1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
/* RequiredLibraries: ssl,crypto */
/* RequiredWindowsLibraries: ssleay32,libeay32 */
#include "module.h"
#include "modules/sasl.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/aes.h>
using namespace SASL;
class DHAES : public Mechanism
{
void Err(Session* sess, BIGNUM* key = NULL)
{
if (key)
BN_free(key);
sasl->Fail(sess);
delete sess;
}
public:
struct DHAESSession : SASL::Session
{
DH* dh;
DHAESSession(Mechanism *m, const Anope::string &u, DH* dh_params) : SASL::Session(m, u)
{
if (!(dh = DH_new()))
return;
dh->g = BN_dup(dh_params->g);
dh->p = BN_dup(dh_params->p);
if (!DH_generate_key(dh))
{
DH_free(dh);
dh = NULL;
}
}
~DHAESSession()
{
if (dh)
DH_free(dh);
}
};
DH* dh_params;
const size_t keysize;
SASL::Session* CreateSession(const Anope::string &uid) override
{
return new DHAESSession(this, uid, dh_params);
}
DHAES(Module *o) : Mechanism(o, "DH-AES"), keysize(256 / 8)
{
if (!(dh_params = DH_new()))
throw ModuleException("DH_new() failed!");
if (!DH_generate_parameters_ex(dh_params, keysize * 8, 5, NULL))
{
DH_free(dh_params);
throw ModuleException("Could not generate DH-params");
}
}
~DHAES()
{
DH_free(dh_params);
}
void ProcessMessage(SASL::Session *session, const SASL::Message &m) override
{
DHAESSession *sess = anope_dynamic_static_cast<DHAESSession *>(session);
if (!sess->dh)
{
sasl->SendMessage(sess, "D", "A");
delete sess;
return;
}
if (m.type == "S")
{
// Format: [ss]<p>[ss]<g>[ss]<pub_key>
// Where ss is a unsigned short with the size of the key
const BIGNUM* dhval[] = { sess->dh->p, sess->dh->g, sess->dh->pub_key };
// Find the size of our buffer - initialized at 6 because of string size data
size_t size = 6;
for (size_t i = 0; i < 3; i++)
size += BN_num_bytes(dhval[i]);
// Fill in the DH data
std::vector<unsigned char> buffer(size);
for (size_t i = 0, pos = 0; i < 3; i++)
{
*reinterpret_cast<uint16_t*>(&buffer[pos]) = htons(BN_num_bytes(dhval[i]));
pos += 2;
BN_bn2bin(dhval[i], &buffer[pos]);
pos += BN_num_bytes(dhval[i]);
}
Anope::string encoded;
Anope::B64Encode(Anope::string(buffer.begin(), buffer.end()), encoded);
sasl->SendMessage(sess, "C", encoded);
}
else if (m.type == "C")
{
// Make sure we have some data - actual size check is done later
if (m.data.length() < 10)
return Err(sess);
// Format: [ss]<key>[ss]<iv>[ss]<encrypted>
// <encrypted> = <username>\0<password>\0
Anope::string decoded;
Anope::B64Decode(m.data, decoded);
// Make sure we have an IV and at least one encrypted block
if ((decoded.length() < keysize + 2 + (AES_BLOCK_SIZE * 2)) || ((decoded.length() - keysize - 2) % AES_BLOCK_SIZE))
return Err(sess);
const unsigned char* data = reinterpret_cast<const unsigned char*>(decoded.data());
// Control the size of the key
if (ntohs(*reinterpret_cast<const uint16_t*>(&data[0])) != keysize)
return Err(sess);
// Convert pubkey from binary
size_t pos = 2;
BIGNUM* pubkey = BN_bin2bn(&data[pos], keysize, NULL);
if (!pubkey)
return Err(sess);
// Find shared key
std::vector<unsigned char> secretkey(keysize);
if (DH_compute_key(&secretkey[0], pubkey, sess->dh) != static_cast<int>(keysize))
return Err(sess, pubkey);
// Set decryption key
AES_KEY AESKey;
AES_set_decrypt_key(&secretkey[0], keysize * 8, &AESKey);
// Fetch IV
pos += keysize;
std::vector<unsigned char> IV(data + pos, data + pos + AES_BLOCK_SIZE);
// Find encrypted blocks, and decrypt
pos += AES_BLOCK_SIZE;
size_t size = decoded.length() - pos;
std::vector<char> decrypted(size + 2, 0);
AES_cbc_encrypt(&data[pos], reinterpret_cast<unsigned char*>(&decrypted[0]), size, &AESKey, &IV[0], AES_DECRYPT);
std::string username = &decrypted[0];
std::string password = &decrypted[username.length() + 1];
if (username.empty() || password.empty() || !IRCD->IsNickValid(username) || password.find_first_of("\r\n") != Anope::string::npos)
return Err(sess, pubkey);
SASL::IdentifyRequest* req = new SASL::IdentifyRequest(this->owner, m.source, username, password);
EventManager::Get()->Dispatch(&Event::CheckAuthentication::OnCheckAuthentication, nullptr, req);
req->Dispatch();
BN_free(pubkey);
}
}
};
class ModuleSASLDHAES : public Module
{
DHAES dhaes;
public:
ModuleSASLDHAES(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, VENDOR | EXTRA)
, dhaes(this)
{
}
};
MODULE_INIT(ModuleSASLDHAES)
|
