### Bookstore

 Computer Math and Games in Pascal (preview) Lazarus Handbook

### Author Topic: Problem with the Blowfish encryption library  (Read 546 times)

#### Nimral

• Full Member
• Posts: 154
• Keep it simple.
##### Problem with the Blowfish encryption library
« on: March 23, 2021, 03:05:04 pm »
Hi Lazarus/FPC warriors,

I have been chewing on this problem the whole day long, and didn't find my error, so please, anyone, to the rescue.

I have been using the Blowfish library fo years to encrypt files, and it worked very well. Now I need to encrypt some records and strings in memory. As far as I see in the source, the Blowfish algorithm encrypts fixed 8 byte blocks. I attempted to shove a fixed 8 byte block window (BlowfishBlock) over my encryption source ("Contents").

Code: Pascal  [Select][+][-]
1. Procedure BlowfishEncrypt(var Contents;ContentsLength:Integer;var Key:String);
2.
3. // chop Contents into 64 bit blocks and encrypt using key
4.
5. var
6.   arrShadowContent:Array of Byte absolute Contents;
7.   objBlowfish: TBlowFish;
8.   BlowfishBlock: TBFBlock;
9.   ptrBlowfishKey:PBlowFishKey;
10.   p1,count,maxP:integer;
11.
12. begin
14.   objBlowfish := TBlowFish.Create(ptrBlowfishKey^,Length(Key));
15.   p1 := 0;
16.   maxP := ContentsLength - 1;
17.   count := SizeOf(BlowfishBlock);
18.   while p1 < maxP do
19.      begin
20.      fillChar(BlowfishBlock,SizeOf(BlowfishBlock),0);
21.      if p1 + count > maxP then
22.         count := ContentsLength - p1;
24.      objBlowfish.Encrypt(BlowfishBlock);
26.      p1 := p1 + 8;
27.      end;
28.   FreeAndNil(objBlowfish);
29. end;

It seems I haven't thought hard enough, I get a SIGSEV in line 23

Code: Pascal  [Select][+][-]

Please find the complete code in the attachments.

The routine is supposed to handle arbitrary data, mostly records, but also Strings of all sorts (ShortString, AnsiString, UnicodeString), so I tried to treat any data passed to contents as "Array of byte", which should work, but doesn't.

Anyone here who sees what I am unable to see !?

Thnx, Armin
« Last Edit: March 23, 2021, 03:09:13 pm by Nimral »
Lazarus 2.0.10 on Windows 10, Raspberry Pi OS, VMWare Workstation

#### Nimral

• Full Member
• Posts: 154
• Keep it simple.
##### Re: Problem with the Blowfish encryption library
« Reply #1 on: March 23, 2021, 03:39:19 pm »

After debugging memory adresses, I changed the call of the encryption/decryption routine to:

Code: Pascal  [Select][+][-]
1. procedure TForm1.CryptButtonClick(Sender: TObject);
2.
3. var
4.   ContentsBuffer,Key:String;
5.
6. begin
7. ContentsBuffer := PlainTextEdit.Text;
8. Key := KeyTextEdit.Text;
9. BlowFishEncrypt(ContentsBuffer,Length(ContentsBuffer),Key);
10. CryptOutEdit.Text := ContentsBuffer;
11. BlowFishDecrypt(ContentsBuffer,Length(ContentsBuffer),Key);
12. CryptCheckEdit.Text := ContentsBuffer;
13. end;
14.

Strange. Shouldn't passing ContentsBuffer[1] be correct? Obviously not.

Anyway, now the program runs through, but ... the last few characters exceeding an 8 byte boundary are not crypted properly. If I pass a string of length exactly 8, 18, 24 ... Bytes, encryption and decryption reveals the same string, so I guess the routine is almost working. If not, the characters exceeding the last 8 Byte boundary are mangled.

Gnaw.

Armin.
« Last Edit: March 23, 2021, 04:00:44 pm by Nimral »
Lazarus 2.0.10 on Windows 10, Raspberry Pi OS, VMWare Workstation

#### jamie

• Hero Member
• Posts: 4472
##### Re: Problem with the Blowfish encryption library
« Reply #2 on: March 23, 2021, 10:48:48 pm »
pad your string using some ending character you can then trim off later..

make the string into multiples of 8.

The only true wisdom is knowing you know nothing

#### Nimral

• Full Member
• Posts: 154
• Keep it simple.
##### Re: Problem with the Blowfish encryption library
« Reply #3 on: March 24, 2021, 10:18:49 am »
Thanks Jamie, that does the trick. The Blowfish algorithm does work only if the Content length is a multiple of the TBFBlock size. My attempt to cut he last block to fit the exact length of the contents destroys the last encrypted data block, and thus decryption fails.

Thanks very much for your help!

Armin
Lazarus 2.0.10 on Windows 10, Raspberry Pi OS, VMWare Workstation