- Timestamp:
- 2015-02-20T22:50:54Z (9 years ago)
- Branches:
- master
- Children:
- 0b9daac, 3d45471, 7733b8c
- Parents:
- af359b4
- git-author:
- Indent <please@…> (19-02-15 05:47:20)
- git-committer:
- dequis <dx@…> (20-02-15 22:50:54)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
lib/arc.c
raf359b4 r5ebff60 22 22 \***************************************************************************/ 23 23 24 /* 24 /* 25 25 This file implements ArcFour-encryption, which will mainly be used to 26 26 save IM passwords safely in the new XML-format. Possibly other uses will … … 29 29 way to crack BitlBee passwords now is to use a sniffer to get your hands 30 30 on the user's password. 31 31 32 32 If you see that something's wrong in this implementation (I asked a 33 33 couple of people to look at it already, but who knows), please tell me. 34 34 35 35 The reason I picked ArcFour is because it's pretty simple but effective, 36 36 so it will work without adding several KBs or an extra library dependency. 37 37 38 38 (ArcFour is an RC4-compatible cipher. See for details: 39 39 http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt) … … 57 57 #define ARC_CYCLES 1024 58 58 59 struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles)59 struct arc_state *arc_keymaker(unsigned char *key, int kl, int cycles) 60 60 { 61 61 struct arc_state *st; 62 62 int i, j, tmp; 63 63 unsigned char S2[256]; 64 65 st = g_malloc( sizeof( struct arc_state ));64 65 st = g_malloc(sizeof(struct arc_state)); 66 66 st->i = st->j = 0; 67 if ( kl <= 0 )68 kl = strlen( (char*) key);69 70 for( i = 0; i < 256; i ++ ) 71 {67 if (kl <= 0) { 68 kl = strlen((char *) key); 69 } 70 71 for (i = 0; i < 256; i++) { 72 72 st->S[i] = i; 73 S2[i] = key[i%kl]; 74 } 75 76 for( i = j = 0; i < 256; i ++ ) 77 { 78 j = ( j + st->S[i] + S2[i] ) & 0xff; 73 S2[i] = key[i % kl]; 74 } 75 76 for (i = j = 0; i < 256; i++) { 77 j = (j + st->S[i] + S2[i]) & 0xff; 79 78 tmp = st->S[i]; 80 79 st->S[i] = st->S[j]; 81 80 st->S[j] = tmp; 82 81 } 83 84 memset( S2, 0, 256);82 83 memset(S2, 0, 256); 85 84 i = j = 0; 86 87 for( i = 0; i < cycles; i ++ ) 88 arc_getbyte( st ); 89 85 86 for (i = 0; i < cycles; i++) { 87 arc_getbyte(st); 88 } 89 90 90 return st; 91 91 } … … 96 96 xor it with your cleartext. To decrypt, just give it the same key again 97 97 and start xorring. 98 98 99 99 The function above initializes the byte generator, the next function can 100 100 be used to get bytes from the generator (and shuffle things a bit). 101 101 */ 102 102 103 unsigned char arc_getbyte( struct arc_state *st)103 unsigned char arc_getbyte(struct arc_state *st) 104 104 { 105 105 unsigned char tmp; 106 106 107 107 /* Unfortunately the st-> stuff doesn't really improve readability here... */ 108 st->i 108 st->i++; 109 109 st->j += st->S[st->i]; 110 110 tmp = st->S[st->i]; … … 112 112 st->S[st->j] = tmp; 113 113 tmp = (st->S[st->i] + st->S[st->j]) & 0xff; 114 114 115 115 return st->S[tmp]; 116 116 } … … 122 122 structures. These 6 bytes are also saved in the results, because of 123 123 course we'll need them in arc_decode(). 124 124 125 125 Because the length of the resulting string is unknown to the caller, 126 126 it should pass a char**. Since the encode/decode functions allocate … … 129 129 memory. And of course, don't forget to free() the result when you 130 130 don't need it anymore. 131 131 132 132 Both functions return the number of bytes in the result string. 133 133 134 134 Note that if you use the pad_to argument, you will need zero-termi- 135 135 nation to find back the original string length after decryption. So … … 137 137 */ 138 138 139 int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password, int pad_to)139 int arc_encode(char *clear, int clear_len, unsigned char **crypt, char *password, int pad_to) 140 140 { 141 141 struct arc_state *st; … … 143 143 char *padded = NULL; 144 144 int key_len, i, padded_len; 145 146 key_len = strlen( password ) + ARC_IV_LEN; 147 if( clear_len <= 0 ) 148 clear_len = strlen( clear ); 149 145 146 key_len = strlen(password) + ARC_IV_LEN; 147 if (clear_len <= 0) { 148 clear_len = strlen(clear); 149 } 150 150 151 /* Pad the string to the closest multiple of pad_to. This makes it 151 152 impossible to see the exact length of the password. */ 152 if( pad_to > 0 && ( clear_len % pad_to ) > 0 ) 153 { 154 padded_len = clear_len + pad_to - ( clear_len % pad_to ); 155 padded = g_malloc( padded_len ); 156 memcpy( padded, clear, clear_len ); 157 153 if (pad_to > 0 && (clear_len % pad_to) > 0) { 154 padded_len = clear_len + pad_to - (clear_len % pad_to); 155 padded = g_malloc(padded_len); 156 memcpy(padded, clear, clear_len); 157 158 158 /* First a \0 and then random data, so we don't have to do 159 159 anything special when decrypting. */ 160 160 padded[clear_len] = 0; 161 random_bytes( (unsigned char*) padded + clear_len + 1, padded_len - clear_len - 1);162 161 random_bytes((unsigned char *) padded + clear_len + 1, padded_len - clear_len - 1); 162 163 163 clear = padded; 164 164 clear_len = padded_len; 165 165 } 166 166 167 167 /* Prepare buffers and the key + IV */ 168 *crypt = g_malloc( clear_len + ARC_IV_LEN);169 key = g_malloc( key_len);170 strcpy( (char*) key, password);171 168 *crypt = g_malloc(clear_len + ARC_IV_LEN); 169 key = g_malloc(key_len); 170 strcpy((char *) key, password); 171 172 172 /* Add the salt. Save it for later (when decrypting) and, of course, 173 173 add it to the encryption key. */ 174 random_bytes( crypt[0], ARC_IV_LEN);175 memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN);176 174 random_bytes(crypt[0], ARC_IV_LEN); 175 memcpy(key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN); 176 177 177 /* Generate the initial S[] from the IVed key. */ 178 st = arc_keymaker( key, key_len, ARC_CYCLES ); 179 g_free( key ); 180 181 for( i = 0; i < clear_len; i ++ ) 182 crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st ); 183 184 g_free( st ); 185 g_free( padded ); 186 178 st = arc_keymaker(key, key_len, ARC_CYCLES); 179 g_free(key); 180 181 for (i = 0; i < clear_len; i++) { 182 crypt[0][i + ARC_IV_LEN] = clear[i] ^ arc_getbyte(st); 183 } 184 185 g_free(st); 186 g_free(padded); 187 187 188 return clear_len + ARC_IV_LEN; 188 189 } 189 190 190 int arc_decode( unsigned char *crypt, int crypt_len, char **clear, const char *password)191 int arc_decode(unsigned char *crypt, int crypt_len, char **clear, const char *password) 191 192 { 192 193 struct arc_state *st; 193 194 unsigned char *key; 194 195 int key_len, clear_len, i; 195 196 key_len = strlen( password) + ARC_IV_LEN;196 197 key_len = strlen(password) + ARC_IV_LEN; 197 198 clear_len = crypt_len - ARC_IV_LEN; 198 199 if( clear_len < 0 ) 200 { 201 *clear = g_strdup( "" ); 199 200 if (clear_len < 0) { 201 *clear = g_strdup(""); 202 202 return -1; 203 203 } 204 204 205 205 /* Prepare buffers and the key + IV */ 206 *clear = g_malloc( clear_len + 1 ); 207 key = g_malloc( key_len ); 208 strcpy( (char*) key, password ); 209 for( i = 0; i < ARC_IV_LEN; i ++ ) 210 key[key_len-ARC_IV_LEN+i] = crypt[i]; 211 206 *clear = g_malloc(clear_len + 1); 207 key = g_malloc(key_len); 208 strcpy((char *) key, password); 209 for (i = 0; i < ARC_IV_LEN; i++) { 210 key[key_len - ARC_IV_LEN + i] = crypt[i]; 211 } 212 212 213 /* Generate the initial S[] from the IVed key. */ 213 st = arc_keymaker( key, key_len, ARC_CYCLES ); 214 g_free( key ); 215 216 for( i = 0; i < clear_len; i ++ ) 217 clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st ); 214 st = arc_keymaker(key, key_len, ARC_CYCLES); 215 g_free(key); 216 217 for (i = 0; i < clear_len; i++) { 218 clear[0][i] = crypt[i + ARC_IV_LEN] ^ arc_getbyte(st); 219 } 218 220 clear[0][i] = 0; /* Nice to have for plaintexts. */ 219 220 g_free( st);221 221 222 g_free(st); 223 222 224 return clear_len; 223 225 }
Note: See TracChangeset
for help on using the changeset viewer.