From a7b59252ddd85810c3b14357fd43602c800b9cb6 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 7 Oct 2007 21:42:37 +0100 Subject: Renaming RC4 to ArcFour (possible trademark issues). --- lib/Makefile | 2 +- lib/arc.c | 192 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/arc.h | 36 +++++++++++ lib/rc4.c | 189 --------------------------------------------------------- lib/rc4.h | 36 ----------- storage_xml.c | 18 +++--- 6 files changed, 238 insertions(+), 235 deletions(-) create mode 100644 lib/arc.c create mode 100644 lib/arc.h delete mode 100644 lib/rc4.c delete mode 100644 lib/rc4.h diff --git a/lib/Makefile b/lib/Makefile index a9038987..bc1966d9 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,7 @@ -include ../Makefile.settings # [SH] Program variables -objects = base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o rc4.o sha.o $(SSL_CLIENT) url.o +objects = arc.o base64.o $(EVENT_HANDLER) http_client.o ini.o md5.o misc.o proxy.o sha.o $(SSL_CLIENT) url.o CFLAGS += -Wall LFLAGS += -r diff --git a/lib/arc.c b/lib/arc.c new file mode 100644 index 00000000..a8e863f2 --- /dev/null +++ b/lib/arc.c @@ -0,0 +1,192 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple (but secure) ArcFour implementation for safer password storage. * +* * +* Copyright 2006 Wilmer van der Gaast * +* * +* This library is free software; you can redistribute it and/or * +* modify it under the terms of the GNU Lesser General Public * +* License as published by the Free Software Foundation, version * +* 2.1. * +* * +* This library is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * +* Lesser General Public License for more details. * +* * +* You should have received a copy of the GNU Lesser General Public License * +* along with this library; if not, write to the Free Software Foundation, * +* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * +* * +\***************************************************************************/ + +/* + This file implements ArcFour-encryption, which will mainly be used to + save IM passwords safely in the new XML-format. Possibly other uses will + come up later. It's supposed to be quite reliable (thanks to the use of a + 6-byte IV/seed), certainly compared to the old format. The only realistic + way to crack BitlBee passwords now is to use a sniffer to get your hands + on the user's password. + + If you see that something's wrong in this implementation (I asked a + couple of people to look at it already, but who knows), please tell me. + + The reason I picked ArcFour is because it's pretty simple but effective, + so it will work without adding several KBs or an extra library dependency. + + (ArcFour is an RC4-compatible cipher. See for details: + http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt) +*/ + + +#include +#include +#include +#include +#include "misc.h" +#include "arc.h" + +/* Add some seed to the password, to make sure we *never* use the same key. + This defines how many bytes we use as a seed. */ +#define ARC_IV_LEN 6 + +/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended + to shuffle S[] just a bit more before you start to use it. This defines how + many bytes we'll request before we'll really use them for encryption. */ +#define ARC_CYCLES 1024 + +struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles ) +{ + struct arc_state *st; + int i, j, tmp; + + st = g_malloc( sizeof( struct arc_state ) ); + st->i = st->j = 0; + for( i = 0; i < 256; i ++ ) + st->S[i] = i; + + if( kl <= 0 ) + kl = strlen( (char*) key ); + + for( i = j = 0; i < 256; i ++ ) + { + j = ( j + st->S[i] + key[i%kl] ) & 0xff; + tmp = st->S[i]; + st->S[i] = st->S[j]; + st->S[j] = tmp; + } + + for( i = 0; i < cycles; i ++ ) + arc_getbyte( st ); + + return st; +} + +/* + For those who don't know, ArcFour is basically an algorithm that generates + a stream of bytes after you give it a key. Just get a byte from it and + xor it with your cleartext. To decrypt, just give it the same key again + and start xorring. + + The function above initializes the byte generator, the next function can + be used to get bytes from the generator (and shuffle things a bit). +*/ + +unsigned char arc_getbyte( struct arc_state *st ) +{ + unsigned char tmp; + + /* Unfortunately the st-> stuff doesn't really improve readability here... */ + st->i ++; + st->j += st->S[st->i]; + tmp = st->S[st->i]; + st->S[st->i] = st->S[st->j]; + st->S[st->j] = tmp; + + return st->S[(st->S[st->i] + st->S[st->j]) & 0xff]; +} + +/* + The following two functions can be used for reliable encryption and + decryption. Known plaintext attacks are prevented by adding some (6, + by default) random bytes to the password before setting up the state + structures. These 6 bytes are also saved in the results, because of + course we'll need them in arc_decode(). + + Because the length of the resulting string is unknown to the caller, + it should pass a char**. Since the encode/decode functions allocate + memory for the string, make sure the char** points at a NULL-pointer + (or at least to something you already free()d), or you'll leak + memory. And of course, don't forget to free() the result when you + don't need it anymore. + + Both functions return the number of bytes in the result string. +*/ + +int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password ) +{ + struct arc_state *st; + unsigned char *key; + int key_len, i; + + key_len = strlen( password ) + ARC_IV_LEN; + if( clear_len <= 0 ) + clear_len = strlen( clear ); + + /* Prepare buffers and the key + IV */ + *crypt = g_malloc( clear_len + ARC_IV_LEN ); + key = g_malloc( key_len ); + strcpy( (char*) key, password ); + + /* Add the salt. Save it for later (when decrypting) and, of course, + add it to the encryption key. */ + random_bytes( crypt[0], ARC_IV_LEN ); + memcpy( key + key_len - ARC_IV_LEN, crypt[0], ARC_IV_LEN ); + + /* Generate the initial S[] from the IVed key. */ + st = arc_keymaker( key, key_len, ARC_CYCLES ); + g_free( key ); + + for( i = 0; i < clear_len; i ++ ) + crypt[0][i+ARC_IV_LEN] = clear[i] ^ arc_getbyte( st ); + + g_free( st ); + + return clear_len + ARC_IV_LEN; +} + +int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ) +{ + struct arc_state *st; + unsigned char *key; + int key_len, clear_len, i; + + key_len = strlen( password ) + ARC_IV_LEN; + clear_len = crypt_len - ARC_IV_LEN; + + if( clear_len < 0 ) + { + *clear = g_strdup( "" ); + return 0; + } + + /* Prepare buffers and the key + IV */ + *clear = g_malloc( clear_len + 1 ); + key = g_malloc( key_len ); + strcpy( (char*) key, password ); + for( i = 0; i < ARC_IV_LEN; i ++ ) + key[key_len-ARC_IV_LEN+i] = crypt[i]; + + /* Generate the initial S[] from the IVed key. */ + st = arc_keymaker( key, key_len, ARC_CYCLES ); + g_free( key ); + + for( i = 0; i < clear_len; i ++ ) + clear[0][i] = crypt[i+ARC_IV_LEN] ^ arc_getbyte( st ); + clear[0][i] = 0; /* Nice to have for plaintexts. */ + + g_free( st ); + + return clear_len; +} diff --git a/lib/arc.h b/lib/arc.h new file mode 100644 index 00000000..882372ed --- /dev/null +++ b/lib/arc.h @@ -0,0 +1,36 @@ +/***************************************************************************\ +* * +* BitlBee - An IRC to IM gateway * +* Simple (but secure) ArcFour implementation for safer password storage. * +* * +* Copyright 2007 Wilmer van der Gaast * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License along * +* with this program; if not, write to the Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * +* * +\***************************************************************************/ + + +/* See arc.c for more information. */ + +struct arc_state +{ + unsigned char S[256]; + unsigned char i, j; +}; + +struct arc_state *arc_keymaker( unsigned char *key, int kl, int cycles ); +unsigned char arc_getbyte( struct arc_state *st ); +int arc_encode( char *clear, int clear_len, unsigned char **crypt, char *password ); +int arc_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ); diff --git a/lib/rc4.c b/lib/rc4.c deleted file mode 100644 index 635b802a..00000000 --- a/lib/rc4.c +++ /dev/null @@ -1,189 +0,0 @@ -/***************************************************************************\ -* * -* BitlBee - An IRC to IM gateway * -* Simple (but secure) RC4 implementation for safer password storage. * -* * -* Copyright 2006 Wilmer van der Gaast * -* * -* This library is free software; you can redistribute it and/or * -* modify it under the terms of the GNU Lesser General Public * -* License as published by the Free Software Foundation, version * -* 2.1. * -* * -* This library is distributed in the hope that it will be useful, * -* but WITHOUT ANY WARRANTY; without even the implied warranty of * -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * -* Lesser General Public License for more details. * -* * -* You should have received a copy of the GNU Lesser General Public License * -* along with this library; if not, write to the Free Software Foundation, * -* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * -* * -\***************************************************************************/ - -/* - This file implements RC4-encryption, which will mainly be used to save IM - passwords safely in the new XML-format. Possibly other uses will come up - later. It's supposed to be quite reliable (thanks to the use of a 6-byte - IV/seed), certainly compared to the old format. The only realistic way to - crack BitlBee passwords now is to use a sniffer to get your hands on the - user's password. - - If you see that something's wrong in this implementation (I asked a - couple of people to look at it already, but who knows), please tell me. - - The reason I chose for RC4 is because it's pretty simple but effective, - so it will work without adding several KBs or an extra library dependency. -*/ - - -#include -#include -#include -#include -#include "misc.h" -#include "rc4.h" - -/* Add some seed to the password, to make sure we *never* use the same key. - This defines how many bytes we use as a seed. */ -#define RC4_IV_LEN 6 - -/* To defend against a "Fluhrer, Mantin and Shamir attack", it is recommended - to shuffle S[] just a bit more before you start to use it. This defines how - many bytes we'll request before we'll really use them for encryption. */ -#define RC4_CYCLES 1024 - -struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles ) -{ - struct rc4_state *st; - int i, j, tmp; - - st = g_malloc( sizeof( struct rc4_state ) ); - st->i = st->j = 0; - for( i = 0; i < 256; i ++ ) - st->S[i] = i; - - if( kl <= 0 ) - kl = strlen( (char*) key ); - - for( i = j = 0; i < 256; i ++ ) - { - j = ( j + st->S[i] + key[i%kl] ) & 0xff; - tmp = st->S[i]; - st->S[i] = st->S[j]; - st->S[j] = tmp; - } - - for( i = 0; i < cycles; i ++ ) - rc4_getbyte( st ); - - return st; -} - -/* - For those who don't know, RC4 is basically an algorithm that generates a - stream of bytes after you give it a key. Just get a byte from it and xor - it with your cleartext. To decrypt, just give it the same key again and - start xorring. - - The function above initializes the RC4 byte generator, the next function - can be used to get bytes from the generator (and shuffle things a bit). -*/ - -unsigned char rc4_getbyte( struct rc4_state *st ) -{ - unsigned char tmp; - - /* Unfortunately the st-> stuff doesn't really improve readability here... */ - st->i ++; - st->j += st->S[st->i]; - tmp = st->S[st->i]; - st->S[st->i] = st->S[st->j]; - st->S[st->j] = tmp; - - return st->S[(st->S[st->i] + st->S[st->j]) & 0xff]; -} - -/* - The following two functions can be used for reliable encryption and - decryption. Known plaintext attacks are prevented by adding some (6, - by default) random bytes to the password before setting up the RC4 - structures. These 6 bytes are also saved in the results, because of - course we'll need them in rc4_decode(). - - Because the length of the resulting string is unknown to the caller, - it should pass a char**. Since the encode/decode functions allocate - memory for the string, make sure the char** points at a NULL-pointer - (or at least to something you already free()d), or you'll leak - memory. And of course, don't forget to free() the result when you - don't need it anymore. - - Both functions return the number of bytes in the result string. -*/ - -int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password ) -{ - struct rc4_state *st; - unsigned char *key; - int key_len, i; - - key_len = strlen( password ) + RC4_IV_LEN; - if( clear_len <= 0 ) - clear_len = strlen( clear ); - - /* Prepare buffers and the key + IV */ - *crypt = g_malloc( clear_len + RC4_IV_LEN ); - key = g_malloc( key_len ); - strcpy( (char*) key, password ); - - /* Add the salt. Save it for later (when decrypting) and, of course, - add it to the encryption key. */ - random_bytes( crypt[0], RC4_IV_LEN ); - memcpy( key + key_len - RC4_IV_LEN, crypt[0], RC4_IV_LEN ); - - /* Generate the initial S[] from the IVed key. */ - st = rc4_keymaker( key, key_len, RC4_CYCLES ); - g_free( key ); - - for( i = 0; i < clear_len; i ++ ) - crypt[0][i+RC4_IV_LEN] = clear[i] ^ rc4_getbyte( st ); - - g_free( st ); - - return clear_len + RC4_IV_LEN; -} - -int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ) -{ - struct rc4_state *st; - unsigned char *key; - int key_len, clear_len, i; - - key_len = strlen( password ) + RC4_IV_LEN; - clear_len = crypt_len - RC4_IV_LEN; - - if( clear_len < 0 ) - { - *clear = g_strdup( "" ); - return 0; - } - - /* Prepare buffers and the key + IV */ - *clear = g_malloc( clear_len + 1 ); - key = g_malloc( key_len ); - strcpy( (char*) key, password ); - for( i = 0; i < RC4_IV_LEN; i ++ ) - key[key_len-RC4_IV_LEN+i] = crypt[i]; - - /* Generate the initial S[] from the IVed key. */ - st = rc4_keymaker( key, key_len, RC4_CYCLES ); - g_free( key ); - - for( i = 0; i < clear_len; i ++ ) - clear[0][i] = crypt[i+RC4_IV_LEN] ^ rc4_getbyte( st ); - clear[0][i] = 0; /* Nice to have for plaintexts. */ - - g_free( st ); - - return clear_len; -} diff --git a/lib/rc4.h b/lib/rc4.h deleted file mode 100644 index 52de06b1..00000000 --- a/lib/rc4.h +++ /dev/null @@ -1,36 +0,0 @@ -/***************************************************************************\ -* * -* BitlBee - An IRC to IM gateway * -* Simple (but secure) RC4 implementation for safer password storage. * -* * -* Copyright 2006 Wilmer van der Gaast * -* * -* This program is free software; you can redistribute it and/or modify * -* it under the terms of the GNU General Public License as published by * -* the Free Software Foundation; either version 2 of the License, or * -* (at your option) any later version. * -* * -* This program is distributed in the hope that it will be useful, * -* but WITHOUT ANY WARRANTY; without even the implied warranty of * -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * -* GNU General Public License for more details. * -* * -* You should have received a copy of the GNU General Public License along * -* with this program; if not, write to the Free Software Foundation, Inc., * -* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * -* * -\***************************************************************************/ - - -/* See rc4.c for more information. */ - -struct rc4_state -{ - unsigned char S[256]; - unsigned char i, j; -}; - -struct rc4_state *rc4_keymaker( unsigned char *key, int kl, int cycles ); -unsigned char rc4_getbyte( struct rc4_state *st ); -int rc4_encode( char *clear, int clear_len, unsigned char **crypt, char *password ); -int rc4_decode( unsigned char *crypt, int crypt_len, char **clear, char *password ); diff --git a/storage_xml.c b/storage_xml.c index e45c4252..8618c5fe 100644 --- a/storage_xml.c +++ b/storage_xml.c @@ -26,7 +26,7 @@ #define BITLBEE_CORE #include "bitlbee.h" #include "base64.h" -#include "rc4.h" +#include "arc.h" #include "md5.h" typedef enum @@ -132,7 +132,7 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na { char *protocol, *handle, *server, *password = NULL, *autoconnect; char *pass_b64 = NULL; - unsigned char *pass_rc4 = NULL; + unsigned char *pass_cr = NULL; int pass_len; struct prpl *prpl = NULL; @@ -151,8 +151,8 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na else if( !prpl ) g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, "Unknown protocol: %s", protocol ); - else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) && - rc4_decode( pass_rc4, pass_len, &password, xd->given_pass ) ) + else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_cr ) ) && + arc_decode( pass_cr, pass_len, &password, xd->given_pass ) ) { xd->current_account = account_add( irc, prpl, handle, password ); if( server ) @@ -168,7 +168,7 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na "Error while decrypting account password" ); } - g_free( pass_rc4 ); + g_free( pass_cr ); g_free( password ); } else if( g_strcasecmp( element_name, "setting" ) == 0 ) @@ -423,13 +423,13 @@ static storage_status_t xml_save( irc_t *irc, int overwrite ) for( acc = irc->accounts; acc; acc = acc->next ) { - unsigned char *pass_rc4; + unsigned char *pass_cr; char *pass_b64; int pass_len; - pass_len = rc4_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_rc4, irc->password ); - pass_b64 = base64_encode( pass_rc4, pass_len ); - g_free( pass_rc4 ); + pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password ); + pass_b64 = base64_encode( pass_cr, pass_len ); + g_free( pass_cr ); if( !xml_printf( fd, 1, "prpl->name, acc->user, pass_b64, acc->auto_connect ) ) { -- cgit v1.2.3