Opened 11 years ago
Closed 6 years ago
#7264 closed defect (wontfix)
Blowfish: sign extension bit issue (UTF encoding)
| Reported by: | rdunklau | Owned by: | Tom Trenka |
|---|---|---|---|
| Priority: | low | Milestone: | 2.0 |
| Component: | Dojox | Version: | 1.1.1 |
| Keywords: | Blowfish Crypto Encoding dojox.encoding.crypto reviewed | Cc: | |
| Blocked By: | Blocking: |
Description
There is a bug regarding the sign extension bit in the blowfish implementation. The current implementation doesn't take care of this case.
You can reproduce it with the attached "showBug.js" file.
The blowFish.js file contains the correction.
Basically , you have to take the charcode % 256 before encrypting :
for(var i=0; i<count; i++){
o.left=(plaintext.charCodeAt(pos) % 256)*POW24
|(plaintext.charCodeAt(pos+1) % 256)*POW16
|(plaintext.charCodeAt(pos+2) % 256)*POW8
|(plaintext.charCodeAt(pos+3) % 256);
o.right=(plaintext.charCodeAt(pos+4) % 256)*POW24
|(plaintext.charCodeAt(pos+5) % 256)*POW16
|(plaintext.charCodeAt(pos+6) % 256)*POW8
|(plaintext.charCodeAt(pos+7) % 256);
And correct the charcode after decrypting :
//convert to string
return dojo.map(pt, function(item){
if(item > 127){
item = 65536 - 256 + item;
}
return String.fromCharCode(item);
}).join(""); // string
Attachments (2)
Change History (16)
Changed 11 years ago by
| Attachment: | Blowfish.js added |
|---|
comment:1 Changed 11 years ago by
| Owner: | changed from Adam Peller to Tom Trenka |
|---|
comment:2 Changed 11 years ago by
| Milestone: | tbd → 1.3 |
|---|
comment:3 Changed 11 years ago by
| severity: | major → normal |
|---|
comment:4 Changed 11 years ago by
Does this change/patch pass the test vectors that are public domain? See the Bouncy Castle code base...
comment:5 Changed 11 years ago by
Sorry, but i did not found the test vectors. Could you tell me a bit more ? Thanks ! (And sorry again for being so late... )
comment:6 Changed 10 years ago by
| Milestone: | 1.3 → 1.4 |
|---|---|
| Status: | new → assigned |
Realizing that this fix assumes non-ASCII characters, and the original implementation (as with all of the other crypto/digest implementations) are only supporting ASCII at the moment.
Going to defer this to at least 1.4, or when we add full unicode support to all of the crypto/digest algorithms, for consistency.
comment:7 Changed 10 years ago by
| Milestone: | 1.4 → 1.5 |
|---|
Deferring to 1.5; have not had the chance to go through and implement UTF encoding for any of the digests or crypto algorithms yet.
comment:8 Changed 9 years ago by
| Milestone: | 1.5 → 1.6 |
|---|
...and again deferring this to 1.6, because of the accelerated release schedule for 1.5.
comment:9 Changed 8 years ago by
| Summary: | Bug in Blowfish → Blowfish: sign extension bit issue (UTF encoding) |
|---|
comment:10 Changed 8 years ago by
| Milestone: | 1.6 → future |
|---|
(sadly) punting seemingly abandoned ticket and meta tickets to future
comment:11 Changed 7 years ago by
| Milestone: | future → 1.8 |
|---|---|
| Priority: | high → low |
comment:12 Changed 7 years ago by
| Keywords: | reviewed added |
|---|
comment:13 Changed 7 years ago by
| Milestone: | 1.8 → 2.0 |
|---|
1.8 has been tagged; moving all outstanding tickets to next major release milestone.
comment:14 Changed 6 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | assigned → closed |
Given the age of these tickets and the small nature of them, I'm marking all as won't fix. #1395 was somewhat addressed with the implementation of SHA2 in DTK 1.8.
"Patched" BlowFish?.js file