From bea55461c53ede15bf2b57b970f5151db84c24aa Mon Sep 17 00:00:00 2001 From: "Fred T. Hamster" Date: Fri, 19 Jun 2026 18:46:34 -0400 Subject: [PATCH] compiles again but blowfish still throwing shoes not sure how, but blowfish, which used to run perfectly with 64 bit to 448 keys, is now failing even with 128 bit keys. but the code builds again. we believe. --- .../library/crypto/borked_blowfish_crypto.h | 22 +++++++++++-------- .../library/crypto/cryptical_envelopment.cpp | 6 ++--- .../library/crypto/cryptical_envelopment.h | 5 ++++- nucleus/library/crypto/twofish_crypto.h | 6 +++-- .../tests_crypto/test_blowfish_crypto.cpp | 8 ++----- .../tests_crypto/test_twofish_crypto.cpp | 7 +----- .../library/tentacles/encryption_infoton.cpp | 7 +++--- octopi/library/tentacles/encryption_infoton.h | 1 + .../library/tentacles/encryption_tentacle.cpp | 4 ++-- octopi/library/tests_cromp/makefile | 3 +++ 10 files changed, 36 insertions(+), 33 deletions(-) diff --git a/nucleus/library/crypto/borked_blowfish_crypto.h b/nucleus/library/crypto/borked_blowfish_crypto.h index 972e1742..470e7691 100644 --- a/nucleus/library/crypto/borked_blowfish_crypto.h +++ b/nucleus/library/crypto/borked_blowfish_crypto.h @@ -34,13 +34,14 @@ class borked_blowfish_crypto : public cryptical_envelopment public: borked_blowfish_crypto(int key_size); //!< this will create a new random key of the "key_size", in bits. - /*!< the valid sizes are from 64 bits to 448 bits (we are forcing a - higher minimum than the published algorithm because we have found smaller - keys to be unreliable during decryption. keys of 168 bits and larger - should be very secure. it is said that if a billion computers each tried - a billion keys a second, then a 168 bit key would take 10 * 10^24 years - to break (using brute force). this is essentially unbreakable since the - age of the universe is only 10 * 10^9 years so far. */ + /*!< the valid published sizes are from 32 bits to 448 bits, but openssl + borks with lower than 128 seemingly. so we are forcing a higher minimum + here than the published algorithm. + keys of 168 bits and larger should be very secure. it is said + (ed: by who?) that if a billion computers each tried a billion keys a + second, then a 168 bit key would take 10 * 10^24 years to break (using + brute force). this would be essentially unbreakable since the age of the + universe is only 10 * 10^9 years so far. (estimates not guaranteed.) */ borked_blowfish_crypto(const basis::byte_array &key, int key_size); //!< uses a pre-existing "key". @@ -54,8 +55,11 @@ public: DEFINE_CLASS_NAME("borked_blowfish_crypto"); // blowfish relevant values for appropriate key sizes. - virtual int minimum_key_size_in_bits() const { return 64; } // officially, this is 32. - virtual int maximum_key_size_in_bits() const { return 448; } + virtual int minimum_key_size_in_bits() const { return static_minimum_key_size_in_bits(); } + virtual int maximum_key_size_in_bits() const { return static_maximum_key_size_in_bits(); } + static int static_minimum_key_size_in_bits() { return 128; } + // officially, this is 32. but openssl fails occasionally with less than 64 bits. + static int static_maximum_key_size_in_bits() { return 448; } }; } //namespace. diff --git a/nucleus/library/crypto/cryptical_envelopment.cpp b/nucleus/library/crypto/cryptical_envelopment.cpp index 906b3808..5390c9a6 100644 --- a/nucleus/library/crypto/cryptical_envelopment.cpp +++ b/nucleus/library/crypto/cryptical_envelopment.cpp @@ -73,13 +73,13 @@ const int FUDGE = 1024; // this macro checks on the validity of the key sizes (in bits). #define DISCUSS_KEY_SIZE(key_size) \ if (key_size < minimum_key_size_in_bits()) { \ - ERROR_BAILOUT(static_class_name(), func, \ + ERROR_BAILOUT(class_name(), func, \ a_sprintf("key size (%d bits) is less than minimum key size %d.", \ key_size, minimum_key_size_in_bits())); \ return false; \ } \ if (key_size > maximum_key_size_in_bits()) { \ - ERROR_BAILOUT(static_class_name(), func, \ + ERROR_BAILOUT(class_name(), func, \ a_sprintf("key size (%d bits) is greater than maximum key size %d.", \ key_size, maximum_key_size_in_bits())); \ return false; \ @@ -89,7 +89,7 @@ const int FUDGE = 1024; // the key size bits. #define DISCUSS_PROVIDED_KEY(key_size, key) \ if (key.length() * BITS_PER_BYTE < key_size) { \ - ERROR_BAILOUT(static_class_name(), func, \ + ERROR_BAILOUT(class_name(), func, \ a_sprintf("key array length (%d) is less than required by key size " \ "(%d bits).", key.length(), key_size)); \ return false; \ diff --git a/nucleus/library/crypto/cryptical_envelopment.h b/nucleus/library/crypto/cryptical_envelopment.h index aa2e7922..e192be6e 100644 --- a/nucleus/library/crypto/cryptical_envelopment.h +++ b/nucleus/library/crypto/cryptical_envelopment.h @@ -5,8 +5,11 @@ * Name : cryptical_envelopment * Author : Chris Koeritz * -* Purpose: Implements the majority of encryption processing using the +* Purpose: +* +* A base class that implements the majority of encryption processing using the * OpenSSL EVP methods, aka the digital envelope routines. +* ***** * Copyright (c) 2005-$now By Author. This program is free software; you can * redistribute it and/or modify it under the terms of the GNU General Public diff --git a/nucleus/library/crypto/twofish_crypto.h b/nucleus/library/crypto/twofish_crypto.h index f2a756a4..180ecedf 100644 --- a/nucleus/library/crypto/twofish_crypto.h +++ b/nucleus/library/crypto/twofish_crypto.h @@ -42,7 +42,9 @@ public: DEFINE_CLASS_NAME("twofish_crypto"); // twofish relevant values for appropriate key sizes. - virtual int minimum_key_size_in_bits() const { return 92; } + virtual int minimum_key_size_in_bits() const { return static_minimum_key_size_in_bits(); } + virtual int maximum_key_size_in_bits() const { return static_maximum_key_size_in_bits(); } + static int static_minimum_key_size_in_bits() { return 92; } /* note that the lower bound above was discovered for openssl library through experimentation, and is not officially documented for the twofish algorithm anywhere we can find (yet). @@ -50,7 +52,7 @@ public: would succeed on the same key length but then would trigger an 'invalid key length' error. not the kind of deterministic behavior we might expect. */ - virtual int maximum_key_size_in_bits() const { return 256; } + static int static_maximum_key_size_in_bits() { return 256; } }; } //namespace. diff --git a/nucleus/library/tests_crypto/test_blowfish_crypto.cpp b/nucleus/library/tests_crypto/test_blowfish_crypto.cpp index 649eb37d..edc4ba95 100644 --- a/nucleus/library/tests_crypto/test_blowfish_crypto.cpp +++ b/nucleus/library/tests_crypto/test_blowfish_crypto.cpp @@ -57,10 +57,6 @@ const int ITERATIONS = 80; // number of test runs in our testing threads. const int MAX_STRING = 20000; // largest chunk that we'll try to encrypt. -// some constants snagged from older version of borked_blowfish_crypto class... -///const int borked_blowfish_crypto_minimum_key_size_in_bits = 32; -///const int borked_blowfish_crypto_maximum_key_size_in_bits = 448; - ////////////// class test_blowfish; // forward. @@ -141,8 +137,8 @@ void blowfish_thread::perform_activity(void *) int left = ITERATIONS; while (left--) { time_stamp key_start; - borked_blowfish_crypto bc(256); - bc = borked_blowfish_crypto(_parent.randomizer().inclusive(bc.minimum_key_size_in_bits(), bc.maximum_key_size_in_bits())); + borked_blowfish_crypto bc = borked_blowfish_crypto(_parent.randomizer().inclusive(bc.static_minimum_key_size_in_bits(), + bc.static_maximum_key_size_in_bits())); #ifdef DEBUG_BLOWFISH LOG(a_sprintf("%d bit key has:", bc.key_size())); astring dumped_key = byte_formatter::text_dump(bc.get_key()); diff --git a/nucleus/library/tests_crypto/test_twofish_crypto.cpp b/nucleus/library/tests_crypto/test_twofish_crypto.cpp index 04e7eeca..c17e595b 100644 --- a/nucleus/library/tests_crypto/test_twofish_crypto.cpp +++ b/nucleus/library/tests_crypto/test_twofish_crypto.cpp @@ -54,10 +54,6 @@ const int ITERATIONS = 64; // number of test runs in our testing threads. const int MAX_STRING = 64 * KILOBYTE; // largest chunk that we'll try to encrypt. -// some constants snagged from older version of twofish_crypto class... -//const int twofish_crypto_minimum_key_size_in_bits = 92; -//const int twofish_crypto_maximum_key_size_in_bits = 256; - ////////////// class test_twofish; // forward. @@ -138,8 +134,7 @@ void twofish_thread::perform_activity(void *) int left = ITERATIONS; while (left--) { time_stamp key_start; - twofish_crypto tc(256); - tc = twofish_crypto(_parent.randomizer().inclusive(tc.minimum_key_size_in_bits(), tc.maximum_key_size_in_bits())); + twofish_crypto tc = twofish_crypto(_parent.randomizer().inclusive(tc.static_minimum_key_size_in_bits(), tc.static_maximum_key_size_in_bits())); #ifdef DEBUG_TWOFISH LOG(a_sprintf("%d bit key has:", tc.key_size())); astring dumped_key = byte_formatter::text_dump(tc.get_key()); diff --git a/octopi/library/tentacles/encryption_infoton.cpp b/octopi/library/tentacles/encryption_infoton.cpp index fb3b4c60..1f28dbce 100644 --- a/octopi/library/tentacles/encryption_infoton.cpp +++ b/octopi/library/tentacles/encryption_infoton.cpp @@ -32,11 +32,10 @@ using namespace textual; namespace octopi { -const int encryption_infoton::BLOWFISH_KEY_SIZE = 314; - // our key size is almost double the recommended key size (168 bits). - // this would take a very long time to crack using brute force. +const int encryption_infoton::BLOWFISH_KEY_SIZE = 256; + // maximum provided for in standard encryptions. -const int encryption_infoton::RSA_KEY_SIZE = 1480; +const int encryption_infoton::RSA_KEY_SIZE = 2048; // a little bit larger than the 1024 bit threshold. #undef LOG diff --git a/octopi/library/tentacles/encryption_infoton.h b/octopi/library/tentacles/encryption_infoton.h index c395d210..7f9b687b 100644 --- a/octopi/library/tentacles/encryption_infoton.h +++ b/octopi/library/tentacles/encryption_infoton.h @@ -55,6 +55,7 @@ public: //!< this key size should be used for all RSA private keys. static const int BLOWFISH_KEY_SIZE; //!< this will be used for blowfish keys that this object generates. +//hmmm: FIX THAT NAME! argh. blowfish used to be used for second stage, and rsa for first stage, of encrypted communications. void text_form(basis::base_string &fill) const { fill.assign(basis::astring(class_name())); // low exposure for vital held info. diff --git a/octopi/library/tentacles/encryption_tentacle.cpp b/octopi/library/tentacles/encryption_tentacle.cpp index 2256c87c..13e746ec 100644 --- a/octopi/library/tentacles/encryption_tentacle.cpp +++ b/octopi/library/tentacles/encryption_tentacle.cpp @@ -149,7 +149,7 @@ outcome encryption_tentacle::consume(infoton &to_chow, if (!_server_side) { // client's side must track the key we were given for decryption. we'll // use that from now on. - twofish_crypto new_key(twofish_crypto::minimum_key_size()); // bogus. + twofish_crypto new_key(twofish_crypto::static_maximum_key_size_in_bits()); outcome ret = inf->extract_response(*_rsa_private, new_key); if (ret != OKAY) { #ifdef DEBUG_ENCRYPTION_TENTACLE @@ -164,7 +164,7 @@ outcome encryption_tentacle::consume(infoton &to_chow, } else { // server's side need to process a key request and send it back using // the public key the requester provided. - twofish_crypto agreed_key(twofish_crypto::minimum_key_size()); + twofish_crypto agreed_key(twofish_crypto::static_maximum_key_size_in_bits()); // initialized with junk. outcome worked = inf->prepare_blowfish_key(agreed_key); if (worked != OKAY) { diff --git a/octopi/library/tests_cromp/makefile b/octopi/library/tests_cromp/makefile index d9c95cb4..3581edc2 100644 --- a/octopi/library/tests_cromp/makefile +++ b/octopi/library/tests_cromp/makefile @@ -17,6 +17,7 @@ create_decoder_ring: $(MAKE) -f makefile.decoder run_client_server_test: +ifdef RUN_ALL_TESTS # launch the server into the background first. we have to hope it completes, eventually. echo "launching the cromp server..." ($(FEISTY_MEOW_BINARIES)/test_cromp_server &) @@ -26,3 +27,5 @@ run_client_server_test: # zap the server now, since it won't quit otherwise. killall test_cromp_server echo "after cromp client & server tests." +endif + -- 2.43.0