/*
Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+ Copyright (c) 2019 <bakasura@protonmail.ch>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
#endif
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/evp.h>
#include <openssl/blowfish.h>
+#include <openssl/rand.h>
#include "keystore.h"
#include "fish.h"
#define IB 64
-static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const char fish_base64[] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
static const signed char fish_unbase64[256] = {
IB,IB,IB,IB,IB,IB,IB,IB, IB,IB,IB,IB,IB,IB,IB,IB,
IB,IB,IB,IB,IB,IB,IB,IB, IB,IB,IB,IB,IB,IB,IB,IB,
27,28,29,30,31,32,33,34, 35,36,37,IB,IB,IB,IB,IB,
};
+/**
+ * Convert Int to 4 Bytes (Big-endian)
+ *
+ * @param int source
+ * @param char* dest
+ */
#define GET_BYTES(dest, source) do { \
*((dest)++) = ((source) >> 24) & 0xFF; \
*((dest)++) = ((source) >> 16) & 0xFF; \
*((dest)++) = (source) & 0xFF; \
} while (0);
+/**
+ * Convert 4 Bytes to Int (Big-endian)
+ *
+ * @param char* source
+ * @param int dest
+ */
+#define GET_LONG(dest, source) do { \
+ dest = ((uint8_t)*((source)++) << 24); \
+ dest |= ((uint8_t)*((source)++) << 16); \
+ dest |= ((uint8_t)*((source)++) << 8); \
+ dest |= (uint8_t)*((source)++); \
+} while (0);
+
+
+/**
+ * Encode ECB FiSH Base64
+ *
+ * @param [in] message Bytes to encode
+ * @param [in] message_len Size of bytes to encode
+ * @return Array of char with encoded string
+ */
+char *fish_base64_encode(const char *message, size_t message_len) {
+ BF_LONG left = 0, right = 0;
+ int i, j;
+ char *encoded = NULL;
+ char *end = NULL;
+ char *msg = NULL;
+
+ if (message_len == 0)
+ return NULL;
+
+ /* Each 8-byte block becomes 12 bytes (fish base64 format) and add 1 byte for \0 */
+ encoded = g_malloc(((message_len - 1) / 8) * 12 + 12 + 1);
+ end = encoded;
+
+ /* Iterate over each 8-byte block (Blowfish block size) */
+ for (j = 0; j < message_len; j += 8) {
+ msg = (char *) message;
+
+ /* Set left and right longs */
+ GET_LONG(left, msg);
+ GET_LONG(right, msg);
-char *fish_encrypt(const char *key, size_t keylen, const char *message) {
- BF_KEY bfkey;
- size_t messagelen;
- size_t i;
- int j;
- char *encrypted;
- char *end;
- unsigned char bit;
- unsigned char word;
- unsigned char d;
- BF_set_key(&bfkey, keylen, (const unsigned char*)key);
-
- messagelen = strlen(message);
- if (messagelen == 0) return NULL;
- encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
- end = encrypted;
-
- while (*message) {
- /* Read 8 bytes (a Blowfish block) */
- BF_LONG binary[2] = { 0, 0 };
- unsigned char c;
- for (i = 0; i < 8; i++) {
- c = message[i];
- binary[i >> 2] |= c << 8*(3 - (i&3));
- if (c == '\0') break;
+ for (i = 0; i < 6; ++i) {
+ *end++ = fish_base64[right & 0x3fu];
+ right = (right >> 6u);
}
- message += 8;
-
- /* Encrypt block */
- BF_encrypt(binary, &bfkey);
-
- /* Emit FiSH-BASE64 */
- bit = 0;
- word = 1;
- for (j = 0; j < 12; j++) {
- d = fish_base64[(binary[word] >> bit) & 63];
- *(end++) = d;
- bit += 6;
- if (j == 5) {
- bit = 0;
- word = 0;
- }
+
+ for (i = 0; i < 6; ++i) {
+ *end++ = fish_base64[left & 0x3fu];
+ left = (left >> 6u);
}
-
- /* Stop if a null terminator was found */
- if (c == '\0') break;
+
+ /* The previous for'd ensure fill all bytes of encoded, we don't need will with zeros */
+ message += 8;
}
+
*end = '\0';
- return encrypted;
+ return encoded;
}
+/**
+ * Decode ECB FiSH Base64
+ *
+ * @param [in] message Base64 encoded string
+ * @param [out] final_len Real length of message
+ * @return Array of char with decoded message
+ */
+char *fish_base64_decode(const char *message, size_t *final_len) {
+ BF_LONG left, right;
+ int i;
+ char *bytes = NULL;
+ char *msg = NULL;
+ char *byt = NULL;
+ size_t message_len;
-char *fish_decrypt(const char *key, size_t keylen, const char *data) {
- BF_KEY bfkey;
- size_t i;
- char *decrypted;
- char *end;
- unsigned char bit;
- unsigned char word;
- unsigned char d;
- BF_set_key(&bfkey, keylen, (const unsigned char*)key);
-
- decrypted = g_malloc(strlen(data) + 1);
- end = decrypted;
-
- while (*data) {
- /* Convert from FiSH-BASE64 */
- BF_LONG binary[2] = { 0, 0 };
- bit = 0;
- word = 1;
- for (i = 0; i < 12; i++) {
- d = fish_unbase64[(const unsigned char)*(data++)];
- if (d == IB) goto decrypt_end;
- binary[word] |= (unsigned long)d << bit;
- bit += 6;
- if (i == 5) {
- bit = 0;
- word = 0;
- }
+ message_len = strlen(message);
+
+ /* Ensure blocks of 12 bytes each one and valid characters */
+ if (message_len == 0 || message_len % 12 != 0 || strspn(message, fish_base64) != message_len)
+ return NULL;
+
+ /* Each 12 bytes becomes 8-byte block and add 1 byte for \0 */
+ *final_len = ((message_len - 1) / 12) * 8 + 8 + 1;
+ (*final_len)--; /* We support binary data */
+ bytes = (char *) g_malloc0(*final_len);
+ byt = bytes;
+
+ msg = (char *) message;
+
+ while (*msg) {
+ right = 0;
+ left = 0;
+ for (i = 0; i < 6; i++) right |= (uint8_t) fish_unbase64[*msg++] << (i * 6u);
+ for (i = 0; i < 6; i++) left |= (uint8_t) fish_unbase64[*msg++] << (i * 6u);
+ GET_BYTES(byt, left);
+ GET_BYTES(byt, right);
+ }
+
+ return bytes;
+}
+
+/**
+ * Encrypt or decrypt data with Blowfish cipher, support binary data.
+ *
+ * Good documentation for EVP:
+ *
+ * - https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
+ *
+ * - https://stackoverflow.com/questions/5727646/what-is-the-length-parameter-of-aes-evp-decrypt
+ *
+ * - https://stackoverflow.com/questions/26345175/correct-way-to-free-allocate-the-context-in-the-openssl
+ *
+ * - https://stackoverflow.com/questions/29874150/working-with-evp-and-openssl-coding-in-c
+ *
+ * @param [in] plaintext Bytes to encrypt or decrypt
+ * @param [in] plaintext_len Size of plaintext
+ * @param [in] key Bytes of key
+ * @param [in] keylen Size of key
+ * @param [in] encode 1 or encrypt 0 for decrypt
+ * @param [in] mode EVP_CIPH_ECB_MODE or EVP_CIPH_CBC_MODE
+ * @param [out] ciphertext_len The bytes written
+ * @return Array of char with data encrypted or decrypted
+ */
+char *fish_cipher(const char *plaintext, size_t plaintext_len, const char *key, size_t keylen, int encode, int mode, size_t *ciphertext_len) {
+ EVP_CIPHER_CTX *ctx;
+ EVP_CIPHER *cipher = NULL;
+ int bytes_written = 0;
+ unsigned char *ciphertext = NULL;
+ unsigned char *iv_ciphertext = NULL;
+ unsigned char *iv = NULL;
+ size_t block_size = 0;
+
+ *ciphertext_len = 0;
+
+ if (plaintext_len == 0 || keylen == 0 || encode < 0 || encode > 1)
+ return NULL;
+
+ block_size = plaintext_len;
+
+ if (mode == EVP_CIPH_CBC_MODE) {
+ if (encode == 1) {
+ iv = (unsigned char *) g_malloc0(8);
+ RAND_bytes(iv, 8);
+ } else {
+ if (plaintext_len <= 8) /* IV + DATA */
+ return NULL;
+
+ iv = (unsigned char *) plaintext;
+ block_size -= 8;
+ plaintext += 8;
+ plaintext_len -= 8;
}
-
- /* Decrypt block */
- BF_decrypt(binary, &bfkey);
-
- /* Copy to buffer */
- GET_BYTES(end, binary[0]);
- GET_BYTES(end, binary[1]);
+
+ cipher = (EVP_CIPHER *) EVP_bf_cbc();
+ } else if (mode == EVP_CIPH_ECB_MODE) {
+ cipher = (EVP_CIPHER *) EVP_bf_ecb();
}
-
- decrypt_end:
- *end = '\0';
- return decrypted;
+
+ /* Zero Padding */
+ if (block_size % 8 != 0) {
+ block_size = block_size + 8 - (block_size % 8);
+ }
+
+ ciphertext = (unsigned char *) g_malloc0(block_size);
+ memcpy(ciphertext, plaintext, plaintext_len);
+
+ /* Create and initialise the context */
+ if (!(ctx = EVP_CIPHER_CTX_new()))
+ return NULL;
+
+ /* Initialise the cipher operation only with mode */
+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, encode))
+ return NULL;
+
+ /* Set custom key length */
+ if (!EVP_CIPHER_CTX_set_key_length(ctx, keylen))
+ return NULL;
+
+ /* Finish the initiation the cipher operation */
+ if (1 != EVP_CipherInit_ex(ctx, NULL, NULL, (const unsigned char *) key, iv, encode))
+ return NULL;
+
+ /* We will manage this */
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ /* Do cipher operation */
+ if (1 != EVP_CipherUpdate(ctx, ciphertext, &bytes_written, ciphertext, block_size))
+ return NULL;
+
+ *ciphertext_len = bytes_written;
+
+ /* Finalise the cipher. Further ciphertext bytes may be written at this stage */
+ if (1 != EVP_CipherFinal_ex(ctx, ciphertext + bytes_written, &bytes_written))
+ return NULL;
+
+ *ciphertext_len += bytes_written;
+
+ /* Clean up */
+ EVP_CIPHER_CTX_free(ctx);
+
+
+ if (mode == EVP_CIPH_CBC_MODE && encode == 1) {
+ /* Join IV + DATA */
+ iv_ciphertext = g_malloc0(8 + *ciphertext_len);
+
+ memcpy(iv_ciphertext, iv, 8);
+ memcpy(&iv_ciphertext[8], ciphertext, *ciphertext_len);
+ *ciphertext_len += 8;
+
+ g_free(ciphertext);
+ g_free(iv);
+
+ return (char *) iv_ciphertext;
+ } else {
+ return (char *) ciphertext;
+ }
+}
+
+/**
+ * Return a fish or standard Base64 encoded string with data encrypted
+ * is binary safe
+ *
+ * @param [in] key Bytes of key
+ * @param [in] keylen Size of key
+ * @param [in] message Bytes to encrypt
+ * @param [in] message_len Size of message
+ * @param [in] mode Chiper mode
+ * @return Array of char with data encrypted
+ */
+char *fish_encrypt(const char *key, size_t keylen, const char *message, size_t message_len, enum fish_mode mode) {
+ size_t ciphertext_len = 0;
+ char *ciphertext = NULL;
+ char *b64 = NULL;
+
+ if (keylen == 0 || message_len == 0)
+ return NULL;
+
+ ciphertext = fish_cipher(message, message_len, key, keylen, 1, mode, &ciphertext_len);
+
+ if (ciphertext == NULL || ciphertext_len == 0)
+ return NULL;
+
+ switch (mode) {
+ case FISH_CBC_MODE:
+ b64 = g_base64_encode((const unsigned char *) ciphertext, ciphertext_len);
+ break;
+
+ case FISH_ECB_MODE:
+ b64 = fish_base64_encode((const char *) ciphertext, ciphertext_len);
+ }
+
+ g_free(ciphertext);
+
+ if (b64 == NULL)
+ return NULL;
+
+ return b64;
+}
+
+/**
+ * Return an array of bytes with data decrypted
+ * is binary safe
+ *
+ * @param [in] key Bytes of key
+ * @param [in] keylen Size of key
+ * @param [in] data Fish or standard Base64 encoded string
+ * @param [in] mode Chiper mode
+ * @param [out] final_len Length of returned array
+ * @return Array of char with data decrypted
+ */
+char *fish_decrypt(const char *key, size_t keylen, const char *data, enum fish_mode mode, size_t *final_len) {
+ size_t ciphertext_len = 0;
+ char *ciphertext = NULL;
+ char *plaintext = NULL;
+
+ *final_len = 0;
+
+ if (keylen == 0 || strlen(data) == 0)
+ return NULL;
+
+ switch (mode) {
+ case FISH_CBC_MODE:
+ if (strspn(data, base64_chars) != strlen(data))
+ return NULL;
+ ciphertext = (char *) g_base64_decode(data, &ciphertext_len);
+ break;
+
+ case FISH_ECB_MODE:
+ ciphertext = fish_base64_decode(data, &ciphertext_len);
+ }
+
+ if (ciphertext == NULL || ciphertext_len == 0)
+ return NULL;
+
+ plaintext = fish_cipher(ciphertext, ciphertext_len, key, keylen, 0, mode, final_len);
+ g_free(ciphertext);
+
+ if (*final_len == 0)
+ return NULL;
+
+ return plaintext;
+}
+
+/**
+ * Similar to fish_decrypt, but pad with zeros any after the first zero in the decrypted data
+ *
+ * @param [in] key Bytes of key
+ * @param [in] keylen Size of key
+ * @param [in] data Fish or standard Base64 encoded string
+ * @param [in] mode Chiper mode
+ * @return Array of char with data decrypted
+ */
+char *fish_decrypt_str(const char *key, size_t keylen, const char *data, enum fish_mode mode) {
+ char *decrypted = NULL;
+ char *plaintext_str = NULL;
+ size_t decrypted_len = 0;
+
+ decrypted = fish_decrypt(key, strlen(key), data, mode, &decrypted_len);
+
+ if (decrypted == NULL || decrypted_len == 0)
+ return NULL;
+
+ plaintext_str = g_strndup(decrypted, decrypted_len);
+ g_free(decrypted);
+
+ return plaintext_str;
}
/**
* Encrypts a message (see fish_decrypt). The key is searched for in the
* key store.
*/
-char *fish_encrypt_for_nick(const char *nick, const char *data) {
+char *fish_encrypt_for_nick(const char *nick, const char *data, enum fish_mode *omode) {
char *key;
- char *encrypted;
+ char *encrypted, *encrypted_cbc = NULL;
+ enum fish_mode mode;
/* Look for key */
- key = keystore_get_key(nick);
+ key = keystore_get_key(nick, &mode);
if (!key) return NULL;
-
+
+ *omode = mode;
+
/* Encrypt */
- encrypted = fish_encrypt(key, strlen(key), data);
-
+ encrypted = fish_encrypt(key, strlen(key), data, strlen(data), mode);
+
g_free(key);
- return encrypted;
+
+ if (encrypted == NULL || mode == FISH_ECB_MODE)
+ return encrypted;
+
+ /* Add '*' for CBC */
+ encrypted_cbc = g_strdup_printf("*%s",encrypted);
+ g_free(encrypted);
+
+ return encrypted_cbc;
}
/**
* Decrypts a message (see fish_decrypt). The key is searched for in the
* key store.
*/
-char *fish_decrypt_from_nick(const char *nick, const char *data) {
+char *fish_decrypt_from_nick(const char *nick, const char *data, enum fish_mode *omode) {
char *key;
char *decrypted;
+ enum fish_mode mode;
+
/* Look for key */
- key = keystore_get_key(nick);
+ key = keystore_get_key(nick, &mode);
if (!key) return NULL;
-
+
+ *omode = mode;
+
+ if (mode == FISH_CBC_MODE)
+ ++data;
+
/* Decrypt */
- decrypted = fish_decrypt(key, strlen(key), data);
-
+ decrypted = fish_decrypt_str(key, strlen(key), data, mode);
g_free(key);
+
return decrypted;
}
/*
Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+ Copyright (c) 2019 <bakasura@protonmail.ch>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
#include <glib.h>
-char *fish_encrypt(const char *key, size_t keylen, const char *message);
-char *fish_decrypt(const char *key, size_t keylen, const char *data);
-char *fish_encrypt_for_nick(const char *nick, const char *data);
-char *fish_decrypt_from_nick(const char *nick, const char *data);
+enum fish_mode {
+ FISH_ECB_MODE = 0x1,
+ FISH_CBC_MODE = 0x2
+};
+
+char *fish_base64_encode(const char *message, size_t message_len);
+char *fish_base64_decode(const char *message, size_t *final_len);
+char *fish_encrypt(const char *key, size_t keylen, const char *message, size_t message_len, enum fish_mode mode);
+char *fish_decrypt(const char *key, size_t keylen, const char *data, enum fish_mode mode, size_t *final_len);
+char *fish_decrypt_str(const char *key, size_t keylen, const char *data, enum fish_mode mode);
+char *fish_encrypt_for_nick(const char *nick, const char *data, enum fish_mode *omode);
+char *fish_decrypt_from_nick(const char *nick, const char *data, enum fish_mode *omode);
#endif
<ClInclude Include="bool.h">\r
<Filter>Header Files</Filter>\r
</ClInclude>\r
+ <ClInclude Include="dh1080.h">\r
+ <Filter>Header Files</Filter>\r
+ </ClInclude>\r
<ClInclude Include="fish.h">\r
<Filter>Header Files</Filter>\r
</ClInclude>\r
</ClInclude>\r
</ItemGroup>\r
<ItemGroup>\r
+ <ClCompile Include="dh1080.c">\r
+ <Filter>Source Files</Filter>\r
+ </ClCompile>\r
<ClCompile Include="fish.c">\r
<Filter>Source Files</Filter>\r
</ClCompile>\r
/**
* Extracts a key from the key store file.
*/
-char *keystore_get_key(const char *nick) {
+char *keystore_get_key(const char *nick, enum fish_mode *mode) {
+ GKeyFile *keyfile;
+ char *escaped_nick;
+ gchar *value, *key_mode;
+ int encrypted_mode;
+ char *password;
+ char *encrypted;
+ char *decrypted;
+
/* Get the key */
- GKeyFile *keyfile = getConfigFile();
- char *escaped_nick = escape_nickname(nick);
- gchar *value = get_nick_value(keyfile, escaped_nick, "key");
+ keyfile = getConfigFile();
+ escaped_nick = escape_nickname(nick);
+ value = get_nick_value(keyfile, escaped_nick, "key");
+ key_mode = get_nick_value(keyfile, escaped_nick, "mode");
g_key_file_free(keyfile);
g_free(escaped_nick);
+ /* Determine cipher mode */
+ *mode = FISH_ECB_MODE;
+ if (key_mode) {
+ if (*key_mode == '1')
+ *mode = FISH_ECB_MODE;
+ else if (*key_mode == '2')
+ *mode = FISH_CBC_MODE;
+ g_free(key_mode);
+ }
+
if (!value)
return NULL;
-
- if (strncmp(value, "+OK ", 4) != 0) {
- /* Key is stored in plaintext */
- return value;
- } else {
+
+ if (strncmp(value, "+OK ", 4) == 0) {
/* Key is encrypted */
- const char *encrypted = value+4;
- const char *password = get_keystore_password();
- char *decrypted = fish_decrypt(password, strlen(password), encrypted);
+ encrypted = (char *) value;
+ encrypted += 4;
+
+ encrypted_mode = FISH_ECB_MODE;
+
+ if (*encrypted == '*') {
+ ++encrypted;
+ encrypted_mode = FISH_CBC_MODE;
+ }
+
+ password = (char *) get_keystore_password();
+ decrypted = fish_decrypt_str((const char *) password, strlen(password), (const char *) encrypted, encrypted_mode);
g_free(value);
return decrypted;
+ } else {
+ /* Key is stored in plaintext */
+ return value;
}
}
/**
* Sets a key in the key store file.
*/
-gboolean keystore_store_key(const char *nick, const char *key) {
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
const char *password;
char *encrypted;
char *wrapped;
password = get_keystore_password();
if (password) {
/* Encrypt the password */
- encrypted = fish_encrypt(password, strlen(password), key);
+ encrypted = fish_encrypt(password, strlen(password), key, strlen(key), FISH_CBC_MODE);
if (!encrypted) goto end;
/* Prepend "+OK " */
- wrapped = g_strconcat("+OK ", encrypted, NULL);
+ wrapped = g_strconcat("+OK *", encrypted, NULL);
g_free(encrypted);
/* Store encrypted in file */
/* Store unencrypted in file */
g_key_file_set_string(keyfile, escaped_nick, "key", key);
}
+
+ /* Store cipher mode */
+ g_key_file_set_integer(keyfile, escaped_nick, "mode", mode);
/* Save key store file */
ok = save_keystore(keyfile);
#include <stddef.h>
#include <glib.h>
+#include "fish.h"
-char *keystore_get_key(const char *nick);
-gboolean keystore_store_key(const char *nick, const char *key);
+char *keystore_get_key(const char *nick, enum fish_mode *mode);
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode);
gboolean keystore_delete_nick(const char *nick);
#endif
error('fish plugin requires openssl')
endif
+# Run tests
+subdir('tests')
+
fishlim_sources = [
'dh1080.c',
'fish.c',
Copyright (c) 2010-2011 Samuel Lidén Borell <samuel@kodafritt.se>
Copyright (c) 2015 <the.cypher@gmail.com>
+ Copyright (c) 2019 <bakasura@protonmail.ch>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
#include <string.h>
#include "hexchat-plugin.h"
-#define HEXCHAT_MAX_WORDS 32
#include "fish.h"
#include "dh1080.h"
#include "keystore.h"
#include "irc.h"
+static const char *fish_modes[] = {"", "ECB", "CBC", NULL};
+
static const char plugin_name[] = "FiSHLiM";
static const char plugin_desc[] = "Encryption plugin for the FiSH protocol. Less is More!";
-static const char plugin_version[] = "0.1.0";
+static const char plugin_version[] = "1.0.0";
-static const char usage_setkey[] = "Usage: SETKEY [<nick or #channel>] <password>, sets the key for a channel or nick";
-static const char usage_delkey[] = "Usage: DELKEY <nick or #channel>, deletes the key for a channel or nick";
+static const char usage_setkey[] = "Usage: SETKEY [<nick or #channel>] [<mode>:]<password>, sets the key for a channel or nick. Modes: ECB, CBC";
+static const char usage_delkey[] = "Usage: DELKEY [<nick or #channel>], deletes the key for a channel or nick";
static const char usage_keyx[] = "Usage: KEYX [<nick>], performs DH1080 key-exchange with <nick>";
static const char usage_topic[] = "Usage: TOPIC+ <topic>, sets a new encrypted topic for the current channel";
static const char usage_notice[] = "Usage: NOTICE+ <nick or #channel> <notice>";
static GHashTable *pending_exchanges;
+/**
+ * Compare two nicks using the current plugin
+ */
+int irc_nick_cmp(const char *a, const char *b) {
+ return hexchat_nickcmp (ph, a, b);
+}
+
/**
* Returns the path to the key store file.
*/
int chan_id = hexchat_list_int(ph, channels, "id");
const char *chan_name = hexchat_list_str(ph, channels, "channel");
- if (chan_id == id && chan_name && hexchat_nickcmp (ph, chan_name, name) == 0) {
+ if (chan_id == id && chan_name && irc_nick_cmp (chan_name, name) == 0) {
ret = (hexchat_context*)hexchat_list_str(ph, channels, "context");
break;
}
return ret;
}
-int irc_nick_cmp(const char *a, const char *b) {
- return hexchat_nickcmp (ph, a, b);
+/**
+ * Retrive the prefix character for own nick in current context
+ * @return @ or + or NULL
+ */
+char *get_my_own_prefix(void) {
+ char *result = NULL;
+ const char *own_nick;
+ hexchat_list *list;
+
+ /* Display message */
+ own_nick = hexchat_get_info(ph, "nick");
+
+ if (!own_nick)
+ return NULL;
+
+ /* Get prefix for own nick if any */
+ list = hexchat_list_get (ph, "users");
+ if (list) {
+ while (hexchat_list_next(ph, list)) {
+ if (irc_nick_cmp(own_nick, hexchat_list_str(ph, list, "nick")) == 0)
+ result = g_strdup(hexchat_list_str(ph, list, "prefix"));
+ }
+ hexchat_list_free(ph, list);
+ }
+
+ return result;
+}
+
+/**
+ * Try to decrypt the first occurrence of fish message
+ *
+ * @param message Message to decrypt
+ * @param key Key of message
+ * @return Array of char with decrypted message or NULL. The returned string
+ * should be freed with g_free() when no longer needed.
+ */
+char *decrypt_raw_message(const char *message, const char *key) {
+ const char *prefixes[] = {"+OK ", "mcps ", NULL};
+ char *start = NULL, *end = NULL;
+ char *left = NULL, *right = NULL;
+ char *encrypted = NULL, *decrypted = NULL;
+ int length = 0;
+ int index_prefix;
+ enum fish_mode mode;
+ GString *message_decrypted;
+ char *result = NULL;
+
+ if (message == NULL || key == NULL)
+ return NULL;
+
+ for (index_prefix = 0; index_prefix < 2; index_prefix++) {
+ start = g_strstr_len(message, strlen(message), prefixes[index_prefix]);
+ if (start) {
+ /* Length ALWAYS will be less that original message
+ * add '[CBC] ' length */
+ message_decrypted = g_string_sized_new(strlen(message) + 6);
+
+ /* Left part of message */
+ left = g_strndup(message, start - message);
+ g_string_append(message_decrypted, left);
+ g_free(left);
+
+ /* Encrypted part */
+ start += strlen(prefixes[index_prefix]);
+ end = g_strstr_len(start, strlen(message), " ");
+ if (end) {
+ length = end - start;
+ right = end;
+ }
+
+ if (length > 0) {
+ encrypted = g_strndup(start, length);
+ } else {
+ encrypted = g_strdup(start);
+ }
+ decrypted = fish_decrypt_from_nick(key, encrypted, &mode);
+ g_free(encrypted);
+
+ if (decrypted == NULL) {
+ g_string_free(message_decrypted, TRUE);
+ return NULL;
+ }
+
+ /* Add encrypted flag */
+ g_string_append(message_decrypted, "[");
+ g_string_append(message_decrypted, fish_modes[mode]);
+ g_string_append(message_decrypted, "] ");
+ /* Decrypted message */
+ g_string_append(message_decrypted, decrypted);
+ g_free(decrypted);
+
+ /* Right part of message */
+ if (right) {
+ g_string_append(message_decrypted, right);
+ }
+
+ result = message_decrypted->str;
+ g_string_free(message_decrypted, FALSE);
+ return result;
+ }
+ }
+
+ return NULL;
}
/*static int handle_debug(char *word[], char *word_eol[], void *userdata) {
* Called when a message is to be sent.
*/
static int handle_outgoing(char *word[], char *word_eol[], void *userdata) {
- const char *own_nick;
+ char *prefix;
+ enum fish_mode mode;
+ char *message;
/* Encrypt the message if possible */
const char *channel = hexchat_get_info(ph, "channel");
- char *encrypted = fish_encrypt_for_nick(channel, word_eol[1]);
+ char *encrypted = fish_encrypt_for_nick(channel, word_eol[1], &mode);
if (!encrypted) return HEXCHAT_EAT_NONE;
+ /* Get prefix for own nick if any */
+ prefix = get_my_own_prefix();
+
+ /* Add encrypted flag */
+ message = g_strconcat("[", fish_modes[mode], "] ", word_eol[1], NULL);
+
/* Display message */
- own_nick = hexchat_get_info(ph, "nick");
- hexchat_emit_print(ph, "Your Message", own_nick, word_eol[1], NULL);
+ hexchat_emit_print(ph, "Your Message", hexchat_get_info(ph, "nick"), message, prefix, NULL);
+ g_free(prefix);
+ g_free(message);
/* Send message */
hexchat_commandf(ph, "PRIVMSG %s :+OK %s", channel, encrypted);
const char *prefix;
const char *command;
const char *recipient;
- const char *encrypted;
- const char *peice;
+ const char *raw_message = word_eol[1];
char *sender_nick;
char *decrypted;
- size_t w;
- size_t ew;
- size_t uw;
- char prefix_char = 0;
+ size_t parameters_offset;
GString *message;
- if (!irc_parse_message((const char **)word, &prefix, &command, &w))
+ if (!irc_parse_message((const char **)word, &prefix, &command, ¶meters_offset))
return HEXCHAT_EAT_NONE;
-
+
/* Topic (command 332) has an extra parameter */
- if (!strcmp(command, "332")) w++;
-
- /* Look for encrypted data */
- for (ew = w+1; ew < HEXCHAT_MAX_WORDS-1; ew++) {
- const char *s = (ew == w+1 ? word[ew]+1 : word[ew]);
- if (*s && (s[1] == '+' || s[1] == 'm')) { prefix_char = *(s++); }
- else { prefix_char = 0; }
- if (strcmp(s, "+OK") == 0 || strcmp(s, "mcps") == 0) goto has_encrypted_data;
+ if (!strcmp(command, "332"))
+ parameters_offset++;
+
+ /* Extract sender nick and recipient nick/channel and try to decrypt */
+ recipient = word[parameters_offset];
+ decrypted = decrypt_raw_message(raw_message, recipient);
+ if (decrypted == NULL) {
+ sender_nick = irc_prefix_get_nick(prefix);
+ decrypted = decrypt_raw_message(raw_message, sender_nick);
+ g_free(sender_nick);
}
- return HEXCHAT_EAT_NONE;
- has_encrypted_data: ;
- /* Extract sender nick and recipient nick/channel */
- sender_nick = irc_prefix_get_nick(prefix);
- recipient = word[w];
-
- /* Try to decrypt with these (the keys are searched for in the key store) */
- encrypted = word[ew+1];
- decrypted = fish_decrypt_from_nick(recipient, encrypted);
- if (!decrypted) decrypted = fish_decrypt_from_nick(sender_nick, encrypted);
-
- /* Check for error */
- if (!decrypted) goto decrypt_error;
-
- /* Build unecrypted message */
- message = g_string_sized_new (100); /* TODO: more accurate estimation of size */
- g_string_append (message, "RECV");
+
+ /* Nothing to decrypt */
+ if (decrypted == NULL)
+ return HEXCHAT_EAT_NONE;
+
+ /* Build decrypted message */
+
+ /* decrypted + 'RECV ' + '@time=YYYY-MM-DDTHH:MM:SS.fffffZ ' */
+ message = g_string_sized_new (strlen(decrypted) + 5 + 33);
+ g_string_append (message, "RECV ");
if (attrs->server_time_utc)
{
GTimeVal tv = { (glong)attrs->server_time_utc, 0 };
char *timestamp = g_time_val_to_iso8601 (&tv);
- g_string_append (message, " @time=");
+ g_string_append (message, "@time=");
g_string_append (message, timestamp);
+ g_string_append (message, " ");
g_free (timestamp);
}
- for (uw = 1; uw < HEXCHAT_MAX_WORDS; uw++) {
- if (word[uw][0] != '\0')
- g_string_append_c (message, ' ');
-
- if (uw == ew) {
- /* Add the encrypted data */
- peice = decrypted;
- uw++; /* Skip "OK+" */
-
- if (ew == w+1) {
- /* Prefix with colon, which gets stripped out otherwise */
- g_string_append_c (message, ':');
- }
-
- if (prefix_char) {
- g_string_append_c (message, prefix_char);
- }
-
- } else {
- /* Add unencrypted data (for example, a prefix from a bouncer or bot) */
- peice = word[uw];
- }
-
- g_string_append (message, peice);
- }
+ g_string_append (message, decrypted);
g_free(decrypted);
- /* Simulate unencrypted message */
- /* hexchat_printf(ph, "simulating: %s\n", message->str); */
+ /* Fake server message
+ * RECV command will throw this function again, if message have multiple
+ * encrypted data, we will decrypt all */
hexchat_command(ph, message->str);
-
g_string_free (message, TRUE);
- g_free(sender_nick);
- return HEXCHAT_EAT_HEXCHAT;
- decrypt_error:
- g_free(decrypted);
- g_free(sender_nick);
- return HEXCHAT_EAT_NONE;
+ return HEXCHAT_EAT_HEXCHAT;
}
static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) {
const char *dh_pubkey = word[5];
hexchat_context *query_ctx;
const char *prefix;
- gboolean cbc;
char *sender, *secret_key, *priv_key = NULL;
+ enum fish_mode mode = FISH_ECB_MODE;
if (!*dh_message || !*dh_pubkey || strlen(dh_pubkey) != 181)
return HEXCHAT_EAT_NONE;
sender = irc_prefix_get_nick(prefix);
query_ctx = find_context_on_network(sender);
if (query_ctx)
- hexchat_set_context(ph, query_ctx);
+ g_assert(hexchat_set_context(ph, query_ctx) == 1);
dh_message++; /* : prefix */
if (*dh_message == '+' || *dh_message == '-')
dh_message++; /* identify-msg */
- cbc = g_strcmp0 (word[6], "CBC") == 0;
+ if (g_strcmp0 (word[6], "CBC") == 0)
+ mode = FISH_CBC_MODE;
if (!strcmp(dh_message, "DH1080_INIT")) {
char *pub_key;
- if (cbc) {
- hexchat_print(ph, "Received key exchange for CBC mode which is not supported.");
- goto cleanup;
- }
-
- hexchat_printf(ph, "Received public key from %s, sending mine...", sender);
+ hexchat_printf(ph, "Received public key from %s (%s), sending mine...", sender, fish_modes[mode]);
if (dh1080_generate_key(&priv_key, &pub_key)) {
- hexchat_commandf(ph, "quote NOTICE %s :DH1080_FINISH %s", sender, pub_key);
+ hexchat_commandf(ph, "quote NOTICE %s :DH1080_FINISH %s%s", sender, pub_key, (mode == FISH_CBC_MODE) ? " CBC" : "");
g_free(pub_key);
} else {
hexchat_print(ph, "Failed to generate keys");
g_hash_table_steal(pending_exchanges, sender_lower);
g_free(sender_lower);
- if (cbc) {
- hexchat_print(ph, "Received key exchange for CBC mode which is not supported.");
- goto cleanup;
- }
-
if (!priv_key) {
hexchat_printf(ph, "Received a key exchange response for unknown user: %s", sender);
goto cleanup;
}
if (dh1080_compute_key(priv_key, dh_pubkey, &secret_key)) {
- keystore_store_key(sender, secret_key);
- hexchat_printf(ph, "Stored new key for %s", sender);
+ keystore_store_key(sender, secret_key, mode);
+ hexchat_printf(ph, "Stored new key for %s (%s)", sender, fish_modes[mode]);
g_free(secret_key);
} else {
hexchat_print(ph, "Failed to create secret key!");
static int handle_setkey(char *word[], char *word_eol[], void *userdata) {
const char *nick;
const char *key;
+ enum fish_mode mode;
/* Check syntax */
if (*word[2] == '\0') {
key = word_eol[3];
}
+ mode = FISH_ECB_MODE;
+ if (g_ascii_strncasecmp("cbc:", key, 4) == 0) {
+ key = key+4;
+ mode = FISH_CBC_MODE;
+ } else if (g_ascii_strncasecmp("ecb:", key, 4) == 0) {
+ key = key+4;
+ }
+
/* Set password */
- if (keystore_store_key(nick, key)) {
- hexchat_printf(ph, "Stored key for %s\n", nick);
+ if (keystore_store_key(nick, key, mode)) {
+ hexchat_printf(ph, "Stored key for %s (%s)\n", nick, fish_modes[mode]);
} else {
hexchat_printf(ph, "\00305Failed to store key in addon_fishlim.conf\n");
}
* Command handler for /delkey
*/
static int handle_delkey(char *word[], char *word_eol[], void *userdata) {
- const char *nick;
+ char *nick = NULL;
+ int ctx_type = 0;
+
+ /* Delete key from input */
+ if (*word[2] != '\0') {
+ nick = g_strstrip(g_strdup(word_eol[2]));
+ } else { /* Delete key from current context */
+ nick = g_strdup(hexchat_get_info(ph, "channel"));
+ ctx_type = hexchat_list_int(ph, NULL, "type");
- /* Check syntax */
- if (*word[2] == '\0' || *word[3] != '\0') {
- hexchat_printf(ph, "%s\n", usage_delkey);
- return HEXCHAT_EAT_HEXCHAT;
+ /* Only allow channel or dialog */
+ if (ctx_type < 2 || ctx_type > 3) {
+ hexchat_printf(ph, "%s\n", usage_delkey);
+ return HEXCHAT_EAT_HEXCHAT;
+ }
}
- nick = g_strstrip (word_eol[2]);
-
/* Delete the given nick from the key store */
if (keystore_delete_nick(nick)) {
hexchat_printf(ph, "Deleted key for %s\n", nick);
} else {
hexchat_printf(ph, "\00305Failed to delete key in addon_fishlim.conf!\n");
}
+ g_free(nick);
return HEXCHAT_EAT_HEXCHAT;
}
}
if (query_ctx) {
- hexchat_set_context(ph, query_ctx);
+ g_assert(hexchat_set_context(ph, query_ctx) == 1);
ctx_type = hexchat_list_int(ph, NULL, "type");
}
if (dh1080_generate_key(&priv_key, &pub_key)) {
g_hash_table_replace (pending_exchanges, g_ascii_strdown(target, -1), priv_key);
- hexchat_commandf(ph, "quote NOTICE %s :DH1080_INIT %s", target, pub_key);
- hexchat_printf(ph, "Sent public key to %s, waiting for reply...", target);
+ hexchat_commandf(ph, "quote NOTICE %s :DH1080_INIT %s CBC", target, pub_key);
+ hexchat_printf(ph, "Sent public key to %s (CBC), waiting for reply...", target);
g_free(pub_key);
} else {
const char *target;
const char *topic = word_eol[2];
char *buf;
+ enum fish_mode mode;
if (!*topic) {
hexchat_print(ph, usage_topic);
}
target = hexchat_get_info(ph, "channel");
- buf = fish_encrypt_for_nick(target, topic);
+ buf = fish_encrypt_for_nick(target, topic, &mode);
if (buf == NULL) {
hexchat_printf(ph, "/topic+ error, no key found for %s", target);
return HEXCHAT_EAT_ALL;
{
const char *target = word[2];
const char *notice = word_eol[3];
+ char *notice_flag;
char *buf;
+ enum fish_mode mode;
if (!*target || !*notice) {
hexchat_print(ph, usage_notice);
return HEXCHAT_EAT_ALL;
}
- buf = fish_encrypt_for_nick(target, notice);
+ buf = fish_encrypt_for_nick(target, notice, &mode);
if (buf == NULL) {
hexchat_printf(ph, "/notice+ error, no key found for %s.", target);
return HEXCHAT_EAT_ALL;
}
hexchat_commandf(ph, "quote NOTICE %s :+OK %s", target, buf);
- hexchat_emit_print(ph, "Notice Sent", target, notice);
+ notice_flag = g_strconcat("[", fish_modes[mode], "] ", notice, NULL);
+ hexchat_emit_print(ph, "Notice Send", target, notice_flag);
+ g_free(notice_flag);
g_free(buf);
return HEXCHAT_EAT_ALL;
/**
* Command handler for /msg+
*/
-static int handle_crypt_msg(char *word[], char *word_eol[], void *userdata)
-{
+static int handle_crypt_msg(char *word[], char *word_eol[], void *userdata) {
const char *target = word[2];
const char *message = word_eol[3];
+ char *message_flag;
+ char *prefix;
hexchat_context *query_ctx;
char *buf;
+ enum fish_mode mode;
if (!*target || !*message) {
hexchat_print(ph, usage_msg);
return HEXCHAT_EAT_ALL;
}
- buf = fish_encrypt_for_nick(target, message);
+ buf = fish_encrypt_for_nick(target, message, &mode);
if (buf == NULL) {
hexchat_printf(ph, "/msg+ error, no key found for %s", target);
return HEXCHAT_EAT_ALL;
query_ctx = find_context_on_network(target);
if (query_ctx) {
- hexchat_set_context(ph, query_ctx);
+ g_assert(hexchat_set_context(ph, query_ctx) == 1);
+
+ prefix = get_my_own_prefix();
- /* FIXME: Mode char */
+ /* Add encrypted flag */
+ message_flag = g_strconcat("[", fish_modes[mode], "] ", message, NULL);
hexchat_emit_print(ph, "Your Message", hexchat_get_info(ph, "nick"),
- message, "", "");
- }
- else {
+ message_flag, prefix, NULL);
+ g_free(prefix);
+ g_free(message_flag);
+ } else {
hexchat_emit_print(ph, "Message Send", target, message);
}
static int handle_crypt_me(char *word[], char *word_eol[], void *userdata) {
const char *channel = hexchat_get_info(ph, "channel");
char *buf;
+ enum fish_mode mode;
- buf = fish_encrypt_for_nick(channel, word_eol[2]);
+ buf = fish_encrypt_for_nick(channel, word_eol[2], &mode);
if (!buf)
return HEXCHAT_EAT_NONE;
--- /dev/null
+/*
+
+ Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+*/
+
+#include "../../fish.h"
+
+
+/**
+ * Extracts a key from the key store file.
+ */
+char *keystore_get_key(const char *nick, enum fish_mode *mode) {
+ return NULL;
+}
+
+/**
+ * Sets a key in the key store file.
+ */
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
+ return NULL;
+}
+
+/**
+ * Deletes a nick from the key store.
+ */
+gboolean keystore_delete_nick(const char *nick) {
+ return NULL;
+}
--- /dev/null
+subdir('old_version')
+
+fishlim_test_sources = [
+ 'tests.c',
+ 'fake/keystore.c',
+ '../fish.c',
+ '../utils.c',
+]
+
+fishlim_tests = executable('fishlim_tests', fishlim_test_sources,
+ dependencies: [libgio_dep, libssl_dep],
+ link_with : fishlim_old_lib
+)
+
+test('Fishlim Tests', fishlim_tests,
+ timeout: 90
+)
--- /dev/null
+/*
+
+ Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+*/
+
+#ifdef __APPLE__
+#define __AVAILABILITYMACROS__
+#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+
+#include "fish.h"
+
+#define IB 64
+static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const signed char fish_unbase64[256] = {
+ IB,IB,IB,IB,IB,IB,IB,IB, IB,IB,IB,IB,IB,IB,IB,IB,
+ IB,IB,IB,IB,IB,IB,IB,IB, IB,IB,IB,IB,IB,IB,IB,IB,
+/* ! " # $ % & ' ( ) * + , - . / */
+ IB,IB,IB,IB,IB,IB,IB,IB, IB,IB,IB,IB,IB,IB, 0, 1,
+/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
+ 2, 3, 4, 5, 6, 7, 8, 9, 10,11,IB,IB,IB,IB,IB,IB,
+/* @ A B C D E F G H I J K L M N O */
+ IB,38,39,40,41,42,43,44, 45,46,47,48,49,50,51,52,
+/* P Q R S T U V W X Y Z [ \ ] ^ _*/
+ 53,54,55,56,57,58,59,60, 61,62,63,IB,IB,IB,IB,IB,
+/* ` a b c d e f g h i j k l m n o */
+ IB,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,
+/* p q r s t u v w x y z { | } ~ <del> */
+ 27,28,29,30,31,32,33,34, 35,36,37,IB,IB,IB,IB,IB,
+};
+
+#define GET_BYTES(dest, source) do { \
+ *((dest)++) = ((source) >> 24) & 0xFF; \
+ *((dest)++) = ((source) >> 16) & 0xFF; \
+ *((dest)++) = ((source) >> 8) & 0xFF; \
+ *((dest)++) = (source) & 0xFF; \
+} while (0);
+
+
+char *__old_fish_encrypt(const char *key, size_t keylen, const char *message) {
+ BF_KEY bfkey;
+ size_t messagelen;
+ size_t i;
+ int j;
+ char *encrypted;
+ char *end;
+ unsigned char bit;
+ unsigned char word;
+ unsigned char d;
+ BF_set_key(&bfkey, keylen, (const unsigned char*)key);
+
+ messagelen = strlen(message);
+ if (messagelen == 0) return NULL;
+ encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
+ end = encrypted;
+
+ while (*message) {
+ /* Read 8 bytes (a Blowfish block) */
+ BF_LONG binary[2] = { 0, 0 };
+ unsigned char c;
+ for (i = 0; i < 8; i++) {
+ c = message[i];
+ binary[i >> 2] |= c << 8*(3 - (i&3));
+ if (c == '\0') break;
+ }
+ message += 8;
+
+ /* Encrypt block */
+ BF_encrypt(binary, &bfkey);
+
+ /* Emit FiSH-BASE64 */
+ bit = 0;
+ word = 1;
+ for (j = 0; j < 12; j++) {
+ d = fish_base64[(binary[word] >> bit) & 63];
+ *(end++) = d;
+ bit += 6;
+ if (j == 5) {
+ bit = 0;
+ word = 0;
+ }
+ }
+
+ /* Stop if a null terminator was found */
+ if (c == '\0') break;
+ }
+ *end = '\0';
+ return encrypted;
+}
+
+
+char *__old_fish_decrypt(const char *key, size_t keylen, const char *data) {
+ BF_KEY bfkey;
+ size_t i;
+ char *decrypted;
+ char *end;
+ unsigned char bit;
+ unsigned char word;
+ unsigned char d;
+ BF_set_key(&bfkey, keylen, (const unsigned char*)key);
+
+ decrypted = g_malloc(strlen(data) + 1);
+ end = decrypted;
+
+ while (*data) {
+ /* Convert from FiSH-BASE64 */
+ BF_LONG binary[2] = { 0, 0 };
+ bit = 0;
+ word = 1;
+ for (i = 0; i < 12; i++) {
+ d = fish_unbase64[(const unsigned char)*(data++)];
+ if (d == IB) goto decrypt_end;
+ binary[word] |= (unsigned long)d << bit;
+ bit += 6;
+ if (i == 5) {
+ bit = 0;
+ word = 0;
+ }
+ }
+
+ /* Decrypt block */
+ BF_decrypt(binary, &bfkey);
+
+ /* Copy to buffer */
+ GET_BYTES(end, binary[0]);
+ GET_BYTES(end, binary[1]);
+ }
+
+ decrypt_end:
+ *end = '\0';
+ return decrypted;
+}
+
+/**
+ * Encrypts a message (see __old_fish_decrypt). The key is searched for in the
+ * key store.
+ */
+char *__old_fish_encrypt_for_nick(const char *nick, const char *data) {
+ char *key;
+ char *encrypted;
+
+ /* Look for key */
+ /*key = keystore_get_key(nick);*/
+ if (!key) return NULL;
+
+ /* Encrypt */
+ encrypted = __old_fish_encrypt(key, strlen(key), data);
+
+ g_free(key);
+ return encrypted;
+}
+
+/**
+ * Decrypts a message (see __old_fish_decrypt). The key is searched for in the
+ * key store.
+ */
+char *__old_fish_decrypt_from_nick(const char *nick, const char *data) {
+ char *key;
+ char *decrypted;
+ /* Look for key */
+ /*key = keystore_get_key(nick);*/
+ if (!key) return NULL;
+
+ /* Decrypt */
+ decrypted = __old_fish_decrypt(key, strlen(key), data);
+
+ g_free(key);
+ return decrypted;
+}
+
+
--- /dev/null
+/*
+
+ Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+*/
+
+#ifndef FISH_OLD_H
+#define FISH_OLD_H
+
+#include <stddef.h>
+
+#include <glib.h>
+
+char *__old_fish_encrypt(const char *key, size_t keylen, const char *message);
+char *__old_fish_decrypt(const char *key, size_t keylen, const char *data);
+char *__old_fish_encrypt_for_nick(const char *nick, const char *data);
+char *__old_fish_decrypt_from_nick(const char *nick, const char *data);
+
+#endif
+
+
--- /dev/null
+fishlim_old_lib = shared_library('fishlim_old_lib',
+ ['fish.c'],
+ dependencies: [libgio_dep, libssl_dep],
+)
--- /dev/null
+/*
+
+ Copyright (c) 2020 <bakasura@protonmail.ch>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+*/
+
+#ifndef PLUGIN_HEXCHAT_FISHLIM_TEST_H
+#define PLUGIN_HEXCHAT_FISHLIM_TEST_H
+
+// Libs
+#include <stdio.h>
+#include <glib.h>
+// Project Libs
+#include "../fish.h"
+#include "../utils.h"
+#include "old_version/fish.h"
+
+/**
+ * Auxiliary function: Generate a random string
+ * @param out Preallocated string to fill
+ * @param len Size of bytes to fill
+ */
+void random_string(char *out, size_t len) {
+ GRand *rand = NULL;
+ int i = 0;
+
+ rand = g_rand_new();
+ for (i = 0; i < len; ++i) {
+ out[i] = g_rand_int_range(rand, 1, 256);
+ }
+
+ out[len] = 0;
+
+ g_rand_free(rand);
+}
+
+
+/**
+ * Check encrypt and decrypt in ECB mode and compare with old implementation
+ */
+void __ecb() {
+ char *bo64 = NULL, *b64 = NULL;
+ char *deo = NULL, *de = NULL;
+ int key_len, message_len = 0;
+ char key[57];
+ char message[1000];
+
+ /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+ for (key_len = 1; key_len < 57; ++key_len) {
+
+ random_string(key, key_len);
+
+ for (message_len = 1; message_len < 1000; ++message_len) {
+ random_string(message, message_len);
+
+ /* Encrypt */
+ bo64 = __old_fish_encrypt(key, key_len, message);
+ g_assert_nonnull(bo64);
+ b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
+ g_assert_nonnull(b64);
+ g_assert_cmpuint(g_strcmp0(b64, bo64), == , 0);
+
+ /* Decrypt */
+ /* Linear */
+ deo = __old_fish_decrypt(key, key_len, bo64);
+ de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
+ g_assert_nonnull(deo);
+ g_assert_nonnull(de);
+ g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+ g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
+ g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
+ g_free(deo);
+ g_free(de);
+ /* Mixed */
+ deo = __old_fish_decrypt(key, key_len, b64);
+ de = fish_decrypt_str(key, key_len, bo64, FISH_ECB_MODE);
+ g_assert_nonnull(deo);
+ g_assert_nonnull(de);
+ g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+ g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
+ g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
+ g_free(deo);
+ g_free(de);
+
+ /* Free */
+ g_free(bo64);
+ g_free(b64);
+ }
+ }
+}
+
+/**
+ * Check encrypt and decrypt in CBC mode
+ */
+void __cbc() {
+ char *b64 = NULL;
+ char *de = NULL;
+ int key_len, message_len = 0;
+ char key[57];
+ char message[1000];
+
+ /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+ for (key_len = 1; key_len < 57; ++key_len) {
+
+ random_string(key, key_len);
+
+ for (message_len = 1; message_len < 1000; ++message_len) {
+ random_string(message, message_len);
+
+ /* Encrypt */
+ b64 = fish_encrypt(key, key_len, message, message_len, FISH_CBC_MODE);
+ g_assert_nonnull(b64);
+
+ /* Decrypt */
+ /* Linear */
+ de = fish_decrypt_str(key, key_len, b64, FISH_CBC_MODE);
+ g_assert_nonnull(de);
+ g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+ g_free(de);
+
+ /* Free */
+ g_free(b64);
+ }
+ }
+}
+
+/**
+ * Check the calculation of final length from an encoded string in Base64
+ */
+void __base64_len() {
+ char *b64 = NULL;
+ int i, message_len = 0;
+ char message[1000];
+
+ for (i = 0; i < 10; ++i) {
+
+ for (message_len = 1; message_len < 1000; ++message_len) {
+ random_string(message, message_len);
+ b64 = g_base64_encode((const unsigned char *) message, message_len);
+ g_assert_nonnull(b64);
+ g_assert_cmpuint(strlen(b64), == , base64_len(message_len));
+ g_free(b64);
+ }
+ }
+}
+
+/**
+ * Check the calculation of final length from an encoded string in BlowcryptBase64
+ */
+void __base64_fish_len() {
+ char *b64 = NULL;
+ int i, message_len = 0;
+ char message[1000];
+
+ for (i = 0; i < 10; ++i) {
+
+ for (message_len = 1; message_len < 1000; ++message_len) {
+ random_string(message, message_len);
+ b64 = fish_base64_encode(message, message_len);
+ g_assert_nonnull(b64);
+ g_assert_cmpuint(strlen(b64), == , base64_fish_len(message_len));
+ g_free(b64);
+ }
+ }
+}
+
+
+/**
+ * Check the calculation of final length from an encrypted string in ECB mode
+ */
+void __base64_ecb_len() {
+ char *b64 = NULL;
+ int key_len, message_len = 0;
+ char key[57];
+ char message[1000];
+
+ /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+ for (key_len = 1; key_len < 57; ++key_len) {
+
+ random_string(key, key_len);
+
+ for (message_len = 1; message_len < 1000; ++message_len) {
+ random_string(message, message_len);
+ b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
+ g_assert_nonnull(b64);
+ g_assert_cmpuint(strlen(b64), == , ecb_len(message_len));
+ g_free(b64);
+ }
+ }
+}
+
+/**
+ * Check the calculation of final length from an encrypted string in CBC mode
+ */
+void __base64_cbc_len() {
+ char *b64 = NULL;
+ int key_len, message_len = 0;
+ char key[57];
+ char message[1000];
+
+ /* Generate key 32–448 bits (Yes, I start with 8 bits) */
+ for (key_len = 1; key_len < 57; ++key_len) {
+
+ random_string(key, key_len);
+
+ for (message_len = 1; message_len < 1000; ++message_len) {
+ random_string(message, message_len);
+ b64 = fish_encrypt(key, key_len, message, message_len, FISH_CBC_MODE);
+ g_assert_nonnull(b64);
+ g_assert_cmpuint(strlen(b64), == , cbc_len(message_len));
+ g_free(b64);
+ }
+ }
+}
+
+int main(int argc, char *argv[]) {
+
+ g_test_init(&argc, &argv, NULL);
+
+ g_test_add_func("/fishlim/__ecb", __ecb);
+ g_test_add_func("/fishlim/__cbc", __ecb);
+ g_test_add_func("/fishlim/__base64_len", __base64_len);
+ g_test_add_func("/fishlim/__base64_fish_len", __base64_fish_len);
+ g_test_add_func("/fishlim/__base64_ecb_len", __base64_ecb_len);
+ g_test_add_func("/fishlim/__base64_cbc_len", __base64_cbc_len);
+
+ return g_test_run();
+}
+
+#endif //PLUGIN_HEXCHAT_FISHLIM_TEST_H
\ No newline at end of file
--- /dev/null
+/*
+
+ Copyright (c) 2020 <bakasura@protonmail.ch>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+*/
+
+#include "utils.h"
+
+/**
+ * Calculate the length of Base64-encoded string
+ *
+ * @param plaintext_len Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long base64_len(size_t plaintext_len) {
+ int length_unpadded = (4 * plaintext_len) / 3;
+ /* Add padding */
+ return length_unpadded % 4 != 0 ? length_unpadded + (4 - length_unpadded % 4) : length_unpadded;
+}
+
+/**
+ * Calculate the length of BlowcryptBase64-encoded string
+ *
+ * @param plaintext_len Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long base64_fish_len(size_t plaintext_len) {
+ int length_unpadded = (12 * plaintext_len) / 8;
+ /* Add padding */
+ return length_unpadded % 12 != 0 ? length_unpadded + (12 - length_unpadded % 12) : length_unpadded;
+}
+
+/**
+ * Calculate the length of fish-encrypted string in CBC mode
+ *
+ * @param plaintext_len Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long cbc_len(size_t plaintext_len) {
+ /*IV + DATA + Zero Padding */
+ return base64_len(8 + (plaintext_len % 8 != 0 ? plaintext_len + 8 - (plaintext_len % 8) : plaintext_len));
+}
+
+/**
+ * Calculate the length of fish-encrypted string in ECB mode
+ *
+ * @param plaintext_len Size of clear text to encode
+ * @return Size of encoded string
+ */
+unsigned long ecb_len(size_t plaintext_len) {
+ return base64_fish_len(plaintext_len);
+}
\ No newline at end of file
--- /dev/null
+/*
+
+ Copyright (c) 2020 <bakasura@protonmail.ch>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+*/
+
+#ifndef PLUGIN_HEXCHAT_FISHLIM_UTILS_H
+#define PLUGIN_HEXCHAT_FISHLIM_UTILS_H
+
+#include <stddef.h>
+
+unsigned long base64_len(size_t plaintext_len);
+unsigned long base64_fish_len(size_t plaintext_len);
+unsigned long cbc_len(size_t plaintext_len);
+unsigned long ecb_len(size_t plaintext_len);
+
+#endif
\ No newline at end of file
projects / irc / hexchat / hexchat.git / commitdiff
