Mercurial > pidgin
annotate libpurple/protocols/mxit/cipher.c @ 31774:4ad2a0668687
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
| author | Ethan Blanton <elb@pidgin.im> |
|---|---|
| date | Sun, 17 Jul 2011 20:36:15 +0000 |
| parents | 259bbfb423d4 |
| children | 98ae4b8b592f |
| rev | line source |
|---|---|
|
28526
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
1 /* |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
2 * MXit Protocol libPurple Plugin |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
3 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
4 * -- user password encryption -- |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
5 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
6 * Pieter Loubser <libpurple@mxit.com> |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
7 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
8 * (C) Copyright 2009 MXit Lifestyle (Pty) Ltd. |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
9 * <http://www.mxitlifestyle.com> |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
10 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
11 * This program is free software; you can redistribute it and/or modify |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
12 * it under the terms of the GNU General Public License as published by |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
13 * the Free Software Foundation; either version 2 of the License, or |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
14 * (at your option) any later version. |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
15 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
16 * This program is distributed in the hope that it will be useful, |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
19 * GNU General Public License for more details. |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
20 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
21 * You should have received a copy of the GNU General Public License |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
22 * along with this program; if not, write to the Free Software |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
24 */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
25 |
|
28770
259bbfb423d4
Fix all the remaining files for which internal.h doesn't end up being the first include.
Paul Aurich <paul@darkrain42.org>
parents:
28526
diff
changeset
|
26 #include "internal.h" |
|
28526
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
27 #include "purple.h" |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
28 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
29 #include "mxit.h" |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
30 #include "cipher.h" |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
31 #include "aes.h" |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
32 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
33 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
34 /* password encryption */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
35 #define INITIAL_KEY "6170383452343567" |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
36 #define SECRET_HEADER "<mxit/>" |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
37 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
38 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
39 /*------------------------------------------------------------------------ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
40 * Pad the secret data using ISO10126 Padding. |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
41 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
42 * @param secret The data to pad (caller must ensure buffer has enough space for padding) |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
43 * @return The total number of 128-bit blocks used |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
44 */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
45 static int pad_secret_data( char* secret ) |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
46 { |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
47 int blocks = 0; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
48 int passlen; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
49 int padding; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
50 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
51 passlen = strlen( secret ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
52 blocks = ( passlen / 16 ) + 1; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
53 padding = ( blocks * 16 ) - passlen; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
54 secret[passlen] = 0x50; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
55 secret[(blocks * 16) - 1] = padding; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
56 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
57 return blocks; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
58 } |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
59 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
60 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
61 /*------------------------------------------------------------------------ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
62 * Encrypt the user's cleartext password using the AES 128-bit (ECB) |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
63 * encryption algorithm. |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
64 * |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
65 * @param session The MXit session object |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
66 * @return The encrypted & encoded password. Must be g_free'd when no longer needed. |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
67 */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
68 char* mxit_encrypt_password( struct MXitSession* session ) |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
69 { |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
70 char key[64]; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
71 char exkey[512]; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
72 char pass[64]; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
73 char encrypted[64]; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
74 char* base64; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
75 int blocks; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
76 int size; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
77 int i; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
78 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
79 purple_debug_info( MXIT_PLUGIN_ID, "mxit_encrypt_password\n" ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
80 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
81 memset( encrypted, 0x00, sizeof( encrypted ) ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
82 memset( exkey, 0x00, sizeof( exkey ) ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
83 memset( pass, 0x58, sizeof( pass ) ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
84 pass[sizeof( pass ) - 1] = '\0'; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
85 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
86 /* build the custom AES encryption key */ |
|
31774
4ad2a0668687
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Ethan Blanton <elb@pidgin.im>
parents:
28770
diff
changeset
|
87 g_strlcpy( key, INITIAL_KEY, sizeof( key ) ); |
|
28526
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
88 memcpy( key, session->clientkey, strlen( session->clientkey ) ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
89 ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
90 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
91 /* build the custom data to be encrypted */ |
|
31774
4ad2a0668687
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Ethan Blanton <elb@pidgin.im>
parents:
28770
diff
changeset
|
92 g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) ); |
|
28526
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
93 strcat( pass, session->acc->password ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
94 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
95 /* pad the secret data */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
96 blocks = pad_secret_data( pass ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
97 size = blocks * 16; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
98 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
99 /* now encrypt the password. we encrypt each block separately (ECB mode) */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
100 for ( i = 0; i < size; i += 16 ) |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
101 Encrypt( (unsigned char*) pass + i, (unsigned char*) exkey, (unsigned char*) encrypted + i ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
102 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
103 /* now base64 encode the encrypted password */ |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
104 base64 = purple_base64_encode( (unsigned char*) encrypted, size ); |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
105 |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
106 return base64; |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
107 } |
|
69aa4660401a
Initial addition of the MXit protocol plugin, provided by the MXit folks
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
diff
changeset
|
108 |