I'm rewriting a Perl web application in PHP, but the problem I'm running into is that some of the data in the MySQL database is encrypted using Blowfish_PP/CBC in Perl. I couldn't seem to find an implementation of it in PHP, so I started re-writing some of the code in PHP.
I'm getting reasonably close, but having a little trouble on some regular expression conversions. Namely:
my ($salt) = $$input_stream =~ /^Salted__(.{8})/s;
Where $input_stream is the encrypted data after being unpacked:
Salted__�/kW��t�}��`�
I'm not sure how to write that regex in PHP, so any help would be appreciated. I've also included the full code I'm working with in PHP below if anyone has any other ideas. It isn't complete yet, as I'm stuck on the regex above.
$pass = "VGhlIHRhZHBvbGUgc251ZmZzIGEgY2FuZGxlLiBUaGUgZ29sZGZpc2ggaG93bHMgYXQgbWlkbmlnaHQu";
$pass = base64_decode($pass);
$ciphertext = "53616c7465645f5fff2f6b57dcf974857dd7e5010b60eea";
$ciphertext = pack('H*',$ciphertext);
// Here's what I did with the regex, but pretty sure this is wrong.
$c2 = preg_split('/^Salted__(.{8})/s',$ciphertext);
$salt = $c2[1];
$ciphertext = substr($ciphertext,16,strlen($ciphertext));
$desired_len = 64; (should be keylen + ivlen, but this works)
$data = "";
$d = '';
while (strlen($data) < $desired_len) {
$d = md5($d . $pass . $salt);
$data .= $d;
}
$key = substr($data,0,56);
$iv = substr($data,56,8);
Blowfish is an old, and relatively well-known cipher. I had a hard time believing PHP didn't have a module of some kind for it so I googled it and this was the first thing to come up:
mcrypt_encrypt
PHP is not my specialty but this appears to be what you're looking for. It supports Blowfish and there are flags for setting CBC, etc.
As is my understanding, crypto functions are the sort of thing for which you should never try to "roll your own", where "you" encompasses you, me and 99.9% of everybody.