diff options
Diffstat (limited to 'libpiano/src')
| -rw-r--r-- | libpiano/src/crypt.c | 311 | 
1 files changed, 120 insertions, 191 deletions
| diff --git a/libpiano/src/crypt.c b/libpiano/src/crypt.c index 0cc359e..d898205 100644 --- a/libpiano/src/crypt.c +++ b/libpiano/src/crypt.c @@ -24,226 +24,155 @@ THE SOFTWARE.  #include <string.h>  #include <stdio.h>  #include <stdlib.h> +#include <stdint.h>  #include "crypt_key_output.h"  #include "crypt_key_input.h"  #include "main.h" -#define byteswap32(x) (((x >> 24) & 0x000000ff) | ((x >> 8) & 0x0000ff00) | \ -		((x << 8) & 0x00ff0000) | ((x << 24) & 0xff000000)) +#define byteswap32(x) ((((x) >> 24) & 0x000000ff) | \ +		(((x) >> 8) & 0x0000ff00) | \ +		(((x) << 8) & 0x00ff0000) | \ +		(((x) << 24) & 0xff000000)) -/*	hex string to array of unsigned int values - *	@param hex string - *	@param return array - *	@param return size of array - *	@return nothing, yet - */ -void PianoHexToInts (const char *strHex, unsigned int **retInts, -		size_t *retIntsN) { -	size_t i, strHexN = strlen (strHex); -	unsigned int *arrInts = calloc (strHexN / 8, sizeof (*arrInts)); - -	/* unsigned int = 4 bytes, 8 chars in hex */ -	for (i = 0; i < strHexN; i++) { -		arrInts[i/8] |= ((strHex[i] < 'a' ? strHex[i]: strHex[i] + 9) & -				0x0f) << (7*4 - i*4); -	} -	*retInts = arrInts; -	*retIntsN = strHexN / 8; -} - -/*	decipher int array; reverse engineered from pandora source - *	@param decrypt-me - *	@param decrypt-me-length - *	@param return plain ints array - */ -void PianoDecipherInts (const unsigned int *cipherInts, size_t cipherIntsN, -		unsigned int **retPlainInts) { -	unsigned int *plainInts = calloc (cipherIntsN, sizeof (*plainInts)); -	size_t i, j; -	unsigned int f, l, r, lrExchange; - -	for (i = 0; i < cipherIntsN; i += 2) { -		l = cipherInts [i]; -		r = cipherInts [i+1]; - -		for (j = in_key_n + 1; j > 1; --j) { -			l ^= in_key_p [j]; -			 -			f = in_key_s [0][(l >> 24) & 0xff] + -					in_key_s [1][(l >> 16) & 0xff]; -			f ^= in_key_s [2][(l >> 8) & 0xff]; -			f += in_key_s [3][l & 0xff]; -			r ^= f; -			/* exchange l & r */ -			lrExchange = l; -			l = r; -			r = lrExchange; -		} -		/* exchange l & r */ -		lrExchange = l; -		l = r; -		r = lrExchange; -		r ^= in_key_p [1]; -		l ^= in_key_p [0]; -		plainInts [i] = l; -		plainInts [i+1] = r; -	} -	*retPlainInts = plainInts; -} - -/*	int array to string - *	@param int array - *	@param length of array - *	@return the string - */ -char *PianoIntsToString (const unsigned int *arrInts, size_t arrIntsN) { -	char *strDecoded = calloc (arrIntsN * 4 + 1, sizeof (*strDecoded)); -	size_t i; -	unsigned int *tmp; - -	for (i = 0; i < arrIntsN; i++) { -		/* map string to 4-byte int */ -		tmp = (unsigned int *) &strDecoded[i*4]; -		/* FIXME: big endian does not need byteswap? */ -		*tmp = byteswap32 (arrInts[i]); -	} -	return strDecoded; -} - -/*	decrypt hex-encoded string +/*	decrypt hex-encoded, blowfish-crypted string: decode 2 hex-encoded blocks, + *	decrypt, byteswap   *	@param hex string   *	@return decrypted string   */ -char *PianoDecryptString (const char *strInput) { -	unsigned int *cipherInts, *plainInts; -	size_t cipherIntsN; -	char *strDecrypted; - -	PianoHexToInts (strInput, &cipherInts, &cipherIntsN); -	PianoDecipherInts (cipherInts, cipherIntsN, &plainInts); -	strDecrypted = PianoIntsToString (plainInts, cipherIntsN); - -	PianoFree (cipherInts, cipherIntsN * sizeof (*cipherInts)); -	PianoFree (plainInts, cipherIntsN * sizeof (*plainInts)); - -	return strDecrypted; -} - -/*	string to int array - *	@param the string, length % 8 needs to be 0 - *	@param returns int array - *	@param returns size of int array - *	@return nothing - */ -void PianoBytesToInts (const char *strInput, unsigned int **retArrInts, -		size_t *retArrIntsN) { -	size_t i, j, neededStrLen, strInputN = strlen (strInput); -	unsigned int *arrInts; -	char shift; - -	/* blowfish encrypts two 4 byte blocks */ -	neededStrLen = strInputN; -	if (neededStrLen % 8 != 0) { -		/* substract overhead and add full 8 byte block */ -		neededStrLen = neededStrLen - (neededStrLen % 8) + 8; -	} -	arrInts = calloc (neededStrLen / 4, sizeof (*arrInts)); - -	/* we must not read beyond the end of the string, so be a bit -	 * paranoid */ -	i = 0; -	j = 0; -	while (i < strInputN) { -		shift = 24; -		while (shift >= 0 && i < strInputN) { -			arrInts[i/4] |= (strInput[i] & 0xff) << shift; -			shift -= 8; -			i++; +#define INITIAL_SHIFT 28 +#define SHIFT_DEC 4 +unsigned char *PianoDecryptString (const unsigned char *strInput) { +	/* hex-decode => strlen/2 */ +	unsigned char *strDecrypted = calloc (strlen ((char *) strInput)/2+1, sizeof (*strDecrypted)); +	uint32_t *iDecrypt = (uint32_t *) strDecrypted; +	unsigned char shift = INITIAL_SHIFT; +	unsigned char intsDecoded = 0; +	unsigned char j; +	/* blowfish blocks, 32-bit */ +	uint32_t f, l, r, lrExchange; + +	while (*strInput != '\0') { +		/* hex-decode string */ +		if (*strInput >= '0' && *strInput <= '9') { +			*iDecrypt |= (*strInput & 0x0f) << shift; +		} else if (*strInput >= 'a' && *strInput <= 'f') { +			/* 0xa (hex) = 10 (decimal), 'a' & 0x0f == 1 => +9 */ +			*iDecrypt |= ((*strInput+9) & 0x0f) << shift; +		} +		if (shift > 0) { +			shift -= SHIFT_DEC; +		} else { +			shift = INITIAL_SHIFT; +			/* initialize next dword */ +			*(++iDecrypt) = 0; +			++intsDecoded;  		} -	} -	*retArrInts = arrInts; -	*retArrIntsN = neededStrLen / 4; -} -/*	encipher ints; reverse engineered from pandora flash client - *	@param encipher this - *	@param how many ints - *	@param returns crypted ints; memory is allocated by this function - */ -void PianoEncipherInts (const unsigned int *plainInts, size_t plainIntsN, -		unsigned int **retCipherInts) { -	unsigned int *cipherInts = calloc (plainIntsN, sizeof (*cipherInts)); -	size_t i, j; -	unsigned int f, l, r, lrExchange; - -		for (i = 0; i < plainIntsN; i+=2) { -			l = plainInts [i]; -			r = plainInts [i+1]; -			 -			for (j = 0; j < out_key_n; j++) { -				l ^= out_key_p[j]; - -				f = out_key_s[0][(l >> 24) & 0xff] + -						out_key_s [1][(l >> 16) & 0xff]; -				f ^= out_key_s [2][(l >> 8) & 0xff]; -				f += out_key_s [3][l & 0xff]; +		/* two 32-bit hex-decoded boxes available => blowfish decrypt */ +		if (intsDecoded == 2) { +			l = *(iDecrypt-2); +			r = *(iDecrypt-1); + +			for (j = in_key_n + 1; j > 1; --j) { +				l ^= in_key_p [j]; +				 +				f = in_key_s [0][(l >> 24) & 0xff] + +						in_key_s [1][(l >> 16) & 0xff]; +				f ^= in_key_s [2][(l >> 8) & 0xff]; +				f += in_key_s [3][l & 0xff];  				r ^= f;  				/* exchange l & r */  				lrExchange = l;  				l = r;  				r = lrExchange;  			} -			/* exchange l & r again */ +			/* exchange l & r */  			lrExchange = l;  			l = r;  			r = lrExchange; -			r ^= out_key_p [out_key_n]; -			l ^= out_key_p [out_key_n+1]; -			cipherInts [i] = l; -			cipherInts [i+1] = r; -		} -	*retCipherInts = cipherInts; -} +			r ^= in_key_p [1]; +			l ^= in_key_p [0]; -/*	int array to hex-encoded string - *	@param int array - *	@param size of array - *	@return string; memory is allocated here, don't forget to free it - */ -char *PianoIntsToHexString (const unsigned int *arrInts, size_t arrIntsN) { -	/* 4 bytes as hex (= 8 chars) */ -	char *hexStr = calloc (arrIntsN * 4 * 2 + 1, sizeof (*hexStr)); -	size_t i, writePos; -	unsigned char *intMap = (unsigned char *) arrInts; -	size_t intMapN = arrIntsN * sizeof (*arrInts); - -	for (i = 0; i < intMapN; i++) { -		writePos = i + (4 - (i % 4) * 2) - 1; -		/* we need to swap the bytes again */ -		hexStr[writePos*2] = (intMap[i] & 0xf0) < 0xa0 ? (intMap[i] >> 4) + -				'0' : (intMap[i] >> 4) + 'a' - 10; -		hexStr[writePos*2+1] = (intMap[i] & 0x0f) < 0x0a ? (intMap[i] & 0x0f) + -				'0' : (intMap[i] & 0x0f) + 'a' - 10; +			*(iDecrypt-2) = byteswap32 (l); +			*(iDecrypt-1) = byteswap32 (r); + +			intsDecoded = 0; +		} +		++strInput;  	} -	return hexStr; + +	return strDecrypted;  } +#undef INITIAL_SHIFT +#undef SHIFT_DEC -/*	blowfish-encrypt string; used before sending xml to server +/*	blowfish-encrypt/hex-encode string   *	@param encrypt this   *	@return encrypted, hex-encoded string   */ -char *PianoEncryptString (const char *strInput) { -	unsigned int *plainInts, *cipherInts; -	size_t plainIntsN; -	char *strHex; +unsigned char *PianoEncryptString (const unsigned char *strInput) { +	size_t strInputN = strlen ((char *) strInput); +	/* num of 64-bit blocks, rounded to next block */ +	size_t blockN = strInputN / 8 + 1; +	uint32_t *blockInput = calloc (blockN*2, sizeof (*blockInput)), *blockPtr = blockInput; +	/* encryption blocks */ +	uint32_t f, lrExchange; +	register uint32_t l, r; +	/* output string */ +	unsigned char *strHex = calloc (blockN*8*2 + 1, sizeof (*strHex)), *hexPtr = strHex; +	const char *hexmap = "0123456789abcdef"; +	size_t i; -	PianoBytesToInts (strInput, &plainInts, &plainIntsN); -	PianoEncipherInts (plainInts, plainIntsN, &cipherInts); -	strHex = PianoIntsToHexString (cipherInts, plainIntsN); +	memcpy (blockInput, strInput, strInputN); + +	while (blockN > 0) { +		l = byteswap32 (*blockPtr); +		r = byteswap32 (*(blockPtr+1)); +		 +		/* encrypt blocks */ +		for (i = 0; i < out_key_n; i++) { +			l ^= out_key_p[i]; + +			f = out_key_s[0][(l >> 24) & 0xff] + +					out_key_s[1][(l >> 16) & 0xff]; +			f ^= out_key_s[2][(l >> 8) & 0xff]; +			f += out_key_s[3][l & 0xff]; +			r ^= f; +			/* exchange l & r */ +			lrExchange = l; +			l = r; +			r = lrExchange; +		} +		/* exchange l & r again */ +		lrExchange = l; +		l = r; +		r = lrExchange; +		r ^= out_key_p [out_key_n]; +		l ^= out_key_p [out_key_n+1]; + +		/* swap bytes again... */ +		l = byteswap32 (l); +		r = byteswap32 (r); + +		/* hex-encode encrypted blocks */ +		for (i = 0; i < 4; i++) { +			*hexPtr++ = hexmap[(l & 0xf0) >> 4]; +			*hexPtr++ = hexmap[l & 0x0f]; +			l >>= 8; +		} +		for (i = 0; i < 4; i++) { +			*hexPtr++ = hexmap[(r & 0xf0) >> 4]; +			*hexPtr++ = hexmap[r & 0x0f]; +			r >>= 8; +		} + +		/* two! 32-bit blocks encrypted (l & r) */ +		blockPtr += 2; +		--blockN; +	} -	PianoFree (plainInts, plainIntsN * sizeof (*plainInts)); -	PianoFree (cipherInts, plainIntsN * sizeof (*cipherInts)); +	PianoFree (blockInput, 0);  	return strHex;  } | 
