1 //
2 // aegis - project change supervisor
3 // Copyright (C) 2004-2006, 2008 Peter Miller
4 //
5 // This program is free software; you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation; either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // This program is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with this program. If not, see
17 // <http://www.gnu.org/licenses/>.
18 //
19 // Taken from cvs-1.12.5/src/scramble.c...
20 //
21
22 #include <common/nstring/accumulator.h>
23 #include <aecvsserver/scramble.h>
24
25 //
26 // Trivially encode strings to protect them from innocent eyes (i.e.,
27 // inadvertent password compromises, like a network administrator
28 // who's watching packets for legitimate reasons and accidentally sees
29 // the password protocol go by).
30 //
31 // This is NOT secure encryption.
32 //
33 // It would be tempting to encode the password according to username
34 // and repository, so that the same password would encode to a
35 // different string when used with different usernames and/or
36 // repositories. However, then users would not be able to cut and
37 // paste passwords around. They're not supposed to anyway, but we all
38 // know they will, and there's no reason to make it harder for them if
39 // we're not trying to provide real security anyway.
40 //
41
42 //
43 // Map characters to each other randomly and symmetrically, A <--> B.
44 //
45 // We divide the ASCII character set into 3 domains: control chars (0
46 // thru 31), printing chars (32 through 126), and "meta"-chars (127
47 // through 255). The control chars map _to_ themselves, the printing
48 // chars map _among_ themselves, and the meta chars map _among_
49 // themselves. Why is this thus?
50 //
51 // No character in any of these domains maps to a character in another
52 // domain, because I'm not sure what characters are valid in
53 // passwords, or what tools people are likely to use to cut and paste
54 // them. It seems prudent not to introduce control or meta chars,
55 // unless the user introduced them first. And having the control
56 // chars all map to themselves insures that newline and
57 // carriage-return are safely handled.
58 //
59
60 static const unsigned char shifts[] =
61 {
62 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
63 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
64 114,120, 53, 79, 96,109, 72,108, 70, 64, 76, 67,116, 74, 68, 87,
65 111, 52, 75,119, 49, 34, 82, 81, 95, 65,112, 86,118,110,122,105,
66 41, 57, 83, 43, 46,102, 40, 89, 38,103, 45, 50, 42,123, 91, 35,
67 125, 55, 54, 66,124,126, 59, 47, 92, 71,115, 78, 88,107,106, 56,
68 36,121,117,104,101,100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
69 58,113, 32, 90, 44, 98, 60, 51, 33, 97, 62, 77, 84, 80, 85,223,
70 225,216,187,166,229,189,222,188,141,249,148,200,184,136,248,190,
71 199,170,181,204,138,232,218,183,255,234,220,247,213,203,226,193,
72 174,172,228,252,217,201,131,230,197,211,145,238,161,179,160,212,
73 207,221,254,173,202,146,224,151,140,196,205,130,135,133,143,246,
74 192,159,244,239,185,168,215,144,139,165,180,157,147,186,214,176,
75 227,231,219,169,175,156,206,198,129,164,150,210,154,177,134,127,
76 182,128,158,208,162,132,167,209,149,241,153,251,237,236,171,195,
77 243,233,253,240,194,250,191,155,142,137,245,235,163,242,178,152
78 };
79
80
81 //
82 // SCRAMBLE and DESCRAMBLE work like this:
83 //
84 // scramble(STR) returns SCRM, a scrambled copy of STR. SCRM[0] is a
85 // single letter indicating the scrambling method. As of this
86 // writing, the only valid method is 'A', but check the code for more
87 // up-to-date information. The copy will have been allocated with
88 // xmalloc().
89 //
90 // descramble(SCRM) returns STR, again in its own xmalloc'd space.
91 // descramble() uses SCRM[0] to determine which method of unscrambling
92 // to use. If it does not recognize the method, it dies with error.
93 //
94
95 nstring
scramble(const nstring & str)96 scramble(const nstring &str)
97 {
98 //
99 // The 'A' prefix that indicates which version of scrambling this is
100 // (the first, obviously, since we only do one kind of scrambling so
101 // far).
102 //
103 nstring_accumulator buffer;
104 buffer.push_back('A');
105 for (size_t j = 0; j < str.size(); j++)
106 buffer.push_back(shifts[(unsigned char)(str[j])]);
107 return buffer.mkstr();
108 }
109
110
111 nstring
descramble(const nstring & str)112 descramble(const nstring &str)
113 {
114 //
115 // For now we can only handle one kind of scrambling. In the future
116 // there may be other kinds, and this `if' will become a `switch'.
117 //
118 if (str[0] != 'A')
119 return str;
120
121 //
122 // Skip the 'A' prefix that indicates which version of scrambling
123 // this is (the first, obviously, since we only do one kind of
124 // scrambling so far).
125 //
126 nstring_accumulator buffer;
127 for (size_t j = 1; j < str.size(); j++)
128 buffer.push_back(shifts[(unsigned char)(str[j])]);
129 return buffer.mkstr();
130 }
131