add blowfish cbc padding

some aux fixes

CMakeLists.txt.user

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE QtCreatorProject>
-<!-- Written by QtCreator 4.11.2, 2020-04-24T10:38:37. -->
+<!-- Written by QtCreator 4.11.2, 2020-04-25T15:27:51. -->
 <qtcreator>
  <data>
   <variable>EnvironmentId</variable>

src/blowfish/bf_enc.c

@@ -11,6 +11,7 @@
 # error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
 to modify the code.
 #endif
+//#include<stdio.h>
 
 void BF_encrypt(BF_LONG *data, const BF_KEY *key)
 {
@@ -115,8 +116,24 @@ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
             l2n(tout0, out);
             l2n(tout1, out);
         }
-        if (l != -8) {
-            n2ln(in, tin0, tin1, l + 8);
+        if (1||l != -8) {
+            unsigned char tmpin[16];
+            unsigned char *ptmpin = tmpin;
+            memcpy(tmpin, in, l + 8);
+            memcpy(tmpin + l + 8, &length, 4);
+            int pad_length = (8-(l + 8 + 4 + 1)%8)%8;
+            for(int i = 0; i < pad_length; ++i)
+            {
+                tmpin[l+8+4+i]=16;//prng better
+            }
+            tmpin[l+8+4+pad_length]=pad_length;
+//            for(int i = 0; i < l + 8 + 4 +1 +pad_length; ++i)
+//            {
+//                printf("%.2x ", tmpin[i]);
+//            }
+//            printf("\n");fflush(stdout);
+            n2l(ptmpin, tin0);
+            n2l(ptmpin, tin1);
             tin0 ^= tout0;
             tin1 ^= tout1;
             tin[0] = tin0;
@@ -126,6 +143,32 @@ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
             tout1 = tin[1];
             l2n(tout0, out);
             l2n(tout1, out);
+            if(l+8+4+pad_length + 1 == 16)
+            {
+                n2l(ptmpin, tin0);
+                n2l(ptmpin, tin1);
+                tin0 ^= tout0;
+                tin1 ^= tout1;
+                tin[0] = tin0;
+                tin[1] = tin1;
+                BF_encrypt(tin, schedule);
+                tout0 = tin[0];
+                tout1 = tin[1];
+                l2n(tout0, out);
+                l2n(tout1, out);
+            }
+
+
+//            n2ln(in, tin0, tin1, l + 8);
+//            tin0 ^= tout0;
+//            tin1 ^= tout1;
+//            tin[0] = tin0;
+//            tin[1] = tin1;
+//            BF_encrypt(tin, schedule);
+//            tout0 = tin[0];
+//            tout1 = tin[1];
+//            l2n(tout0, out);
+//            l2n(tout1, out);
         }
         l2n(tout0, ivec);
         l2n(tout1, ivec);

src/dap_enc_bf_cbc.c

@@ -17,13 +17,25 @@ size_t dap_enc_bf_cbc_decrypt(struct dap_enc_key *a_key, const void * a_in,
         size_t a_in_size, void ** a_out) {
     uint8_t iv[8];
     //BF_KEY *key=a_key->priv_key_data;
+    if(a_in_size <= 8 || a_in_size%8) {
+        log_it(L_ERROR, "blowfish_cbc decryption ct with iv must be more than 8 bytes and equal to 8*k");
+        return 0;
+    }
 
 
     *a_out = DAP_NEW_SIZE(uint8_t, a_in_size - 8);
     memcpy(iv, a_in, 8);
     BF_cbc_encrypt((unsigned char *)(a_in + 8), *a_out, a_in_size - 8,
                    a_key->priv_key_data, iv, BF_DECRYPT);
-    size_t a_out_size = a_in_size - 8;
+    int bf_cbc_padding_length = *(uint8_t*)(*a_out + a_in_size - 8 - 1);
+
+//    for(int i=0;i < bf_cbc_padding_length + 4 + 1; ++i)
+//        printf("%.2x ", *(uint8_t*)(*a_out + a_in_size - 8 - 1 - bf_cbc_padding_length - 4 + i));
+//    for(int i=0;i < a_in_size - 8; ++i)
+//        printf("%.2x ", *(uint8_t*)(*a_out + i));
+//    printf("\n");
+//    fflush(stdout);
+    size_t a_out_size = *(uint32_t*)(*a_out + a_in_size - 8 - 1 - bf_cbc_padding_length - 4);
     return a_out_size;
 }
 
@@ -35,37 +47,52 @@ size_t dap_enc_bf_cbc_encrypt(struct dap_enc_key * a_key, const void * a_in, siz
     uint8_t iv[8];
     randombytes(iv, 8);
 
+    if(a_in_size <= 0) {
+        log_it(L_ERROR, "blowfish_cbc encryption pt cannot be 0 bytes");
+        return 0;
+    }
+
 //    BF_KEY *key = a_key->priv_key_data;
 
 
-    *a_out = DAP_NEW_SIZE(uint8_t, a_in_size + 8);
+    size_t a_out_size = (a_in_size + 4 + 1 + 7)/8*8 + 8;
+    *a_out = DAP_NEW_SIZE(uint8_t, a_out_size);
     memcpy(*a_out, iv, 8);
     BF_cbc_encrypt((unsigned char *)(a_in), *a_out + 8, a_in_size,
                    a_key->priv_key_data, iv, BF_ENCRYPT);
-    size_t a_out_size = a_in_size + 8;
     return a_out_size;
 }
 
 size_t dap_enc_bf_cbc_calc_encode_size(const size_t size_in)
 {
-    return size_in + 8;
+    return (size_in + 4 + 1 + 7)/8*8 + 8;
 }
 
 size_t dap_enc_bf_cbc_calc_decode_size(const size_t size_in)
 {
+    if(size_in <= 8) {
+        log_it(L_ERROR, "blowfish_cbc decryption size_in ct with iv must be more than 8 bytes");
+        return 0;
+    }
     return size_in - 8;
 }
 
 size_t dap_enc_bf_cbc_decrypt_fast(struct dap_enc_key *a_key, const void * a_in,
-        size_t a_in_size, void * a_out,size_t buf_out_size) {
+        size_t a_in_size, void * a_out, size_t buf_out_size) {
+    if(a_in_size - 8 > buf_out_size || a_in_size %8) {
+        log_it(L_ERROR, "blowfish_cbc fast_decryption too small buf_out_size or not 8*k");
+        return 0;
+    }
     uint8_t iv[8];
     //BF_KEY *key=a_key->priv_key_data;
 
-
     memcpy(iv, a_in, 8);
     BF_cbc_encrypt((unsigned char *)(a_in + 8), a_out, a_in_size - 8,
                    a_key->priv_key_data, iv, BF_DECRYPT);
-    size_t a_out_size = a_in_size - 8;
+
+    int bf_cbc_padding_length = *(uint8_t*)(a_out + a_in_size - 8 - 1);
+
+    size_t a_out_size = *(uint32_t*)(a_out + a_in_size - 8 - 1 - bf_cbc_padding_length - 4);
     return a_out_size;
 }
 
@@ -74,6 +101,12 @@ size_t dap_enc_bf_cbc_decrypt_fast(struct dap_enc_key *a_key, const void * a_in,
 size_t dap_enc_bf_cbc_encrypt_fast(struct dap_enc_key * a_key, const void * a_in, size_t a_in_size, void * a_out,size_t buf_out_size)
 {
     //generate iv and put it in *a_out first bytes
+    size_t a_out_size = (a_in_size + 4 + 1 + 7)/8*8 + 8;
+    if(a_out_size > buf_out_size) {
+        log_it(L_ERROR, "blowfish_cbc fast_encryption too small buf_out_size");
+        return 0;
+    }
+
     uint8_t iv[8];
     randombytes(iv, 8);
 
@@ -83,7 +116,6 @@ size_t dap_enc_bf_cbc_encrypt_fast(struct dap_enc_key * a_key, const void * a_in
     memcpy(a_out, iv, 8);
     BF_cbc_encrypt((unsigned char *)(a_in), a_out + 8, a_in_size,
                    a_key->priv_key_data, iv, BF_ENCRYPT);
-    size_t a_out_size = a_in_size + 8;
     return a_out_size;
  }
 
@@ -95,8 +127,8 @@ void dap_enc_bf_cbc_key_new(struct dap_enc_key * a_key)
     a_key->type = DAP_ENC_KEY_TYPE_BF_CBC;
     a_key->enc = dap_enc_bf_cbc_encrypt;
     a_key->dec = dap_enc_bf_cbc_decrypt;
-    a_key->enc_na = dap_enc_bf_cbc_encrypt_fast;//maybe exclude it
-    a_key->dec_na = dap_enc_bf_cbc_decrypt_fast;//maybe exclude it
+    a_key->enc_na = dap_enc_bf_cbc_encrypt_fast;
+    a_key->dec_na = dap_enc_bf_cbc_decrypt_fast;
 }
 
 void dap_enc_bf_cbc_key_generate(struct dap_enc_key * a_key, const void *kex_buf,
@@ -127,43 +159,3 @@ void dap_enc_bf_cbc_key_delete(struct dap_enc_key *a_key)
     }
     a_key->priv_key_data_size = 0;
 }
-
-#ifdef NOT_REVISED_YET
-
-
-
-
-
-
-
-// Writes result ( out ) in already allocated buffer
-size_t dap_enc_bf_cbc_decrypt_fast(struct dap_enc_key * a_key, const void * a_in, size_t a_in_size,
-        void * buf_out, size_t buf_out_size)
-{
-    OAES_CTX *ctx = get_bf_cbc_ctx(a_key);
-    if(!ctx)
-        return 0;
-
-    OAES_RET ret = bf_cbc_decrypt(ctx, a_in, a_in_size, buf_out, &buf_out_size);
-    if(ret != OAES_RET_SUCCESS) {
-        buf_out_size = 0;
-    }
-    return buf_out_size;
-}
-
-// Writes result ( out ) in already allocated buffer
-size_t dap_enc_bf_cbc_encrypt_fast(struct dap_enc_key * a_key, const void * a_in,
-        size_t a_in_size, void * buf_out, size_t buf_out_size)
-{
-    OAES_CTX *ctx = get_bf_cbc_ctx(a_key);
-    if(!ctx)
-        return 0;
-
-    OAES_RET ret = bf_cbc_encrypt(ctx, a_in, a_in_size, buf_out, &buf_out_size);
-    if(ret != OAES_RET_SUCCESS) {
-        buf_out_size = 0;
-    }
-    return buf_out_size;
-}
-
-#endif

src/rand/dap_rand.c

@@ -28,10 +28,13 @@ uint32_t random_uint32_t(const uint32_t MAX_NUMBER)
 
 int randombase64(void*random_array, unsigned int size)
 {
-    int off = size - (size*6)/8;
-    int odd_signs = size - ((size*6)/8)*8;
-    randombytes(random_array + off, (size*6)/8);
-    dap_enc_base64_encode(random_array + off, (size*6)/8,random_array,DAP_ENC_DATA_TYPE_B64);
+    int off = size - (size*8/32)*24;
+    int odd_signs = size - ((size*8/32)*24)*32;
+    if(odd_signs < size)
+    {
+        randombytes(random_array + off, (size*6)/8);
+        dap_enc_base64_encode(random_array + off, (size*6)/8,random_array,DAP_ENC_DATA_TYPE_B64);
+    }
     if(odd_signs)
     {
         uint8_t tmpv[7];

test/crypto/dap_enc_bf_cbc_test.c

@@ -8,8 +8,8 @@ static void test_encode_decode(int count_steps)
     size_t source_size = 0;
 
     for(int i = 0; i < count_steps; i++) {
-        source_size = 1 + random_uint32_t(20);
-
+        source_size = 1 + random_uint32_t(20000);
+//        printf("src_size = %d\n", source_size);fflush(stdout);
         const size_t seed_size = 16;
         uint8_t seed[seed_size];
 
@@ -21,22 +21,35 @@ static void test_encode_decode(int count_steps)
 
         dap_enc_key_t* key = dap_enc_key_new_generate(DAP_ENC_KEY_TYPE_BF_CBC, kex, kex_size, seed, seed_size, 32);
 
-        uint8_t *source = DAP_NEW_SIZE(uint8_t, source_size + 1);
+        uint8_t *source = DAP_NEW_SIZE(uint8_t, source_size+0);
+        memset(source, 0xff, source_size + 0);
+//        for(int i = 0; i < 16; ++i)
+//            printf("%.2x ", source[i]);
+//        printf("\n");fflush(stdout);
         randombase64(source, source_size);
+//        for(int i = 0; i < 16; ++i)
+//            printf("%.2x ", source[i]);
+//        printf("\n");fflush(stdout);
 
         uint8_t * buf_encrypted = NULL;
         uint8_t * buf_decrypted = NULL;
 
         size_t encrypted_size = key->enc(key, source, source_size, (void**) &buf_encrypted);
+//        for(int i = 0; i < 16; ++i)
+//            printf("%.2x ", source[i]);
+//        printf("\n");fflush(stdout);
+        //buf_encrypted[encrypted_size-1]=0;
+//        DAP_DELETE(source);
 
         size_t result_size = key->dec(key, buf_encrypted, encrypted_size, (void**) &buf_decrypted);
+ //       DAP_DELETE(source);
 
-//        printf("pt_size = %d, decr_size = %d\n", source_size, result_size);
+//        printf("pt_size = %d, decr_size = %d, encrypted_size = %d\n", source_size, result_size,encrypted_size);
 //        fflush(stdout);
 //        source[source_size] = 0;
-//        printf("pt  = %s\n", source);
+//        //printf("pt  = %s\n", source);
 //        fflush(stdout);
-//        printf("pt2 = %s\n", buf_decrypted);
+//       // printf("pt2 = %s\n", buf_decrypted);
 //        fflush(stdout);
 
         dap_assert_PIF(source_size == result_size, "Check result decode size");
@@ -44,7 +57,6 @@ static void test_encode_decode(int count_steps)
         dap_assert_PIF(memcmp(source, buf_decrypted, source_size) == 0,
                 "Check source and encode->decode data");
 
-        DAP_DELETE(source);
         free(buf_encrypted);
         free(buf_decrypted);
         dap_enc_key_delete(key);
@@ -74,15 +86,15 @@ static void test_encode_decode_fast(int count_steps)
     size_t source_size = 0;
 
     for(int i = 0; i < count_steps; i++) {
-        source_size = 1 + random_uint32_t(20);
+        source_size = 1 + random_uint32_t(2000);
 
-        uint8_t *source = DAP_NEW_SIZE(uint8_t,source_size + 1);
+        uint8_t *source = DAP_NEW_SIZE(uint8_t,source_size + 0);
         randombase64(source, source_size);
 
 
-        size_t encrypted_size = key->enc_na(key, source, source_size, buf_encrypt_out, source_size + 8);
+        size_t encrypted_size = key->enc_na(key, source, source_size, buf_encrypt_out, buf_size);
 
-        size_t result_size = key->dec_na(key, buf_encrypt_out, encrypted_size, buf_decrypt_out, encrypted_size - 8);
+        size_t result_size = key->dec_na(key, buf_encrypt_out, encrypted_size, buf_decrypt_out, buf_size);
 
 
 
@@ -113,7 +125,7 @@ void dap_enc_bf_cbc_tests_run()
     dap_print_module_name("dap_enc_bf_cbc");
     init_test_case();
 
-    test_encode_decode(50);
+    test_encode_decode(100);
     test_encode_decode_fast(100);
 
     cleanup_test_case();

test/crypto/main.c

@@ -20,6 +20,8 @@ int main(void)
 {
  // switch off debug info from library
     dap_log_level_set(L_CRITICAL);
+   //
+
     dap_enc_bf_cbc_tests_run();
     //dap_enc_ringct20_tests_run(100);
     return 0;
@@ -28,6 +30,7 @@ int main(void)
     dap_enc_dilithium_tests_run();
     dap_enc_aes_tests_run();
     dap_enc_oaes_tests_run();
+
     dap_enc_base64_tests_run();
     dap_enc_base58_tests_run();
     dap_enc_msrln_tests_run();