| 1 | /* |
|---|---|
| 2 | This file has been derived from Konversation, the KDE IRC client. |
| 3 | You can redistribute it and/or modify it under the terms of the |
| 4 | GNU General Public License as published by the Free Software Foundation; |
| 5 | either version 2 of the License, or (at your option) any later version. |
| 6 | */ |
| 7 | |
| 8 | /* |
| 9 | Copyright (C) 1997 Robey Pointer <robeypointer@gmail.com> |
| 10 | Copyright (C) 2005 Ismail Donmez <ismail@kde.org> |
| 11 | Copyright (C) 2009 Travis McHenry <tmchenryaz@cox.net> |
| 12 | Copyright (C) 2009 Johannes Huber <johu@gmx.de> |
| 13 | */ |
| 14 | |
| 15 | #include "cipher.h" |
| 16 | #include "logger.h" |
| 17 | |
| 18 | Cipher::Cipher() |
| 19 | { |
| 20 | m_primeNum = QCA::BigInteger("12745216229761186769575009943944198619149164746831579719941140425076456621824834322853258804883232842877311723249782818608677050956745409379781245497526069657222703636504651898833151008222772087491045206203033063108075098874712912417029101508315117935752962862335062591404043092163187352352197487303798807791605274487594646923"); |
| 21 | setType("blowfish"); |
| 22 | } |
| 23 | |
| 24 | |
| 25 | Cipher::Cipher(QByteArray key, QString cipherType) |
| 26 | { |
| 27 | m_primeNum = QCA::BigInteger("12745216229761186769575009943944198619149164746831579719941140425076456621824834322853258804883232842877311723249782818608677050956745409379781245497526069657222703636504651898833151008222772087491045206203033063108075098874712912417029101508315117935752962862335062591404043092163187352352197487303798807791605274487594646923"); |
| 28 | setKey(key); |
| 29 | setType(cipherType); |
| 30 | } |
| 31 | |
| 32 | |
| 33 | Cipher::~Cipher() |
| 34 | {} |
| 35 | |
| 36 | bool Cipher::setKey(QByteArray key) |
| 37 | { |
| 38 | if (key.isEmpty()) { |
| 39 | m_key.clear(); |
| 40 | return false; |
| 41 | } |
| 42 | |
| 43 | if (key.mid(0, 4).toLower() == "ecb:") |
| 44 | { |
| 45 | m_cbc = false; |
| 46 | m_key = key.mid(4); |
| 47 | } |
| 48 | //strip cbc: if included |
| 49 | else if (key.mid(0, 4).toLower() == "cbc:") |
| 50 | { |
| 51 | m_cbc = true; |
| 52 | m_key = key.mid(4); |
| 53 | } |
| 54 | else |
| 55 | { |
| 56 | // if(Preferences::self()->encryptionType()) |
| 57 | // m_cbc = true; |
| 58 | // else |
| 59 | m_cbc = false; |
| 60 | m_key = key; |
| 61 | } |
| 62 | return true; |
| 63 | } |
| 64 | |
| 65 | |
| 66 | bool Cipher::setType(const QString &type) |
| 67 | { |
| 68 | //TODO check QCA::isSupported() |
| 69 | m_type = type; |
| 70 | return true; |
| 71 | } |
| 72 | |
| 73 | |
| 74 | QByteArray Cipher::decrypt(QByteArray cipherText) |
| 75 | { |
| 76 | QByteArray pfx = ""; |
| 77 | bool error = false; // used to flag non cbc, seems like good practice not to parse w/o regard for set encryption type |
| 78 | |
| 79 | //if we get cbc |
| 80 | if (cipherText.mid(0, 5) == "+OK *") |
| 81 | { |
| 82 | //if we have cbc |
| 83 | if (m_cbc) |
| 84 | cipherText = cipherText.mid(5); |
| 85 | //if we don't |
| 86 | else |
| 87 | { |
| 88 | cipherText = cipherText.mid(5); |
| 89 | pfx = "ERROR_NONECB: "; |
| 90 | error = true; |
| 91 | } |
| 92 | } |
| 93 | //if we get ecb |
| 94 | else if (cipherText.mid(0, 4) == "+OK "|| cipherText.mid(0, 5) == "mcps ") |
| 95 | { |
| 96 | //if we had cbc |
| 97 | if (m_cbc) |
| 98 | { |
| 99 | cipherText = (cipherText.mid(0, 4) == "+OK ") ? cipherText.mid(4) : cipherText.mid(5); |
| 100 | pfx = "ERROR_NONCBC: "; |
| 101 | error = true; |
| 102 | } |
| 103 | //if we don't |
| 104 | else |
| 105 | { |
| 106 | if (cipherText.mid(0, 4) == "+OK ") |
| 107 | cipherText = cipherText.mid(4); |
| 108 | else |
| 109 | cipherText = cipherText.mid(5); |
| 110 | } |
| 111 | } |
| 112 | //all other cases we fail |
| 113 | else |
| 114 | return cipherText; |
| 115 | |
| 116 | QByteArray temp; |
| 117 | // (if cbc and no error we parse cbc) || (if ecb and error we parse cbc) |
| 118 | if ((m_cbc && !error) || (!m_cbc && error)) |
| 119 | { |
| 120 | cipherText = cipherText; |
| 121 | temp = blowfishCBC(cipherText, false); |
| 122 | |
| 123 | if (temp == cipherText) |
| 124 | { |
| 125 | // kDebug("Decryption from CBC Failed"); |
| 126 | return cipherText+ |
| 127 | } |
| 128 | else |
| 129 | cipherText = temp; |
| 130 | } |
| 131 | else |
| 132 | { |
| 133 | temp = blowfishECB(cipherText, false); |
| 134 | |
| 135 | if (temp == cipherText) |
| 136 | { |
| 137 | // kDebug("Decryption from ECB Failed"); |
| 138 | return cipherText+ |
| 139 | } |
| 140 | else |
| 141 | cipherText = temp; |
| 142 | } |
| 143 | // TODO FIXME the proper fix for this is to show encryption differently e.g. [nick] instead of <nick> |
| 144 | // don't hate me for the mircryption reference there. |
| 145 | if (cipherText.at(0) == 1) |
| 146 | pfx = "\x0"; |
| 147 | cipherText = pfx+cipherText+ |
| 148 | return cipherText; |
| 149 | } |
| 150 | |
| 151 | |
| 152 | QByteArray Cipher::initKeyExchange() |
| 153 | { |
| 154 | QCA::Initializer init; |
| 155 | m_tempKey = QCA::KeyGenerator().createDH(QCA::DLGroup(m_primeNum, QCA::BigInteger(2))).toDH(); |
| 156 | |
| 157 | if (m_tempKey.isNull()) |
| 158 | return QByteArray(); |
| 159 | |
| 160 | QByteArray publicKey = m_tempKey.toPublicKey().toDH().y().toArray().toByteArray(); |
| 161 | |
| 162 | //remove leading 0 |
| 163 | if (publicKey.length() > 135 && publicKey.at(0) == |
| 164 | publicKey = publicKey.mid(1); |
| 165 | |
| 166 | return publicKey.toBase64().append( |
| 167 | } |
| 168 | |
| 169 | |
| 170 | QByteArray Cipher::parseInitKeyX(QByteArray key) |
| 171 | { |
| 172 | QCA::Initializer init; |
| 173 | bool isCBC = false; |
| 174 | |
| 175 | if (key.endsWith(" CBC")) |
| 176 | { |
| 177 | isCBC = true; |
| 178 | key.chop(4); |
| 179 | } |
| 180 | |
| 181 | if (key.length() != 181) |
| 182 | return QByteArray(); |
| 183 | |
| 184 | QCA::SecureArray remoteKey = QByteArray::fromBase64(key.left(180)); |
| 185 | QCA::DLGroup group(m_primeNum, QCA::BigInteger(2)); |
| 186 | QCA::DHPrivateKey privateKey = QCA::KeyGenerator().createDH(group).toDH(); |
| 187 | |
| 188 | if (privateKey.isNull()) |
| 189 | return QByteArray(); |
| 190 | |
| 191 | QByteArray publicKey = privateKey.y().toArray().toByteArray(); |
| 192 | |
| 193 | //remove leading 0 |
| 194 | if (publicKey.length() > 135 && publicKey.at(0) == |
| 195 | publicKey = publicKey.mid(1); |
| 196 | |
| 197 | QCA::DHPublicKey remotePub(group, remoteKey); |
| 198 | |
| 199 | if (remotePub.isNull()) |
| 200 | return QByteArray(); |
| 201 | |
| 202 | QByteArray sharedKey = privateKey.deriveKey(remotePub).toByteArray(); |
| 203 | sharedKey = QCA::Hash("sha256").hash(sharedKey).toByteArray().toBase64(); |
| 204 | |
| 205 | //remove trailing = because mircryption and fish think it's a swell idea. |
| 206 | while (sharedKey.endsWith( |
| 207 | |
| 208 | if (isCBC) |
| 209 | sharedKey.prepend("cbc:"); |
| 210 | |
| 211 | bool success = setKey(sharedKey); |
| 212 | |
| 213 | if (!success) |
| 214 | return QByteArray(); |
| 215 | |
| 216 | return publicKey.toBase64().append( |
| 217 | } |
| 218 | |
| 219 | |
| 220 | bool Cipher::parseFinishKeyX(QByteArray key) |
| 221 | { |
| 222 | QCA::Initializer init; |
| 223 | |
| 224 | if (key.length() != 181) |
| 225 | return false; |
| 226 | |
| 227 | QCA::SecureArray remoteKey = QByteArray::fromBase64(key.left(180)); |
| 228 | QCA::DLGroup group(m_primeNum, QCA::BigInteger(2)); |
| 229 | |
| 230 | QCA::DHPublicKey remotePub(group, remoteKey); |
| 231 | |
| 232 | if (remotePub.isNull()) |
| 233 | return false; |
| 234 | |
| 235 | if (m_tempKey.isNull()) |
| 236 | return false; |
| 237 | |
| 238 | QByteArray sharedKey = m_tempKey.deriveKey(remotePub).toByteArray(); |
| 239 | sharedKey = QCA::Hash("sha256").hash(sharedKey).toByteArray().toBase64(); |
| 240 | |
| 241 | //remove trailng = because mircryption and fish think it's a swell idea. |
| 242 | while (sharedKey.endsWith( |
| 243 | |
| 244 | bool success = setKey(sharedKey); |
| 245 | |
| 246 | return success; |
| 247 | } |
| 248 | |
| 249 | |
| 250 | QByteArray Cipher::decryptTopic(QByteArray cipherText) |
| 251 | { |
| 252 | if (cipherText.mid(0, 4) == "+OK ") // FiSH style topic |
| 253 | cipherText = cipherText.mid(4); |
| 254 | else if (cipherText.left(5) == "«m«") |
| 255 | cipherText = cipherText.mid(5, cipherText.length()-10); |
| 256 | else |
| 257 | return cipherText; |
| 258 | |
| 259 | QByteArray temp; |
| 260 | //TODO currently no backwards sanity checks for topic, it seems to use different standards |
| 261 | //if somebody figures them out they can enable it and add "ERROR_NONECB/CBC" warnings |
| 262 | if (m_cbc) |
| 263 | temp = blowfishCBC(cipherText.mid(1), false); |
| 264 | else |
| 265 | temp = blowfishECB(cipherText, false); |
| 266 | |
| 267 | if (temp == cipherText) |
| 268 | { |
| 269 | return cipherText; |
| 270 | } |
| 271 | else |
| 272 | cipherText = temp; |
| 273 | |
| 274 | if (cipherText.mid(0, 2) == "@@") |
| 275 | cipherText = cipherText.mid(2); |
| 276 | |
| 277 | return cipherText; |
| 278 | } |
| 279 | |
| 280 | |
| 281 | bool Cipher::encrypt(QByteArray &cipherText) |
| 282 | { |
| 283 | if (cipherText.left(3) == "+p ") //don't encode if...? |
| 284 | cipherText = cipherText.mid(3); |
| 285 | else |
| 286 | { |
| 287 | if (m_cbc) //encode in ecb or cbc decide how to determine later |
| 288 | { |
| 289 | QByteArray temp = blowfishCBC(cipherText, true); |
| 290 | |
| 291 | if (temp == cipherText) |
| 292 | { |
| 293 | // kDebug("CBC Encoding Failed"); |
| 294 | return false; |
| 295 | } |
| 296 | |
| 297 | cipherText = "+OK *"+ temp; |
| 298 | } |
| 299 | else |
| 300 | { |
| 301 | QByteArray temp = blowfishECB(cipherText, true); |
| 302 | |
| 303 | if (temp == cipherText) |
| 304 | { |
| 305 | // kDebug("ECB Encoding Failed"); |
| 306 | return false; |
| 307 | } |
| 308 | |
| 309 | cipherText = "+OK "+ temp; |
| 310 | } |
| 311 | } |
| 312 | return true; |
| 313 | } |
| 314 | |
| 315 | |
| 316 | //THE BELOW WORKS AKA DO NOT TOUCH UNLESS YOU KNOW WHAT YOU'RE DOING |
| 317 | QByteArray Cipher::blowfishCBC(QByteArray cipherText, bool direction) |
| 318 | { |
| 319 | QCA::Initializer init; |
| 320 | QByteArray temp = cipherText; |
| 321 | if (direction) |
| 322 | { |
| 323 | // make sure cipherText is an interval of 8 bits. We do this before so that we |
| 324 | // know there's at least 8 bytes to en/decryption this ensures QCA doesn't fail |
| 325 | while ((temp.length() % 8) != 0) temp.append( |
| 326 | |
| 327 | QCA::InitializationVector iv(8); |
| 328 | temp.prepend(iv.toByteArray()); // prefix with 8bits of IV for mircryptions *CUSTOM* cbc implementation |
| 329 | } |
| 330 | else |
| 331 | { |
| 332 | temp = QByteArray::fromBase64(temp); |
| 333 | //supposedly nescessary if we get a truncated message also allows for decryption of 'crazy' |
| 334 | //en/decoding clients that use STANDARDIZED PADDING TECHNIQUES |
| 335 | while ((temp.length() % 8) != 0) temp.append( |
| 336 | } |
| 337 | |
| 338 | QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode; |
| 339 | QCA::Cipher cipher(m_type, QCA::Cipher::CBC, QCA::Cipher::NoPadding, dir, m_key, QCA::InitializationVector(QByteArray("0"))); |
| 340 | QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray(); |
| 341 | temp2 += cipher.final().toByteArray(); |
| 342 | |
| 343 | if (!cipher.ok()) |
| 344 | return cipherText; |
| 345 | |
| 346 | if (direction) //send in base64 |
| 347 | temp2 = temp2.toBase64(); |
| 348 | else //cut off the 8bits of IV |
| 349 | temp2 = temp2.remove(0, 8); |
| 350 | |
| 351 | return temp2; |
| 352 | } |
| 353 | |
| 354 | |
| 355 | QByteArray Cipher::blowfishECB(QByteArray cipherText, bool direction) |
| 356 | { |
| 357 | QCA::Initializer init; |
| 358 | QByteArray temp = cipherText; |
| 359 | |
| 360 | //do padding ourselves |
| 361 | if (direction) |
| 362 | { |
| 363 | while ((temp.length() % 8) != 0) temp.append( |
| 364 | } |
| 365 | else |
| 366 | { |
| 367 | temp = b64ToByte(temp); |
| 368 | while ((temp.length() % 8) != 0) temp.append( |
| 369 | } |
| 370 | |
| 371 | QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode; |
| 372 | QCA::Cipher cipher(m_type, QCA::Cipher::ECB, QCA::Cipher::NoPadding, dir, m_key); |
| 373 | QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray(); |
| 374 | temp2 += cipher.final().toByteArray(); |
| 375 | |
| 376 | if (!cipher.ok()) |
| 377 | return cipherText; |
| 378 | |
| 379 | if (direction) |
| 380 | temp2 = byteToB64(temp2); |
| 381 | |
| 382 | return temp2; |
| 383 | } |
| 384 | |
| 385 | |
| 386 | //Custom non RFC 2045 compliant Base64 enc/dec code for mircryption / FiSH compatibility |
| 387 | QByteArray Cipher::byteToB64(QByteArray text) |
| 388 | { |
| 389 | int left = 0; |
| 390 | int right = 0; |
| 391 | int k = -1; |
| 392 | int v; |
| 393 | QString base64 = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
| 394 | QByteArray encoded; |
| 395 | while (k < (text.length() - 1)) { |
| 396 | k++; |
| 397 | v = text.at(k); if (v < 0) v += 256; |
| 398 | left = v << 24; |
| 399 | k++; |
| 400 | v = text.at(k); if (v < 0) v += 256; |
| 401 | left += v << 16; |
| 402 | k++; |
| 403 | v = text.at(k); if (v < 0) v += 256; |
| 404 | left += v << 8; |
| 405 | k++; |
| 406 | v = text.at(k); if (v < 0) v += 256; |
| 407 | left += v; |
| 408 | |
| 409 | k++; |
| 410 | v = text.at(k); if (v < 0) v += 256; |
| 411 | right = v << 24; |
| 412 | k++; |
| 413 | v = text.at(k); if (v < 0) v += 256; |
| 414 | right += v << 16; |
| 415 | k++; |
| 416 | v = text.at(k); if (v < 0) v += 256; |
| 417 | right += v << 8; |
| 418 | k++; |
| 419 | v = text.at(k); if (v < 0) v += 256; |
| 420 | right += v; |
| 421 | |
| 422 | for (int i = 0; i < 6; i++) { |
| 423 | encoded.append(base64.at(right & 0x3F).toAscii()); |
| 424 | right = right >> 6; |
| 425 | } |
| 426 | |
| 427 | //TODO make sure the .toascii doesn't break anything |
| 428 | for (int i = 0; i < 6; i++) { |
| 429 | encoded.append(base64.at(left & 0x3F).toAscii()); |
| 430 | left = left >> 6; |
| 431 | } |
| 432 | } |
| 433 | return encoded; |
| 434 | } |
| 435 | |
| 436 | |
| 437 | QByteArray Cipher::b64ToByte(QByteArray text) |
| 438 | { |
| 439 | QString base64 = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
| 440 | QByteArray decoded; |
| 441 | int k = -1; |
| 442 | while (k < (text.length() - 1)) { |
| 443 | int right = 0; |
| 444 | int left = 0; |
| 445 | int v = 0; |
| 446 | int w = 0; |
| 447 | int z = 0; |
| 448 | |
| 449 | for (int i = 0; i < 6; i++) { |
| 450 | k++; |
| 451 | v = base64.indexOf(text.at(k)); |
| 452 | right |= v << (i * 6); |
| 453 | } |
| 454 | |
| 455 | for (int i = 0; i < 6; i++) { |
| 456 | k++; |
| 457 | v = base64.indexOf(text.at(k)); |
| 458 | left |= v << (i * 6); |
| 459 | } |
| 460 | |
| 461 | for (int i = 0; i < 4; i++) { |
| 462 | w = ((left & (0xFF << ((3 - i) * 8)))); |
| 463 | z = w >> ((3 - i) * 8); |
| 464 | if (z < 0) { z = z + 256; } |
| 465 | decoded.append(z); |
| 466 | } |
| 467 | |
| 468 | for (int i = 0; i < 4; i++) { |
| 469 | w = ((right & (0xFF << ((3 - i) * 8)))); |
| 470 | z = w >> ((3 - i) * 8); |
| 471 | if (z < 0) { z = z + 256; } |
| 472 | decoded.append(z); |
| 473 | } |
| 474 | } |
| 475 | return decoded; |
| 476 | } |
| 477 | |
| 478 | |
| 479 | bool Cipher::neededFeaturesAvailable() |
| 480 | { |
| 481 | QCA::Initializer init; |
| 482 | |
| 483 | if (QCA::isSupported("blowfish-ecb") && QCA::isSupported( "blowfish-cbc") && QCA::isSupported( "dh")) |
| 484 | return true; |
| 485 | |
| 486 | return false; |
| 487 | } |
| 488 |
Generated on 2014-Aug-04 from project quassel revision 0.11-pre-104-g12e650f
Powered by 
Code Browser 1.7