diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | bitlbee.h | 2 | ||||
| -rw-r--r-- | conf.c | 2 | ||||
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | irc_commands.c | 2 | ||||
| -rw-r--r-- | lib/Makefile | 37 | ||||
| -rw-r--r-- | lib/events.h (renamed from protocols/events.h) | 0 | ||||
| -rw-r--r-- | lib/events_glib.c (renamed from protocols/events_glib.c) | 0 | ||||
| -rw-r--r-- | lib/events_libevent.c (renamed from protocols/events_libevent.c) | 0 | ||||
| -rw-r--r-- | lib/http_client.c (renamed from protocols/http_client.c) | 0 | ||||
| -rw-r--r-- | lib/http_client.h (renamed from protocols/http_client.h) | 0 | ||||
| -rw-r--r-- | lib/ini.c (renamed from ini.c) | 0 | ||||
| -rw-r--r-- | lib/ini.h (renamed from ini.h) | 0 | ||||
| -rw-r--r-- | lib/md5.c (renamed from protocols/md5.c) | 0 | ||||
| -rw-r--r-- | lib/md5.h (renamed from protocols/md5.h) | 0 | ||||
| -rw-r--r-- | lib/misc.c (renamed from util.c) | 0 | ||||
| -rw-r--r-- | lib/misc.h (renamed from util.h) | 0 | ||||
| -rw-r--r-- | lib/proxy.c (renamed from protocols/proxy.c) | 0 | ||||
| -rw-r--r-- | lib/proxy.h (renamed from protocols/proxy.h) | 0 | ||||
| -rw-r--r-- | lib/rc4.c | 179 | ||||
| -rw-r--r-- | lib/rc4.h | 35 | ||||
| -rw-r--r-- | lib/sha.c (renamed from protocols/sha.c) | 0 | ||||
| -rw-r--r-- | lib/sha.h (renamed from protocols/sha.h) | 0 | ||||
| -rw-r--r-- | lib/ssl_bogus.c (renamed from protocols/ssl_bogus.c) | 0 | ||||
| -rw-r--r-- | lib/ssl_client.h (renamed from protocols/ssl_client.h) | 0 | ||||
| -rw-r--r-- | lib/ssl_gnutls.c (renamed from protocols/ssl_gnutls.c) | 0 | ||||
| -rw-r--r-- | lib/ssl_nss.c (renamed from protocols/ssl_nss.c) | 0 | ||||
| -rw-r--r-- | lib/ssl_openssl.c (renamed from protocols/ssl_openssl.c) | 0 | ||||
| -rw-r--r-- | lib/url.c (renamed from url.c) | 0 | ||||
| -rw-r--r-- | lib/url.h (renamed from url.h) | 0 | ||||
| -rw-r--r-- | protocols/Makefile | 2 |
31 files changed, 258 insertions, 7 deletions
@@ -9,9 +9,9 @@ -include Makefile.settings # Program variables -objects = account.o bitlbee.o conf.o crypting.o help.o ini.o ipc.o irc.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_text.o storage_xml.o unix.o url.o user.o util.o +objects = account.o bitlbee.o conf.o crypting.o help.o ipc.o irc.o irc_commands.o log.o nick.o query.o root_commands.o set.o storage.o storage_text.o storage_xml.o unix.o user.o headers = account.h bitlbee.h commands.h conf.h config.h crypting.h help.h ini.h ipc.h irc.h log.h nick.h query.h set.h sock.h storage.h url.h user.h protocols/http_client.h protocols/md5.h protocols/nogaim.h protocols/proxy.h protocols/sha.h protocols/ssl_client.h -subdirs = protocols +subdirs = protocols lib objects += $(LDAP_OBJ) @@ -129,7 +129,7 @@ extern char *CONF_FILE; #include "help.h" #include "query.h" #include "sock.h" -#include "util.h" +#include "misc.h" #include "proxy.h" typedef struct global { @@ -33,7 +33,7 @@ #include "url.h" #include "ipc.h" -#include "protocols/proxy.h" +#include "proxy.h" char *CONF_FILE; @@ -143,7 +143,7 @@ else echo 'CFLAGS=-O3' >> Makefile.settings fi -echo CFLAGS+=-I`pwd` -I`pwd`/protocols -I. >> Makefile.settings +echo CFLAGS+=-I`pwd` -I`pwd`/lib -I`pwd`/protocols -I. >> Makefile.settings echo CFLAGS+=-DHAVE_CONFIG_H >> Makefile.settings diff --git a/irc_commands.c b/irc_commands.c index f410bb52..3bb24fdb 100644 --- a/irc_commands.c +++ b/irc_commands.c @@ -320,7 +320,7 @@ static void irc_cmd_userhost( irc_t *irc, char **cmd ) static void irc_cmd_ison( irc_t *irc, char **cmd ) { user_t *u; - char buff[IRC_MAX_LINE], *s; + char buff[IRC_MAX_LINE]; int lenleft, i; buff[0] = '\0'; diff --git a/lib/Makefile b/lib/Makefile new file mode 100644 index 00000000..80cdd9a5 --- /dev/null +++ b/lib/Makefile @@ -0,0 +1,37 @@ +########################### +## Makefile for BitlBee ## +## ## +## Copyright 2006 Lintux ## +########################### + +### DEFINITIONS + +-include ../Makefile.settings + +# [SH] Program variables +objects = $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o rc4.o sha.o $(SSL_CLIENT) url.o + +CFLAGS += -Wall +LFLAGS += -r + +# [SH] Phony targets +all: lib.o + +.PHONY: all clean distclean + +clean: $(subdirs) + rm -f *.o $(OUTFILE) core + +distclean: clean $(subdirs) + +### MAIN PROGRAM + +lib.o: $(objects) $(subdirs) + @echo '*' Linking lib.o + @$(LD) $(LFLAGS) $(objects) -o lib.o + +$(objects): ../Makefile.settings Makefile + +$(objects): %.o: %.c + @echo '*' Compiling $< + @$(CC) -c $(CFLAGS) $< -o $@ diff --git a/protocols/events.h b/lib/events.h index 781fca6a..781fca6a 100644 --- a/protocols/events.h +++ b/lib/events.h diff --git a/protocols/events_glib.c b/lib/events_glib.c index 620720cd..620720cd 100644 --- a/protocols/events_glib.c +++ b/lib/events_glib.c diff --git a/protocols/events_libevent.c b/lib/events_libevent.c index 1119c2ab..1119c2ab 100644 --- a/protocols/events_libevent.c +++ b/lib/events_libevent.c diff --git a/protocols/http_client.c b/lib/http_client.c index b00fcf98..b00fcf98 100644 --- a/protocols/http_client.c +++ b/lib/http_client.c diff --git a/protocols/http_client.h b/lib/http_client.h index 50ee80cf..50ee80cf 100644 --- a/protocols/http_client.h +++ b/lib/http_client.h diff --git a/protocols/md5.c b/lib/md5.c index e6273585..e6273585 100644 --- a/protocols/md5.c +++ b/lib/md5.c diff --git a/protocols/md5.h b/lib/md5.h index f24f2ff1..f24f2ff1 100644 --- a/protocols/md5.h +++ b/lib/md5.h diff --git a/protocols/proxy.c b/lib/proxy.c index b8aa304d..b8aa304d 100644 --- a/protocols/proxy.c +++ b/lib/proxy.c diff --git a/protocols/proxy.h b/lib/proxy.h index 680790a5..680790a5 100644 --- a/protocols/proxy.h +++ b/lib/proxy.h diff --git a/lib/rc4.c b/lib/rc4.c new file mode 100644 index 00000000..3559f71e --- /dev/null +++ b/lib/rc4.c @@ -0,0 +1,179 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple (but secure) RC4 implementation for safer password storage. * +* * +* Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> * +* * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + +/* + This file implements RC4-encryption, which will mainly be used to save IM + passwords safely in the new XML-format. Possibly other uses will come up + later. It's supposed to be quite reliable (thanks to the use of a 6-byte + IV/seed), certainly compared to the old format. The only realistic way to + crack BitlBee passwords now is to use a sniffer to get your hands on the + user's password. + + If you see that something's wrong in this implementation (I asked a + couple of people to look at it already, but who knows), please tell me. + + The reason I chose for RC4 is because it's pretty simple but effective, + so it will work without adding several KBs or an extra library dependency. +*/ + + +#include <glib.h> +#include <stdlib.h> +#include <string.h> +#include "rc4.h" + +/* Add some seed to the password, to make sure we *never* use the same key. + This defines how many byes we use as a seed. */ +#define RC4_IV_LEN 6 + +/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended + to shuffle S[] just a bit more before you start to use it. This defines how + many bytes we'll request before we'll really use them for encryption. */ +#define RC4_CYCLES 1024 + +struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles ) +{ + struct rc4_state *st; + int i, j, tmp; + + st = g_malloc( sizeof( struct rc4_state ) ); + st->i = st->j = 0; + for( i = 0; i < 256; i ++ ) + st->S[i] = i; + + if( kl <= 0 ) + kl = strlen( (char*) key ); + + for( i = j = 0; i < 256; i ++ ) + { + j = ( j + st->S[i] + key[i%kl] ) & 0xff; + tmp = st->S[i]; + st->S[i] = st->S[j]; + st->S[j] = tmp; + } + + for( i = 0; i < cycles; i ++ ) + rc4_getbyte( st ); + + return st; +} + +/* + For those who don't know, RC4 is basically an algorithm that generates a + stream of bytes after you give it a key. Just get a byte from it and xor + it with your cleartext. To decrypt, just give it the same key again and + start xorring. + + The function above initializes the RC4 byte generator, the next function + can be used to get bytes from the generator (and shuffle things a bit). +*/ + +unsigned char rc4_getbyte( struct rc4_state *st ) +{ + unsigned char tmp; + + /* Unfortunately the st-> stuff doesn't really improve readability here... */ + st->i ++; + st->j += st->S[st->i]; + tmp = st->S[st->i]; + st->S[st->i] = st->S[st->j]; + st->S[st->j] = tmp; + + return st->S[(st->S[st->i] + st->S[st->j]) & 0xff]; +} + +/* + The following two functions can be used for reliable encryption and + decryption. Known plaintext attacks are prevented by adding some (6, + by default) random bytes to the password before setting up the RC4 + structures. These 6 bytes are also saved in the results, because of + course we'll need them in rc4_decode(). + + Because the length of the resulting string is unknown to the caller, + it should pass a char**. Since the encode/decode functions allocate + memory for the string, make sure the char** points at a NULL-pointer + (or at least to something you already free()d), or you'll leak + memory. And of course, don't forget to free() the result when you + don't need it anymore. + + Both functions return the number of bytes in the result string. +*/ + +int rc4_encode( unsigned char *clear, int clear_len, unsigned char **crypt, char *password ) +{ + struct rc4_state *st; + unsigned char *key; + int key_len, i; + + key_len = strlen( password ) + RC4_IV_LEN; + if( clear_len <= 0 ) + clear_len = strlen( (char*) clear ); + + /* Prepare buffers and the key + IV */ + *crypt = g_malloc( clear_len + RC4_IV_LEN ); + key = g_malloc( key_len ); + strcpy( (char*) key, password ); + for( i = 0; i < RC4_IV_LEN; i ++ ) + key[key_len-RC4_IV_LEN+i] = crypt[0][i] = rand() & 0xff; + + /* Generate the initial S[] from the IVed key. */ + st = rc4_keymaker( key, key_len, RC4_CYCLES ); + g_free( key ); + + for( i = 0; i < clear_len; i ++ ) + crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st ); + + g_free( st ); + + return clear_len + RC4_IV_LEN; +} + +int rc4_decode( unsigned char *crypt, int crypt_len, unsigned char **clear, char *password ) +{ + struct rc4_state *st; + unsigned char *key; + int key_len, clear_len, i; + + key_len = strlen( password ) + RC4_IV_LEN; + clear_len = crypt_len - RC4_IV_LEN; + + /* Prepare buffers and the key + IV */ + *clear = g_malloc( clear_len + 1 ); + key = g_malloc( key_len ); + strcpy( (char*) key, password ); + for( i = 0; i < RC4_IV_LEN; i ++ ) + key[key_len-RC4_IV_LEN+i] = crypt[i]; + + /* Generate the initial S[] from the IVed key. */ + st = rc4_keymaker( key, key_len, RC4_CYCLES ); + g_free( key ); + + for( i = 0; i < clear_len; i ++ ) + clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st ); + clear[0][i] = 0; /* Nice to have for plaintexts. */ + + g_free( st ); + + return clear_len; +} diff --git a/lib/rc4.h b/lib/rc4.h new file mode 100644 index 00000000..8d50b508 --- /dev/null +++ b/lib/rc4.h @@ -0,0 +1,35 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple (but secure) RC4 implementation for safer password storage. * +* * +* Copyright 2006 Wilmer van der Gaast <wilmer@gaast.net> * +* * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + + +struct rc4_state +{ + unsigned char S[256]; + unsigned char i, j; +}; + +struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles ); +unsigned char rc4_getbyte( struct rc4_state *st ); +int rc4_encode( unsigned char *clear, int clear_len, unsigned char **crypt, char *password ); +int rc4_decode( unsigned char *crypt, int crypt_len, unsigned char **clear, char *password ); diff --git a/protocols/sha.c b/lib/sha.c index 895505a1..895505a1 100644 --- a/protocols/sha.c +++ b/lib/sha.c diff --git a/protocols/sha.h b/lib/sha.h index e8152b1b..e8152b1b 100644 --- a/protocols/sha.h +++ b/lib/sha.h diff --git a/protocols/ssl_bogus.c b/lib/ssl_bogus.c index 00aaa7c4..00aaa7c4 100644 --- a/protocols/ssl_bogus.c +++ b/lib/ssl_bogus.c diff --git a/protocols/ssl_client.h b/lib/ssl_client.h index 1a9c79e9..1a9c79e9 100644 --- a/protocols/ssl_client.h +++ b/lib/ssl_client.h diff --git a/protocols/ssl_gnutls.c b/lib/ssl_gnutls.c index 3ebe1756..3ebe1756 100644 --- a/protocols/ssl_gnutls.c +++ b/lib/ssl_gnutls.c diff --git a/protocols/ssl_nss.c b/lib/ssl_nss.c index 218b3a80..218b3a80 100644 --- a/protocols/ssl_nss.c +++ b/lib/ssl_nss.c diff --git a/protocols/ssl_openssl.c b/lib/ssl_openssl.c index b6f6c520..b6f6c520 100644 --- a/protocols/ssl_openssl.c +++ b/lib/ssl_openssl.c diff --git a/protocols/Makefile b/protocols/Makefile index b74212f4..cc45fb09 100644 --- a/protocols/Makefile +++ b/protocols/Makefile @@ -9,7 +9,7 @@ -include ../Makefile.settings # [SH] Program variables -objects = $(EVENT_HANDLER) http_client.o md5.o nogaim.o proxy.o sha.o $(SSL_CLIENT) +objects = nogaim.o # [SH] The next two lines should contain the directory name (in $(subdirs)) # and the name of the object file, which should be linked into |