source: lib/rc4.c @ 471573f

Last change on this file since 471573f was 88086db, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-06-25T17:23:27Z

Added versioning information to the XML-file (convenient for later format
changes), got rid of confusing "Password successfully changed" message
when the user uses the identify-command and protected rc4_decode() against
short inputs.

  • Property mode set to 100644
File size: 6.4 KB
Line 
1/***************************************************************************\
2*                                                                           *
3*  BitlBee - An IRC to IM gateway                                           *
4*  Simple (but secure) RC4 implementation for safer password storage.       *
5*                                                                           *
6*  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
7*                                                                           *
8*  This program is free software; you can redistribute it and/or modify     *
9*  it under the terms of the GNU General Public License as published by     *
10*  the Free Software Foundation; either version 2 of the License, or        *
11*  (at your option) any later version.                                      *
12*                                                                           *
13*  This program is distributed in the hope that it will be useful,          *
14*  but WITHOUT ANY WARRANTY; without even the implied warranty of           *
15*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            *
16*  GNU General Public License for more details.                             *
17*                                                                           *
18*  You should have received a copy of the GNU General Public License along  *
19*  with this program; if not, write to the Free Software Foundation, Inc.,  *
20*  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.              *
21*                                                                           *
22\***************************************************************************/
23
24/*
25   This file implements RC4-encryption, which will mainly be used to save IM
26   passwords safely in the new XML-format. Possibly other uses will come up
27   later. It's supposed to be quite reliable (thanks to the use of a 6-byte
28   IV/seed), certainly compared to the old format. The only realistic way to
29   crack BitlBee passwords now is to use a sniffer to get your hands on the
30   user's password.
31   
32   If you see that something's wrong in this implementation (I asked a
33   couple of people to look at it already, but who knows), please tell me.
34   
35   The reason I chose for RC4 is because it's pretty simple but effective,
36   so it will work without adding several KBs or an extra library dependency.
37*/
38
39
40#include <glib.h>
41#include <stdlib.h>
42#include <string.h>
43#include "rc4.h"
44
45/* Add some seed to the password, to make sure we *never* use the same key.
46   This defines how many byes we use as a seed. */
47#define RC4_IV_LEN 6
48
49/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
50   to shuffle S[] just a bit more before you start to use it. This defines how
51   many bytes we'll request before we'll really use them for encryption. */
52#define RC4_CYCLES 1024
53
54struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles )
55{
56        struct rc4_state *st;
57        int i, j, tmp;
58       
59        st = g_malloc( sizeof( struct rc4_state ) );
60        st->i = st->j = 0;
61        for( i = 0; i < 256; i ++ )
62                st->S[i] = i;
63       
64        if( kl <= 0 )
65                kl = strlen( (char*) key );
66       
67        for( i = j = 0; i < 256; i ++ )
68        {
69                j = ( j + st->S[i] + key[i%kl] ) & 0xff;
70                tmp = st->S[i];
71                st->S[i] = st->S[j];
72                st->S[j] = tmp;
73        }
74       
75        for( i = 0; i < cycles; i ++ )
76                rc4_getbyte( st );
77       
78        return st;
79}
80
81/*
82   For those who don't know, RC4 is basically an algorithm that generates a
83   stream of bytes after you give it a key. Just get a byte from it and xor
84   it with your cleartext. To decrypt, just give it the same key again and
85   start xorring.
86   
87   The function above initializes the RC4 byte generator, the next function
88   can be used to get bytes from the generator (and shuffle things a bit).
89*/
90
91unsigned char rc4_getbyte( struct rc4_state *st )
92{
93        unsigned char tmp;
94       
95        /* Unfortunately the st-> stuff doesn't really improve readability here... */
96        st->i ++;
97        st->j += st->S[st->i];
98        tmp = st->S[st->i];
99        st->S[st->i] = st->S[st->j];
100        st->S[st->j] = tmp;
101       
102        return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
103}
104
105/*
106   The following two functions can be used for reliable encryption and
107   decryption. Known plaintext attacks are prevented by adding some (6,
108   by default) random bytes to the password before setting up the RC4
109   structures. These 6 bytes are also saved in the results, because of
110   course we'll need them in rc4_decode().
111   
112   Because the length of the resulting string is unknown to the caller,
113   it should pass a char**. Since the encode/decode functions allocate
114   memory for the string, make sure the char** points at a NULL-pointer
115   (or at least to something you already free()d), or you'll leak
116   memory. And of course, don't forget to free() the result when you
117   don't need it anymore.
118   
119   Both functions return the number of bytes in the result string.
120*/
121
122int rc4_encode( unsigned char *clear, int clear_len, unsigned char **crypt, char *password )
123{
124        struct rc4_state *st;
125        unsigned char *key;
126        int key_len, i;
127       
128        key_len = strlen( password ) + RC4_IV_LEN;
129        if( clear_len <= 0 )
130                clear_len = strlen( (char*) clear );
131       
132        /* Prepare buffers and the key + IV */
133        *crypt = g_malloc( clear_len + RC4_IV_LEN );
134        key = g_malloc( key_len );
135        strcpy( (char*) key, password );
136        for( i = 0; i < RC4_IV_LEN; i ++ )
137                key[key_len-RC4_IV_LEN+i] = crypt[0][i] = rand() & 0xff;
138       
139        /* Generate the initial S[] from the IVed key. */
140        st = rc4_keymaker( key, key_len, RC4_CYCLES );
141        g_free( key );
142       
143        for( i = 0; i < clear_len; i ++ )
144                crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );
145       
146        g_free( st );
147       
148        return clear_len + RC4_IV_LEN;
149}
150
151int rc4_decode( unsigned char *crypt, int crypt_len, unsigned char **clear, char *password )
152{
153        struct rc4_state *st;
154        unsigned char *key;
155        int key_len, clear_len, i;
156       
157        key_len = strlen( password ) + RC4_IV_LEN;
158        clear_len = crypt_len - RC4_IV_LEN;
159       
160        if( clear_len < 0 )
161        {
162                *clear = g_strdup( "" );
163                return 0;
164        }
165       
166        /* Prepare buffers and the key + IV */
167        *clear = g_malloc( clear_len + 1 );
168        key = g_malloc( key_len );
169        strcpy( (char*) key, password );
170        for( i = 0; i < RC4_IV_LEN; i ++ )
171                key[key_len-RC4_IV_LEN+i] = crypt[i];
172       
173        /* Generate the initial S[] from the IVed key. */
174        st = rc4_keymaker( key, key_len, RC4_CYCLES );
175        g_free( key );
176       
177        for( i = 0; i < clear_len; i ++ )
178                clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st );
179        clear[0][i] = 0; /* Nice to have for plaintexts. */
180       
181        g_free( st );
182       
183        return clear_len;
184}
Note: See TracBrowser for help on using the repository browser.