish([0,0,0,0, 0,0,0,0])
let [eL, eR] = b.encipher(0, 0)
log(eL.toString(16), eR.toString(16))

Node.js works though:

import crypto from 'crypto'

const cipher = crypto.createCipheriv('bf-ecb', hexToUint8Array('0000000000000000'), null)
const decrypted = cipher.update(hexToUint8Array('0000000000000000'))
log(decrypted)

function hexToUint8Array(hex) { // from: https://stackoverflow.com/a/43131635/4216153
  return new Uint8Array(hex.match(/[\da-f]{2}/gi).map(function (h) {
    return parseInt(h, 16)
  }))
}

Should be fixable by #13

Can your code be used for IRC encoding and decode? Such as http://mircryption.sourceforge.net/

i would like to use to encrypt and decrypt IRC messages via an IRC bot in NodeJS. This message uses CBC or ECB blowfish mircryption using block and base64 encryption.

I find information here:

Blowfish plugins for IRC seem to use the MODE_ECB (electronic code book), which is probably the least secure of the blowfish algorithms.

For encryption, they break the plaintext up into 8-byte chunks (the Blowfish ECB blocksize). They then encrypt each 8-byte block separately, and take the output of each encrypted block, and chunk that into (2) 4-byte longs, and base64encode each long, padding them to length of 6 base64 characters.

For decryption, this process is reversed, but because it's somewhat confusing I'll also describe that. Take 12 of the ciphertext bytes, decoding each 6-byte representation as a long ('>L'), so that you now have 8 bytes, which you then pass to the blowfish decryption algo.

Source : IRC blowfish encryption mode?

• Block_cipher_mode_of_operation

• Java Code example

• Eggdrop module blowfish

• ZNC Fish Module

• FISH 10 for mirc

Hi,

I use your library and got a problem when I want to encrypt an 8 characters text. For comparing the result, I wrote a small javascript file which using Crypto Node class :

var crypto = require('crypto');
var key = "a4MJrL7XahTiDOad";
var iv = "daODiTha";

var password = "totototo";
var cipher = crypto.createCipheriv('bf-cbc', key, iv);
var encrypted = cipher.update(password, 'utf-8', "base64");
encrypted += cipher.final('base64');

console.log(encrypted);

The output is C6SK1EvJwm1sD2laDjfDrg==

These is the code using your library :

const Blowfish = require('egoroof-blowfish');
const encryptionKey = 'a4MJrL7XahTiDOad';
const IV = 'daODiTha';
const bf = new Blowfish(encryptionKey, Blowfish.MODE.CBC, Blowfish.PADDING.PKCS5);
bf.setIv(IV);
const password = 'totototo';
const encoded = bf.encode(password);
const encodedBuffer: Buffer = Buffer.from(encoded);
const encrypted = encodedBuffer.toString('base64');
console.log('encrypted : ' + encrypted);

The output is C6SK1EvJwm0=

You can notice that the 2nd output is truncated

Thank's for your help

Hi, I'm using this fabulous library for my project. At some point, with a specific data, the decoded data are not the same byte length as the input data.

Example:

let KEY = Buffer.from([0x07, 0x07, 0xBC, 0xDB, 0x0F, 0x0B, 0xAC, 0x29]);
let data = Buffer.from([0xaf, 0x23, 0x99, 0x04, 0x2a, 0x63, 0xf5, 0x4c]);
let bf = new Blowfish(KEY, Blowfish.MODE.ECB);
bf.decode(data,Blowfish.TYPE.UINT8_ARRAY);
// Result: 7-byte length --> <Buffer 00 00 a1 03 00 00 00>
// Expected 8-byte length --><Buffer 00 00 a1 03 00 00 00 00>

Awaiting feedback :)

When using a key that has a value above 0x80 / 127, the resulting output will be different than other languages and associated libraries.

Repro:

const Blowfish = require('egoroof-blowfish');

const blowfish = new Blowfish(
    new Uint8Array([0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80]),
    Blowfish.MODE.ECB,
    Blowfish.PADDING.NULL
);

const text = Array(8).fill(0);
const encrypted = blowfish.encode(Buffer.from(text));

Expected output is f6 10 dd 98 67 3a 73 87, which is given by other libraries in other languages.

Output given is fa 8a 12 62 da bf 93 3c in this case.

Testing with any key of up to new Uint8Array([0x7F, 0x7F, 0x7F, 0x7F, 0x7F, 0x7F, 0x7F, 0x7F]) will give the same results as other languages.

Hi Please help,

const Blowfish = require('egoroof-blowfish');
const blowFish = new Blowfish('key', Blowfish.MODE.ECB, Blowfish.PADDING.NULL);
const encoded = blowFish.encode('somepassword', Blowfish.TYPE.STRING);
console.log(encoded);
const decoded = blowFish.decode(encoded,Blowfish.TYPE.STRING);
console.log(decoded);

Gives ''Error: Decoded data should be multiple of 8 bytes" while trying to decode
Only happens if while encoding Blowfish.TYPE.STRING is used. Works fine if UINT8_ARRAY is used while encoding

I was wondering if this library is compatible with Open SSL implementations?

If the provided key length is zero, the expandKey call in the class constructor enters an infinite loop.

I'm encoding an empty string with a Java app to a padded 8 byte string. The result in JS is an 8 byte UINT8_ARRAY containing just "8", eight times.

var sa = new Blowfish('mycypher', Blowfish.MODE.ECB, Blowfish.PADDING.PKCS5).decode(bytes, Blowfish.TYPE.UINT8_ARRAY)

I would expect to receive an empty buffer.

Hello , im using Nextjs 14 framework and i tried to create hashPassword function using blowfish library

this is my snippet of code

import { Blowfish } from 'egoroof-blowfish';

 const hashPassword = async (password: string) => {
    try {
        const bf = new Blowfish('super key'); 
        bf.setIv('abcdefgh'); 
        const encoded = bf.encode("122");
        return encoded;
    } catch (error) {
        console.log(error);
    }
 } 
export default hashPassword;

and the ouput is Uint8Array(8) [
54, 169, 29, 134,
25, 178, 74, 120
]

I need help.
I have tried everything on stackoverflow but nothing helps.
i followed ur installation guide but after building my app:
Error: Cannot find module 'egoroof-blowfish' at Function.Module._resolveFilename (module.js:513:15) at Function.Module._load (module.js:458:25) at Module.require (module.js:541:17) at require (internal/module.js:11:18) at self.require (<anonymous>:11:26)
this occurs in the console.

First i want to thank you for this library i used for a personnal project. So far i was able to "translate" it in the langage i am playing with , and both ( mine and yours ) produce the exact same results...
But then i noticed something with my work and get of course the exact same result using your library as source/control check.

I try to decrypt sequences/arrays 2058 long like this ;
@[132, 76, 156, 248, 1, 157, 209, 170, 48, 255, 250, 67, 36, 181, 159, 90, 173, 176, 152, 21, 54, 191, 79, 244, ....
Your lib and my work both produce this ;
@[97, 196, 3, 74, 185, 147, 28, 53, 81, 15, 40, 228, 84, 131, 45, 64, 78, 140, 173, 18, 42, 54, 68, 114, ...
when the expected result shoud be ;
@[81, 244, 51, 122, 137, 163, 44, 5, 81, 15, 40, 228, 84, 131, 45, 64, 78, 140, 173, 18, 42, 54, 68, 114, ...

Each 8 first are erroneous, the last 2058 - 8 are strictly identical ...
I have to mention i am not really a coder, mostly a "scripter" playing around. Plus the encrypted source is from scratch, i mean not something encoded by your lib or mine ! Maybe thats the point .. but hell only the first 8 ?

Is it something related to your code or something i am missing related to the key or iv params i use ? I doubt a lot its really an issue though...
Thanks for reading and eventually replying , and ofc close this issue if its not related to your work itself. As i said i am a bit lost in those things.

Best regards