Context Navigation

source: lib/arc.c @ a7b5925

Last change on this file since a7b5925 was a7b5925, checked in by Wilmer van der Gaast <wilmer@…>, at 2007-10-07T20:42:37Z
Renaming RC4 to ArcFour (possible trademark issues).
Property mode set to `100644`
File size: 6.7 KB

Rev	Line
[df1694b]	1	/***************************************************************************\
	2	* *
	3	* BitlBee - An IRC to IM gateway *
[a7b5925]	4	* Simple (but secure) ArcFour implementation for safer password storage. *
[df1694b]	5	* *
	6	* Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> *
	7	* *
[9544acb]	8	* This library is free software; you can redistribute it and/or *
	9	* modify it under the terms of the GNU Lesser General Public *
	10	* License as published by the Free Software Foundation, version *
	11	* 2.1. *
[df1694b]	12	* *
[9544acb]	13	* This library is distributed in the hope that it will be useful, *
[df1694b]	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
[9544acb]	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
	16	* Lesser General Public License for more details. *
[df1694b]	17	* *
[9544acb]	18	* You should have received a copy of the GNU Lesser General Public License *
	19	* along with this library; if not, write to the Free Software Foundation, *
	20	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA *
[df1694b]	21	* *
	22	\***************************************************************************/
	23
	24	/*
[a7b5925]	25	This file implements ArcFour-encryption, which will mainly be used to
	26	save IM passwords safely in the new XML-format. Possibly other uses will
	27	come up later. It's supposed to be quite reliable (thanks to the use of a
	28	6-byte IV/seed), certainly compared to the old format. The only realistic
	29	way to crack BitlBee passwords now is to use a sniffer to get your hands
	30	on the user's password.
[df1694b]	31
	32	If you see that something's wrong in this implementation (I asked a
	33	couple of people to look at it already, but who knows), please tell me.
	34
[a7b5925]	35	The reason I picked ArcFour is because it's pretty simple but effective,
[df1694b]	36	so it will work without adding several KBs or an extra library dependency.
[a7b5925]	37
	38	(ArcFour is an RC4-compatible cipher. See for details:
	39	http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt)
[df1694b]	40	*/
	41
	42
	43	#include <glib.h>
[1719464]	44	#include <gmodule.h>
[df1694b]	45	#include <stdlib.h>
	46	#include <string.h>
[1719464]	47	#include "misc.h"
[a7b5925]	48	#include "arc.h"
[df1694b]	49
	50	/* Add some seed to the password, to make sure we never use the same key.
[d1f8759]	51	This defines how many bytes we use as a seed. */
[a7b5925]	52	#define ARC_IV_LEN 6
[df1694b]	53
	54	/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
	55	to shuffle S[] just a bit more before you start to use it. This defines how
	56	many bytes we'll request before we'll really use them for encryption. */
[a7b5925]	57	#define ARC_CYCLES 1024
[df1694b]	58
[a7b5925]	59	struct arc_state arc_keymaker( unsigned char key, int kl, int cycles )
[df1694b]	60	{
[a7b5925]	61	struct arc_state *st;
[df1694b]	62	int i, j, tmp;
	63
[a7b5925]	64	st = g_malloc( sizeof( struct arc_state ) );
[df1694b]	65	st->i = st->j = 0;
	66	for( i = 0; i < 256; i ++ )
	67	st->S[i] = i;
	68
	69	if( kl <= 0 )
	70	kl = strlen( (char*) key );
	71
	72	for( i = j = 0; i < 256; i ++ )
	73	{
	74	j = ( j + st->S[i] + key[i%kl] ) & 0xff;
	75	tmp = st->S[i];
	76	st->S[i] = st->S[j];
	77	st->S[j] = tmp;
	78	}
	79
	80	for( i = 0; i < cycles; i ++ )
[a7b5925]	81	arc_getbyte( st );
[df1694b]	82
	83	return st;
	84	}
	85
	86	/*
[a7b5925]	87	For those who don't know, ArcFour is basically an algorithm that generates
	88	a stream of bytes after you give it a key. Just get a byte from it and
	89	xor it with your cleartext. To decrypt, just give it the same key again
	90	and start xorring.
[df1694b]	91
[a7b5925]	92	The function above initializes the byte generator, the next function can
	93	be used to get bytes from the generator (and shuffle things a bit).
[df1694b]	94	*/
	95
[a7b5925]	96	unsigned char arc_getbyte( struct arc_state *st )
[df1694b]	97	{
	98	unsigned char tmp;
	99
	100	/* Unfortunately the st-> stuff doesn't really improve readability here... */
	101	st->i ++;
	102	st->j += st->S[st->i];
	103	tmp = st->S[st->i];
	104	st->S[st->i] = st->S[st->j];
	105	st->S[st->j] = tmp;
	106
	107	return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
	108	}
	109
	110	/*
	111	The following two functions can be used for reliable encryption and
	112	decryption. Known plaintext attacks are prevented by adding some (6,
[a7b5925]	113	by default) random bytes to the password before setting up the state
[df1694b]	114	structures. These 6 bytes are also saved in the results, because of
[a7b5925]	115	course we'll need them in arc_decode().
[df1694b]	116
	117	Because the length of the resulting string is unknown to the caller,
	118	it should pass a char**. Since the encode/decode functions allocate
	119	memory for the string, make sure the char** points at a NULL-pointer
	120	(or at least to something you already free()d), or you'll leak
	121	memory. And of course, don't forget to free() the result when you
	122	don't need it anymore.
	123
	124	Both functions return the number of bytes in the result string.
	125	*/
	126
[a7b5925]	127	int arc_encode( char clear, int clear_len, unsigned char crypt, char password )
[df1694b]	128	{
[a7b5925]	129	struct arc_state *st;
[df1694b]	130	unsigned char *key;
	131	int key_len, i;
	132
[a7b5925]	133	key_len = strlen( password ) + ARC_IV_LEN;
[df1694b]	134	if( clear_len <= 0 )
[3b6eadc]	135	clear_len = strlen( clear );
[df1694b]	136
	137	/* Prepare buffers and the key + IV */
[a7b5925]	138	*crypt = g_malloc( clear_len + ARC_IV_LEN );
[df1694b]	139	key = g_malloc( key_len );
	140	strcpy( (char*) key, password );
[1719464]	141
	142	/* Add the salt. Save it for later (when decrypting) and, of course,
	143	add it to the encryption key. */
[a7b5925]	144	random_bytes( crypt[0], ARC_IV_LEN );
	145	memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN );
[df1694b]	146
	147	/* Generate the initial S[] from the IVed key. */
[a7b5925]	148	st = arc_keymaker( key, key_len, ARC_CYCLES );
[df1694b]	149	g_free( key );
	150
	151	for( i = 0; i < clear_len; i ++ )
[a7b5925]	152	crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st );
[df1694b]	153
	154	g_free( st );
	155
[a7b5925]	156	return clear_len + ARC_IV_LEN;
[df1694b]	157	}
	158
[a7b5925]	159	int arc_decode( unsigned char crypt, int crypt_len, char clear, char password )
[df1694b]	160	{
[a7b5925]	161	struct arc_state *st;
[df1694b]	162	unsigned char *key;
	163	int key_len, clear_len, i;
	164
[a7b5925]	165	key_len = strlen( password ) + ARC_IV_LEN;
	166	clear_len = crypt_len - ARC_IV_LEN;
[df1694b]	167
[88086db]	168	if( clear_len < 0 )
	169	{
[3b6eadc]	170	*clear = g_strdup( "" );
[88086db]	171	return 0;
	172	}
	173
[df1694b]	174	/* Prepare buffers and the key + IV */
	175	*clear = g_malloc( clear_len + 1 );
	176	key = g_malloc( key_len );
	177	strcpy( (char*) key, password );
[a7b5925]	178	for( i = 0; i < ARC_IV_LEN; i ++ )
	179	key[key_len-ARC_IV_LEN+i] = crypt[i];
[df1694b]	180
	181	/* Generate the initial S[] from the IVed key. */
[a7b5925]	182	st = arc_keymaker( key, key_len, ARC_CYCLES );
[df1694b]	183	g_free( key );
	184
	185	for( i = 0; i < clear_len; i ++ )
[a7b5925]	186	clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st );
[df1694b]	187	clear[0][i] = 0; /* Nice to have for plaintexts. */
	188
	189	g_free( st );
	190
	191	return clear_len;
	192	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: