1
votes

For a project I'm working on, I need to encrypt and decrypt a string using Blowfish in a compatible way across NSIS and PHP.

At the moment I'm using the Blowfish++ plugin for NSIS and the mcrypt library with PHP. The problem is, I can't get them both to produce the same output.

Let's start with the NSIS Blowfish++ plugin. Basically the API is:

; Second argument needs to be base64 encoded
; base64_encode("12345678") == "MTIzNDU2Nzg="

blowfish::encrypt "[email protected]***" "MTIzNDU2Nzg="
Pop $0 ; 0 on success, 1 on failure
Pop $1 ; encrypted message on success, error message on failure

There's no mention of whether it's CBC, ECB, CFB, etc. and I'm not familiar enough with Blowfish to be able to tell by reading the mostly undocumented source. I assume it's ECB since the PHP docs for mcrypt tells me that ECB doesn't need an IV.

I've also learned by reading the source code that the Blowfish++ plugin will Base64 decode the second argument to encrypt (I'm not sure why). It also returns a Base64 encoded string.

For the PHP side of things, I'm basically using this code to encrypt:

$plainText = "[email protected]***";
$cipher = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');   
$iv = '00000000';  // Show not be used anyway.
$key = "12345678";

$cipherText = "";
if (mcrypt_generic_init($cipher, $key, $iv) != -1)
{
    $cipherText = mcrypt_generic($cipher, $plainText);
    mcrypt_generic_deinit($cipher);        
}

echo base64_encode($cipherText);

However, if I do all these things, I get the following output from each:

NSIS: GyCyBcUE0s5gqVDshVUB8w==
PHP:  BQdlPd19zEkX5KT9tnF8Ng==

What am I doing wrong? Is the NSIS plugin not using ECB? If not, what is it using for it's IV?

1

1 Answers

11
votes

OK, I've gone through that code and reproduced your results. The problem isn't the cipher mode - NSIS is using ECB. The problem is that the NSIS Blowfish code is simply broken on little-endian machines.

The Blowfish algorithm operates on two 32-bit unsigned integers. To convert between a 64 bit plaintext or ciphertext block and these two integers, the block is supposed to be interpreted as two Big Endian integers. The NSIS Blowfish plugin is instead interpreting them in host byte order - so it fails to do the right thing on little-endian hosts (like x86). This means it'll interoperate with itself, but not with genuine Blowfish implementations (like mcrypt).

I've patched Blowfish++ for you to make it do the right thing - the modified Blowfish::Encrypt and Blowfish::Decrypt are below, and the new version of blowfish.cpp is here on Pastebin.

void Blowfish::Encrypt(void *Ptr,unsigned int N_Bytes)
{
    unsigned int i;
    unsigned char *Work;

    if (N_Bytes%8)
    {
            return;
    }

    Work = (unsigned char *)Ptr;

    for (i=0;i<N_Bytes;i+=8)
    {
        Word word0, word1;

        word0.byte.zero = Work[i];
        word0.byte.one = Work[i+1];
        word0.byte.two = Work[i+2];
        word0.byte.three = Work[i+3];

        word1.byte.zero = Work[i+4];
        word1.byte.one = Work[i+5];
        word1.byte.two = Work[i+6];
        word1.byte.three = Work[i+7];

        BF_En(&word0, &word1);

        Work[i] = word0.byte.zero;
        Work[i+1] = word0.byte.one;
        Work[i+2] = word0.byte.two;
        Work[i+3] = word0.byte.three;

        Work[i+4] = word1.byte.zero;
        Work[i+5] = word1.byte.one;
        Work[i+6] = word1.byte.two;
        Work[i+7] = word1.byte.three;
    }

    Work = NULL;
}

void Blowfish::Decrypt(void *Ptr, unsigned int N_Bytes)
{
    unsigned int i;
    unsigned char *Work;

    if (N_Bytes%8)
    {
            return;
    }

    Work = (unsigned char *)Ptr;
    for (i=0;i<N_Bytes;i+=8)
    {
        Word word0, word1;

        word0.byte.zero = Work[i];
        word0.byte.one = Work[i+1];
        word0.byte.two = Work[i+2];
        word0.byte.three = Work[i+3];

        word1.byte.zero = Work[i+4];
        word1.byte.one = Work[i+5];
        word1.byte.two = Work[i+6];
        word1.byte.three = Work[i+7];

        BF_De(&word0, &word1);

        Work[i] = word0.byte.zero;
        Work[i+1] = word0.byte.one;
        Work[i+2] = word0.byte.two;
        Work[i+3] = word0.byte.three;

        Work[i+4] = word1.byte.zero;
        Work[i+5] = word1.byte.one;
        Work[i+6] = word1.byte.two;
        Work[i+7] = word1.byte.three;
    }

    Work = NULL;
}