You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
kvpnc/src/ciscopasswddecoder.cpp

228 lines
6.0 KiB

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

/***************************************************************************
 *   Copyright (C) 2005 by hal9000 <hal9000@evilscientists.de>                             *
*   Copyright (C) 2005 by Maurice Massar <vpnc@unix-ag.uni-kl.de>                             *
*   Copyright (C) 2005 by Christoph Thielecke <crissi99@gmx.de>                             *
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 *   This program is distributed in the hope that it will be useful,       *
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
 *   GNU General Public License for more details.                          *
 *                                                                         *
 *   You should have received a copy of the GNU General Public License     *
 *   along with this program; if not, write to the                         *
 *   Free Software Foundation, Inc.,                                       *
 *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
 ***************************************************************************/
#include "ciscopasswddecoder.h"
#include <tqfile.h>
#include <tqtextstream.h>
#include <tdemessagebox.h>
#include <tdelocale.h>
CiscoPasswdDecoder::CiscoPasswdDecoder(TQString& profileFile)
{
profile = profileFile;
}
CiscoPasswdDecoder::~CiscoPasswdDecoder()
{}
/* read hex strings for "enc_GroupPwd" and "enc_UserPassword" from profile file */
void CiscoPasswdDecoder::readProfileData(TQString& profile, TQString& userData, TQString& groupData)
{
TQFile PcfFile(profile);
TQTextStream stream ( &PcfFile );
if ( PcfFile.open(IO_ReadOnly))
{
TQString line = "";
while ( !stream.atEnd() )
{
line = stream.readLine(); // line of text excluding '\n' and replace all white chars with one blank
if ( !line.startsWith("#") )
{
if (line.startsWith("enc_GroupPwd") || line.startsWith("enc_GroupPwd") )
groupData=line.section('=',1,1).stripWhiteSpace();
if (line.startsWith("enc_UserPassword") || line.startsWith("enc_GroupPwd") )
userData=line.section('=',1,1).stripWhiteSpace();
}
}
PcfFile.close();
}
else
{
KMessageBox::error ( 0, i18n ( "Reading of \"%1\" has been failed!" ).arg ( PcfFile.name() ) );
}
}
int CiscoPasswdDecoder::hex2bin_c(unsigned int c)
{
if ((c >= '0')&&(c <= '9'))
return c - '0';
if ((c >= 'A')&&(c <= 'F'))
return c - 'A' + 10;
if ((c >= 'a')&&(c <= 'f'))
return c - 'a' + 10;
return -1;
}
int CiscoPasswdDecoder::hex2bin(TQString str, TQString& bin, int& len)
{
TQString p;
int i, l;
for (i = 0; str[i] != '\0'; i++)
if (hex2bin_c(TQChar(str[i]).unicode()) == -1)
return EINVAL;
l = i;
if ((l & 1) != 0)
return EINVAL;
l /= 2;
for (i = 0; i < l; i++)
p+= hex2bin_c(TQChar(str[i*2]).unicode()) << 4 | hex2bin_c(TQChar(str[i*2+1]).unicode());
bin = p;
if (len)
len = l;
return 0;
}
int CiscoPasswdDecoder::c_decrypt(TQString ct, int len, char **resp, int reslenp)
{
TQString h1 = ct;
const char *h4 = ct.ascii() + 20;
const char *enc = ct.ascii() + 40;
char ht[20], h2[20], h3[20], key[24];
const char *iv = h1.ascii();
char *res;
gcry_cipher_hd_t ctx;
int reslen;
if (len < 48)
return 0;
len -= 40;
memcpy(ht, h1.ascii(), 20);
ht[19]++;
gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);
ht[19] += 2;
gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);
memcpy(key, h2, 20);
memcpy(key+20, h3, 4);
/* who cares about parity anyway? */
gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);
if (memcmp(h4, ht, 20) != 0)
return -1;
res = (char *)malloc(len);
if (res == NULL)
return -1;
gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
gcry_cipher_setkey(ctx, key, 24);
gcry_cipher_setiv(ctx, iv, 8);
gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
gcry_cipher_close(ctx);
reslen = len - res[len-1];
res[reslen] = '\0';
if (resp)
*resp = res;
reslenp = reslen;
return 0;
}
bool CiscoPasswdDecoder::decodePasswords(TQString& userPasswd, TQString& groupPasswd)
{
TQString encUserPasswd="";
TQString encGroupPasswd="";
int i, len, ret = 0;
char *pw, *pw2;
TQString bin,bin2;
int len2=0;
bool success=true;
readProfileData(profile, encUserPasswd, encGroupPasswd);
if (!encGroupPasswd.isEmpty())
{
ret = hex2bin( encGroupPasswd, bin, len);
if (ret != 0)
{
perror("error: groupPasswd: decoding input");
success=false;
}
ret = c_decrypt(bin, len, &pw, 0);
if (ret != 0)
{
perror("error: groupPasswd: decrypting input");
success=false;
}
else
{
// printf("groupPasswd: %s\n", pw);
// std::cout << "groupPasswd: " << TQString::fromLocal8Bit(pw) << std::endl;
groupPasswd = TQString::fromLocal8Bit(pw);
//free(pw);
}
}
if (!encUserPasswd.isEmpty() )
{
i=0;
len2=0;
ret = 0;
ret = hex2bin( encUserPasswd, bin2, len2);
if (ret != 0)
{
perror("error: userPasswd: decoding input");
success=false;
}
ret = c_decrypt(bin2, len2, &pw2, 0);
//free(bin2);
if (ret != 0)
{
perror("error: userPasswd: decrypting input");
success=false;
}
else
{
// // printf("userPasswd: %s\n", pw2);
// std::cout << "userPasswd " << TQString::fromLocal8Bit(pw2) << std::endl;
userPasswd = TQString::fromLocal8Bit(pw2);
//free(pw);
}
}
return success;
}