Changeset 2896674


Ignore:
Timestamp:
2007-10-08T13:56:09Z (13 years ago)
Author:
Miklos Vajna <vmiklos@…>
Branches:
master
Children:
527360f
Parents:
acd61b9 (diff), e2869bf (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge http://code.bitlbee.org/bitlbee/.

Files:
1 added
4 edited
2 moved

Legend:

Unmodified
Added
Removed
  • lib/Makefile

    racd61b9 r2896674  
    1010
    1111# [SH] Program variables
    12 objects = base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o rc4.o sha.o $(SSL_CLIENT) url.o
     12objects = arc.o base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o sha.o $(SSL_CLIENT) url.o
    1313
    1414CFLAGS += -Wall
  • lib/arc.c

    racd61b9 r2896674  
    22*                                                                           *
    33*  BitlBee - An IRC to IM gateway                                           *
    4 *  Simple (but secure) RC4 implementation for safer password storage.       *
     4*  Simple (but secure) ArcFour implementation for safer password storage.   *
    55*                                                                           *
    66*  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
     
    2323
    2424/*
    25    This file implements RC4-encryption, which will mainly be used to save IM
    26    passwords safely in the new XML-format. Possibly other uses will come up
    27    later. It's supposed to be quite reliable (thanks to the use of a 6-byte
    28    IV/seed), certainly compared to the old format. The only realistic way to
    29    crack BitlBee passwords now is to use a sniffer to get your hands on the
    30    user's password.
     25   This file implements ArcFour-encryption, which will mainly be used to
     26   save IM passwords safely in the new XML-format. Possibly other uses will
     27   come up later. It's supposed to be quite reliable (thanks to the use of a
     28   6-byte IV/seed), certainly compared to the old format. The only realistic
     29   way to crack BitlBee passwords now is to use a sniffer to get your hands
     30   on the user's password.
    3131   
    3232   If you see that something's wrong in this implementation (I asked a
    3333   couple of people to look at it already, but who knows), please tell me.
    3434   
    35    The reason I chose for RC4 is because it's pretty simple but effective,
     35   The reason I picked ArcFour is because it's pretty simple but effective,
    3636   so it will work without adding several KBs or an extra library dependency.
     37   
     38   (ArcFour is an RC4-compatible cipher. See for details:
     39   http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt)
    3740*/
    3841
     
    4346#include <string.h>
    4447#include "misc.h"
    45 #include "rc4.h"
     48#include "arc.h"
    4649
    4750/* Add some seed to the password, to make sure we *never* use the same key.
    4851   This defines how many bytes we use as a seed. */
    49 #define RC4_IV_LEN 6
     52#define ARC_IV_LEN 6
    5053
    5154/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
    5255   to shuffle S[] just a bit more before you start to use it. This defines how
    5356   many bytes we'll request before we'll really use them for encryption. */
    54 #define RC4_CYCLES 1024
    55 
    56 struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles )
    57 {
    58         struct rc4_state *st;
     57#define ARC_CYCLES 1024
     58
     59struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles )
     60{
     61        struct arc_state *st;
    5962        int i, j, tmp;
    60        
    61         st = g_malloc( sizeof( struct rc4_state ) );
     63        unsigned char S2[256];
     64       
     65        st = g_malloc( sizeof( struct arc_state ) );
    6266        st->i = st->j = 0;
    63         for( i = 0; i < 256; i ++ )
    64                 st->S[i] = i;
    65        
    6667        if( kl <= 0 )
    6768                kl = strlen( (char*) key );
    6869       
     70        for( i = 0; i < 256; i ++ )
     71        {
     72                st->S[i] = i;
     73                S2[i] = key[i%kl];
     74        }
     75       
    6976        for( i = j = 0; i < 256; i ++ )
    7077        {
    71                 j = ( j + st->S[i] + key[i%kl] ) & 0xff;
     78                j = ( j + st->S[i] + S2[i] ) & 0xff;
    7279                tmp = st->S[i];
    7380                st->S[i] = st->S[j];
     
    7582        }
    7683       
     84        memset( S2, 0, 256 );
     85        i = j = 0;
     86       
    7787        for( i = 0; i < cycles; i ++ )
    78                 rc4_getbyte( st );
     88                arc_getbyte( st );
    7989       
    8090        return st;
     
    8292
    8393/*
    84    For those who don't know, RC4 is basically an algorithm that generates a
    85    stream of bytes after you give it a key. Just get a byte from it and xor
    86    it with your cleartext. To decrypt, just give it the same key again and
    87    start xorring.
    88    
    89    The function above initializes the RC4 byte generator, the next function
    90    can be used to get bytes from the generator (and shuffle things a bit).
     94   For those who don't know, ArcFour is basically an algorithm that generates
     95   a stream of bytes after you give it a key. Just get a byte from it and
     96   xor it with your cleartext. To decrypt, just give it the same key again
     97   and start xorring.
     98   
     99   The function above initializes the byte generator, the next function can
     100   be used to get bytes from the generator (and shuffle things a bit).
    91101*/
    92102
    93 unsigned char rc4_getbyte( struct rc4_state *st )
     103unsigned char arc_getbyte( struct arc_state *st )
    94104{
    95105        unsigned char tmp;
     
    101111        st->S[st->i] = st->S[st->j];
    102112        st->S[st->j] = tmp;
    103        
    104         return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
     113        tmp = (st->S[st->i] + st->S[st->j]) & 0xff;
     114       
     115        return st->S[tmp];
    105116}
    106117
     
    108119   The following two functions can be used for reliable encryption and
    109120   decryption. Known plaintext attacks are prevented by adding some (6,
    110    by default) random bytes to the password before setting up the RC4
     121   by default) random bytes to the password before setting up the state
    111122   structures. These 6 bytes are also saved in the results, because of
    112    course we'll need them in rc4_decode().
     123   course we'll need them in arc_decode().
    113124   
    114125   Because the length of the resulting string is unknown to the caller,
     
    122133*/
    123134
    124 int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password )
    125 {
    126         struct rc4_state *st;
     135int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password )
     136{
     137        struct arc_state *st;
    127138        unsigned char *key;
    128139        int key_len, i;
    129140       
    130         key_len = strlen( password ) + RC4_IV_LEN;
     141        key_len = strlen( password ) + ARC_IV_LEN;
    131142        if( clear_len <= 0 )
    132143                clear_len = strlen( clear );
    133144       
    134145        /* Prepare buffers and the key + IV */
    135         *crypt = g_malloc( clear_len + RC4_IV_LEN );
     146        *crypt = g_malloc( clear_len + ARC_IV_LEN );
    136147        key = g_malloc( key_len );
    137148        strcpy( (char*) key, password );
     
    139150        /* Add the salt. Save it for later (when decrypting) and, of course,
    140151           add it to the encryption key. */
    141         random_bytes( crypt[0], RC4_IV_LEN );
    142         memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN );
     152        random_bytes( crypt[0], ARC_IV_LEN );
     153        memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN );
    143154       
    144155        /* Generate the initial S[] from the IVed key. */
    145         st = rc4_keymaker( key, key_len, RC4_CYCLES );
     156        st = arc_keymaker( key, key_len, ARC_CYCLES );
    146157        g_free( key );
    147158       
    148159        for( i = 0; i < clear_len; i ++ )
    149                 crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );
     160                crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st );
    150161       
    151162        g_free( st );
    152163       
    153         return clear_len + RC4_IV_LEN;
    154 }
    155 
    156 int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )
    157 {
    158         struct rc4_state *st;
     164        return clear_len + ARC_IV_LEN;
     165}
     166
     167int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )
     168{
     169        struct arc_state *st;
    159170        unsigned char *key;
    160171        int key_len, clear_len, i;
    161172       
    162         key_len = strlen( password ) + RC4_IV_LEN;
    163         clear_len = crypt_len - RC4_IV_LEN;
     173        key_len = strlen( password ) + ARC_IV_LEN;
     174        clear_len = crypt_len - ARC_IV_LEN;
    164175       
    165176        if( clear_len < 0 )
     
    173184        key = g_malloc( key_len );
    174185        strcpy( (char*) key, password );
    175         for( i = 0; i < RC4_IV_LEN; i ++ )
    176                 key[key_len-RC4_IV_LEN+i] = crypt[i];
     186        for( i = 0; i < ARC_IV_LEN; i ++ )
     187                key[key_len-ARC_IV_LEN+i] = crypt[i];
    177188       
    178189        /* Generate the initial S[] from the IVed key. */
    179         st = rc4_keymaker( key, key_len, RC4_CYCLES );
     190        st = arc_keymaker( key, key_len, ARC_CYCLES );
    180191        g_free( key );
    181192       
    182193        for( i = 0; i < clear_len; i ++ )
    183                 clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st );
     194                clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st );
    184195        clear[0][i] = 0; /* Nice to have for plaintexts. */
    185196       
  • lib/arc.h

    racd61b9 r2896674  
    22*                                                                           *
    33*  BitlBee - An IRC to IM gateway                                           *
    4 *  Simple (but secure) RC4 implementation for safer password storage.       *
     4*  Simple (but secure) ArcFour implementation for safer password storage.   *
    55*                                                                           *
    6 *  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
     6*  Copyright 2007 Wilmer van der Gaast <wilmer@gaast.net>                   *
    77*                                                                           *
    88*  This program is free software; you can redistribute it and/or modify     *
     
    2323
    2424
    25 /* See rc4.c for more information. */
     25/* See arc.c for more information. */
    2626
    27 struct rc4_state
     27struct arc_state
    2828{
    2929        unsigned char S[256];
     
    3131};
    3232
    33 struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles );
    34 unsigned char rc4_getbyte( struct rc4_state *st );
    35 int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password );
    36 int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );
     33struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles );
     34unsigned char arc_getbyte( struct arc_state *st );
     35int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password );
     36int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );
  • storage_xml.c

    racd61b9 r2896674  
    2727#include "bitlbee.h"
    2828#include "base64.h"
    29 #include "rc4.h"
     29#include "arc.h"
    3030#include "md5.h"
    3131
     
    133133                char *protocol, *handle, *server, *password = NULL, *autoconnect;
    134134                char *pass_b64 = NULL;
    135                 unsigned char *pass_rc4 = NULL;
     135                unsigned char *pass_cr = NULL;
    136136                int pass_len;
    137137                struct prpl *prpl = NULL;
     
    152152                        g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
    153153                                     "Unknown protocol: %s", protocol );
    154                 else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) &&
    155                                          rc4_decode( pass_rc4, pass_len, &password, xd->given_pass ) )
     154                else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) &&
     155                                         arc_decode( pass_cr, pass_len, &password, xd->given_pass ) )
    156156                {
    157157                        xd->current_account = account_add( irc, prpl, handle, password );
     
    169169                }
    170170               
    171                 g_free( pass_rc4 );
     171                g_free( pass_cr );
    172172                g_free( password );
    173173        }
     
    424424        for( acc = irc->accounts; acc; acc = acc->next )
    425425        {
    426                 unsigned char *pass_rc4;
     426                unsigned char *pass_cr;
    427427                char *pass_b64;
    428428                int pass_len;
    429429               
    430                 pass_len = rc4_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_rc4, irc->password );
    431                 pass_b64 = base64_encode( pass_rc4, pass_len );
    432                 g_free( pass_rc4 );
     430                pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password );
     431                pass_b64 = base64_encode( pass_cr, pass_len );
     432                g_free( pass_cr );
    433433               
    434434                if( !xml_printf( fd, 1, "<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) )
  • tests/Makefile

    racd61b9 r2896674  
    1313main_objs = account.o bitlbee.o conf.o crypting.o help.o ipc.o irc.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_xml.o storage_text.o user.o
    1414
    15 test_objs = check.o check_util.o check_nick.o check_md5.o check_irc.o check_help.o check_user.o check_crypting.o check_set.o
     15test_objs = check.o check_util.o check_nick.o check_md5.o check_arc.o check_irc.o check_help.o check_user.o check_crypting.o check_set.o
    1616
    1717check: $(test_objs) $(addprefix ../, $(main_objs)) ../protocols/protocols.o ../lib/lib.o
  • tests/check.c

    racd61b9 r2896674  
    4747/* From check_md5.c */
    4848Suite *md5_suite(void);
     49
     50/* From check_arc.c */
     51Suite *arc_suite(void);
    4952
    5053/* From check_irc.c */
     
    102105        srunner_add_suite(sr, nick_suite());
    103106        srunner_add_suite(sr, md5_suite());
     107        srunner_add_suite(sr, arc_suite());
    104108        srunner_add_suite(sr, irc_suite());
    105109        srunner_add_suite(sr, help_suite());
Note: See TracChangeset for help on using the changeset viewer.