That's a shame. I am having portability issues with their code, and
was hoping to use a nice library instead.

If anyone was interested, the code is here (I didn't realise
rafb.net/paste posts expire after 24 hours - whoops):

#include
#include
#include

typedef std::runtime_error fish_error;

// decrypt text blowfish-encrypted by FiSH or Eggdrop using openssl's libcrypto
std::string
decryptFish(const std::string & key, const std::string & cipher)
{
// init context
EVP_CIPHER_CTX evp_ctx;
::EVP_CIPHER_CTX_init(&evp_ctx);

unsigned char evp_key[EVP_MAX_KEY_LENGTH];
unsigned char evp_iv[EVP_MAX_IV_LENGTH];

const EVP_CIPHER * type = ::EVP_bf_ecb(); // FiSH uses ecb mode

// derive evp_key and evp_iv
::EVP_BytesToKey(type, ::EVP_md5(), NULL,
(unsigned char *) key.c_str(), key.length(),
1, evp_key, evp_iv);

// sets up cipher context ctx
if (!::EVP_DecryptInit_ex(&evp_ctx, type, NULL, evp_key, evp_iv))
throw fish_error(std::string("EVP_DecryptInit_ex()"));

// differences from 'standard' base64 (RFC 2045/RFC 1421) include:
//
// * different character assignments: "./0-9a-zA-Z" instead of "A-Za-z0-9+/"
// * encoding is done low-order to high-order in 32bit blocks, instead of
// high-order to low-order in 24bit blocks (this leaves leftovers)
// * no support for padding character (=)

unsigned char out_buf[cipher.length()];
int out_len = 0;

// main decryption stuff
if(!::EVP_EncryptUpdate(&evp_ctx, out_buf, &out_len, (unsigned char
*) cipher.c_str(), cipher.length()))
throw fish_error(std::string("EVP_EncryptUpdate()"));

// concat anything remaining
int tmp_len = 0;
if(!::EVP_EncryptFinal_ex(&evp_ctx, out_buf + out_len, & tmp_len))
throw fish_error(std::string("EVP_EncryptFinal_ex()"));
out_len += tmp_len;

// cleanup
::EVP_CIPHER_CTX_cleanup(&evp_ctx);

return std::string((char *) out_buf, out_len);
}

Cheers,

Richard

On 10/2/06, Aki Tuomi wrote:
> On Mon, Oct 02, 2006 at 03:16:31PM +1300, Richard Dingwall wrote:
> > Hi,
> >
> > I'm trying to decrypt messages that are encrypted with Eggdrop's
> > blowfish encrypt() method. This method is also used by a
> > irssi/mirc/xchat encryption module called FiSH.
> >
> > I have already written some code to do it using libcrypto's EVP, but
> > it produces gibberish output. You can see it here:
> >
> > http://rafb.net/paste/results/e15Deu53.html
> >

>
> Your paste does not exist.
>
> > (ignore the == key.length(); on EVP_BytesToKey, it was part of an
> > assertion I forgot to remove).
> >
> > I have two questions.
> >
> > Firstly, I understand the eggdrop's blowfish stuff uses a custom
> > base64 method. The differences from 'standard base64' RFC 2045
> > (inherits RFC 1421) include:
> >
> > * The character assignments are different ("./0-9a-zA-Z" instead of
> > "A-Za-z0-9+/")
> > * Encoding is done low-order to high-order in 32bit blocks, instead of
> > high-order to low-order in 24bit blocks. This leaves leftovers.
> > * No support for padding character (=)
> >
> > How might I use libcrypto to solve my problem?
> >

>
> You can't. Either copy the required code from eggdrop's code (if
> permitted) or write your own.
>
> > Secondly, it uses ECB mode, and apparently ECB mode doesn't use an IV.
> > Am I initializing the key correctly?

>
> Actually unless I am mistaken, eggdrop uses hacked mode (yack).
>
> From source:
> /* Robey: Reset blowfish boxes to initial state
> * (I guess normally it just keeps scrambling them, but here it's
> * important to get the same encrypted result each time)
> */
>
> Thus I am not convinced at all that this is even possible.
>
> Aki Tuomi
>
>
> > __________________________________________________ ____________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager majordomo@openssl.org

> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org