Changeset 2896674

Timestamp:

2007-10-08T13:56:09Z (17 years ago)

Author:

Miklos Vajna <vmiklos@…>

Branches:

master

Children:

527360f

Parents:

acd61b9 (diff), e2869bf (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge ​http://code.bitlbee.org/bitlbee/.

Files:

• lib/Makefile (modified) (1 diff)
• lib/arc.c (moved) (moved from lib/rc4.c) (10 diffs)
• lib/arc.h (moved) (moved from lib/rc4.h) (3 diffs)
• storage_xml.c (modified) (5 diffs)
• tests/Makefile (modified) (1 diff)
• tests/check.c (modified) (2 diffs)
• tests/check_arc.c (added)

lib/Makefile

@@ -10 +10 @@
 
 # [SH] Program variables
-objects = base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o rc4.o sha.o $(SSL_CLIENT) url.o
+objects = arc.o base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o sha.o $(SSL_CLIENT) url.o
 
 CFLAGS += -Wall

lib/arc.c

@@ -2 +2 @@
 *                                                                           *
 *  BitlBee - An IRC to IM gateway                                           *
-*  Simple (but secure) RC4 implementation for safer password storage.       *
+*  Simple (but secure) ArcFour implementation for safer password storage.   *
 *                                                                           *
 *  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
@@ -23 +23 @@
 
 /* 
-   This file implements RC4-encryption, which will mainly be used to save IM
-   passwords safely in the new XML-format. Possibly other uses will come up
-   later. It's supposed to be quite reliable (thanks to the use of a 6-byte
-   IV/seed), certainly compared to the old format. The only realistic way to
-   crack BitlBee passwords now is to use a sniffer to get your hands on the
-   user's password.
+   This file implements ArcFour-encryption, which will mainly be used to
+   save IM passwords safely in the new XML-format. Possibly other uses will
+   come up later. It's supposed to be quite reliable (thanks to the use of a
+   6-byte IV/seed), certainly compared to the old format. The only realistic
+   way to crack BitlBee passwords now is to use a sniffer to get your hands
+   on the user's password.
    
    If you see that something's wrong in this implementation (I asked a
    couple of people to look at it already, but who knows), please tell me.
    
-   The reason I chose for RC4 is because it's pretty simple but effective,
+   The reason I picked ArcFour is because it's pretty simple but effective,
    so it will work without adding several KBs or an extra library dependency.
+   
+   (ArcFour is an RC4-compatible cipher. See for details:
+   http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt)
 */
 
@@ -43 +46 @@
 #include <string.h>
 #include "misc.h"
-#include "rc4.h"
+#include "arc.h"
 
 /* Add some seed to the password, to make sure we *never* use the same key.
    This defines how many bytes we use as a seed. */
-#define RC4_IV_LEN 6
+#define ARC_IV_LEN 6
 
 /* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended
    to shuffle S[] just a bit more before you start to use it. This defines how
    many bytes we'll request before we'll really use them for encryption. */
-#define RC4_CYCLES 1024
-
-struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles )
-{
-        struct rc4_state *st;
+#define ARC_CYCLES 1024
+
+struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles )
+{
+        struct arc_state *st;
         int i, j, tmp;
-        
-        st = g_malloc( sizeof( struct rc4_state ) );
+        unsigned char S2[256];
+        
+        st = g_malloc( sizeof( struct arc_state ) );
         st->i = st->j = 0;
-        for( i = 0; i < 256; i ++ )
-                st->S[i] = i;
-        
         if( kl <= 0 )
                 kl = strlen( (char*) key );
         
+        for( i = 0; i < 256; i ++ )
+        {
+                st->S[i] = i;
+                S2[i] = key[i%kl];
+        }
+        
         for( i = j = 0; i < 256; i ++ )
         {
-                j = ( j + st->S[i] + key[i%kl] ) & 0xff;
+                j = ( j + st->S[i] + S2[i] ) & 0xff;
                 tmp = st->S[i];
                 st->S[i] = st->S[j];
@@ -75 +82 @@
         }
         
+        memset( S2, 0, 256 );
+        i = j = 0;
+        
         for( i = 0; i < cycles; i ++ )
-                rc4_getbyte( st );
+                arc_getbyte( st );
         
         return st;
@@ -82 +92 @@
 
 /*
-   For those who don't know, RC4 is basically an algorithm that generates a
-   stream of bytes after you give it a key. Just get a byte from it and xor
-   it with your cleartext. To decrypt, just give it the same key again and
-   start xorring.
-   
-   The function above initializes the RC4 byte generator, the next function
-   can be used to get bytes from the generator (and shuffle things a bit).
+   For those who don't know, ArcFour is basically an algorithm that generates
+   a stream of bytes after you give it a key. Just get a byte from it and
+   xor it with your cleartext. To decrypt, just give it the same key again
+   and start xorring.
+   
+   The function above initializes the byte generator, the next function can
+   be used to get bytes from the generator (and shuffle things a bit).
 */
 
-unsigned char rc4_getbyte( struct rc4_state *st )
+unsigned char arc_getbyte( struct arc_state *st )
 {
         unsigned char tmp;
@@ -101 +111 @@
         st->S[st->i] = st->S[st->j];
         st->S[st->j] = tmp;
-        
-        return st->S[(st->S[st->i] + st->S[st->j]) & 0xff];
+        tmp = (st->S[st->i] + st->S[st->j]) & 0xff;
+        
+        return st->S[tmp];
 }
 
@@ -108 +119 @@
    The following two functions can be used for reliable encryption and
    decryption. Known plaintext attacks are prevented by adding some (6,
-   by default) random bytes to the password before setting up the RC4
+   by default) random bytes to the password before setting up the state
    structures. These 6 bytes are also saved in the results, because of
-   course we'll need them in rc4_decode().
+   course we'll need them in arc_decode().
    
    Because the length of the resulting string is unknown to the caller,
@@ -122 +133 @@
 */
 
-int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password )
-{
-        struct rc4_state *st;
+int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password )
+{
+        struct arc_state *st;
         unsigned char *key;
         int key_len, i;
         
-        key_len = strlen( password ) + RC4_IV_LEN;
+        key_len = strlen( password ) + ARC_IV_LEN;
         if( clear_len <= 0 )
                 clear_len = strlen( clear );
         
         /* Prepare buffers and the key + IV */
-        *crypt = g_malloc( clear_len + RC4_IV_LEN );
+        *crypt = g_malloc( clear_len + ARC_IV_LEN );
         key = g_malloc( key_len );
         strcpy( (char*) key, password );
@@ -139 +150 @@
         /* Add the salt. Save it for later (when decrypting) and, of course,
            add it to the encryption key. */
-        random_bytes( crypt[0], RC4_IV_LEN );
-        memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN );
+        random_bytes( crypt[0], ARC_IV_LEN );
+        memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN );
         
         /* Generate the initial S[] from the IVed key. */
-        st = rc4_keymaker( key, key_len, RC4_CYCLES );
+        st = arc_keymaker( key, key_len, ARC_CYCLES );
         g_free( key );
         
         for( i = 0; i < clear_len; i ++ )
-                crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );
+                crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st );
         
         g_free( st );
         
-        return clear_len + RC4_IV_LEN;
-}
-
-int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )
-{
-        struct rc4_state *st;
+        return clear_len + ARC_IV_LEN;
+}
+
+int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )
+{
+        struct arc_state *st;
         unsigned char *key;
         int key_len, clear_len, i;
         
-        key_len = strlen( password ) + RC4_IV_LEN;
-        clear_len = crypt_len - RC4_IV_LEN;
+        key_len = strlen( password ) + ARC_IV_LEN;
+        clear_len = crypt_len - ARC_IV_LEN;
         
         if( clear_len < 0 )
@@ -173 +184 @@
         key = g_malloc( key_len );
         strcpy( (char*) key, password );
-        for( i = 0; i < RC4_IV_LEN; i ++ )
-                key[key_len-RC4_IV_LEN+i] = crypt[i];
+        for( i = 0; i < ARC_IV_LEN; i ++ )
+                key[key_len-ARC_IV_LEN+i] = crypt[i];
         
         /* Generate the initial S[] from the IVed key. */
-        st = rc4_keymaker( key, key_len, RC4_CYCLES );
+        st = arc_keymaker( key, key_len, ARC_CYCLES );
         g_free( key );
         
         for( i = 0; i < clear_len; i ++ )
-                clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st );
+                clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st );
         clear[0][i] = 0; /* Nice to have for plaintexts. */
         

lib/arc.h

@@ -2 +2 @@
 *                                                                           *
 *  BitlBee - An IRC to IM gateway                                           *
-*  Simple (but secure) RC4 implementation for safer password storage.       *
+*  Simple (but secure) ArcFour implementation for safer password storage.   *
 *                                                                           *
-*  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *
+*  Copyright 2007 Wilmer van der Gaast <wilmer@gaast.net>                   *
 *                                                                           *
 *  This program is free software; you can redistribute it and/or modify     *
@@ -23 +23 @@
 
 
-/* See rc4.c for more information. */
+/* See arc.c for more information. */
 
-struct rc4_state
+struct arc_state
 {
         unsigned char S[256];
@@ -31 +31 @@
 };
 
-struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles );
-unsigned char rc4_getbyte( struct rc4_state *st );
-int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password );
-int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );
+struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles );
+unsigned char arc_getbyte( struct arc_state *st );
+int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password );
+int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );

storage_xml.c

@@ -27 +27 @@
 #include "bitlbee.h"
 #include "base64.h"
-#include "rc4.h"
+#include "arc.h"
 #include "md5.h"
 
@@ -133 +133 @@
                 char *protocol, *handle, *server, *password = NULL, *autoconnect;
                 char *pass_b64 = NULL;
-                unsigned char *pass_rc4 = NULL;
+                unsigned char *pass_cr = NULL;
                 int pass_len;
                 struct prpl *prpl = NULL;
@@ -152 +152 @@
                         g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
                                      "Unknown protocol: %s", protocol );
-                else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) &&
-                                         rc4_decode( pass_rc4, pass_len, &password, xd->given_pass ) )
+                else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) &&
+                                         arc_decode( pass_cr, pass_len, &password, xd->given_pass ) )
                 {
                         xd->current_account = account_add( irc, prpl, handle, password );
@@ -169 +169 @@
                 }
                 
-                g_free( pass_rc4 );
+                g_free( pass_cr );
                 g_free( password );
         }
@@ -424 +424 @@
         for( acc = irc->accounts; acc; acc = acc->next )
         {
-                unsigned char *pass_rc4;
+                unsigned char *pass_cr;
                 char *pass_b64;
                 int pass_len;
                 
-                pass_len = rc4_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_rc4, irc->password );
-                pass_b64 = base64_encode( pass_rc4, pass_len );
-                g_free( pass_rc4 );
+                pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password );
+                pass_b64 = base64_encode( pass_cr, pass_len );
+                g_free( pass_cr );
                 
                 if( !xml_printf( fd, 1, "<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) )

tests/Makefile

@@ -13 +13 @@
 main_objs = account.o bitlbee.o conf.o crypting.o help.o ipc.o irc.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_xml.o storage_text.o user.o 
 
-test_objs = check.o check_util.o check_nick.o check_md5.o check_irc.o check_help.o check_user.o check_crypting.o check_set.o
+test_objs = check.o check_util.o check_nick.o check_md5.o check_arc.o check_irc.o check_help.o check_user.o check_crypting.o check_set.o
 
 check: $(test_objs) $(addprefix ../, $(main_objs)) ../protocols/protocols.o ../lib/lib.o

tests/check.c

@@ -47 +47 @@
 /* From check_md5.c */
 Suite *md5_suite(void);
+
+/* From check_arc.c */
+Suite *arc_suite(void);
 
 /* From check_irc.c */
@@ -102 +105 @@
         srunner_add_suite(sr, nick_suite());
         srunner_add_suite(sr, md5_suite());
+        srunner_add_suite(sr, arc_suite());
         srunner_add_suite(sr, irc_suite());
         srunner_add_suite(sr, help_suite());