- Timestamp:
- 2007-10-08T13:56:09Z (17 years ago)
- Branches:
- master
- Children:
- 527360f
- Parents:
- acd61b9 (diff), e2869bf (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Location:
- lib
- Files:
-
- 1 edited
- 2 moved
Legend:
- Unmodified
- Added
- Removed
-
lib/Makefile
racd61b9 r2896674 10 10 11 11 # [SH] Program variables 12 objects = base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o rc4.o sha.o $(SSL_CLIENT) url.o12 objects = arc.o base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o sha.o $(SSL_CLIENT) url.o 13 13 14 14 CFLAGS += -Wall -
lib/arc.c
racd61b9 r2896674 2 2 * * 3 3 * BitlBee - An IRC to IM gateway * 4 * Simple (but secure) RC4 implementation for safer password storage.*4 * Simple (but secure) ArcFour implementation for safer password storage. * 5 5 * * 6 6 * Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> * … … 23 23 24 24 /* 25 This file implements RC4-encryption, which will mainly be used to save IM26 passwords safely in the new XML-format. Possibly other uses will come up27 later. It's supposed to be quite reliable (thanks to the use of a 6-byte28 IV/seed), certainly compared to the old format. The only realistic way to29 crack BitlBee passwords now is to use a sniffer to get your hands on the30 user's password.25 This file implements ArcFour-encryption, which will mainly be used to 26 save IM passwords safely in the new XML-format. Possibly other uses will 27 come up later. It's supposed to be quite reliable (thanks to the use of a 28 6-byte IV/seed), certainly compared to the old format. The only realistic 29 way to crack BitlBee passwords now is to use a sniffer to get your hands 30 on the user's password. 31 31 32 32 If you see that something's wrong in this implementation (I asked a 33 33 couple of people to look at it already, but who knows), please tell me. 34 34 35 The reason I chose for RC4is because it's pretty simple but effective,35 The reason I picked ArcFour is because it's pretty simple but effective, 36 36 so it will work without adding several KBs or an extra library dependency. 37 38 (ArcFour is an RC4-compatible cipher. See for details: 39 http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt) 37 40 */ 38 41 … … 43 46 #include <string.h> 44 47 #include "misc.h" 45 #include " rc4.h"48 #include "arc.h" 46 49 47 50 /* Add some seed to the password, to make sure we *never* use the same key. 48 51 This defines how many bytes we use as a seed. */ 49 #define RC4_IV_LEN 652 #define ARC_IV_LEN 6 50 53 51 54 /* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended 52 55 to shuffle S[] just a bit more before you start to use it. This defines how 53 56 many bytes we'll request before we'll really use them for encryption. */ 54 #define RC4_CYCLES 102455 56 struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles )57 { 58 struct rc4_state *st;57 #define ARC_CYCLES 1024 58 59 struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles ) 60 { 61 struct arc_state *st; 59 62 int i, j, tmp; 60 61 st = g_malloc( sizeof( struct rc4_state ) ); 63 unsigned char S2[256]; 64 65 st = g_malloc( sizeof( struct arc_state ) ); 62 66 st->i = st->j = 0; 63 for( i = 0; i < 256; i ++ )64 st->S[i] = i;65 66 67 if( kl <= 0 ) 67 68 kl = strlen( (char*) key ); 68 69 70 for( i = 0; i < 256; i ++ ) 71 { 72 st->S[i] = i; 73 S2[i] = key[i%kl]; 74 } 75 69 76 for( i = j = 0; i < 256; i ++ ) 70 77 { 71 j = ( j + st->S[i] + key[i%kl] ) & 0xff;78 j = ( j + st->S[i] + S2[i] ) & 0xff; 72 79 tmp = st->S[i]; 73 80 st->S[i] = st->S[j]; … … 75 82 } 76 83 84 memset( S2, 0, 256 ); 85 i = j = 0; 86 77 87 for( i = 0; i < cycles; i ++ ) 78 rc4_getbyte( st );88 arc_getbyte( st ); 79 89 80 90 return st; … … 82 92 83 93 /* 84 For those who don't know, RC4 is basically an algorithm that generates a85 stream of bytes after you give it a key. Just get a byte from it and xor86 it with your cleartext. To decrypt, just give it the same key again and87 start xorring.88 89 The function above initializes the RC4 byte generator, the next function90 canbe used to get bytes from the generator (and shuffle things a bit).94 For those who don't know, ArcFour is basically an algorithm that generates 95 a stream of bytes after you give it a key. Just get a byte from it and 96 xor it with your cleartext. To decrypt, just give it the same key again 97 and start xorring. 98 99 The function above initializes the byte generator, the next function can 100 be used to get bytes from the generator (and shuffle things a bit). 91 101 */ 92 102 93 unsigned char rc4_getbyte( struct rc4_state *st )103 unsigned char arc_getbyte( struct arc_state *st ) 94 104 { 95 105 unsigned char tmp; … … 101 111 st->S[st->i] = st->S[st->j]; 102 112 st->S[st->j] = tmp; 103 104 return st->S[(st->S[st->i] + st->S[st->j]) & 0xff]; 113 tmp = (st->S[st->i] + st->S[st->j]) & 0xff; 114 115 return st->S[tmp]; 105 116 } 106 117 … … 108 119 The following two functions can be used for reliable encryption and 109 120 decryption. Known plaintext attacks are prevented by adding some (6, 110 by default) random bytes to the password before setting up the RC4121 by default) random bytes to the password before setting up the state 111 122 structures. These 6 bytes are also saved in the results, because of 112 course we'll need them in rc4_decode().123 course we'll need them in arc_decode(). 113 124 114 125 Because the length of the resulting string is unknown to the caller, … … 122 133 */ 123 134 124 int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password )125 { 126 struct rc4_state *st;135 int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password ) 136 { 137 struct arc_state *st; 127 138 unsigned char *key; 128 139 int key_len, i; 129 140 130 key_len = strlen( password ) + RC4_IV_LEN;141 key_len = strlen( password ) + ARC_IV_LEN; 131 142 if( clear_len <= 0 ) 132 143 clear_len = strlen( clear ); 133 144 134 145 /* Prepare buffers and the key + IV */ 135 *crypt = g_malloc( clear_len + RC4_IV_LEN );146 *crypt = g_malloc( clear_len + ARC_IV_LEN ); 136 147 key = g_malloc( key_len ); 137 148 strcpy( (char*) key, password ); … … 139 150 /* Add the salt. Save it for later (when decrypting) and, of course, 140 151 add it to the encryption key. */ 141 random_bytes( crypt[0], RC4_IV_LEN );142 memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN );152 random_bytes( crypt[0], ARC_IV_LEN ); 153 memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN ); 143 154 144 155 /* Generate the initial S[] from the IVed key. */ 145 st = rc4_keymaker( key, key_len, RC4_CYCLES );156 st = arc_keymaker( key, key_len, ARC_CYCLES ); 146 157 g_free( key ); 147 158 148 159 for( i = 0; i < clear_len; i ++ ) 149 crypt[0][i+ RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st );160 crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st ); 150 161 151 162 g_free( st ); 152 163 153 return clear_len + RC4_IV_LEN;154 } 155 156 int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )157 { 158 struct rc4_state *st;164 return clear_len + ARC_IV_LEN; 165 } 166 167 int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ) 168 { 169 struct arc_state *st; 159 170 unsigned char *key; 160 171 int key_len, clear_len, i; 161 172 162 key_len = strlen( password ) + RC4_IV_LEN;163 clear_len = crypt_len - RC4_IV_LEN;173 key_len = strlen( password ) + ARC_IV_LEN; 174 clear_len = crypt_len - ARC_IV_LEN; 164 175 165 176 if( clear_len < 0 ) … … 173 184 key = g_malloc( key_len ); 174 185 strcpy( (char*) key, password ); 175 for( i = 0; i < RC4_IV_LEN; i ++ )176 key[key_len- RC4_IV_LEN+i] = crypt[i];186 for( i = 0; i < ARC_IV_LEN; i ++ ) 187 key[key_len-ARC_IV_LEN+i] = crypt[i]; 177 188 178 189 /* Generate the initial S[] from the IVed key. */ 179 st = rc4_keymaker( key, key_len, RC4_CYCLES );190 st = arc_keymaker( key, key_len, ARC_CYCLES ); 180 191 g_free( key ); 181 192 182 193 for( i = 0; i < clear_len; i ++ ) 183 clear[0][i] = crypt[i+ RC4_IV_LEN] ^ rc4_getbyte( st );194 clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st ); 184 195 clear[0][i] = 0; /* Nice to have for plaintexts. */ 185 196 -
lib/arc.h
racd61b9 r2896674 2 2 * * 3 3 * BitlBee - An IRC to IM gateway * 4 * Simple (but secure) RC4 implementation for safer password storage.*4 * Simple (but secure) ArcFour implementation for safer password storage. * 5 5 * * 6 * Copyright 200 6Wilmer van der Gaast <wilmer@gaast.net> *6 * Copyright 2007 Wilmer van der Gaast <wilmer@gaast.net> * 7 7 * * 8 8 * This program is free software; you can redistribute it and/or modify * … … 23 23 24 24 25 /* See rc4.c for more information. */25 /* See arc.c for more information. */ 26 26 27 struct rc4_state27 struct arc_state 28 28 { 29 29 unsigned char S[256]; … … 31 31 }; 32 32 33 struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles );34 unsigned char rc4_getbyte( struct rc4_state *st );35 int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password );36 int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );33 struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles ); 34 unsigned char arc_getbyte( struct arc_state *st ); 35 int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password ); 36 int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );
Note: See TracChangeset
for help on using the changeset viewer.