From 1fce8e51125fc416d12713e38d02e51fd2c8b696 Mon Sep 17 00:00:00 2001
From: Francisco Pombal <pombal.francisco@gmail.com>
Date: Sun, 15 Sep 2024 22:18:49 +0100
Subject: [PATCH] fix: Blowfish - ignore IV length in ECB mode

Fixes https://github.com/gchq/CyberChef/issues/1895.
---
 src/core/operations/BlowfishDecrypt.mjs |  4 ++--
 src/core/operations/BlowfishEncrypt.mjs |  6 +++---
 tests/operations/tests/Crypt.mjs        | 20 ++++++++++++++++----
 3 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/src/core/operations/BlowfishDecrypt.mjs b/src/core/operations/BlowfishDecrypt.mjs
index 43d6718ab6..afb260073c 100644
--- a/src/core/operations/BlowfishDecrypt.mjs
+++ b/src/core/operations/BlowfishDecrypt.mjs
@@ -76,8 +76,8 @@ class BlowfishDecrypt extends Operation {
 Blowfish's key length needs to be between 4 and 56 bytes (32-448 bits).`);
         }
 
-        if (iv.length !== 8) {
-            throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes`);
+        if (mode !== "ECB" && iv.length !== 8) {
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes.`);
         }
 
         input = Utils.convertToByteString(input, inputType);
diff --git a/src/core/operations/BlowfishEncrypt.mjs b/src/core/operations/BlowfishEncrypt.mjs
index eab3d286c5..1d5dcf0205 100644
--- a/src/core/operations/BlowfishEncrypt.mjs
+++ b/src/core/operations/BlowfishEncrypt.mjs
@@ -72,12 +72,12 @@ class BlowfishEncrypt extends Operation {
 
         if (key.length < 4 || key.length > 56) {
             throw new OperationError(`Invalid key length: ${key.length} bytes
-    
+
 Blowfish's key length needs to be between 4 and 56 bytes (32-448 bits).`);
         }
 
-        if (iv.length !== 8) {
-            throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes`);
+        if (mode !== "ECB" && iv.length !== 8) {
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes.`);
         }
 
         input = Utils.convertToByteString(input, inputType);
diff --git a/tests/operations/tests/Crypt.mjs b/tests/operations/tests/Crypt.mjs
index 69123d66e2..caaf27fcd7 100644
--- a/tests/operations/tests/Crypt.mjs
+++ b/tests/operations/tests/Crypt.mjs
@@ -1579,19 +1579,31 @@ DES uses a key length of 8 bytes (64 bits).`,
         from Crypto.Cipher import Blowfish
         import binascii
 
-        input_data = b"The quick brown fox jumps over the lazy dog."
+        # Blowfish cipher parameters - key, mode, iv, segment_size, nonce
         key = binascii.unhexlify("0011223344556677")
-        iv = binascii.unhexlify("0000000000000000")
         mode = Blowfish.MODE_CBC
+        kwargs = {}
+        iv = binascii.unhexlify("ffeeddccbbaa9988")
+        if mode in [Blowfish.MODE_CBC, Blowfish.MODE_CFB, Blowfish.MODE_OFB]:
+            kwargs = {"iv": iv}
+        if mode == Blowfish.MODE_CFB:
+            kwargs["segment_size"] = 64
+        if mode == Blowfish.MODE_CTR:
+            nonce = binascii.unhexlify("0000000000000000")
+            nonce = nonce[:7]
+            kwargs["nonce"] = nonce
+
+        cipher = Blowfish.new(key, mode, **kwargs)
 
+        # Input data and padding
+        input_data = b"The quick brown fox jumps over the lazy dog."
         if mode == Blowfish.MODE_ECB or mode == Blowfish.MODE_CBC:
             padding_len = 8-(len(input_data) & 7)
             for i in range(padding_len):
                 input_data += bytes([padding_len])
 
-        cipher = Blowfish.new(key, mode)  # set iv, nonce, segment_size etc. here
+        # Encrypted text
         cipher_text = cipher.encrypt(input_data)
-
         cipher_text = binascii.hexlify(cipher_text).decode("UTF-8")
 
         print("Encrypted: {}".format(cipher_text))