diff options
| -rw-r--r-- | lib/Makefile | 2 | ||||
| -rw-r--r-- | lib/arc.c (renamed from lib/rc4.c) | 103 | ||||
| -rw-r--r-- | lib/arc.h (renamed from lib/rc4.h) | 16 | ||||
| -rw-r--r-- | storage_xml.c | 18 | ||||
| -rw-r--r-- | tests/Makefile | 2 | ||||
| -rw-r--r-- | tests/check.c | 4 | ||||
| -rw-r--r-- | tests/check_arc.c | 95 | 
7 files changed, 175 insertions, 65 deletions
| diff --git a/lib/Makefile b/lib/Makefile index a9038987..bc1966d9 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,7 @@  -include ../Makefile.settings  # [SH] Program variables -objects = base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o rc4.o sha.o $(SSL_CLIENT) url.o +objects = arc.o base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o sha.o $(SSL_CLIENT) url.o  CFLAGS += -Wall  LFLAGS += -r @@ -1,7 +1,7 @@  /***************************************************************************\  *                                                                           *  *  BitlBee - An IRC to IM gateway                                           * -*  Simple (but secure) RC4 implementation for safer password storage.       * +*  Simple (but secure) ArcFour implementation for safer password storage.   *  *                                                                           *  *  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   *  *                                                                           * @@ -22,18 +22,21 @@  \***************************************************************************/  /*  -   This file implements RC4-encryption, which will mainly be used to save IM -   passwords safely in the new XML-format. Possibly other uses will come up -   later. It's supposed to be quite reliable (thanks to the use of a 6-byte -   IV/seed), certainly compared to the old format. The only realistic way to -   crack BitlBee passwords now is to use a sniffer to get your hands on the -   user's password. +   This file implements ArcFour-encryption, which will mainly be used to +   save IM passwords safely in the new XML-format. Possibly other uses will +   come up later. It's supposed to be quite reliable (thanks to the use of a +   6-byte IV/seed), certainly compared to the old format. The only realistic +   way to crack BitlBee passwords now is to use a sniffer to get your hands +   on the user's password.     If you see that something's wrong in this implementation (I asked a     couple of people to look at it already, but who knows), please tell me. -   The reason I chose for RC4 is because it's pretty simple but effective, +   The reason I picked ArcFour is because it's pretty simple but effective,     so it will work without adding several KBs or an extra library dependency. +    +   (ArcFour is an RC4-compatible cipher. See for details: +   http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt)  */ @@ -42,55 +45,62 @@  #include <stdlib.h>  #include <string.h>  #include "misc.h" -#include "rc4.h" +#include "arc.h"  /* Add some seed to the password, to make sure we *never* use the same key.     This defines how many bytes we use as a seed. */ -#define RC4_IV_LEN 6 +#define ARC_IV_LEN 6  /* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended     to shuffle S[] just a bit more before you start to use it. This defines how     many bytes we'll request before we'll really use them for encryption. */ -#define RC4_CYCLES 1024 +#define ARC_CYCLES 1024 -struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles ) +struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles )  { -	struct rc4_state *st; +	struct arc_state *st;  	int i, j, tmp; +	unsigned char S2[256]; -	st = g_malloc( sizeof( struct rc4_state ) ); +	st = g_malloc( sizeof( struct arc_state ) );  	st->i = st->j = 0; -	for( i = 0; i < 256; i ++ ) -		st->S[i] = i; -	  	if( kl <= 0 )  		kl = strlen( (char*) key ); +	for( i = 0; i < 256; i ++ ) +	{ +		st->S[i] = i; +		S2[i] = key[i%kl]; +	} +	  	for( i = j = 0; i < 256; i ++ )  	{ -		j = ( j + st->S[i] + key[i%kl] ) & 0xff; +		j = ( j + st->S[i] + S2[i] ) & 0xff;  		tmp = st->S[i];  		st->S[i] = st->S[j];  		st->S[j] = tmp;  	} +	memset( S2, 0, 256 ); +	i = j = 0; +	  	for( i = 0; i < cycles; i ++ ) -		rc4_getbyte( st ); +		arc_getbyte( st );  	return st;  }  /* -   For those who don't know, RC4 is basically an algorithm that generates a -   stream of bytes after you give it a key. Just get a byte from it and xor -   it with your cleartext. To decrypt, just give it the same key again and -   start xorring. +   For those who don't know, ArcFour is basically an algorithm that generates +   a stream of bytes after you give it a key. Just get a byte from it and +   xor it with your cleartext. To decrypt, just give it the same key again +   and start xorring. -   The function above initializes the RC4 byte generator, the next function -   can be used to get bytes from the generator (and shuffle things a bit). +   The function above initializes the byte generator, the next function can +   be used to get bytes from the generator (and shuffle things a bit).  */ -unsigned char rc4_getbyte( struct rc4_state *st ) +unsigned char arc_getbyte( struct arc_state *st )  {  	unsigned char tmp; @@ -100,16 +110,17 @@ unsigned char rc4_getbyte( struct rc4_state *st )  	tmp = st->S[st->i];  	st->S[st->i] = st->S[st->j];  	st->S[st->j] = tmp; +	tmp = (st->S[st->i] + st->S[st->j]) & 0xff; -	return st->S[(st->S[st->i] + st->S[st->j]) & 0xff]; +	return st->S[tmp];  }  /*     The following two functions can be used for reliable encryption and     decryption. Known plaintext attacks are prevented by adding some (6, -   by default) random bytes to the password before setting up the RC4 +   by default) random bytes to the password before setting up the state     structures. These 6 bytes are also saved in the results, because of -   course we'll need them in rc4_decode(). +   course we'll need them in arc_decode().     Because the length of the resulting string is unknown to the caller,     it should pass a char**. Since the encode/decode functions allocate @@ -121,46 +132,46 @@ unsigned char rc4_getbyte( struct rc4_state *st )     Both functions return the number of bytes in the result string.  */ -int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password ) +int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password )  { -	struct rc4_state *st; +	struct arc_state *st;  	unsigned char *key;  	int key_len, i; -	key_len = strlen( password ) + RC4_IV_LEN; +	key_len = strlen( password ) + ARC_IV_LEN;  	if( clear_len <= 0 )  		clear_len = strlen( clear );  	/* Prepare buffers and the key + IV */ -	*crypt = g_malloc( clear_len + RC4_IV_LEN ); +	*crypt = g_malloc( clear_len + ARC_IV_LEN );  	key = g_malloc( key_len );  	strcpy( (char*) key, password );  	/* Add the salt. Save it for later (when decrypting) and, of course,  	   add it to the encryption key. */ -	random_bytes( crypt[0], RC4_IV_LEN ); -	memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN ); +	random_bytes( crypt[0], ARC_IV_LEN ); +	memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN );  	/* Generate the initial S[] from the IVed key. */ -	st = rc4_keymaker( key, key_len, RC4_CYCLES ); +	st = arc_keymaker( key, key_len, ARC_CYCLES );  	g_free( key );  	for( i = 0; i < clear_len; i ++ ) -		crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st ); +		crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st );  	g_free( st ); -	return clear_len + RC4_IV_LEN; +	return clear_len + ARC_IV_LEN;  } -int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ) +int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password )  { -	struct rc4_state *st; +	struct arc_state *st;  	unsigned char *key;  	int key_len, clear_len, i; -	key_len = strlen( password ) + RC4_IV_LEN; -	clear_len = crypt_len - RC4_IV_LEN; +	key_len = strlen( password ) + ARC_IV_LEN; +	clear_len = crypt_len - ARC_IV_LEN;  	if( clear_len < 0 )  	{ @@ -172,15 +183,15 @@ int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *passwor  	*clear = g_malloc( clear_len + 1 );  	key = g_malloc( key_len );  	strcpy( (char*) key, password ); -	for( i = 0; i < RC4_IV_LEN; i ++ ) -		key[key_len-RC4_IV_LEN+i] = crypt[i]; +	for( i = 0; i < ARC_IV_LEN; i ++ ) +		key[key_len-ARC_IV_LEN+i] = crypt[i];  	/* Generate the initial S[] from the IVed key. */ -	st = rc4_keymaker( key, key_len, RC4_CYCLES ); +	st = arc_keymaker( key, key_len, ARC_CYCLES );  	g_free( key );  	for( i = 0; i < clear_len; i ++ ) -		clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st ); +		clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st );  	clear[0][i] = 0; /* Nice to have for plaintexts. */  	g_free( st ); @@ -1,9 +1,9 @@  /***************************************************************************\  *                                                                           *  *  BitlBee - An IRC to IM gateway                                           * -*  Simple (but secure) RC4 implementation for safer password storage.       * +*  Simple (but secure) ArcFour implementation for safer password storage.   *  *                                                                           * -*  Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net>                   * +*  Copyright 2007 Wilmer van der Gaast <wilmer@gaast.net>                   *  *                                                                           *  *  This program is free software; you can redistribute it and/or modify     *  *  it under the terms of the GNU General Public License as published by     * @@ -22,15 +22,15 @@  \***************************************************************************/ -/* See rc4.c for more information. */ +/* See arc.c for more information. */ -struct rc4_state +struct arc_state  {  	unsigned char S[256];  	unsigned char i, j;  }; -struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles ); -unsigned char rc4_getbyte( struct rc4_state *st ); -int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password ); -int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ); +struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles ); +unsigned char arc_getbyte( struct arc_state *st ); +int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password ); +int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ); diff --git a/storage_xml.c b/storage_xml.c index e45c4252..8618c5fe 100644 --- a/storage_xml.c +++ b/storage_xml.c @@ -26,7 +26,7 @@  #define BITLBEE_CORE  #include "bitlbee.h"  #include "base64.h" -#include "rc4.h" +#include "arc.h"  #include "md5.h"  typedef enum @@ -132,7 +132,7 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na  	{  		char *protocol, *handle, *server, *password = NULL, *autoconnect;  		char *pass_b64 = NULL; -		unsigned char *pass_rc4 = NULL; +		unsigned char *pass_cr = NULL;  		int pass_len;  		struct prpl *prpl = NULL; @@ -151,8 +151,8 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na  		else if( !prpl )  			g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,  			             "Unknown protocol: %s", protocol ); -		else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) && -		                         rc4_decode( pass_rc4, pass_len, &password, xd->given_pass ) ) +		else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) && +		                         arc_decode( pass_cr, pass_len, &password, xd->given_pass ) )  		{  			xd->current_account = account_add( irc, prpl, handle, password );  			if( server ) @@ -168,7 +168,7 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na  			             "Error while decrypting account password" );  		} -		g_free( pass_rc4 ); +		g_free( pass_cr );  		g_free( password );  	}  	else if( g_strcasecmp( element_name, "setting" ) == 0 ) @@ -423,13 +423,13 @@ static storage_status_t xml_save( irc_t *irc, int overwrite )  	for( acc = irc->accounts; acc; acc = acc->next )  	{ -		unsigned char *pass_rc4; +		unsigned char *pass_cr;  		char *pass_b64;  		int pass_len; -		pass_len = rc4_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_rc4, irc->password ); -		pass_b64 = base64_encode( pass_rc4, pass_len ); -		g_free( pass_rc4 ); +		pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password ); +		pass_b64 = base64_encode( pass_cr, pass_len ); +		g_free( pass_cr );  		if( !xml_printf( fd, 1, "<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) )  		{ diff --git a/tests/Makefile b/tests/Makefile index 4d4ed8d3..5bc3fbde 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -12,7 +12,7 @@ distclean: clean  main_objs = account.o bitlbee.o conf.o crypting.o help.o ipc.o irc.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_xml.o storage_text.o user.o  -test_objs = check.o check_util.o check_nick.o check_md5.o check_irc.o check_help.o check_user.o check_crypting.o check_set.o +test_objs = check.o check_util.o check_nick.o check_md5.o check_arc.o check_irc.o check_help.o check_user.o check_crypting.o check_set.o  check: $(test_objs) $(addprefix ../, $(main_objs)) ../protocols/protocols.o ../lib/lib.o  	@echo '*' Linking $@ diff --git a/tests/check.c b/tests/check.c index 488d9608..043889d6 100644 --- a/tests/check.c +++ b/tests/check.c @@ -47,6 +47,9 @@ Suite *nick_suite(void);  /* From check_md5.c */  Suite *md5_suite(void); +/* From check_arc.c */ +Suite *arc_suite(void); +  /* From check_irc.c */  Suite *irc_suite(void); @@ -101,6 +104,7 @@ int main (int argc, char **argv)  	sr = srunner_create(util_suite());  	srunner_add_suite(sr, nick_suite());  	srunner_add_suite(sr, md5_suite()); +	srunner_add_suite(sr, arc_suite());  	srunner_add_suite(sr, irc_suite());  	srunner_add_suite(sr, help_suite());  	srunner_add_suite(sr, user_suite()); diff --git a/tests/check_arc.c b/tests/check_arc.c new file mode 100644 index 00000000..989a0a66 --- /dev/null +++ b/tests/check_arc.c @@ -0,0 +1,95 @@ +#include <stdlib.h> +#include <glib.h> +#include <gmodule.h> +#include <check.h> +#include <string.h> +#include <stdio.h> +#include "arc.h" + +char *password = "TotT"; + +char *clear_tests[] = +{ +	"Wie dit leest is gek :-)", +	"ItllBeBitlBee", +	"One more boring password", +	NULL +}; + +static void check_codec(int l) +{ +	int i; +	 +	for( i = 0; clear_tests[i]; i++ ) +	{ +  		tcase_fn_start (clear_tests[i], __FILE__, __LINE__); +		unsigned char *crypted; +		char *decrypted; +		int len; +		 +		len = arc_encode( clear_tests[i], 0, &crypted, password ); +		len = arc_decode( crypted, len, &decrypted, password ); +		 +		fail_if( strcmp( clear_tests[i], decrypted ) != 0, +		         "%s didn't decrypt back properly", clear_tests[i] ); +		 +		g_free( crypted ); +		g_free( decrypted ); +	} +} + +struct +{ +	unsigned char crypted[24]; +	int len; +	char *decrypted; +} decrypt_tests[] = { +	{ +		{ +			0xc3, 0x0d, 0x43, 0xc3, 0xee, 0x80, 0xe2, 0x8c, 0x0b, 0x29, 0x32, 0x7e, +			0x38, 0x05, 0x82, 0x10, 0x21, 0x1c, 0x4a, 0x00, 0x2c +		}, 21, "Debugging sucks" +	}, +	{ +		{ +			0xb0, 0x00, 0x57, 0x0d, 0x0d, 0x0d, 0x70, 0xe1, 0xc0, 0x00, 0xa4, 0x25, +			0x7d, 0xbe, 0x03, 0xcc, 0x24, 0xd1, 0x0c +		}, 19, "Testing rocks" +	}, +	{ +		{ +			0xb6, 0x92, 0x59, 0xe4, 0xf9, 0xc1, 0x7a, 0xf6, 0xf3, 0x18, 0xea, 0x28, +			0x73, 0x6d, 0xb3, 0x0a, 0x6f, 0x0a, 0x2b, 0x43, 0x57, 0xe9, 0x3e, 0x63 +		}, 24, "OSCAR is creepy..." +	} +}; + +static void check_decod(int l) +{ +	int i; +	 +	for( i = 0; clear_tests[i]; i++ ) +	{ +  		tcase_fn_start (decrypt_tests[i].decrypted, __FILE__, __LINE__); +		char *decrypted; +		int len; +		 +		len = arc_decode( decrypt_tests[i].crypted, decrypt_tests[i].len, +		                  &decrypted, password ); +		 +		fail_if( strcmp( decrypt_tests[i].decrypted, decrypted ) != 0, +		         "%s didn't decrypt properly", clear_tests[i] ); +		 +		g_free( decrypted ); +	} +} + +Suite *arc_suite (void) +{ +	Suite *s = suite_create("ArcFour"); +	TCase *tc_core = tcase_create("Core"); +	suite_add_tcase (s, tc_core); +	tcase_add_test (tc_core, check_codec); +	tcase_add_test (tc_core, check_decod); +	return s; +} | 
