Changeset ddcf491f for lib


Ignore:
Timestamp:
2008-03-16T14:18:22Z (12 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
e960a52
Parents:
d07c3a8
Message:

Adding padding to encrypted IM-passwords so the exact password length can't
be guessed from the encrypted data anymore.

Location:
lib
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • lib/arc.c

    rd07c3a8 rddcf491f  
    131131   
    132132   Both functions return the number of bytes in the result string.
     133   
     134   Note that if you use the pad_to argument, you will need zero-termi-
     135   nation to find back the original string length after decryption. So
     136   it shouldn't be used if your string contains \0s by itself!
    133137*/
    134138
    135 int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password )
     139int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password, int pad_to )
    136140{
    137141        struct arc_state *st;
    138142        unsigned char *key;
    139         int key_len, i;
     143        char *padded = NULL;
     144        int key_len, i, padded_len;
    140145       
    141146        key_len = strlen( password ) + ARC_IV_LEN;
    142147        if( clear_len <= 0 )
    143148                clear_len = strlen( clear );
     149       
     150        /* Pad the string to the closest multiple of pad_to. This makes it
     151           impossible to see the exact length of the password. */
     152        if( pad_to > 0 && ( clear_len % pad_to ) > 0 )
     153        {
     154                padded_len = clear_len + pad_to - ( clear_len % pad_to );
     155                padded = g_malloc( padded_len );
     156                memcpy( padded, clear, clear_len );
     157               
     158                /* First a \0 and then random data, so we don't have to do
     159                   anything special when decrypting. */
     160                padded[clear_len] = 0;
     161                random_bytes( (unsigned char*) padded + clear_len + 1, padded_len - clear_len - 1 );
     162               
     163                clear = padded;
     164                clear_len = padded_len;
     165        }
    144166       
    145167        /* Prepare buffers and the key + IV */
     
    161183       
    162184        g_free( st );
     185        g_free( padded );
    163186       
    164187        return clear_len + ARC_IV_LEN;
  • lib/arc.h

    rd07c3a8 rddcf491f  
    3131};
    3232
    33 struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles );
     33G_GNUC_MALLOC struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles );
    3434unsigned char arc_getbyte( struct arc_state *st );
    35 int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password );
     35int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password, int pad_to );
    3636int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password );
Note: See TracChangeset for help on using the changeset viewer.