creating encrypted passwords in openfire MySQL via PHP

Question

Openfire stores encrypted passwords in a database using blowfish encryption.

http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/Blowfish.java is the java implementation for how encrypt / decrypt functions work in openfire.

My goal is to create new user entries in the database via PHP and MySQLI. All of the variations I've tried have yielded results that don't match what already exists in the database. For example:

d3f499857b40ac45c41828ccaa5ee1f90b19ca4e0560d1e2dcf4a305f219a4a2342aa7364e9950db is one of the encrypted passwords. clear text, this is stackoverflow

I've tried a few variations:

echo mcrypt_cbc(MCRYPT_BLOWFISH, '1uY40SR771HkdDG', 'stackoverflow', MCRYPT_ENCRYPT, '12345678');
// result:  á?*sY?n?éX_33?

Another based on mcrypt blowfish php slightly different results when compared to java and .net

 $key = '1uY40SR771HkdDG';
 $pass = 'stackoverflow';
 $blocksize = mcrypt_get_block_size('blowfish', 'cbc'); // get block size
 $pkcs = $blocksize - (strlen($data) % $blocksize); // get pkcs5 pad length
 $data.= str_repeat(chr($pkcs), $pkcs); // append pkcs5 padding to the data

 // encrypt and encode
 $res = base64_encode(mcrypt_cbc(MCRYPT_BLOWFISH,$key, $pass, MCRYPT_ENCRYPT));
 echo $res;
 // result:  3WXKASjk35sI1+XJ7htOGw==

Any clever ideas, or any glaring problems? I simply want to implement Blowfish.encryptString() as referenced in the first link in this question.

Answer 1

Here's a class I made, it encrypts and decrypts properly.

Note, you need to save / [pre/app]end the IV in order to reproduce results.

Some test vectors for the java code would be nice.

<?php

/**
 * Emulate OpenFire Blowfish Class
 */
class OpenFireBlowfish
{
    private $key;
    private $cipher;

    function __construct($pass)
    {
        $this->cipher = mcrypt_module_open('blowfish','','cbc','');
        $this->key = pack('H*',sha1($pass));
    }

    function encryptString($plaintext, $iv = '')
    {
        if ($iv == '') {
            $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->cipher));
        }
        else {
            $iv = pack("H*", $iv);
        }
        mcrypt_generic_init($this->cipher, $this->key, $iv);
        $bs = mcrypt_enc_get_block_size($this->cipher); // get block size
        $plaintext = mb_convert_encoding($plaintext,'UTF-16BE'); // set to 2 byte, network order
        $pkcs = $bs - (strlen($plaintext) % $bs); // get pkcs5 pad length
        $pkcs = str_repeat(chr($pkcs), $pkcs); // create padding string
        $plaintext = $plaintext.$pkcs; // append pkcs5 padding to the data
        $result = mcrypt_generic($this->cipher, $plaintext);
        mcrypt_generic_deinit($this->cipher);
        return $iv.$result;
    }

    function decryptString($ciphertext)
    {
        $bs = mcrypt_enc_get_block_size($this->cipher); // get block size
        $iv_size = mcrypt_enc_get_iv_size($this->cipher);
        if ((strlen($ciphertext) % $bs) != 0) { // check string is proper size
            return false;
        }
        $iv = substr($ciphertext, 0, $iv_size); // retrieve IV
        $ciphertext = substr($ciphertext, $iv_size);
        mcrypt_generic_init($this->cipher, $this->key, $iv);
        $result = mdecrypt_generic($this->cipher, $ciphertext); // decrypt
        $padding = ord(substr($result,-1)); // retrieve padding
        $result = substr($result,0,$padding * -1); // and remove it
        mcrypt_generic_deinit($this->cipher);
        return $result;
    }

    function __destruct()
    {
        mcrypt_module_close($this->cipher);
    }
}

$enckey = "1uY40SR771HkdDG";
$enciv = 'd3f499857b40ac45';
$javastring = 'd3f499857b40ac45c41828ccaa5ee1f90b19ca4e0560d1e2dcf4a305f219a4a2342aa7364e9950db';

$a = new OpenFireBlowfish($enckey);
$encstring = bin2hex($a->encryptString('stackoverflow',$enciv));
echo $encstring . "
";
echo $a->decryptString(pack("H*", $encstring)) . "
";

$b = new OpenFireBlowfish($enckey);
echo $b->decryptString(pack("H*", $javastring)) . "
";