13870
|
1 /**
|
|
2 * The QQ2003C protocol plugin
|
|
3 *
|
|
4 * for gaim
|
|
5 *
|
|
6 * Copyright (C) 2004 Puzzlebird
|
|
7 *
|
|
8 * This program is free software; you can redistribute it and/or modify
|
|
9 * it under the terms of the GNU General Public License as published by
|
|
10 * the Free Software Foundation; either version 2 of the License, or
|
|
11 * (at your option) any later version.
|
|
12 *
|
|
13 * This program is distributed in the hope that it will be useful,
|
|
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16 * GNU General Public License for more details.
|
|
17 *
|
|
18 * You should have received a copy of the GNU General Public License
|
|
19 * along with this program; if not, write to the Free Software
|
|
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
21 *
|
|
22 *
|
|
23 * OICQ encryption algorithm
|
|
24 * Convert from ASM code provided by PerlOICQ
|
|
25 *
|
|
26 * Puzzlebird, Nov-Dec 2002
|
|
27 */
|
|
28
|
|
29 // START OF FILE
|
|
30 /*****************************************************************************/
|
|
31 /*Notes: (OICQ uses 0x10 iterations, and modified something...)
|
|
32
|
|
33 IN : 64 bits of data in v[0] - v[1].
|
|
34 OUT: 64 bits of data in w[0] - w[1].
|
|
35 KEY: 128 bits of key in k[0] - k[3].
|
|
36
|
|
37 delta is chosen to be the real part of
|
|
38 the golden ratio: Sqrt(5/4) - 1/2 ~ 0.618034 multiplied by 2^32.
|
|
39
|
|
40 0x61C88647 is what we can track on the ASM codes.!!
|
|
41 */
|
|
42
|
|
43 #include <arpa/inet.h>
|
|
44
|
|
45 #include <string.h>
|
|
46
|
|
47 #include "crypt.h"
|
13977
|
48 #include "debug.h" // gaim_debug
|
13870
|
49
|
13977
|
50 /********************************************************************
|
|
51 * encryption
|
|
52 *******************************************************************/
|
|
53
|
13870
|
54 static void qq_encipher(unsigned long *const v, const unsigned long *const k, unsigned long *const w)
|
|
55 {
|
13977
|
56 register unsigned long y = ntohl(v[0]),
|
|
57 z = ntohl(v[1]),
|
|
58 a = ntohl(k[0]),
|
|
59 b = ntohl(k[1]),
|
|
60 c = ntohl(k[2]),
|
|
61 d = ntohl(k[3]),
|
|
62 n = 0x10,
|
|
63 sum = 0,
|
|
64 delta = 0x9E3779B9; /* 0x9E3779B9 - 0x100000000 = -0x61C88647 */
|
13870
|
65
|
|
66 while (n-- > 0) {
|
|
67 sum += delta;
|
|
68 y += ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b);
|
|
69 z += ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d);
|
|
70 }
|
|
71
|
|
72 w[0] = htonl(y);
|
|
73 w[1] = htonl(z);
|
13977
|
74 }
|
|
75
|
|
76 static int rand(void) { // it can be the real random seed function
|
|
77 return 0xdead;
|
|
78 } // override with number, convenient for debug
|
13870
|
79
|
13977
|
80 // we encrypt every eight byte chunk
|
|
81 static void encrypt_every_8_byte(unsigned char *plain, unsigned char *plain_pre_8, unsigned char **crypted,
|
|
82 unsigned char **crypted_pre_8, unsigned char *key, int *count, int *pos_in_byte, int *is_header)
|
|
83 {
|
|
84 // prepare plain text
|
|
85 for (*pos_in_byte = 0; *pos_in_byte < 8; (*pos_in_byte)++) {
|
|
86 if (*is_header) {
|
|
87 plain[*pos_in_byte] ^= plain_pre_8[*pos_in_byte];
|
|
88 } else {
|
|
89 plain[*pos_in_byte] ^= (*crypted_pre_8)[*pos_in_byte];
|
|
90 }
|
|
91 }
|
|
92 qq_encipher((unsigned long *) plain, (unsigned long *) key, (unsigned long *) *crypted); // encrypt it
|
|
93
|
|
94 for (*pos_in_byte = 0; *pos_in_byte < 8; (*pos_in_byte)++) {
|
|
95 (*crypted)[*pos_in_byte] ^= plain_pre_8[*pos_in_byte];
|
|
96 }
|
|
97 memcpy(plain_pre_8, plain, 8); // prepare next
|
|
98
|
|
99 *crypted_pre_8 = *crypted; // store position of previous 8 byte
|
|
100 *crypted += 8; // prepare next output
|
|
101 *count += 8; // outstrlen increase by 8
|
|
102 *pos_in_byte = 0; // back to start
|
|
103 *is_header = 0; // and exit header
|
|
104 } // encrypt_every_8_byte
|
|
105
|
13870
|
106
|
|
107 static void qq_encrypt(unsigned char *instr, int instrlen, unsigned char *key, unsigned char *outstr, int *outstrlen_prt)
|
|
108 {
|
13977
|
109 unsigned char plain[8], // plain text buffer
|
|
110 plain_pre_8[8], // plain text buffer, previous 8 bytes
|
|
111 *crypted, // crypted text
|
|
112 *crypted_pre_8, // crypted test, previous 8 bytes
|
|
113 *inp; // current position in instr
|
|
114 int pos_in_byte = 1, // loop in the byte
|
|
115 is_header = 1, // header is one byte
|
|
116 count = 0, // number of bytes being crypted
|
|
117 padding = 0; // number of padding stuff
|
13870
|
118
|
|
119 pos_in_byte = (instrlen + 0x0a) % 8; // header padding decided by instrlen
|
|
120 if (pos_in_byte) {
|
|
121 pos_in_byte = 8 - pos_in_byte;
|
|
122 }
|
|
123 plain[0] = (rand() & 0xf8) | pos_in_byte;
|
|
124
|
|
125 memset(plain + 1, rand() & 0xff, pos_in_byte++);
|
|
126 memset(plain_pre_8, 0x00, sizeof(plain_pre_8));
|
|
127
|
|
128 crypted = crypted_pre_8 = outstr;
|
|
129
|
|
130 padding = 1; // pad some stuff in header
|
13977
|
131 while (padding <= 2) { // at most two bytes
|
13870
|
132 if (pos_in_byte < 8) {
|
|
133 plain[pos_in_byte++] = rand() & 0xff;
|
|
134 padding++;
|
|
135 }
|
|
136 if (pos_in_byte == 8) {
|
13977
|
137 encrypt_every_8_byte(plain, plain_pre_8, &crypted, &crypted_pre_8, key, &count, &pos_in_byte, &is_header);
|
13870
|
138 }
|
|
139 }
|
|
140
|
|
141 inp = instr;
|
|
142 while (instrlen > 0) {
|
|
143 if (pos_in_byte < 8) {
|
|
144 plain[pos_in_byte++] = *(inp++);
|
|
145 instrlen--;
|
|
146 }
|
|
147 if (pos_in_byte == 8) {
|
13977
|
148 encrypt_every_8_byte(plain, plain_pre_8, &crypted, &crypted_pre_8, key, &count, &pos_in_byte, &is_header);
|
13870
|
149 }
|
|
150 }
|
|
151
|
13977
|
152 padding = 1; // pad some stuff in tail
|
|
153 while (padding <= 7) { // at most seven bytes
|
13870
|
154 if (pos_in_byte < 8) {
|
|
155 plain[pos_in_byte++] = 0x00;
|
|
156 padding++;
|
|
157 }
|
|
158 if (pos_in_byte == 8) {
|
13977
|
159 encrypt_every_8_byte(plain, plain_pre_8, &crypted, &crypted_pre_8, key, &count, &pos_in_byte, &is_header);
|
13870
|
160 }
|
|
161 }
|
|
162
|
|
163 *outstrlen_prt = count;
|
13977
|
164 }
|
13870
|
165
|
|
166
|
|
167 /********************************************************************
|
13977
|
168 * decryption
|
13870
|
169 ********************************************************************/
|
|
170
|
13977
|
171 static void qq_decipher(unsigned long *const v, const unsigned long *const k, unsigned long *const w)
|
|
172 {
|
|
173 register unsigned long y = ntohl(v[0]),
|
|
174 z = ntohl(v[1]),
|
|
175 a = ntohl(k[0]),
|
|
176 b = ntohl(k[1]),
|
|
177 c = ntohl(k[2]),
|
|
178 d = ntohl(k[3]),
|
|
179 n = 0x10,
|
|
180 sum = 0xE3779B90, // why this ? must be related with n value
|
|
181 delta = 0x9E3779B9;
|
|
182
|
|
183 /* sum = delta<<5, in general sum = delta * n */
|
|
184 while (n-- > 0) {
|
|
185 z -= ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d);
|
|
186 y -= ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b);
|
|
187 sum -= delta;
|
|
188 }
|
|
189
|
|
190 w[0] = htonl(y);
|
|
191 w[1] = htonl(z);
|
|
192 }
|
|
193
|
|
194 static int decrypt_every_8_byte(unsigned char **crypt_buff, const int instrlen, const unsigned char * const key,
|
|
195 int *context_start, unsigned char *decrypted, int *pos_in_byte)
|
|
196 {
|
|
197 for (*pos_in_byte = 0; *pos_in_byte < 8; (*pos_in_byte)++) {
|
|
198 if (*context_start + *pos_in_byte >= instrlen)
|
|
199 return 1;
|
|
200 decrypted[*pos_in_byte] ^= (*crypt_buff)[*pos_in_byte];
|
|
201 }
|
|
202 qq_decipher((unsigned long *) decrypted, (unsigned long *) key, (unsigned long *) decrypted);
|
|
203
|
|
204 *context_start += 8;
|
|
205 *crypt_buff += 8;
|
|
206 *pos_in_byte = 0;
|
|
207
|
|
208 return 1;
|
|
209 }
|
|
210
|
|
211 // return 0 if failed, 1 otherwise
|
13870
|
212 static int qq_decrypt(unsigned char *instr, int instrlen, unsigned char *key, unsigned char *outstr, int *outstrlen_ptr)
|
|
213 {
|
|
214 unsigned char decrypted[8], m[8], *crypt_buff, *crypt_buff_pre_8, *outp;
|
|
215 int count, context_start, pos_in_byte, padding;
|
|
216
|
|
217 // at least 16 bytes and %8 == 0
|
|
218 if ((instrlen % 8) || (instrlen < 16)) {
|
13977
|
219 gaim_debug(GAIM_DEBUG_ERROR, "QQ",
|
|
220 "Packet len is either too short or not a multiple of 8 bytes, read %d bytes\n", instrlen);
|
13870
|
221 return 0;
|
|
222 }
|
|
223 // get information from header
|
|
224 qq_decipher((unsigned long *) instr, (unsigned long *) key, (unsigned long *) decrypted);
|
|
225 pos_in_byte = decrypted[0] & 0x7;
|
|
226 count = instrlen - pos_in_byte - 10; // this is the plaintext length
|
13977
|
227 // return if outstr buffer is not large enough or error plaintext length
|
13870
|
228 if (*outstrlen_ptr < count || count < 0) {
|
13977
|
229 gaim_debug(GAIM_DEBUG_ERROR, "QQ", "Buffer len %d is less than real len %d", *outstrlen_ptr, count);
|
13870
|
230 return 0;
|
|
231 }
|
|
232
|
|
233 memset(m, 0, 8);
|
|
234 crypt_buff_pre_8 = m;
|
|
235 *outstrlen_ptr = count; // everything is ok! set return string length
|
|
236
|
|
237 crypt_buff = instr + 8; // address of real data start
|
13977
|
238 context_start = 8; // context is at the second chunk of 8 bytes
|
13870
|
239 pos_in_byte++; // start of paddng stuff
|
|
240
|
|
241 padding = 1; // at least one in header
|
|
242 while (padding <= 2) { // there are 2 byte padding stuff in header
|
13977
|
243 if (pos_in_byte < 8) { // bypass the padding stuff, it's nonsense data
|
13870
|
244 pos_in_byte++;
|
|
245 padding++;
|
|
246 }
|
|
247 if (pos_in_byte == 8) {
|
|
248 crypt_buff_pre_8 = instr;
|
13977
|
249 if (!decrypt_every_8_byte(&crypt_buff, instrlen, key, &context_start, decrypted, &pos_in_byte)) {
|
|
250 gaim_debug(GAIM_DEBUG_ERROR, "QQ", "decrypt every 8 bytes error A");
|
13870
|
251 return 0;
|
|
252 }
|
|
253 }
|
13977
|
254 }
|
13870
|
255
|
|
256 outp = outstr;
|
|
257 while (count != 0) {
|
|
258 if (pos_in_byte < 8) {
|
|
259 *outp = crypt_buff_pre_8[pos_in_byte] ^ decrypted[pos_in_byte];
|
|
260 outp++;
|
|
261 count--;
|
|
262 pos_in_byte++;
|
|
263 }
|
|
264 if (pos_in_byte == 8) {
|
|
265 crypt_buff_pre_8 = crypt_buff - 8;
|
13977
|
266 if (!decrypt_every_8_byte(&crypt_buff, instrlen, key, &context_start, decrypted, &pos_in_byte)) {
|
|
267 gaim_debug(GAIM_DEBUG_ERROR, "QQ", "decrypt every 8 bytes error B");
|
13870
|
268 return 0;
|
|
269 }
|
|
270 }
|
13977
|
271 }
|
13870
|
272
|
|
273 for (padding = 1; padding < 8; padding++) {
|
|
274 if (pos_in_byte < 8) {
|
|
275 if (crypt_buff_pre_8[pos_in_byte] ^ decrypted[pos_in_byte])
|
|
276 return 0;
|
|
277 pos_in_byte++;
|
|
278 }
|
|
279 if (pos_in_byte == 8) {
|
|
280 crypt_buff_pre_8 = crypt_buff;
|
13977
|
281 if (!decrypt_every_8_byte(&crypt_buff, instrlen, key, &context_start, decrypted, &pos_in_byte)) {
|
|
282 gaim_debug(GAIM_DEBUG_ERROR, "QQ", "decrypt every 8 bytes error C");
|
13870
|
283 return 0;
|
|
284 }
|
|
285 }
|
13977
|
286 }
|
13870
|
287 return 1;
|
13977
|
288 }
|
13870
|
289
|
|
290 /*****************************************************************************/
|
|
291 /* This is the Public Function */
|
|
292 // return 1 is succeed, otherwise return 0
|
|
293 int qq_crypt(unsigned char flag,
|
|
294 unsigned char *instr, int instrlen, unsigned char *key, unsigned char *outstr, int *outstrlen_ptr)
|
|
295 {
|
|
296 if (flag == DECRYPT)
|
|
297 return qq_decrypt(instr, instrlen, key, outstr, outstrlen_ptr);
|
|
298 else if (flag == ENCRYPT)
|
|
299 qq_encrypt(instr, instrlen, key, outstr, outstrlen_ptr);
|
|
300
|
|
301 return 1; // flag must be DECRYPT or ENCRYPT
|
13977
|
302 }
|
13870
|
303
|
|
304 /*****************************************************************************/
|
|
305 // END OF FILE
|