Context Navigation

source: lib/rc4.c @ 1962ac1

Last change on this file since 1962ac1 was 9544acb, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-09-20T09:34:02Z
Using LGPL for generic parts, where possible.
Property mode set to `100644`
File size: 6.5 KB

Rev	Line
[df1694b]	1	/***************************************************************************\
	2	* *
	3	* BitlBee - An IRC to IM gateway *
	4	* Simple (but secure) RC4 implementation for safer password storage. *
	5	* *
	6	* Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> *
	7	* *
[9544acb]	8	* This library is free software; you can redistribute it and/or *
	9	* modify it under the terms of the GNU Lesser General Public *
	10	* License as published by the Free Software Foundation, version *
	11	* 2.1. *
[df1694b]	12	* *
[9544acb]	13	* This library is distributed in the hope that it will be useful, *
[df1694b]	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
[9544acb]	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
	16	* Lesser General Public License for more details. *
[df1694b]	17	* *
[9544acb]	18	* You should have received a copy of the GNU Lesser General Public License *
	19	* along with this library; if not, write to the Free Software Foundation, *
	20	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA *
[df1694b]	21	* *
	22	\***************************************************************************/
	23
	24	/*
	25	This file implements RC4-encryption, which will mainly be used to save IM
	26	passwords safely in the new XML-format. Possibly other uses will come up
	27	later. It's supposed to be quite reliable (thanks to the use of a 6-byte
	28	IV/seed), certainly compared to the old format. The only realistic way to
	29	crack BitlBee passwords now is to use a sniffer to get your hands on the
	30	user's password.
	31
	32	If you see that something's wrong in this implementation (I asked a
	33	couple of people to look at it already, but who knows), please tell me.
	34
	35	The reason I chose for RC4 is because it's pretty simple but effective,
	36	so it will work without adding several KBs or an extra library dependency.
	37	*/
	38
	39
	40	#include <glib.h>
[1719464]	41	#include <gmodule.h>
[df1694b]	42	#include <stdlib.h>
	43	#include <string.h>
[1719464]	44	#include "misc.h"
[df1694b]	45	#include "rc4.h"
	46
	47	/* Add some seed to the password, to make sure we never use the same key.
[d1f8759]	48	This defines how many bytes we use as a seed. */
[df1694b]	49	#define RC4_IV_LEN 6
	50
	51	/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
	52	to shuffle S[] just a bit more before you start to use it. This defines how
	53	many bytes we'll request before we'll really use them for encryption. */
	54	#define RC4_CYCLES 1024
	55
	56	struct rc4_state rc4_keymaker( unsigned char key, int kl, int cycles )
	57	{
	58	struct rc4_state *st;
	59	int i, j, tmp;
	60
	61	st = g_malloc( sizeof( struct rc4_state ) );
	62	st->i = st->j = 0;
	63	for( i = 0; i < 256; i ++ )
	64	st->S[i] = i;
	65
	66	if( kl <= 0 )
	67	kl = strlen( (char*) key );
	68
	69	for( i = j = 0; i < 256; i ++ )
	70	{
	71	j = ( j + st->S[i] + key[i%kl] ) & 0xff;
	72	tmp = st->S[i];
	73	st->S[i] = st->S[j];
	74	st->S[j] = tmp;
	75	}
	76
	77	for( i = 0; i < cycles; i ++ )
	78	rc4_getbyte( st );
	79
	80	return st;
	81	}
	82
	83	/*
	84	For those who don't know, RC4 is basically an algorithm that generates a
	85	stream of bytes after you give it a key. Just get a byte from it and xor
	86	it with your cleartext. To decrypt, just give it the same key again and
	87	start xorring.
	88
	89	The function above initializes the RC4 byte generator, the next function
	90	can be used to get bytes from the generator (and shuffle things a bit).
	91	*/
	92
	93	unsigned char rc4_getbyte( struct rc4_state *st )
	94	{
	95	unsigned char tmp;
	96
	97	/* Unfortunately the st-> stuff doesn't really improve readability here... */
	98	st->i ++;
	99	st->j += st->S[st->i];
	100	tmp = st->S[st->i];
	101	st->S[st->i] = st->S[st->j];
	102	st->S[st->j] = tmp;
	103
	104	return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
	105	}
	106
	107	/*
	108	The following two functions can be used for reliable encryption and
	109	decryption. Known plaintext attacks are prevented by adding some (6,
	110	by default) random bytes to the password before setting up the RC4
	111	structures. These 6 bytes are also saved in the results, because of
	112	course we'll need them in rc4_decode().
	113
	114	Because the length of the resulting string is unknown to the caller,
	115	it should pass a char**. Since the encode/decode functions allocate
	116	memory for the string, make sure the char** points at a NULL-pointer
	117	(or at least to something you already free()d), or you'll leak
	118	memory. And of course, don't forget to free() the result when you
	119	don't need it anymore.
	120
	121	Both functions return the number of bytes in the result string.
	122	*/
	123
	124	int rc4_encode( unsigned char clear, int clear_len, unsigned char crypt, char password )
	125	{
	126	struct rc4_state *st;
	127	unsigned char *key;
	128	int key_len, i;
	129
	130	key_len = strlen( password ) + RC4_IV_LEN;
	131	if( clear_len <= 0 )
	132	clear_len = strlen( (char*) clear );
	133
	134	/* Prepare buffers and the key + IV */
	135	*crypt = g_malloc( clear_len + RC4_IV_LEN );
	136	key = g_malloc( key_len );
	137	strcpy( (char*) key, password );
[1719464]	138
	139	/* Add the salt. Save it for later (when decrypting) and, of course,
	140	add it to the encryption key. */
	141	random_bytes( crypt[0], RC4_IV_LEN );
	142	memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN );
[df1694b]	143
	144	/* Generate the initial S[] from the IVed key. */
	145	st = rc4_keymaker( key, key_len, RC4_CYCLES );
	146	g_free( key );
	147
	148	for( i = 0; i < clear_len; i ++ )
	149	crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );
	150
	151	g_free( st );
	152
	153	return clear_len + RC4_IV_LEN;
	154	}
	155
	156	int rc4_decode( unsigned char crypt, int crypt_len, unsigned char clear, char password )
	157	{
	158	struct rc4_state *st;
	159	unsigned char *key;
	160	int key_len, clear_len, i;
	161
	162	key_len = strlen( password ) + RC4_IV_LEN;
	163	clear_len = crypt_len - RC4_IV_LEN;
	164
[88086db]	165	if( clear_len < 0 )
	166	{
[5100caa]	167	clear = (unsigned char) g_strdup( "" );
[88086db]	168	return 0;
	169	}
	170
[df1694b]	171	/* Prepare buffers and the key + IV */
	172	*clear = g_malloc( clear_len + 1 );
	173	key = g_malloc( key_len );
	174	strcpy( (char*) key, password );
	175	for( i = 0; i < RC4_IV_LEN; i ++ )
	176	key[key_len-RC4_IV_LEN+i] = crypt[i];
	177
	178	/* Generate the initial S[] from the IVed key. */
	179	st = rc4_keymaker( key, key_len, RC4_CYCLES );
	180	g_free( key );
	181
	182	for( i = 0; i < clear_len; i ++ )
	183	clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st );
	184	clear[0][i] = 0; /* Nice to have for plaintexts. */
	185
	186	g_free( st );
	187
	188	return clear_len;
	189	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: