source: lib/rc4.c @ df1694b

Last change on this file since df1694b was df1694b, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-06-25T12:15:42Z

Moving all generic files to lib/ instead of having some in / and some in
protocols/, and adding RC4 code.
  • Property mode set to 100644
File size: 6.4 KB
Line 
1/***************************************************************************\
2*                                                                           *
3*  BitlBee - An IRC to IM gateway                                           *
4*  Simple (but secure) RC4 implementation for safer password storage.       *
5*                                                                           *
6*  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
7*                                                                           *
8*                                                                           *
9*  This program is free software; you can redistribute it and/or modify     *
10*  it under the terms of the GNU General Public License as published by     *
11*  the Free Software Foundation; either version 2 of the License, or        *
12*  (at your option) any later version.                                      *
13*                                                                           *
14*  This program is distributed in the hope that it will be useful,          *
15*  but WITHOUT ANY WARRANTY; without even the implied warranty of           *
16*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            *
17*  GNU General Public License for more details.                             *
18*                                                                           *
19*  You should have received a copy of the GNU General Public License along  *
20*  with this program; if not, write to the Free Software Foundation, Inc.,  *
21*  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.              *
22*                                                                           *
23\***************************************************************************/
24
25/*
26   This file implements RC4-encryption, which will mainly be used to save IM
27   passwords safely in the new XML-format. Possibly other uses will come up
28   later. It's supposed to be quite reliable (thanks to the use of a 6-byte
29   IV/seed), certainly compared to the old format. The only realistic way to
30   crack BitlBee passwords now is to use a sniffer to get your hands on the
31   user's password.
32   
33   If you see that something's wrong in this implementation (I asked a
34   couple of people to look at it already, but who knows), please tell me.
35   
36   The reason I chose for RC4 is because it's pretty simple but effective,
37   so it will work without adding several KBs or an extra library dependency.
38*/
39
40
41#include <glib.h>
42#include <stdlib.h>
43#include <string.h>
44#include "rc4.h"
45
46/* Add some seed to the password, to make sure we *never* use the same key.
47   This defines how many byes we use as a seed. */
48#define RC4_IV_LEN 6
49
50/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
51   to shuffle S[] just a bit more before you start to use it. This defines how
52   many bytes we'll request before we'll really use them for encryption. */
53#define RC4_CYCLES 1024
54
55struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles )
56{
57        struct rc4_state *st;
58        int i, j, tmp;
59       
60        st = g_malloc( sizeof( struct rc4_state ) );
61        st->i = st->j = 0;
62        for( i = 0; i < 256; i ++ )
63                st->S[i] = i;
64       
65        if( kl <= 0 )
66                kl = strlen( (char*) key );
67       
68        for( i = j = 0; i < 256; i ++ )
69        {
70                j = ( j + st->S[i] + key[i%kl] ) & 0xff;
71                tmp = st->S[i];
72                st->S[i] = st->S[j];
73                st->S[j] = tmp;
74        }
75       
76        for( i = 0; i < cycles; i ++ )
77                rc4_getbyte( st );
78       
79        return st;
80}
81
82/*
83   For those who don't know, RC4 is basically an algorithm that generates a
84   stream of bytes after you give it a key. Just get a byte from it and xor
85   it with your cleartext. To decrypt, just give it the same key again and
86   start xorring.
87   
88   The function above initializes the RC4 byte generator, the next function
89   can be used to get bytes from the generator (and shuffle things a bit).
90*/
91
92unsigned char rc4_getbyte( struct rc4_state *st )
93{
94        unsigned char tmp;
95       
96        /* Unfortunately the st-> stuff doesn't really improve readability here... */
97        st->i ++;
98        st->j += st->S[st->i];
99        tmp = st->S[st->i];
100        st->S[st->i] = st->S[st->j];
101        st->S[st->j] = tmp;
102       
103        return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
104}
105
106/*
107   The following two functions can be used for reliable encryption and
108   decryption. Known plaintext attacks are prevented by adding some (6,
109   by default) random bytes to the password before setting up the RC4
110   structures. These 6 bytes are also saved in the results, because of
111   course we'll need them in rc4_decode().
112   
113   Because the length of the resulting string is unknown to the caller,
114   it should pass a char**. Since the encode/decode functions allocate
115   memory for the string, make sure the char** points at a NULL-pointer
116   (or at least to something you already free()d), or you'll leak
117   memory. And of course, don't forget to free() the result when you
118   don't need it anymore.
119   
120   Both functions return the number of bytes in the result string.
121*/
122
123int rc4_encode( unsigned char *clear, int clear_len, unsigned char **crypt, char *password )
124{
125        struct rc4_state *st;
126        unsigned char *key;
127        int key_len, i;
128       
129        key_len = strlen( password ) + RC4_IV_LEN;
130        if( clear_len <= 0 )
131                clear_len = strlen( (char*) clear );
132       
133        /* Prepare buffers and the key + IV */
134        *crypt = g_malloc( clear_len + RC4_IV_LEN );
135        key = g_malloc( key_len );
136        strcpy( (char*) key, password );
137        for( i = 0; i < RC4_IV_LEN; i ++ )
138                key[key_len-RC4_IV_LEN+i] = crypt[0][i] = rand() & 0xff;
139       
140        /* Generate the initial S[] from the IVed key. */
141        st = rc4_keymaker( key, key_len, RC4_CYCLES );
142        g_free( key );
143       
144        for( i = 0; i < clear_len; i ++ )
145                crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );
146       
147        g_free( st );
148       
149        return clear_len + RC4_IV_LEN;
150}
151
152int rc4_decode( unsigned char *crypt, int crypt_len, unsigned char **clear, char *password )
153{
154        struct rc4_state *st;
155        unsigned char *key;
156        int key_len, clear_len, i;
157       
158        key_len = strlen( password ) + RC4_IV_LEN;
159        clear_len = crypt_len - RC4_IV_LEN;
160       
161        /* Prepare buffers and the key + IV */
162        *clear = g_malloc( clear_len + 1 );
163        key = g_malloc( key_len );
164        strcpy( (char*) key, password );
165        for( i = 0; i < RC4_IV_LEN; i ++ )
166                key[key_len-RC4_IV_LEN+i] = crypt[i];
167       
168        /* Generate the initial S[] from the IVed key. */
169        st = rc4_keymaker( key, key_len, RC4_CYCLES );
170        g_free( key );
171       
172        for( i = 0; i < clear_len; i ++ )
173                clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st );
174        clear[0][i] = 0; /* Nice to have for plaintexts. */
175       
176        g_free( st );
177       
178        return clear_len;
179}
Note: See TracBrowser for help on using the repository browser.