summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBakasura <bakasura@protonmail.ch>2020-07-13 18:27:27 -0500
committerGitHub <noreply@github.com>2020-07-13 16:27:27 -0700
commitc5a798beec0f24f6828cd3c43bbefd1e18a9d33a (patch)
tree3d79de60cbcaf71562bf93c8b59db926eb020671
parent2f376953f3fd7d358aa25bf29c01d70a57d40e0c (diff)
FiSHLiM: Support for CBC mode + more commands (#2347)
-rw-r--r--plugins/fishlim/fish.c455
-rw-r--r--plugins/fishlim/fish.h17
-rw-r--r--plugins/fishlim/fishlim.vcxproj.filters6
-rw-r--r--plugins/fishlim/keystore.c61
-rw-r--r--plugins/fishlim/keystore.h5
-rw-r--r--plugins/fishlim/meson.build3
-rw-r--r--plugins/fishlim/plugin_hexchat.c342
-rw-r--r--plugins/fishlim/tests/fake/keystore.c47
-rw-r--r--plugins/fishlim/tests/meson.build17
-rw-r--r--plugins/fishlim/tests/old_version/fish.c194
-rw-r--r--plugins/fishlim/tests/old_version/fish.h39
-rw-r--r--plugins/fishlim/tests/old_version/meson.build4
-rw-r--r--plugins/fishlim/tests/tests.c248
-rw-r--r--plugins/fishlim/utils.c70
-rw-r--r--plugins/fishlim/utils.h35
15 files changed, 1306 insertions, 237 deletions
diff --git a/plugins/fishlim/fish.c b/plugins/fishlim/fish.c
index 00ecfbfa..9301d5d5 100644
--- a/plugins/fishlim/fish.c
+++ b/plugins/fishlim/fish.c
@@ -1,6 +1,7 @@
 /*
 
   Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+  Copyright (c) 2019 <bakasura@protonmail.ch>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -27,15 +28,19 @@
 #define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
 #endif
 
+#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/evp.h>
 #include <openssl/blowfish.h>
+#include <openssl/rand.h>
 
 #include "keystore.h"
 #include "fish.h"
 
 #define IB 64
-static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const char fish_base64[] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
 static const signed char fish_unbase64[256] = {
     IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
     IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
@@ -53,6 +58,12 @@ static const signed char fish_unbase64[256] = {
     27,28,29,30,31,32,33,34,  35,36,37,IB,IB,IB,IB,IB,
 };
 
+/**
+ * Convert Int to 4 Bytes (Big-endian)
+ * 
+ * @param int   source
+ * @param char* dest
+ */
 #define GET_BYTES(dest, source) do { \
     *((dest)++) = ((source) >> 24) & 0xFF; \
     *((dest)++) = ((source) >> 16) & 0xFF; \
@@ -60,135 +71,387 @@ static const signed char fish_unbase64[256] = {
     *((dest)++) = (source) & 0xFF; \
 } while (0);
 
+/**
+ * Convert 4 Bytes to Int (Big-endian)
+ * 
+ * @param char* source
+ * @param int   dest
+ */
+#define GET_LONG(dest, source) do { \
+    dest = ((uint8_t)*((source)++) << 24); \
+    dest |= ((uint8_t)*((source)++) << 16); \
+    dest |= ((uint8_t)*((source)++) << 8); \
+    dest |= (uint8_t)*((source)++); \
+} while (0);
+
+
+/**
+ * Encode ECB FiSH Base64
+ *
+ * @param [in] message      Bytes to encode
+ * @param [in] message_len  Size of bytes to encode
+ * @return Array of char with encoded string
+ */
+char *fish_base64_encode(const char *message, size_t message_len) {
+    BF_LONG left = 0, right = 0;
+    int i, j;
+    char *encoded = NULL;
+    char *end = NULL;
+    char *msg = NULL;
+
+    if (message_len == 0)
+        return NULL;
+
+    /* Each 8-byte block becomes 12 bytes (fish base64 format) and add 1 byte for \0 */
+    encoded = g_malloc(((message_len - 1) / 8) * 12 + 12 + 1);
+    end = encoded;
+
+    /* Iterate over each 8-byte block (Blowfish block size) */
+    for (j = 0; j < message_len; j += 8) {
+        msg = (char *) message;
+
+        /* Set left and right longs */
+        GET_LONG(left, msg);
+        GET_LONG(right, msg);
 
-char *fish_encrypt(const char *key, size_t keylen, const char *message) {
-    BF_KEY bfkey;
-    size_t messagelen;
-    size_t i;
-    int j;
-    char *encrypted;
-    char *end;
-    unsigned char bit;
-    unsigned char word;
-    unsigned char d;
-    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
-    
-    messagelen = strlen(message);
-    if (messagelen == 0) return NULL;
-    encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
-    end = encrypted;
-     
-    while (*message) {
-        /* Read 8 bytes (a Blowfish block) */
-        BF_LONG binary[2] = { 0, 0 };
-        unsigned char c;
-        for (i = 0; i < 8; i++) {
-            c = message[i];
-            binary[i >> 2] |= c << 8*(3 - (i&3));
-            if (c == '\0') break;
+        for (i = 0; i < 6; ++i) {
+            *end++ = fish_base64[right & 0x3fu];
+            right = (right >> 6u);
         }
-        message += 8;
-        
-        /* Encrypt block */
-        BF_encrypt(binary, &bfkey);
-        
-        /* Emit FiSH-BASE64 */
-        bit = 0;
-        word = 1;
-        for (j = 0; j < 12; j++) {
-            d = fish_base64[(binary[word] >> bit) & 63];
-            *(end++) = d;
-            bit += 6;
-            if (j == 5) {
-                bit = 0;
-                word = 0;
-            }
+
+        for (i = 0; i < 6; ++i) {
+            *end++ = fish_base64[left & 0x3fu];
+            left = (left >> 6u);
         }
-        
-        /* Stop if a null terminator was found */
-        if (c == '\0') break;
+
+        /* The previous for'd ensure fill all bytes of encoded, we don't need will with zeros */
+        message += 8;
     }
+
     *end = '\0';
-    return encrypted;
+    return encoded;
 }
 
+/**
+ * Decode ECB FiSH Base64
+ *
+ * @param [in]  message    Base64 encoded string
+ * @param [out] final_len  Real length of message
+ * @return Array of char with decoded message
+ */
+char *fish_base64_decode(const char *message, size_t *final_len) {
+    BF_LONG left, right;
+    int i;
+    char *bytes = NULL;
+    char *msg = NULL;
+    char *byt = NULL;
+    size_t message_len;
 
-char *fish_decrypt(const char *key, size_t keylen, const char *data) {
-    BF_KEY bfkey;
-    size_t i;
-    char *decrypted;
-    char *end;
-    unsigned char bit;
-    unsigned char word;
-    unsigned char d;
-    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
-    
-    decrypted = g_malloc(strlen(data) + 1);
-    end = decrypted;
-    
-    while (*data) {
-        /* Convert from FiSH-BASE64 */
-        BF_LONG binary[2] = { 0, 0 };
-        bit = 0;
-        word = 1;
-        for (i = 0; i < 12; i++) {
-            d = fish_unbase64[(const unsigned char)*(data++)];
-            if (d == IB) goto decrypt_end;
-            binary[word] |= (unsigned long)d << bit;
-            bit += 6;
-            if (i == 5) {
-                bit = 0;
-                word = 0;
-            }
+    message_len = strlen(message);
+
+    /* Ensure blocks of 12 bytes each one and valid characters */
+    if (message_len == 0 || message_len % 12 != 0 || strspn(message, fish_base64) != message_len)
+        return NULL;
+
+    /* Each 12 bytes becomes 8-byte block and add 1 byte for \0 */
+    *final_len = ((message_len - 1) / 12) * 8 + 8 + 1;
+    (*final_len)--; /* We support binary data */
+    bytes = (char *) g_malloc0(*final_len);
+    byt = bytes;
+
+    msg = (char *) message;
+
+    while (*msg) {
+        right = 0;
+        left = 0;
+        for (i = 0; i < 6; i++) right |= (uint8_t) fish_unbase64[*msg++] << (i * 6u);
+        for (i = 0; i < 6; i++) left |= (uint8_t) fish_unbase64[*msg++] << (i * 6u);
+        GET_BYTES(byt, left);
+        GET_BYTES(byt, right);
+    }
+
+    return bytes;
+}
+
+/**
+ * Encrypt or decrypt data with Blowfish cipher, support binary data.
+ *
+ * Good documentation for EVP:
+ *
+ * - https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
+ *
+ * - https://stackoverflow.com/questions/5727646/what-is-the-length-parameter-of-aes-evp-decrypt
+ *
+ * - https://stackoverflow.com/questions/26345175/correct-way-to-free-allocate-the-context-in-the-openssl
+ *
+ * - https://stackoverflow.com/questions/29874150/working-with-evp-and-openssl-coding-in-c
+ *
+ * @param [in] plaintext        Bytes to encrypt or decrypt
+ * @param [in] plaintext_len    Size of plaintext
+ * @param [in] key              Bytes of key
+ * @param [in] keylen           Size of key
+ * @param [in] encode           1 or encrypt 0 for decrypt
+ * @param [in] mode             EVP_CIPH_ECB_MODE or EVP_CIPH_CBC_MODE
+ * @param [out] ciphertext_len  The bytes written
+ * @return Array of char with data encrypted or decrypted
+ */
+char *fish_cipher(const char *plaintext, size_t plaintext_len, const char *key, size_t keylen, int encode, int mode, size_t *ciphertext_len) {
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER *cipher = NULL;
+    int bytes_written = 0;
+    unsigned char *ciphertext = NULL;
+    unsigned char *iv_ciphertext = NULL;
+    unsigned char *iv = NULL;
+    size_t block_size = 0;
+
+    *ciphertext_len = 0;
+
+    if (plaintext_len == 0 || keylen == 0 || encode < 0 || encode > 1)
+        return NULL;
+
+    block_size = plaintext_len;
+
+    if (mode == EVP_CIPH_CBC_MODE) {
+        if (encode == 1) {
+            iv = (unsigned char *) g_malloc0(8);
+            RAND_bytes(iv, 8);
+        } else {
+            if (plaintext_len <= 8) /* IV + DATA */
+                return NULL;
+
+            iv = (unsigned char *) plaintext;
+            block_size -= 8;
+            plaintext += 8;
+            plaintext_len -= 8;
         }
-        
-        /* Decrypt block */
-        BF_decrypt(binary, &bfkey);
-        
-        /* Copy to buffer */
-        GET_BYTES(end, binary[0]);
-        GET_BYTES(end, binary[1]);
+
+        cipher = (EVP_CIPHER *) EVP_bf_cbc();
+    } else if (mode == EVP_CIPH_ECB_MODE) {
+        cipher = (EVP_CIPHER *) EVP_bf_ecb();
     }
-    
-  decrypt_end:
-    *end = '\0';
-    return decrypted;
+
+    /* Zero Padding */
+    if (block_size % 8 != 0) {
+        block_size = block_size + 8 - (block_size % 8);
+    }
+
+    ciphertext = (unsigned char *) g_malloc0(block_size);
+    memcpy(ciphertext, plaintext, plaintext_len);
+
+    /* Create and initialise the context */
+    if (!(ctx = EVP_CIPHER_CTX_new()))
+        return NULL;
+
+    /* Initialise the cipher operation only with mode */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, encode))
+        return NULL;
+
+    /* Set custom key length */
+    if (!EVP_CIPHER_CTX_set_key_length(ctx, keylen))
+        return NULL;
+
+    /* Finish the initiation the cipher operation */
+    if (1 != EVP_CipherInit_ex(ctx, NULL, NULL, (const unsigned char *) key, iv, encode))
+        return NULL;
+
+    /* We will manage this */
+    EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+    /* Do cipher operation */
+    if (1 != EVP_CipherUpdate(ctx, ciphertext, &bytes_written, ciphertext, block_size))
+        return NULL;
+
+    *ciphertext_len = bytes_written;
+
+    /* Finalise the cipher. Further ciphertext bytes may be written at this stage */
+    if (1 != EVP_CipherFinal_ex(ctx, ciphertext + bytes_written, &bytes_written))
+        return NULL;
+
+    *ciphertext_len += bytes_written;
+
+    /* Clean up */
+    EVP_CIPHER_CTX_free(ctx);
+
+
+    if (mode == EVP_CIPH_CBC_MODE && encode == 1) {
+        /* Join IV + DATA */
+        iv_ciphertext = g_malloc0(8 + *ciphertext_len);
+
+        memcpy(iv_ciphertext, iv, 8);
+        memcpy(&iv_ciphertext[8], ciphertext, *ciphertext_len);
+        *ciphertext_len += 8;
+
+        g_free(ciphertext);
+        g_free(iv);
+
+        return (char *) iv_ciphertext;
+    } else {
+        return (char *) ciphertext;
+    }
+}
+
+/**
+ * Return a fish or standard Base64 encoded string with data encrypted
+ * is binary safe
+ * 
+ * @param [in] key          Bytes of key
+ * @param [in] keylen       Size of key
+ * @param [in] message      Bytes to encrypt
+ * @param [in] message_len  Size of message
+ * @param [in] mode         Chiper mode
+ * @return Array of char with data encrypted
+ */
+char *fish_encrypt(const char *key, size_t keylen, const char *message, size_t message_len, enum fish_mode mode) {
+    size_t ciphertext_len = 0;
+    char *ciphertext = NULL;
+    char *b64 = NULL;
+
+    if (keylen == 0 || message_len == 0)
+        return NULL;
+
+    ciphertext = fish_cipher(message, message_len, key, keylen, 1, mode, &ciphertext_len);
+
+    if (ciphertext == NULL || ciphertext_len == 0)
+        return NULL;
+
+    switch (mode) {
+        case FISH_CBC_MODE:
+            b64 = g_base64_encode((const unsigned char *) ciphertext, ciphertext_len);
+            break;
+
+        case FISH_ECB_MODE:
+            b64 = fish_base64_encode((const char *) ciphertext, ciphertext_len);
+    }
+
+    g_free(ciphertext);
+
+    if (b64 == NULL)
+        return NULL;
+
+    return b64;
+}
+
+/**
+ * Return an array of bytes with data decrypted
+ * is binary safe
+ * 
+ * @param [in] key         Bytes of key
+ * @param [in] keylen      Size of key
+ * @param [in] data        Fish or standard Base64 encoded string
+ * @param [in] mode        Chiper mode
+ * @param [out] final_len  Length of returned array
+ * @return Array of char with data decrypted
+ */
+char *fish_decrypt(const char *key, size_t keylen, const char *data, enum fish_mode mode, size_t *final_len) {
+    size_t ciphertext_len = 0;
+    char *ciphertext = NULL;
+    char *plaintext = NULL;
+
+    *final_len = 0;
+
+    if (keylen == 0 || strlen(data) == 0)
+        return NULL;
+
+    switch (mode) {
+        case FISH_CBC_MODE:
+            if (strspn(data, base64_chars) != strlen(data))
+                return NULL;
+            ciphertext = (char *) g_base64_decode(data, &ciphertext_len);
+            break;
+
+        case FISH_ECB_MODE:
+            ciphertext = fish_base64_decode(data, &ciphertext_len);
+    }
+
+    if (ciphertext == NULL || ciphertext_len == 0)
+        return NULL;
+
+    plaintext = fish_cipher(ciphertext, ciphertext_len, key, keylen, 0, mode, final_len);
+    g_free(ciphertext);
+
+    if (*final_len == 0)
+        return NULL;
+
+    return plaintext;
+}
+
+/**
+ * Similar to fish_decrypt, but pad with zeros any after the first zero in the decrypted data
+ * 
+ * @param [in] key         Bytes of key
+ * @param [in] keylen      Size of key
+ * @param [in] data        Fish or standard Base64 encoded string
+ * @param [in] mode        Chiper mode
+ * @return Array of char with data decrypted
+ */
+char *fish_decrypt_str(const char *key, size_t keylen, const char *data, enum fish_mode mode) {
+    char *decrypted = NULL;
+    char *plaintext_str = NULL;
+    size_t decrypted_len = 0;
+
+    decrypted = fish_decrypt(key, strlen(key), data, mode, &decrypted_len);
+
+    if (decrypted == NULL || decrypted_len == 0)
+        return NULL;
+
+    plaintext_str = g_strndup(decrypted, decrypted_len);
+    g_free(decrypted);
+
+    return plaintext_str;
 }
 
 /**
  * Encrypts a message (see fish_decrypt). The key is searched for in the
  * key store.
  */
-char *fish_encrypt_for_nick(const char *nick, const char *data) {
+char *fish_encrypt_for_nick(const char *nick, const char *data, enum fish_mode *omode) {
     char *key;
-    char *encrypted;
+    char *encrypted, *encrypted_cbc = NULL;
+    enum fish_mode mode;
 
     /* Look for key */
-    key = keystore_get_key(nick);
+    key = keystore_get_key(nick, &mode);
     if (!key) return NULL;
-    
+
+    *omode = mode;
+
     /* Encrypt */
-    encrypted = fish_encrypt(key, strlen(key), data);
-    
+    encrypted = fish_encrypt(key, strlen(key), data, strlen(data), mode);
+
     g_free(key);
-    return encrypted;
+
+    if (encrypted == NULL || mode == FISH_ECB_MODE)
+        return encrypted;
+
+    /* Add '*' for CBC */
+    encrypted_cbc = g_strdup_printf("*%s",encrypted);
+    g_free(encrypted);
+
+    return encrypted_cbc;
 }
 
 /**
  * Decrypts a message (see fish_decrypt). The key is searched for in the
  * key store.
  */
-char *fish_decrypt_from_nick(const char *nick, const char *data) {
+char *fish_decrypt_from_nick(const char *nick, const char *data, enum fish_mode *omode) {
     char *key;
     char *decrypted;
+    enum fish_mode mode;
+
     /* Look for key */
-    key = keystore_get_key(nick);
+    key = keystore_get_key(nick, &mode);
     if (!key) return NULL;
-    
+
+    *omode = mode;
+
+    if (mode == FISH_CBC_MODE)
+        ++data;
+
     /* Decrypt */
-    decrypted = fish_decrypt(key, strlen(key), data);
-    
+    decrypted = fish_decrypt_str(key, strlen(key), data, mode);
     g_free(key);
+
     return decrypted;
 }
 
diff --git a/plugins/fishlim/fish.h b/plugins/fishlim/fish.h
index 238f52e7..daf17acf 100644
--- a/plugins/fishlim/fish.h
+++ b/plugins/fishlim/fish.h
@@ -1,6 +1,7 @@
 /*
 
   Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+  Copyright (c) 2019 <bakasura@protonmail.ch>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -29,10 +30,18 @@
 
 #include <glib.h>
 
-char *fish_encrypt(const char *key, size_t keylen, const char *message);
-char *fish_decrypt(const char *key, size_t keylen, const char *data);
-char *fish_encrypt_for_nick(const char *nick, const char *data);
-char *fish_decrypt_from_nick(const char *nick, const char *data);
+enum fish_mode {
+  FISH_ECB_MODE = 0x1,
+  FISH_CBC_MODE = 0x2
+};
+
+char *fish_base64_encode(const char *message, size_t message_len);
+char *fish_base64_decode(const char *message, size_t *final_len);
+char *fish_encrypt(const char *key, size_t keylen, const char *message, size_t message_len, enum fish_mode mode);
+char *fish_decrypt(const char *key, size_t keylen, const char *data, enum fish_mode mode, size_t *final_len);
+char *fish_decrypt_str(const char *key, size_t keylen, const char *data, enum fish_mode mode);
+char *fish_encrypt_for_nick(const char *nick, const char *data, enum fish_mode *omode);
+char *fish_decrypt_from_nick(const char *nick, const char *data, enum fish_mode *omode);
 
 #endif
 
diff --git a/plugins/fishlim/fishlim.vcxproj.filters b/plugins/fishlim/fishlim.vcxproj.filters
index d8fbf454..09649ec9 100644
--- a/plugins/fishlim/fishlim.vcxproj.filters
+++ b/plugins/fishlim/fishlim.vcxproj.filters
@@ -23,6 +23,9 @@
     <ClInclude Include="bool.h">

       <Filter>Header Files</Filter>

     </ClInclude>

+    <ClInclude Include="dh1080.h">

+      <Filter>Header Files</Filter>

+    </ClInclude>

     <ClInclude Include="fish.h">

       <Filter>Header Files</Filter>

     </ClInclude>

@@ -37,6 +40,9 @@
     </ClInclude>

   </ItemGroup>

   <ItemGroup>

+    <ClCompile Include="dh1080.c">

+      <Filter>Source Files</Filter>

+    </ClCompile>

     <ClCompile Include="fish.c">

       <Filter>Source Files</Filter>

     </ClCompile>

diff --git a/plugins/fishlim/keystore.c b/plugins/fishlim/keystore.c
index 061faa03..adefc700 100644
--- a/plugins/fishlim/keystore.c
+++ b/plugins/fishlim/keystore.c
@@ -103,27 +103,55 @@ static gchar *get_nick_value(GKeyFile *keyfile, const char *nick, const char *it
 /**
  * Extracts a key from the key store file.
  */
-char *keystore_get_key(const char *nick) {
+char *keystore_get_key(const char *nick, enum fish_mode *mode) {
+    GKeyFile *keyfile;
+    char *escaped_nick;
+    gchar *value, *key_mode;
+    int encrypted_mode;
+    char *password;
+    char *encrypted;
+    char *decrypted;
+
     /* Get the key */
-    GKeyFile *keyfile = getConfigFile();
-    char *escaped_nick = escape_nickname(nick);
-    gchar *value = get_nick_value(keyfile, escaped_nick, "key");
+    keyfile = getConfigFile();
+    escaped_nick = escape_nickname(nick);
+    value = get_nick_value(keyfile, escaped_nick, "key");
+    key_mode = get_nick_value(keyfile, escaped_nick, "mode");
     g_key_file_free(keyfile);
     g_free(escaped_nick);
 
+    /* Determine cipher mode */
+    *mode = FISH_ECB_MODE;
+    if (key_mode) {
+        if (*key_mode == '1')
+            *mode = FISH_ECB_MODE;
+        else if (*key_mode == '2')
+            *mode = FISH_CBC_MODE;
+        g_free(key_mode);
+    }
+
     if (!value)
         return NULL;
-    
-    if (strncmp(value, "+OK ", 4) != 0) {
-        /* Key is stored in plaintext */
-        return value;
-    } else {
+
+    if (strncmp(value, "+OK ", 4) == 0) {
         /* Key is encrypted */
-        const char *encrypted = value+4;
-        const char *password = get_keystore_password();
-        char *decrypted = fish_decrypt(password, strlen(password), encrypted);
+        encrypted = (char *) value;
+        encrypted += 4;
+
+        encrypted_mode = FISH_ECB_MODE;
+
+        if (*encrypted == '*') {
+            ++encrypted;
+            encrypted_mode = FISH_CBC_MODE;
+        }
+
+        password = (char *) get_keystore_password();
+        decrypted = fish_decrypt_str((const char *) password, strlen(password), (const char *) encrypted, encrypted_mode);
         g_free(value);
         return decrypted;
+    } else {
+        /* Key is stored in plaintext */
+        return value;
     }
 }
 
@@ -189,7 +217,7 @@ G_GNUC_END_IGNORE_DEPRECATIONS
 /**
  * Sets a key in the key store file.
  */
-gboolean keystore_store_key(const char *nick, const char *key) {
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
     const char *password;
     char *encrypted;
     char *wrapped;
@@ -204,11 +232,11 @@ gboolean keystore_store_key(const char *nick, const char *key) {
     password = get_keystore_password();
     if (password) {
         /* Encrypt the password */
-        encrypted = fish_encrypt(password, strlen(password), key);
+        encrypted = fish_encrypt(password, strlen(password), key, strlen(key), FISH_CBC_MODE);
         if (!encrypted) goto end;
         
         /* Prepend "+OK " */
-        wrapped = g_strconcat("+OK ", encrypted, NULL);
+        wrapped = g_strconcat("+OK *", encrypted, NULL);
         g_free(encrypted);
         
         /* Store encrypted in file */
@@ -218,6 +246,9 @@ gboolean keystore_store_key(const char *nick, const char *key) {
         /* Store unencrypted in file */
         g_key_file_set_string(keyfile, escaped_nick, "key", key);
     }
+
+    /* Store cipher mode */
+    g_key_file_set_integer(keyfile, escaped_nick, "mode", mode);
     
     /* Save key store file */
     ok = save_keystore(keyfile);
diff --git a/plugins/fishlim/keystore.h b/plugins/fishlim/keystore.h
index 3d90606a..4af46693 100644
--- a/plugins/fishlim/keystore.h
+++ b/plugins/fishlim/keystore.h
@@ -28,9 +28,10 @@
 #include <stddef.h>
 
 #include <glib.h>
+#include "fish.h"
 
-char *keystore_get_key(const char *nick);
-gboolean keystore_store_key(const char *nick, const char *key);
+char *keystore_get_key(const char *nick, enum fish_mode *mode);
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode);
 gboolean keystore_delete_nick(const char *nick);
 
 #endif
diff --git a/plugins/fishlim/meson.build b/plugins/fishlim/meson.build
index 894923aa..06cf5f9a 100644
--- a/plugins/fishlim/meson.build
+++ b/plugins/fishlim/meson.build
@@ -2,6 +2,9 @@ if not libssl_dep.found()
   error('fish plugin requires openssl')
 endif
 
+# Run tests
+subdir('tests')
+
 fishlim_sources = [
   'dh1080.c',
   'fish.c',
diff --git a/plugins/fishlim/plugin_hexchat.c b/plugins/fishlim/plugin_hexchat.c
index 3eaad986..ddb692da 100644
--- a/plugins/fishlim/plugin_hexchat.c
+++ b/plugins/fishlim/plugin_hexchat.c
@@ -2,6 +2,7 @@
 
   Copyright (c) 2010-2011 Samuel Lidén Borell <samuel@kodafritt.se>
   Copyright (c) 2015 <the.cypher@gmail.com>
+  Copyright (c) 2019 <bakasura@protonmail.ch>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -30,19 +31,20 @@
 #include <string.h>
 
 #include "hexchat-plugin.h"
-#define HEXCHAT_MAX_WORDS 32
 
 #include "fish.h"
 #include "dh1080.h"
 #include "keystore.h"
 #include "irc.h"
 
+static const char *fish_modes[] = {"", "ECB", "CBC", NULL};
+
 static const char plugin_name[] = "FiSHLiM";
 static const char plugin_desc[] = "Encryption plugin for the FiSH protocol. Less is More!";
-static const char plugin_version[] = "0.1.0";
+static const char plugin_version[] = "1.0.0";
 
-static const char usage_setkey[] = "Usage: SETKEY [<nick or #channel>] <password>, sets the key for a channel or nick";
-static const char usage_delkey[] = "Usage: DELKEY <nick or #channel>, deletes the key for a channel or nick";
+static const char usage_setkey[] = "Usage: SETKEY [<nick or #channel>] [<mode>:]<password>, sets the key for a channel or nick. Modes: ECB, CBC";
+static const char usage_delkey[] = "Usage: DELKEY [<nick or #channel>], deletes the key for a channel or nick";
 static const char usage_keyx[] = "Usage: KEYX [<nick>], performs DH1080 key-exchange with <nick>";
 static const char usage_topic[] = "Usage: TOPIC+ <topic>, sets a new encrypted topic for the current channel";
 static const char usage_notice[] = "Usage: NOTICE+ <nick or #channel> <notice>";
@@ -54,6 +56,13 @@ static GHashTable *pending_exchanges;
 
 
 /**
+ * Compare two nicks using the current plugin
+ */
+int irc_nick_cmp(const char *a, const char *b) {
+    return hexchat_nickcmp (ph, a, b);
+}
+
+/**
  * Returns the path to the key store file.
  */
 gchar *get_config_filename(void) {
@@ -88,7 +97,7 @@ static hexchat_context *find_context_on_network (const char *name) {
         int chan_id = hexchat_list_int(ph, channels, "id");
         const char *chan_name = hexchat_list_str(ph, channels, "channel");
 
-        if (chan_id == id && chan_name && hexchat_nickcmp (ph, chan_name, name) == 0) {
+        if (chan_id == id && chan_name && irc_nick_cmp (chan_name, name) == 0) {
             ret = (hexchat_context*)hexchat_list_str(ph, channels, "context");
             break;
         }
@@ -98,8 +107,109 @@ static hexchat_context *find_context_on_network (const char *name) {
     return ret;
 }
 
-int irc_nick_cmp(const char *a, const char *b) {
-	return hexchat_nickcmp (ph, a, b);
+/**
+ * Retrive the prefix character for own nick in current context
+ * @return @ or + or NULL
+ */
+char *get_my_own_prefix(void) {
+    char *result = NULL;
+    const char *own_nick;
+    hexchat_list *list;
+
+    /* Display message */
+    own_nick = hexchat_get_info(ph, "nick");
+
+    if (!own_nick)
+        return NULL;
+
+    /* Get prefix for own nick if any */
+    list = hexchat_list_get (ph, "users");
+    if (list) {
+        while (hexchat_list_next(ph, list)) {
+            if (irc_nick_cmp(own_nick, hexchat_list_str(ph, list, "nick")) == 0)
+                result = g_strdup(hexchat_list_str(ph, list, "prefix"));
+        }
+        hexchat_list_free(ph, list);
+    }
+
+    return result;
+}
+
+/**
+ * Try to decrypt the first occurrence of fish message
+ * 
+ * @param message  Message to decrypt
+ * @param key     Key of message
+ * @return Array of char with decrypted message or NULL. The returned string 
+ * should be freed with g_free() when no longer needed.
+ */
+char *decrypt_raw_message(const char *message, const char *key) {
+    const char *prefixes[] = {"+OK ", "mcps ", NULL};
+    char *start = NULL, *end = NULL;
+    char *left = NULL, *right = NULL;
+    char *encrypted = NULL, *decrypted = NULL;
+    int length = 0;
+    int index_prefix;
+    enum fish_mode mode;
+    GString *message_decrypted;
+    char *result = NULL;
+
+    if (message == NULL || key == NULL)
+        return NULL;
+
+    for (index_prefix = 0; index_prefix < 2; index_prefix++) {
+        start = g_strstr_len(message, strlen(message), prefixes[index_prefix]);
+        if (start) {
+            /* Length ALWAYS will be less that original message
+             * add '[CBC] ' length */
+            message_decrypted = g_string_sized_new(strlen(message) + 6);
+
+            /* Left part of message */
+            left = g_strndup(message, start - message);
+            g_string_append(message_decrypted, left);
+            g_free(left);
+
+            /* Encrypted part */
+            start += strlen(prefixes[index_prefix]);
+            end = g_strstr_len(start, strlen(message), " ");
+            if (end) {
+                length = end - start;
+                right = end;
+            }
+
+            if (length > 0) {
+                encrypted = g_strndup(start, length);
+            } else {
+                encrypted = g_strdup(start);
+            }
+            decrypted = fish_decrypt_from_nick(key, encrypted, &mode);
+            g_free(encrypted);
+
+            if (decrypted == NULL) {
+                g_string_free(message_decrypted, TRUE);
+                return NULL;
+            }
+
+            /* Add encrypted flag */
+            g_string_append(message_decrypted, "[");
+            g_string_append(message_decrypted, fish_modes[mode]);
+            g_string_append(message_decrypted, "] ");
+            /* Decrypted message */
+            g_string_append(message_decrypted, decrypted);
+            g_free(decrypted);
+
+            /* Right part of message */
+            if (right) {
+                g_string_append(message_decrypted, right);
+            }
+
+            result = message_decrypted->str;
+            g_string_free(message_decrypted, FALSE);
+            return result;
+        }
+    }
+
+    return NULL;
 }
 
 /*static int handle_debug(char *word[], char *word_eol[], void *userdata) {
@@ -115,15 +225,24 @@ int irc_nick_cmp(const char *a, const char *b) {
  * Called when a message is to be sent.
  */
 static int handle_outgoing(char *word[], char *word_eol[], void *userdata) {
-    const char *own_nick;
+    char *prefix;
+    enum fish_mode mode;
+    char *message;
     /* Encrypt the message if possible */
     const char *channel = hexchat_get_info(ph, "channel");
-    char *encrypted = fish_encrypt_for_nick(channel, word_eol[1]);
+    char *encrypted = fish_encrypt_for_nick(channel, word_eol[1], &mode);
     if (!encrypted) return HEXCHAT_EAT_NONE;
     
+    /* Get prefix for own nick if any */
+    prefix = get_my_own_prefix();
+
+    /* Add encrypted flag */
+    message = g_strconcat("[", fish_modes[mode], "] ", word_eol[1], NULL);
+
     /* Display message */
-    own_nick = hexchat_get_info(ph, "nick");
-    hexchat_emit_print(ph, "Your Message", own_nick, word_eol[1], NULL);
+    hexchat_emit_print(ph, "Your Message", hexchat_get_info(ph, "nick"), message, prefix, NULL);
+    g_free(prefix);
+    g_free(message);
     
     /* Send message */
     hexchat_commandf(ph, "PRIVMSG %s :+OK %s", channel, encrypted);
@@ -139,96 +258,59 @@ static int handle_incoming(char *word[], char *word_eol[], hexchat_event_attrs *
     const char *prefix;
     const char *command;
     const char *recipient;
-    const char *encrypted;
-    const char *peice;
+    const char *raw_message = word_eol[1];
     char *sender_nick;
     char *decrypted;
-    size_t w;
-    size_t ew;
-    size_t uw;
-    char prefix_char = 0;
+    size_t parameters_offset;
     GString *message;
 
-    if (!irc_parse_message((const char **)word, &prefix, &command, &w))
+    if (!irc_parse_message((const char **)word, &prefix, &command, &parameters_offset))
         return HEXCHAT_EAT_NONE;
-    
+
     /* Topic (command 332) has an extra parameter */
-    if (!strcmp(command, "332")) w++;
-    
-    /* Look for encrypted data */
-    for (ew = w+1; ew < HEXCHAT_MAX_WORDS-1; ew++) {
-        const char *s = (ew == w+1 ? word[ew]+1 : word[ew]);
-        if (*s && (s[1] == '+' || s[1] == 'm')) { prefix_char = *(s++); }
-        else { prefix_char = 0; }
-        if (strcmp(s, "+OK") == 0 || strcmp(s, "mcps") == 0) goto has_encrypted_data;
+    if (!strcmp(command, "332"))
+        parameters_offset++;
+
+    /* Extract sender nick and recipient nick/channel and try to decrypt */
+    recipient = word[parameters_offset];
+    decrypted = decrypt_raw_message(raw_message, recipient);
+    if (decrypted == NULL) {
+        sender_nick = irc_prefix_get_nick(prefix);
+        decrypted = decrypt_raw_message(raw_message, sender_nick);
+        g_free(sender_nick);
     }
-    return HEXCHAT_EAT_NONE;
-  has_encrypted_data: ;
-    /* Extract sender nick and recipient nick/channel */
-    sender_nick = irc_prefix_get_nick(prefix);
-    recipient = word[w];
-    
-    /* Try to decrypt with these (the keys are searched for in the key store) */
-    encrypted = word[ew+1];
-    decrypted = fish_decrypt_from_nick(recipient, encrypted);
-    if (!decrypted) decrypted = fish_decrypt_from_nick(sender_nick, encrypted);
-    
-    /* Check for error */
-    if (!decrypted) goto decrypt_error;
-    
-    /* Build unecrypted message */
-    message = g_string_sized_new (100); /* TODO: more accurate estimation of size */
-    g_string_append (message, "RECV");
+
+    /* Nothing to decrypt */
+    if (decrypted == NULL)
+        return HEXCHAT_EAT_NONE;
+
+    /* Build decrypted message */
+
+    /* decrypted + 'RECV ' + '@time=YYYY-MM-DDTHH:MM:SS.fffffZ ' */
+    message = g_string_sized_new (strlen(decrypted) + 5 + 33);
+    g_string_append (message, "RECV ");
 
     if (attrs->server_time_utc)
     {
         GTimeVal tv = { (glong)attrs->server_time_utc, 0 };
         char *timestamp = g_time_val_to_iso8601 (&tv);
 
-       g_string_append (message, " @time=");
+       g_string_append (message, "@time=");
        g_string_append (message, timestamp);
+       g_string_append (message, " ");
        g_free (timestamp);
     }
 
-    for (uw = 1; uw < HEXCHAT_MAX_WORDS; uw++) {
-        if (word[uw][0] != '\0')
-            g_string_append_c (message, ' ');
-        
-        if (uw == ew) {
-            /* Add the encrypted data */
-            peice = decrypted;
-            uw++; /* Skip "OK+" */
-            
-            if (ew == w+1) {
-                /* Prefix with colon, which gets stripped out otherwise */
-                g_string_append_c (message, ':');
-            }
-
-            if (prefix_char) {
-                g_string_append_c (message, prefix_char);
-            }
-
-        } else {
-            /* Add unencrypted data (for example, a prefix from a bouncer or bot) */
-            peice = word[uw];
-        }
-
-        g_string_append (message, peice);
-    }
+    g_string_append (message, decrypted);
     g_free(decrypted);
 
-    /* Simulate unencrypted message */
-    /* hexchat_printf(ph, "simulating: %s\n", message->str); */
+    /* Fake server message
+     * RECV command will throw this function again, if message have multiple
+     * encrypted data, we will decrypt all */
     hexchat_command(ph, message->str);
-
     g_string_free (message, TRUE);
-    g_free(sender_nick);
-    return HEXCHAT_EAT_HEXCHAT;
 
-  decrypt_error:
-    g_free(decrypted);
-    g_free(sender_nick);
-    return HEXCHAT_EAT_NONE;
+    return HEXCHAT_EAT_HEXCHAT;
 }
 
 static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) {
@@ -236,8 +318,8 @@ static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) {
     const char *dh_pubkey = word[5];
     hexchat_context *query_ctx;
     const char *prefix;
-    gboolean cbc;
     char *sender, *secret_key, *priv_key = NULL;
+    enum fish_mode mode = FISH_ECB_MODE;
 
     if (!*dh_message || !*dh_pubkey || strlen(dh_pubkey) != 181)
         return HEXCHAT_EAT_NONE;
@@ -248,25 +330,21 @@ static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) {
     sender = irc_prefix_get_nick(prefix);
     query_ctx = find_context_on_network(sender);
     if (query_ctx)
-        hexchat_set_context(ph, query_ctx);
+        g_assert(hexchat_set_context(ph, query_ctx) == 1);
 
     dh_message++; /* : prefix */
     if (*dh_message == '+' || *dh_message == '-')
         dh_message++; /* identify-msg */
 
-    cbc = g_strcmp0 (word[6], "CBC") == 0;
+    if (g_strcmp0 (word[6], "CBC") == 0)
+        mode = FISH_CBC_MODE;
 
     if (!strcmp(dh_message, "DH1080_INIT")) {
         char *pub_key;
 
-        if (cbc) {
-            hexchat_print(ph, "Received key exchange for CBC mode which is not supported.");
-            goto cleanup;
-        }
-
-        hexchat_printf(ph, "Received public key from %s, sending mine...", sender);
+        hexchat_printf(ph, "Received public key from %s (%s), sending mine...", sender, fish_modes[mode]);
         if (dh1080_generate_key(&priv_key, &pub_key)) {
-            hexchat_commandf(ph, "quote NOTICE %s :DH1080_FINISH %s", sender, pub_key);
+            hexchat_commandf(ph, "quote NOTICE %s :DH1080_FINISH %s%s", sender, pub_key, (mode == FISH_CBC_MODE) ? " CBC" : "");
             g_free(pub_key);
         } else {
             hexchat_print(ph, "Failed to generate keys");
@@ -279,11 +357,6 @@ static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) {
         g_hash_table_steal(pending_exchanges, sender_lower);
         g_free(sender_lower);
 
-        if (cbc) {
-            hexchat_print(ph, "Received key exchange for CBC mode which is not supported.");
-            goto cleanup;
-        }
-
         if (!priv_key) {
             hexchat_printf(ph, "Received a key exchange response for unknown user: %s", sender);
             goto cleanup;
@@ -295,8 +368,8 @@ static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) {
     }
 
     if (dh1080_compute_key(priv_key, dh_pubkey, &secret_key)) {
-        keystore_store_key(sender, secret_key);
-        hexchat_printf(ph, "Stored new key for %s", sender);
+        keystore_store_key(sender, secret_key, mode);
+        hexchat_printf(ph, "Stored new key for %s (%s)", sender, fish_modes[mode]);
         g_free(secret_key);
     } else {
         hexchat_print(ph, "Failed to create secret key!");
@@ -314,6 +387,7 @@ cleanup:
 static int handle_setkey(char *word[], char *word_eol[], void *userdata) {
     const char *nick;
     const char *key;
+    enum fish_mode mode;
 
     /* Check syntax */
     if (*word[2] == '\0') {
@@ -331,9 +405,17 @@ static int handle_setkey(char *word[], char *word_eol[], void *userdata) {
         key = word_eol[3];
     }
 
+    mode = FISH_ECB_MODE;
+    if (g_ascii_strncasecmp("cbc:", key, 4) == 0) {
+        key = key+4;
+        mode = FISH_CBC_MODE;
+    } else if (g_ascii_strncasecmp("ecb:", key, 4) == 0) {
+        key = key+4;
+    }
+
     /* Set password */
-    if (keystore_store_key(nick, key)) {
-        hexchat_printf(ph, "Stored key for %s\n", nick);
+    if (keystore_store_key(nick, key, mode)) {
+        hexchat_printf(ph, "Stored key for %s (%s)\n", nick, fish_modes[mode]);
     } else {
         hexchat_printf(ph, "\00305Failed to store key in addon_fishlim.conf\n");
     }
@@ -345,22 +427,30 @@ static int handle_setkey(char *word[], char *word_eol[], void *userdata) {
  * Command handler for /delkey
  */
 static int handle_delkey(char *word[], char *word_eol[], void *userdata) {
-    const char *nick;
+    char *nick = NULL;
+    int ctx_type = 0;
+
+    /* Delete key from input */
+    if (*word[2] != '\0') {
+        nick = g_strstrip(g_strdup(word_eol[2]));
+    } else { /* Delete key from current context */
+        nick = g_strdup(hexchat_get_info(ph, "channel"));
+        ctx_type = hexchat_list_int(ph, NULL, "type");
 
-    /* Check syntax */
-    if (*word[2] == '\0' || *word[3] != '\0') {
-        hexchat_printf(ph, "%s\n", usage_delkey);
-        return HEXCHAT_EAT_HEXCHAT;
+        /* Only allow channel or dialog */
+        if (ctx_type < 2 || ctx_type > 3) {
+            hexchat_printf(ph, "%s\n", usage_delkey);
+            return HEXCHAT_EAT_HEXCHAT;
+        }
     }
 
-    nick = g_strstrip (word_eol[2]);
-
     /* Delete the given nick from the key store */
     if (keystore_delete_nick(nick)) {
         hexchat_printf(ph, "Deleted key for %s\n", nick);
     } else {
         hexchat_printf(ph, "\00305Failed to delete key in addon_fishlim.conf!\n");
     }
+    g_free(nick);
 
     return HEXCHAT_EAT_HEXCHAT;
 }
@@ -379,7 +469,7 @@ static int handle_keyx(char *word[], char *word_eol[], void *userdata) {
     }
 
     if (query_ctx) {
-        hexchat_set_context(ph, query_ctx);
+        g_assert(hexchat_set_context(ph, query_ctx) == 1);
         ctx_type = hexchat_list_int(ph, NULL, "type");
     }
 
@@ -391,8 +481,8 @@ static int handle_keyx(char *word[], char *word_eol[], void *userdata) {
     if (dh1080_generate_key(&priv_key, &pub_key)) {
         g_hash_table_replace (pending_exchanges, g_ascii_strdown(target, -1), priv_key);
 
-        hexchat_commandf(ph, "quote NOTICE %s :DH1080_INIT %s", target, pub_key);
-        hexchat_printf(ph, "Sent public key to %s, waiting for reply...", target);
+        hexchat_commandf(ph, "quote NOTICE %s :DH1080_INIT %s CBC", target, pub_key);
+        hexchat_printf(ph, "Sent public key to %s (CBC), waiting for reply...", target);
 
         g_free(pub_key);
     } else {
@@ -409,6 +499,7 @@ static int handle_crypt_topic(char *word[], char *word_eol[], void *userdata) {
     const char *target;
     const char *topic = word_eol[2];
     char *buf;
+    enum fish_mode mode;
 
     if (!*topic) {
         hexchat_print(ph, usage_topic);
@@ -421,7 +512,7 @@ static int handle_crypt_topic(char *word[], char *word_eol[], void *userdata) {
     }
 
     target = hexchat_get_info(ph, "channel");
-    buf = fish_encrypt_for_nick(target, topic);
+    buf = fish_encrypt_for_nick(target, topic, &mode);
     if (buf == NULL) {
         hexchat_printf(ph, "/topic+ error, no key found for %s", target);
         return HEXCHAT_EAT_ALL;
@@ -439,21 +530,25 @@ static int handle_crypt_notice(char *word[], char *word_eol[], void *userdata)
 {
     const char *target = word[2];
     const char *notice = word_eol[3];
+    char *notice_flag;
     char *buf;
+    enum fish_mode mode;
 
     if (!*target || !*notice) {
         hexchat_print(ph, usage_notice);
         return HEXCHAT_EAT_ALL;
     }
 
-    buf = fish_encrypt_for_nick(target, notice);
+    buf = fish_encrypt_for_nick(target, notice, &mode);
     if (buf == NULL) {
         hexchat_printf(ph, "/notice+ error, no key found for %s.", target);
         return HEXCHAT_EAT_ALL;
     }
 
     hexchat_commandf(ph, "quote NOTICE %s :+OK %s", target, buf);
-    hexchat_emit_print(ph, "Notice Sent", target, notice);
+    notice_flag = g_strconcat("[", fish_modes[mode], "] ", notice, NULL);
+    hexchat_emit_print(ph, "Notice Send", target, notice_flag);
+    g_free(notice_flag);
     g_free(buf);
 
     return HEXCHAT_EAT_ALL;
@@ -462,19 +557,21 @@ static int handle_crypt_notice(char *word[], char *word_eol[], void *userdata)
 /**
  * Command handler for /msg+
  */
-static int handle_crypt_msg(char *word[], char *word_eol[], void *userdata)
-{
+static int handle_crypt_msg(char *word[], char *word_eol[], void *userdata) {
     const char *target = word[2];
     const char *message = word_eol[3];
+    char *message_flag;
+    char *prefix;
     hexchat_context *query_ctx;
     char *buf;
+    enum fish_mode mode;
 
     if (!*target || !*message) {
         hexchat_print(ph, usage_msg);
         return HEXCHAT_EAT_ALL;
     }
 
-    buf = fish_encrypt_for_nick(target, message);
+    buf = fish_encrypt_for_nick(target, message, &mode);
     if (buf == NULL) {
         hexchat_printf(ph, "/msg+ error, no key found for %s", target);
         return HEXCHAT_EAT_ALL;
@@ -484,13 +581,17 @@ static int handle_crypt_msg(char *word[], char *word_eol[], void *userdata)
 
     query_ctx = find_context_on_network(target);
     if (query_ctx) {
-	    hexchat_set_context(ph, query_ctx);
+        g_assert(hexchat_set_context(ph, query_ctx) == 1);
+
+        prefix = get_my_own_prefix();
 
-        /* FIXME: Mode char */
+        /* Add encrypted flag */
+        message_flag = g_strconcat("[", fish_modes[mode], "] ", message, NULL);
         hexchat_emit_print(ph, "Your Message", hexchat_get_info(ph, "nick"),
-                           message, "", "");
-    }
-    else {
+                           message_flag, prefix, NULL);
+        g_free(prefix);
+        g_free(message_flag);
+    } else {
         hexchat_emit_print(ph, "Message Send", target, message);
     }
 
@@ -501,8 +602,9 @@ static int handle_crypt_msg(char *word[], char *word_eol[], void *userdata)
 static int handle_crypt_me(char *word[], char *word_eol[], void *userdata) {
 	const char *channel = hexchat_get_info(ph, "channel");
 	char *buf;
+	enum fish_mode mode;
 
-    buf = fish_encrypt_for_nick(channel, word_eol[2]);
+    buf = fish_encrypt_for_nick(channel, word_eol[2], &mode);
 	if (!buf)
         return HEXCHAT_EAT_NONE;
 
diff --git a/plugins/fishlim/tests/fake/keystore.c b/plugins/fishlim/tests/fake/keystore.c
new file mode 100644
index 00000000..855b3451
--- /dev/null
+++ b/plugins/fishlim/tests/fake/keystore.c
@@ -0,0 +1,47 @@
+/*
+
+  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#include "../../fish.h"
+
+
+/**
+ * Extracts a key from the key store file.
+ */
+char *keystore_get_key(const char *nick, enum fish_mode *mode) {
+    return NULL;
+}
+
+/**
+ * Sets a key in the key store file.
+ */
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
+    return NULL;
+}
+
+/**
+ * Deletes a nick from the key store.
+ */
+gboolean keystore_delete_nick(const char *nick) {
+    return NULL;
+}
diff --git a/plugins/fishlim/tests/meson.build b/plugins/fishlim/tests/meson.build
new file mode 100644
index 00000000..3b75018e
--- /dev/null
+++ b/plugins/fishlim/tests/meson.build
@@ -0,0 +1,17 @@
+subdir('old_version')
+
+fishlim_test_sources = [
+  'tests.c',
+  'fake/keystore.c',
+  '../fish.c',
+  '../utils.c',
+]
+
+fishlim_tests = executable('fishlim_tests', fishlim_test_sources,
+  dependencies: [libgio_dep, libssl_dep],
+  link_with : fishlim_old_lib
+)
+
+test('Fishlim Tests', fishlim_tests,
+  timeout: 90
+)
diff --git a/plugins/fishlim/tests/old_version/fish.c b/plugins/fishlim/tests/old_version/fish.c
new file mode 100644
index 00000000..ff0b8fea
--- /dev/null
+++ b/plugins/fishlim/tests/old_version/fish.c
@@ -0,0 +1,194 @@
+/*
+
+  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#ifdef __APPLE__
+#define __AVAILABILITYMACROS__
+#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+
+#include "fish.h"
+
+#define IB 64
+static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const signed char fish_unbase64[256] = {
+    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
+    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
+/*      !  "  #  $  %  &  '  (    )  *  +  ,  -  .  / */
+    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB, 0, 1,
+/*   0  1  2  3  4  5  6  7    8  9  :  ;  <  =  >  ? */
+     2, 3, 4, 5, 6, 7, 8, 9,  10,11,IB,IB,IB,IB,IB,IB,
+/*   @  A  B  C  D  E  F  G    H  I  J  K  L  M  N  O */
+    IB,38,39,40,41,42,43,44,  45,46,47,48,49,50,51,52,
+/*   P  Q  R  S  T  U  V  W    X  Y  Z  [  \  ]  ^  _*/
+    53,54,55,56,57,58,59,60,  61,62,63,IB,IB,IB,IB,IB,
+/*   `  a  b  c  d  e  f  g    h  i  j  k  l  m  n  o */
+    IB,12,13,14,15,16,17,18,  19,20,21,22,23,24,25,26,
+/*   p  q  r  s  t  u  v  w    x  y  z  {  |  }  ~  <del> */
+    27,28,29,30,31,32,33,34,  35,36,37,IB,IB,IB,IB,IB,
+};
+
+#define GET_BYTES(dest, source) do { \
+    *((dest)++) = ((source) >> 24) & 0xFF; \
+    *((dest)++) = ((source) >> 16) & 0xFF; \
+    *((dest)++) = ((source) >> 8) & 0xFF; \
+    *((dest)++) = (source) & 0xFF; \
+} while (0);
+
+
+char *__old_fish_encrypt(const char *key, size_t keylen, const char *message) {
+    BF_KEY bfkey;
+    size_t messagelen;
+    size_t i;
+    int j;
+    char *encrypted;
+    char *end;
+    unsigned char bit;
+    unsigned char word;
+    unsigned char d;
+    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
+    
+    messagelen = strlen(message);
+    if (messagelen == 0) return NULL;
+    encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
+    end = encrypted;
+     
+    while (*message) {
+        /* Read 8 bytes (a Blowfish block) */
+        BF_LONG binary[2] = { 0, 0 };
+        unsigned char c;
+        for (i = 0; i < 8; i++) {
+            c = message[i];
+            binary[i >> 2] |= c << 8*(3 - (i&3));
+            if (c == '\0') break;
+        }
+        message += 8;
+        
+        /* Encrypt block */
+        BF_encrypt(binary, &bfkey);
+        
+        /* Emit FiSH-BASE64 */
+        bit = 0;
+        word = 1;
+        for (j = 0; j < 12; j++) {
+            d = fish_base64[(binary[word] >> bit) & 63];
+            *(end++) = d;
+            bit += 6;
+            if (j == 5) {
+                bit = 0;
+                word = 0;
+            }
+        }
+        
+        /* Stop if a null terminator was found */
+        if (c == '\0') break;
+    }
+    *end = '\0';
+    return encrypted;
+}
+
+
+char *__old_fish_decrypt(const char *key, size_t keylen, const char *data) {
+    BF_KEY bfkey;
+    size_t i;
+    char *decrypted;
+    char *end;
+    unsigned char bit;
+    unsigned char word;
+    unsigned char d;
+    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
+    
+    decrypted = g_malloc(strlen(data) + 1);
+    end = decrypted;
+    
+    while (*data) {
+        /* Convert from FiSH-BASE64 */
+        BF_LONG binary[2] = { 0, 0 };
+        bit = 0;
+        word = 1;
+        for (i = 0; i < 12; i++) {
+            d = fish_unbase64[(const unsigned char)*(data++)];
+            if (d == IB) goto decrypt_end;
+            binary[word] |= (unsigned long)d << bit;
+            bit += 6;
+            if (i == 5) {
+                bit = 0;
+                word = 0;
+            }
+        }
+        
+        /* Decrypt block */
+        BF_decrypt(binary, &bfkey);
+        
+        /* Copy to buffer */
+        GET_BYTES(end, binary[0]);
+        GET_BYTES(end, binary[1]);
+    }
+    
+  decrypt_end:
+    *end = '\0';
+    return decrypted;
+}
+
+/**
+ * Encrypts a message (see __old_fish_decrypt). The key is searched for in the
+ * key store.
+ */
+char *__old_fish_encrypt_for_nick(const char *nick, const char *data) {
+    char *key;
+    char *encrypted;
+
+    /* Look for key */
+    /*key = keystore_get_key(nick);*/
+    if (!key) return NULL;
+
+    /* Encrypt */
+    encrypted = __old_fish_encrypt(key, strlen(key), data);
+
+    g_free(key);
+    return encrypted;
+}
+
+/**
+ * Decrypts a message (see __old_fish_decrypt). The key is searched for in the
+ * key store.
+ */
+char *__old_fish_decrypt_from_nick(const char *nick, const char *data) {
+    char *key;
+    char *decrypted;
+    /* Look for key */
+    /*key = keystore_get_key(nick);*/
+    if (!key) return NULL;
+
+    /* Decrypt */
+    decrypted = __old_fish_decrypt(key, strlen(key), data);
+
+    g_free(key);
+    return decrypted;
+}
+
+
diff --git a/plugins/fishlim/tests/old_version/fish.h b/plugins/fishlim/tests/old_version/fish.h
new file mode 100644
index 00000000..b4c66572
--- /dev/null
+++ b/plugins/fishlim/tests/old_version/fish.h
@@ -0,0 +1,39 @@
+/*
+
+  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#ifndef FISH_OLD_H
+#define FISH_OLD_H
+
+#include <stddef.h>
+
+#include <glib.h>
+
+char *__old_fish_encrypt(const char *key, size_t keylen, const char *message);
+char *__old_fish_decrypt(const char *key, size_t keylen, const char *data);
+char *__old_fish_encrypt_for_nick(const char *nick, const char *data);
+char *__old_fish_decrypt_from_nick(const char *nick, const char *data);
+
+#endif
+
+
diff --git a/plugins/fishlim/tests/old_version/meson.build b/plugins/fishlim/tests/old_version/meson.build
new file mode 100644
index 00000000..54647d71
--- /dev/null
+++ b/plugins/fishlim/tests/old_version/meson.build
@@ -0,0 +1,4 @@
+fishlim_old_lib = shared_library('fishlim_old_lib',
+  ['fish.c'],
+  dependencies: [libgio_dep, libssl_dep],
+)
diff --git a/plugins/fishlim/tests/tests.c b/plugins/fishlim/tests/tests.c
new file mode 100644
index 00000000..e34532bf
--- /dev/null
+++ b/plugins/fishlim/tests/tests.c
@@ -0,0 +1,248 @@
+/*
+
+  Copyright (c) 2020 <bakasura@protonmail.ch>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#ifndef PLUGIN_HEXCHAT_FISHLIM_TEST_H
+#define PLUGIN_HEXCHAT_FISHLIM_TEST_H
+
+// Libs
+#include <stdio.h>
+#include <glib.h>
+// Project Libs
+#include "../fish.h"
+#include "../utils.h"
+#include "old_version/fish.h"
+
+/**
+ * Auxiliary function: Generate a random string
+ * @param out Preallocated string to fill
+ * @param len Size of bytes to fill
+ */
+void random_string(char *out, size_t len) {
+    GRand *rand = NULL;
+    int i = 0;
+
+    rand = g_rand_new();
+    for (i = 0; i < len; ++i) {
+        out[i] = g_rand_int_range(rand, 1, 256);
+    }
+
+    out[len] = 0;
+
+    g_rand_free(rand);
+}
+
+
+/**
+ * Check encrypt and decrypt in ECB mode and compare with old implementation
+ */
+void __ecb() {
+    char *bo64 = NULL, *b64 = NULL;
+    char *deo = NULL, *de = NULL;
+    int key_len, message_len = 0;
+    char key[57];
+    char message[1000];
+
+    /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+    for (key_len = 1; key_len < 57; ++key_len) {
+
+        random_string(key, key_len);
+
+        for (message_len = 1; message_len < 1000; ++message_len) {
+            random_string(message, message_len);
+
+            /* Encrypt */
+            bo64 = __old_fish_encrypt(key, key_len, message);
+            g_assert_nonnull(bo64);
+            b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
+            g_assert_nonnull(b64);
+            g_assert_cmpuint(g_strcmp0(b64, bo64), == , 0);
+
+            /* Decrypt */
+            /* Linear */
+            deo = __old_fish_decrypt(key, key_len, bo64);
+            de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
+            g_assert_nonnull(deo);
+            g_assert_nonnull(de);
+            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
+            g_free(deo);
+            g_free(de);
+            /* Mixed */
+            deo = __old_fish_decrypt(key, key_len, b64);
+            de = fish_decrypt_str(key, key_len, bo64, FISH_ECB_MODE);
+            g_assert_nonnull(deo);
+            g_assert_nonnull(de);
+            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
+            g_free(deo);
+            g_free(de);
+
+            /* Free */
+            g_free(bo64);
+            g_free(b64);
+        }
+    }
+}
+
+/**
+ * Check encrypt and decrypt in CBC mode
+ */
+void __cbc() {
+    char *b64 = NULL;
+    char *de = NULL;
+    int key_len, message_len = 0;
+    char key[57];
+    char message[1000];
+
+    /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+    for (key_len = 1; key_len < 57; ++key_len) {
+
+        random_string(key, key_len);
+
+        for (message_len = 1; message_len < 1000; ++message_len) {
+            random_string(message, message_len);
+
+            /* Encrypt */
+            b64 = fish_encrypt(key, key_len, message, message_len, FISH_CBC_MODE);
+            g_assert_nonnull(b64);
+
+            /* Decrypt */
+            /* Linear */
+            de = fish_decrypt_str(key, key_len, b64, FISH_CBC_MODE);
+            g_assert_nonnull(de);
+            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+            g_free(de);
+
+            /* Free */
+            g_free(b64);
+        }
+    }
+}
+
+/**
+ * Check the calculation of final length from an encoded string in Base64
+ */
+void __base64_len() {
+    char *b64 = NULL;
+    int i, message_len = 0;
+    char message[1000];
+
+    for (i = 0; i < 10; ++i) {
+
+        for (message_len = 1; message_len < 1000; ++message_len) {
+            random_string(message, message_len);
+            b64 = g_base64_encode((const unsigned char *) message, message_len);
+            g_assert_nonnull(b64);
+            g_assert_cmpuint(strlen(b64), == , base64_len(message_len));
+            g_free(b64);
+        }
+    }
+}
+
+/**
+ * Check the calculation of final length from an encoded string in BlowcryptBase64
+ */
+void __base64_fish_len() {
+    char *b64 = NULL;
+    int i, message_len = 0;
+    char message[1000];
+
+    for (i = 0; i < 10; ++i) {
+
+        for (message_len = 1; message_len < 1000; ++message_len) {
+            random_string(message, message_len);
+            b64 = fish_base64_encode(message, message_len);
+            g_assert_nonnull(b64);
+            g_assert_cmpuint(strlen(b64), == , base64_fish_len(message_len));
+            g_free(b64);
+        }
+    }
+}
+
+
+/**
+ * Check the calculation of final length from an encrypted string in ECB mode
+ */
+void __base64_ecb_len() {
+    char *b64 = NULL;
+    int key_len, message_len = 0;
+    char key[57];
+    char message[1000];
+
+    /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+    for (key_len = 1; key_len < 57; ++key_len) {
+
+        random_string(key, key_len);
+
+        for (message_len = 1; message_len < 1000; ++message_len) {
+            random_string(message, message_len);
+            b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
+            g_assert_nonnull(b64);
+            g_assert_cmpuint(strlen(b64), == , ecb_len(message_len));
+            g_free(b64);
+        }
+    }
+}
+
+/**
+ * Check the calculation of final length from an encrypted string in CBC mode
+ */
+void __base64_cbc_len() {
+    char *b64 = NULL;
+    int key_len, message_len = 0;
+    char key[57];
+    char message[1000];
+
+    /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+    for (key_len = 1; key_len < 57; ++key_len) {
+
+        random_string(key, key_len);
+
+        for (message_len = 1; message_len < 1000; ++message_len) {
+            random_string(message, message_len);
+            b64 = fish_encrypt(key, key_len, message, message_len, FISH_CBC_MODE);
+            g_assert_nonnull(b64);
+            g_assert_cmpuint(strlen(b64), == , cbc_len(message_len));
+            g_free(b64);
+        }
+    }
+}
+
+int main(int argc, char *argv[]) {
+
+    g_test_init(&argc, &argv, NULL);
+
+    g_test_add_func("/fishlim/__ecb", __ecb);
+    g_test_add_func("/fishlim/__cbc", __ecb);
+    g_test_add_func("/fishlim/__base64_len", __base64_len);
+    g_test_add_func("/fishlim/__base64_fish_len", __base64_fish_len);
+    g_test_add_func("/fishlim/__base64_ecb_len", __base64_ecb_len);
+    g_test_add_func("/fishlim/__base64_cbc_len", __base64_cbc_len);
+
+    return g_test_run();
+}
+
+#endif //PLUGIN_HEXCHAT_FISHLIM_TEST_H
\ No newline at end of file
diff --git a/plugins/fishlim/utils.c b/plugins/fishlim/utils.c
new file mode 100644
index 00000000..5af87404
--- /dev/null
+++ b/plugins/fishlim/utils.c
@@ -0,0 +1,70 @@
+/*
+
+  Copyright (c) 2020 <bakasura@protonmail.ch>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#include "utils.h"
+
+/**
+ * Calculate the length of Base64-encoded string
+ *
+ * @param plaintext_len Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long base64_len(size_t plaintext_len) {
+    int length_unpadded = (4 * plaintext_len) / 3;
+    /* Add padding */
+    return length_unpadded % 4 != 0 ? length_unpadded + (4 - length_unpadded % 4) : length_unpadded;
+}
+
+/**
+ * Calculate the length of BlowcryptBase64-encoded string
+ *
+ * @param plaintext_len Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long base64_fish_len(size_t plaintext_len) {
+    int length_unpadded = (12 * plaintext_len) / 8;
+    /* Add padding */
+    return length_unpadded % 12 != 0 ? length_unpadded + (12 - length_unpadded % 12) : length_unpadded;
+}
+
+/**
+ * Calculate the length of fish-encrypted string in CBC mode
+ *
+ * @param plaintext_len  Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long cbc_len(size_t plaintext_len) {
+    /*IV + DATA + Zero Padding */
+    return base64_len(8 + (plaintext_len % 8 != 0 ? plaintext_len + 8 - (plaintext_len % 8) : plaintext_len));
+}
+
+/**
+ * Calculate the length of fish-encrypted string in ECB mode
+ *
+ * @param plaintext_len  Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long ecb_len(size_t plaintext_len) {
+    return base64_fish_len(plaintext_len);
+}
\ No newline at end of file
diff --git a/plugins/fishlim/utils.h b/plugins/fishlim/utils.h
new file mode 100644
index 00000000..9e2b3355
--- /dev/null
+++ b/plugins/fishlim/utils.h
@@ -0,0 +1,35 @@
+/*
+
+  Copyright (c) 2020 <bakasura@protonmail.ch>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#ifndef PLUGIN_HEXCHAT_FISHLIM_UTILS_H
+#define PLUGIN_HEXCHAT_FISHLIM_UTILS_H
+
+#include <stddef.h>
+
+unsigned long base64_len(size_t plaintext_len);
+unsigned long base64_fish_len(size_t plaintext_len);
+unsigned long cbc_len(size_t plaintext_len);
+unsigned long ecb_len(size_t plaintext_len);
+
+#endif
\ No newline at end of file