1 /* IPSec VPN client compatible with Cisco equipment.
2    Copyright (C) 2004-2007 Maurice Massar
3    A bit reorganized in 2007 by Wolfram Sang
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License as published by
7    the Free Software Foundation; either version 2 of the License, or
8    (at your option) any later version.
9 
10    This program is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13    GNU General Public License for more details.
14 
15    You should have received a copy of the GNU General Public License
16    along with this program; if not, write to the Free Software
17    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18 
19    $Id: decrypt-utils.c 312 2008-06-15 18:09:42Z Joerg Mayer $
20 */
21 
22 #define _GNU_SOURCE
23 
24 #include <inttypes.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28 #include <errno.h>
29 
30 #include <gcrypt.h>
31 
32 #include "decrypt-utils.h"
33 
34 
hex2bin_c(unsigned int c)35 static int hex2bin_c(unsigned int c)
36 {
37 	if ((c >= '0')&&(c <= '9'))
38 		return c - '0';
39 	if ((c >= 'A')&&(c <= 'F'))
40 		return c - 'A' + 10;
41 	if ((c >= 'a')&&(c <= 'f'))
42 		return c - 'a' + 10;
43 	return -1;
44 }
45 
hex2bin(const char * str,char ** bin,int * len)46 int hex2bin(const char *str, char **bin, int *len)
47 {
48 	char *p;
49 	int i, l;
50 
51 	if (!bin)
52 		return EINVAL;
53 
54 	for (i = 0; str[i] != '\0'; i++)
55 		if (hex2bin_c(str[i]) == -1)
56 			return EINVAL;
57 
58 	l = i;
59 	if ((l & 1) != 0)
60 		return EINVAL;
61 	l /= 2;
62 
63 	p = malloc(l);
64 	if (p == NULL)
65 		return ENOMEM;
66 
67 	for (i = 0; i < l; i++)
68 		p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);
69 
70 	*bin = p;
71 	if (len)
72 		*len = l;
73 
74 	return 0;
75 }
76 
deobfuscate(char * ct,int len,const char ** resp,char * reslenp)77 int deobfuscate(char *ct, int len, const char **resp, char *reslenp)
78 {
79 	const char *h1  = ct;
80 	const char *h4  = ct + 20;
81 	const char *enc = ct + 40;
82 
83 	char ht[20], h2[20], h3[20], key[24];
84 	const char *iv = h1;
85 	char *res;
86 	gcry_cipher_hd_t ctx;
87 	int reslen;
88 
89 	if (len < 48)
90 		return -1;
91 	len -= 40;
92 
93 	memcpy(ht, h1, 20);
94 
95 	ht[19]++;
96 	gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);
97 
98 	ht[19] += 2;
99 	gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);
100 
101 	memcpy(key, h2, 20);
102 	memcpy(key+20, h3, 4);
103 	/* who cares about parity anyway? */
104 
105 	gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);
106 
107 	if (memcmp(h4, ht, 20) != 0)
108 		return -1;
109 
110 	res = malloc(len);
111 	if (res == NULL)
112 		return -1;
113 
114 	gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
115 	gcry_cipher_setkey(ctx, key, 24);
116 	gcry_cipher_setiv(ctx, iv, 8);
117 	gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
118 	gcry_cipher_close(ctx);
119 
120 	reslen = len - res[len-1];
121 	res[reslen] = '\0';
122 
123 	if (resp)
124 		*resp = res;
125 	if (reslenp)
126 		*reslenp = reslen;
127 	return 0;
128 }
129