diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/fishlim/Makefile.am | 4 | ||||
-rw-r--r-- | plugins/fishlim/dh1080.c | 209 | ||||
-rw-r--r-- | plugins/fishlim/dh1080.h | 24 | ||||
-rw-r--r-- | plugins/fishlim/fishlim.vcxproj | 3 | ||||
-rw-r--r-- | plugins/fishlim/irc.c | 4 | ||||
-rw-r--r-- | plugins/fishlim/plugin_hexchat.c | 192 |
6 files changed, 416 insertions, 20 deletions
diff --git a/plugins/fishlim/Makefile.am b/plugins/fishlim/Makefile.am index 95498bf5..fdf47051 100644 --- a/plugins/fishlim/Makefile.am +++ b/plugins/fishlim/Makefile.am @@ -1,9 +1,9 @@ -EXTRA_DIST = INSTALL LICENSE fish.h irc.h keystore.h plugin_hexchat.h +EXTRA_DIST = INSTALL LICENSE fish.h irc.h keystore.h plugin_hexchat.h dh1080.h libdir = $(hexchatlibdir) lib_LTLIBRARIES = fishlim.la -fishlim_la_SOURCES = fish.c irc.c keystore.c plugin_hexchat.c +fishlim_la_SOURCES = fish.c irc.c keystore.c plugin_hexchat.c dh1080.c fishlim_la_LDFLAGS = $(PLUGIN_LDFLAGS) -module fishlim_la_LIBADD = $(GLIB_LIBS) $(OPENSSL_LIBS) fishlim_la_CPPFLAGS = -I$(top_srcdir)/src/common diff --git a/plugins/fishlim/dh1080.c b/plugins/fishlim/dh1080.c new file mode 100644 index 00000000..41b65844 --- /dev/null +++ b/plugins/fishlim/dh1080.c @@ -0,0 +1,209 @@ +/* HexChat +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA +*/ + +/* + * For Diffie-Hellman key-exchange a 1080bit germain prime is used, the + * generator g=2 renders a field Fp from 1 to p-1. Therefore breaking it + * means to solve a discrete logarithm problem with no less than 1080bit. + * + * Base64 format is used to send the public keys over IRC. + * + * The calculated secret key is hashed with SHA-256, the result is converted + * to base64 for final use with blowfish. + */ + +#include "dh1080.h" + +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/sha.h> + +#include <string.h> +#include <glib.h> + +#define DH1080_PRIME_BITS 1080 +#define DH1080_PRIME_BYTES 135 +#define SHA256_DIGEST_LENGTH 32 +#define B64ABC "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" +#define MEMZERO(x) memset(x, 0x00, (sizeof(x)/sizeof(*x)) ) + +/* All clients must use the same prime number to be able to keyx */ +static const guchar prime1080[DH1080_PRIME_BYTES] = +{ + 0xFB, 0xE1, 0x02, 0x2E, 0x23, 0xD2, 0x13, 0xE8, 0xAC, 0xFA, 0x9A, 0xE8, 0xB9, 0xDF, 0xAD, 0xA3, 0xEA, + 0x6B, 0x7A, 0xC7, 0xA7, 0xB7, 0xE9, 0x5A, 0xB5, 0xEB, 0x2D, 0xF8, 0x58, 0x92, 0x1F, 0xEA, 0xDE, 0x95, + 0xE6, 0xAC, 0x7B, 0xE7, 0xDE, 0x6A, 0xDB, 0xAB, 0x8A, 0x78, 0x3E, 0x7A, 0xF7, 0xA7, 0xFA, 0x6A, 0x2B, + 0x7B, 0xEB, 0x1E, 0x72, 0xEA, 0xE2, 0xB7, 0x2F, 0x9F, 0xA2, 0xBF, 0xB2, 0xA2, 0xEF, 0xBE, 0xFA, 0xC8, + 0x68, 0xBA, 0xDB, 0x3E, 0x82, 0x8F, 0xA8, 0xBA, 0xDF, 0xAD, 0xA3, 0xE4, 0xCC, 0x1B, 0xE7, 0xE8, 0xAF, + 0xE8, 0x5E, 0x96, 0x98, 0xA7, 0x83, 0xEB, 0x68, 0xFA, 0x07, 0xA7, 0x7A, 0xB6, 0xAD, 0x7B, 0xEB, 0x61, + 0x8A, 0xCF, 0x9C, 0xA2, 0x89, 0x7E, 0xB2, 0x8A, 0x61, 0x89, 0xEF, 0xA0, 0x7A, 0xB9, 0x9A, 0x8A, 0x7F, + 0xA9, 0xAE, 0x29, 0x9E, 0xFA, 0x7B, 0xA6, 0x6D, 0xEA, 0xFE, 0xFB, 0xEF, 0xBF, 0x0B, 0x7D, 0x8B +}; + +static DH *g_dh; + +int +dh1080_init (void) +{ + g_return_val_if_fail (g_dh == NULL, 0); + + if ((g_dh = DH_new())) + { + int codes; + + g_dh->p = BN_bin2bn (prime1080, DH1080_PRIME_BYTES, NULL); + g_dh->g = BN_new (); + + g_assert (g_dh->p != NULL && g_dh->g != NULL); + BN_set_word(g_dh->g, 2); + + if (DH_check (g_dh, &codes)) + return codes == 0; + } + + return 0; +} + +void +dh1080_deinit (void) +{ + g_clear_pointer (&g_dh, DH_free); +} + +static inline int +DH_verifyPubKey (BIGNUM *pk) +{ + int codes; + return DH_check_pub_key (g_dh, pk, &codes) && codes == 0; +} + +static guchar * +dh1080_decode_b64 (const char *data, gsize *out_len) +{ + GString *str = g_string_new (data); + guchar *ret; + + if (str->len % 4 == 1 && str->str[str->len - 1] == 'A') + g_string_truncate (str, str->len - 1); + + while (str->len % 4 != 0) + g_string_append_c (str, '='); + + ret = g_base64_decode_inplace (str->str, out_len); + g_string_free (str, FALSE); + return ret; +} + +static char * +dh1080_encode_b64 (const guchar *data, gsize data_len) +{ + char *ret = g_base64_encode (data, data_len); + char *p; + + if (!(p = strchr (ret, '='))) + { + char *new_ret = g_new(char, strlen(ret) + 2); + strcpy (new_ret, ret); + strcat (new_ret, "A"); + g_free (ret); + ret = new_ret; + } + else + { + *p = '\0'; + } + + return ret; +} + +int +dh1080_generate_key (char **priv_key, char **pub_key) +{ + guchar buf[DH1080_PRIME_BYTES]; + int len; + DH *dh; + + g_assert (priv_key != NULL); + g_assert (pub_key != NULL); + + dh = DHparams_dup (g_dh); + if (!dh) + return 0; + + if (!DH_generate_key (dh)) + { + DH_free (dh); + return 0; + } + + MEMZERO (buf); + len = BN_bn2bin (dh->priv_key, buf); + *priv_key = dh1080_encode_b64 (buf, len); + + MEMZERO (buf); + len = BN_bn2bin(dh->pub_key, buf); + *pub_key = dh1080_encode_b64 (buf, len); + + OPENSSL_cleanse (buf, sizeof (buf)); + DH_free (dh); + return 1; +} + +int +dh1080_compute_key (const char *priv_key, const char *pub_key, char **secret_key) +{ + char *pub_key_data; + gsize pub_key_len; + BIGNUM *pk; + DH *dh; + + g_assert (secret_key != NULL); + + /* Verify base64 strings */ + if (strspn (priv_key, B64ABC) != strlen (priv_key) + || strspn (pub_key, B64ABC) != strlen (pub_key)) + return 0; + + dh = DHparams_dup (g_dh); + + pub_key_data = dh1080_decode_b64 (pub_key, &pub_key_len); + pk = BN_bin2bn (pub_key_data, pub_key_len, NULL); + + if (DH_verifyPubKey (pk)) + { + guchar shared_key[DH1080_PRIME_BYTES] = { 0 }; + guchar sha256[SHA256_DIGEST_LENGTH] = { 0 }; + char *priv_key_data; + gsize priv_key_len; + int shared_len; + + priv_key_data = dh1080_decode_b64 (priv_key, &priv_key_len); + dh->priv_key = BN_bin2bn(priv_key_data, priv_key_len, NULL); + + shared_len = DH_compute_key (shared_key, pk, dh); + SHA256(shared_key, shared_len, sha256); + *secret_key = dh1080_encode_b64 (sha256, sizeof(sha256)); + + OPENSSL_cleanse (priv_key_data, priv_key_len); + g_free (priv_key_data); + } + + BN_free (pk); + DH_free (dh); + g_free (pub_key_data); + return 1; +} diff --git a/plugins/fishlim/dh1080.h b/plugins/fishlim/dh1080.h new file mode 100644 index 00000000..75662189 --- /dev/null +++ b/plugins/fishlim/dh1080.h @@ -0,0 +1,24 @@ +/* HexChat +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA +*/ + +#pragma once + +int dh1080_generate_key (char **, char **); +int dh1080_compute_key (const char *, const char *, char **); +int dh1080_init (void); +void dh1080_deinit (void); + diff --git a/plugins/fishlim/fishlim.vcxproj b/plugins/fishlim/fishlim.vcxproj index 50eec873..43ae1df9 100644 --- a/plugins/fishlim/fishlim.vcxproj +++ b/plugins/fishlim/fishlim.vcxproj @@ -53,13 +53,14 @@ <None Include="fishlim.def" /> </ItemGroup> <ItemGroup> - <ClInclude Include="bool.h" /> + <ClInclude Include="dh1080.h" /> <ClInclude Include="fish.h" /> <ClInclude Include="irc.h" /> <ClInclude Include="keystore.h" /> <ClInclude Include="plugin_hexchat.h" /> </ItemGroup> <ItemGroup> + <ClCompile Include="dh1080.c" /> <ClCompile Include="fish.c" /> <ClCompile Include="irc.c" /> <ClCompile Include="keystore.c" /> diff --git a/plugins/fishlim/irc.c b/plugins/fishlim/irc.c index deba545b..19b810eb 100644 --- a/plugins/fishlim/irc.c +++ b/plugins/fishlim/irc.c @@ -50,7 +50,9 @@ gboolean irc_parse_message(const char *words[], if (command) *command = words[w]; w++; - *parameters_offset = w; + if (parameters_offset) + *parameters_offset = w; + return TRUE; } diff --git a/plugins/fishlim/plugin_hexchat.c b/plugins/fishlim/plugin_hexchat.c index 0afecd82..a163fd10 100644 --- a/plugins/fishlim/plugin_hexchat.c +++ b/plugins/fishlim/plugin_hexchat.c @@ -32,6 +32,7 @@ #define HEXCHAT_MAX_WORDS 32 #include "fish.h" +#include "dh1080.h" #include "keystore.h" #include "irc.h" @@ -41,8 +42,11 @@ static const char plugin_version[] = "0.0.17"; static const char usage_setkey[] = "Usage: SETKEY [<nick or #channel>] <password>, sets the key for a channel or nick"; static const char usage_delkey[] = "Usage: DELKEY <nick or #channel>, deletes the key for a channel or nick"; +static const char usage_keyx[] = "Usage: KEYX [<nick>], performs DH1080 key-exchange with <nick>"; + static hexchat_plugin *ph; +static GHashTable *pending_exchanges; /** @@ -58,6 +62,38 @@ gchar *get_config_filename(void) { return filename_fs; } +static inline gboolean irc_is_query (const char *name) { + const char *chantypes = hexchat_list_str (ph, NULL, "chantypes"); + + return strchr (chantypes, name[0]) == NULL; +} + +static hexchat_context *find_context_on_network (const char *name) { + hexchat_list *channels; + hexchat_context *ret = NULL; + int id; + + if (hexchat_get_prefs(ph, "id", NULL, &id) != 2) + return NULL; + + channels = hexchat_list_get(ph, "channels"); + if (!channels) + return NULL; + + while (hexchat_list_next(ph, channels)) { + int chan_id = hexchat_list_int(ph, channels, "id"); + const char *chan_name = hexchat_list_str(ph, channels, "channel"); + + if (chan_id == id && chan_name && hexchat_nickcmp (ph, chan_name, name) == 0) { + ret = (hexchat_context*)hexchat_list_str(ph, channels, "context"); + break; + } + }; + + hexchat_list_free(ph, channels); + return ret; +} + int irc_nick_cmp(const char *a, const char *b) { return hexchat_nickcmp (ph, a, b); } @@ -163,11 +199,11 @@ static int handle_incoming(char *word[], char *word_eol[], hexchat_event_attrs * /* Prefix with colon, which gets stripped out otherwise */ g_string_append_c (message, ':'); } - + if (prefix_char) { g_string_append_c (message, prefix_char); } - + } else { /* Add unencrypted data (for example, a prefix from a bouncer or bot) */ peice = word[uw]; @@ -176,7 +212,7 @@ static int handle_incoming(char *word[], char *word_eol[], hexchat_event_attrs * g_string_append (message, peice); } g_free(decrypted); - + /* Simulate unencrypted message */ /* hexchat_printf(ph, "simulating: %s\n", message->str); */ hexchat_command(ph, message->str); @@ -184,26 +220,103 @@ static int handle_incoming(char *word[], char *word_eol[], hexchat_event_attrs * g_string_free (message, TRUE); g_free(sender_nick); return HEXCHAT_EAT_HEXCHAT; - + decrypt_error: g_free(decrypted); g_free(sender_nick); return HEXCHAT_EAT_NONE; } +static int handle_keyx_notice(char *word[], char *word_eol[], void *userdata) { + const char *dh_message = word[4]; + const char *dh_pubkey = word[5]; + hexchat_context *query_ctx; + const char *prefix; + gboolean cbc; + char *sender, *secret_key, *priv_key = NULL; + + if (!*dh_message || !*dh_pubkey || strlen(dh_pubkey) != 181) + return HEXCHAT_EAT_NONE; + + if (!irc_parse_message((const char**)word, &prefix, NULL, NULL) || !prefix) + return HEXCHAT_EAT_NONE; + + sender = irc_prefix_get_nick(prefix); + query_ctx = find_context_on_network(sender); + if (query_ctx) + hexchat_set_context(ph, query_ctx); + + dh_message++; /* : prefix */ + if (*dh_message == '+' || *dh_message == '-') + dh_message++; /* identify-msg */ + + cbc = g_strcmp0 (word[6], "CBC") == 0; + + if (!strcmp(dh_message, "DH1080_INIT")) { + char *pub_key; + + if (cbc) { + hexchat_print(ph, "Recieved key exchange for CBC mode which is not supported."); + goto cleanup; + } + + hexchat_printf(ph, "Received public key from %s, sending mine...", sender); + if (dh1080_generate_key(&priv_key, &pub_key)) { + hexchat_commandf(ph, "quote NOTICE %s :DH1080_FINISH %s", sender, pub_key); + g_free(pub_key); + } else { + hexchat_print(ph, "Failed to generate keys"); + goto cleanup; + } + } else if (!strcmp (dh_message, "DH1080_FINISH")) { + char *sender_lower = g_ascii_strdown(sender, -1); + /* FIXME: Properly respect irc casing */ + priv_key = g_hash_table_lookup(pending_exchanges, sender_lower); + g_hash_table_steal(pending_exchanges, sender_lower); + g_free(sender_lower); + + if (cbc) { + hexchat_print(ph, "Recieved key exchange for CBC mode which is not supported."); + goto cleanup; + } + + if (!priv_key) { + hexchat_printf(ph, "Recieved a key exchange response for unknown user: %s", sender); + goto cleanup; + } + } else { + /* Regular notice */ + g_free(sender); + return HEXCHAT_EAT_NONE; + } + + if (dh1080_compute_key(priv_key, dh_pubkey, &secret_key)) { + keystore_store_key(sender, secret_key); + hexchat_printf(ph, "Stored new key for %s", sender); + g_free(secret_key); + } else { + hexchat_print(ph, "Failed to create secret key!"); + } + +cleanup: + g_free(sender); + g_free(priv_key); + return HEXCHAT_EAT_ALL; +} + /** * Command handler for /setkey */ static int handle_setkey(char *word[], char *word_eol[], void *userdata) { const char *nick; const char *key; - + /* Check syntax */ if (*word[2] == '\0') { hexchat_printf(ph, "%s\n", usage_setkey); return HEXCHAT_EAT_HEXCHAT; } - + if (*word[3] == '\0') { /* /setkey password */ nick = hexchat_get_info(ph, "channel"); @@ -213,14 +326,14 @@ static int handle_setkey(char *word[], char *word_eol[], void *userdata) { nick = word[2]; key = word_eol[3]; } - + /* Set password */ if (keystore_store_key(nick, key)) { hexchat_printf(ph, "Stored key for %s\n", nick); } else { hexchat_printf(ph, "\00305Failed to store key in addon_fishlim.conf\n"); } - + return HEXCHAT_EAT_HEXCHAT; } @@ -229,25 +342,62 @@ static int handle_setkey(char *word[], char *word_eol[], void *userdata) { */ static int handle_delkey(char *word[], char *word_eol[], void *userdata) { const char *nick; - + /* Check syntax */ if (*word[2] == '\0' || *word[3] != '\0') { hexchat_printf(ph, "%s\n", usage_delkey); return HEXCHAT_EAT_HEXCHAT; } - + nick = g_strstrip (word_eol[2]); - + /* Delete the given nick from the key store */ if (keystore_delete_nick(nick)) { hexchat_printf(ph, "Deleted key for %s\n", nick); } else { hexchat_printf(ph, "\00305Failed to delete key in addon_fishlim.conf!\n"); } - + return HEXCHAT_EAT_HEXCHAT; } +static int handle_keyx(char *word[], char *word_eol[], void *userdata) { + const char *target = word[2]; + hexchat_context *query_ctx = NULL; + char *pub_key, *priv_key; + int ctx_type; + + if (*target) + query_ctx = find_context_on_network(target); + else { + target = hexchat_get_info(ph, "channel"); + query_ctx = hexchat_get_context (ph); + } + + if (query_ctx) { + hexchat_set_context(ph, query_ctx); + ctx_type = hexchat_list_int(ph, NULL, "type"); + } + + if ((query_ctx && ctx_type != 3) || (!query_ctx && !irc_is_query(target))) { + hexchat_print(ph, "You can only exchange keys with individuals"); + return HEXCHAT_EAT_ALL; + } + + if (dh1080_generate_key(&priv_key, &pub_key)) { + g_hash_table_replace (pending_exchanges, g_ascii_strdown(target, -1), priv_key); + + hexchat_commandf(ph, "quote NOTICE %s :DH1080_INIT %s", target, pub_key); + hexchat_printf(ph, "Sent public key to %s, waiting for reply...", target); + + g_free(pub_key); + } else { + hexchat_print(ph, "Failed to generate keys"); + } + + return HEXCHAT_EAT_ALL; +} + /** * Returns the plugin name version information. */ @@ -267,30 +417,40 @@ int hexchat_plugin_init(hexchat_plugin *plugin_handle, const char **version, char *arg) { ph = plugin_handle; - + /* Send our info to HexChat */ *name = plugin_name; *desc = plugin_desc; *version = plugin_version; - + /* Register commands */ hexchat_hook_command(ph, "SETKEY", HEXCHAT_PRI_NORM, handle_setkey, usage_setkey, NULL); hexchat_hook_command(ph, "DELKEY", HEXCHAT_PRI_NORM, handle_delkey, usage_delkey, NULL); - + hexchat_hook_command(ph, "KEYX", HEXCHAT_PRI_NORM, handle_keyx, usage_keyx, NULL); + /* Add handlers */ hexchat_hook_command(ph, "", HEXCHAT_PRI_NORM, handle_outgoing, NULL, NULL); + hexchat_hook_server(ph, "NOTICE", HEXCHAT_PRI_HIGHEST, handle_keyx_notice, NULL); hexchat_hook_server_attrs(ph, "NOTICE", HEXCHAT_PRI_NORM, handle_incoming, NULL); hexchat_hook_server_attrs(ph, "PRIVMSG", HEXCHAT_PRI_NORM, handle_incoming, NULL); /* hexchat_hook_server(ph, "RAW LINE", HEXCHAT_PRI_NORM, handle_debug, NULL); */ hexchat_hook_server_attrs(ph, "TOPIC", HEXCHAT_PRI_NORM, handle_incoming, NULL); hexchat_hook_server_attrs(ph, "332", HEXCHAT_PRI_NORM, handle_incoming, NULL); - + + if (!dh1080_init()) + return 0; + + pending_exchanges = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); + hexchat_printf(ph, "%s plugin loaded\n", plugin_name); /* Return success */ return 1; } int hexchat_plugin_deinit(void) { + g_clear_pointer(&pending_exchanges, g_hash_table_destroy); + dh1080_deinit(); + hexchat_printf(ph, "%s plugin unloaded\n", plugin_name); return 1; } |