source: lib/rc4.c @ a8a0b4c

Last change on this file since a8a0b4c was 3b6eadc, checked in by Jelmer Vernooij <jelmer@…>, at 2007-07-07T17:19:28Z

Fix some warnings in storage.c.

  • Property mode set to 100644
File size: 6.5 KB
Line 
1/***************************************************************************\
2*                                                                           *
3*  BitlBee - An IRC to IM gateway                                           *
4*  Simple (but secure) RC4 implementation for safer password storage.       *
5*                                                                           *
6*  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
7*                                                                           *
8*  This library is free software; you can redistribute it and/or            *
9*  modify it under the terms of the GNU Lesser General Public               *
10*  License as published by the Free Software Foundation, version            *
11*  2.1.                                                                     *
12*                                                                           *
13*  This library is distributed in the hope that it will be useful,          *
14*  but WITHOUT ANY WARRANTY; without even the implied warranty of           *
15*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU        *
16*  Lesser General Public License for more details.                          *
17*                                                                           *
18*  You should have received a copy of the GNU Lesser General Public License *
19*  along with this library; if not, write to the Free Software Foundation,  *
20*  Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA           *
21*                                                                           *
22\***************************************************************************/
23
24/*
25   This file implements RC4-encryption, which will mainly be used to save IM
26   passwords safely in the new XML-format. Possibly other uses will come up
27   later. It's supposed to be quite reliable (thanks to the use of a 6-byte
28   IV/seed), certainly compared to the old format. The only realistic way to
29   crack BitlBee passwords now is to use a sniffer to get your hands on the
30   user's password.
31   
32   If you see that something's wrong in this implementation (I asked a
33   couple of people to look at it already, but who knows), please tell me.
34   
35   The reason I chose for RC4 is because it's pretty simple but effective,
36   so it will work without adding several KBs or an extra library dependency.
37*/
38
39
40#include <glib.h>
41#include <gmodule.h>
42#include <stdlib.h>
43#include <string.h>
44#include "misc.h"
45#include "rc4.h"
46
47/* Add some seed to the password, to make sure we *never* use the same key.
48   This defines how many bytes we use as a seed. */
49#define RC4_IV_LEN 6
50
51/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
52   to shuffle S[] just a bit more before you start to use it. This defines how
53   many bytes we'll request before we'll really use them for encryption. */
54#define RC4_CYCLES 1024
55
56struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles )
57{
58        struct rc4_state *st;
59        int i, j, tmp;
60       
61        st = g_malloc( sizeof( struct rc4_state ) );
62        st->i = st->j = 0;
63        for( i = 0; i < 256; i ++ )
64                st->S[i] = i;
65       
66        if( kl <= 0 )
67                kl = strlen( (char*) key );
68       
69        for( i = j = 0; i < 256; i ++ )
70        {
71                j = ( j + st->S[i] + key[i%kl] ) & 0xff;
72                tmp = st->S[i];
73                st->S[i] = st->S[j];
74                st->S[j] = tmp;
75        }
76       
77        for( i = 0; i < cycles; i ++ )
78                rc4_getbyte( st );
79       
80        return st;
81}
82
83/*
84   For those who don't know, RC4 is basically an algorithm that generates a
85   stream of bytes after you give it a key. Just get a byte from it and xor
86   it with your cleartext. To decrypt, just give it the same key again and
87   start xorring.
88   
89   The function above initializes the RC4 byte generator, the next function
90   can be used to get bytes from the generator (and shuffle things a bit).
91*/
92
93unsigned char rc4_getbyte( struct rc4_state *st )
94{
95        unsigned char tmp;
96       
97        /* Unfortunately the st-> stuff doesn't really improve readability here... */
98        st->i ++;
99        st->j += st->S[st->i];
100        tmp = st->S[st->i];
101        st->S[st->i] = st->S[st->j];
102        st->S[st->j] = tmp;
103       
104        return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
105}
106
107/*
108   The following two functions can be used for reliable encryption and
109   decryption. Known plaintext attacks are prevented by adding some (6,
110   by default) random bytes to the password before setting up the RC4
111   structures. These 6 bytes are also saved in the results, because of
112   course we'll need them in rc4_decode().
113   
114   Because the length of the resulting string is unknown to the caller,
115   it should pass a char**. Since the encode/decode functions allocate
116   memory for the string, make sure the char** points at a NULL-pointer
117   (or at least to something you already free()d), or you'll leak
118   memory. And of course, don't forget to free() the result when you
119   don't need it anymore.
120   
121   Both functions return the number of bytes in the result string.
122*/
123
124int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password )
125{
126        struct rc4_state *st;
127        unsigned char *key;
128        int key_len, i;
129       
130        key_len = strlen( password ) + RC4_IV_LEN;
131        if( clear_len <= 0 )
132                clear_len = strlen( clear );
133       
134        /* Prepare buffers and the key + IV */
135        *crypt = g_malloc( clear_len + RC4_IV_LEN );
136        key = g_malloc( key_len );
137        strcpy( (char*) key, password );
138       
139        /* Add the salt. Save it for later (when decrypting) and, of course,
140           add it to the encryption key. */
141        random_bytes( crypt[0], RC4_IV_LEN );
142        memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN );
143       
144        /* Generate the initial S[] from the IVed key. */
145        st = rc4_keymaker( key, key_len, RC4_CYCLES );
146        g_free( key );
147       
148        for( i = 0; i < clear_len; i ++ )
149                crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );
150       
151        g_free( st );
152       
153        return clear_len + RC4_IV_LEN;
154}
155
156int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )
157{
158        struct rc4_state *st;
159        unsigned char *key;
160        int key_len, clear_len, i;
161       
162        key_len = strlen( password ) + RC4_IV_LEN;
163        clear_len = crypt_len - RC4_IV_LEN;
164       
165        if( clear_len < 0 )
166        {
167                *clear = g_strdup( "" );
168                return 0;
169        }
170       
171        /* Prepare buffers and the key + IV */
172        *clear = g_malloc( clear_len + 1 );
173        key = g_malloc( key_len );
174        strcpy( (char*) key, password );
175        for( i = 0; i < RC4_IV_LEN; i ++ )
176                key[key_len-RC4_IV_LEN+i] = crypt[i];
177       
178        /* Generate the initial S[] from the IVed key. */
179        st = rc4_keymaker( key, key_len, RC4_CYCLES );
180        g_free( key );
181       
182        for( i = 0; i < clear_len; i ++ )
183                clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st );
184        clear[0][i] = 0; /* Nice to have for plaintexts. */
185       
186        g_free( st );
187       
188        return clear_len;
189}
Note: See TracBrowser for help on using the repository browser.