1 /* IPSec VPN client compatible with Cisco equipment.
2 Copyright (C) 2004-2007 Maurice Massar
3 A bit reorganized in 2007 by Wolfram Sang
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
19 $Id: decrypt-utils.c 312 2008-06-15 18:09:42Z Joerg Mayer $
20 */
21
22 #define _GNU_SOURCE
23
24 #include <inttypes.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28 #include <errno.h>
29
30 #include <gcrypt.h>
31
32 #include "decrypt-utils.h"
33
34
hex2bin_c(unsigned int c)35 static int hex2bin_c(unsigned int c)
36 {
37 if ((c >= '0')&&(c <= '9'))
38 return c - '0';
39 if ((c >= 'A')&&(c <= 'F'))
40 return c - 'A' + 10;
41 if ((c >= 'a')&&(c <= 'f'))
42 return c - 'a' + 10;
43 return -1;
44 }
45
hex2bin(const char * str,char ** bin,int * len)46 int hex2bin(const char *str, char **bin, int *len)
47 {
48 char *p;
49 int i, l;
50
51 if (!bin)
52 return EINVAL;
53
54 for (i = 0; str[i] != '\0'; i++)
55 if (hex2bin_c(str[i]) == -1)
56 return EINVAL;
57
58 l = i;
59 if ((l & 1) != 0)
60 return EINVAL;
61 l /= 2;
62
63 p = malloc(l);
64 if (p == NULL)
65 return ENOMEM;
66
67 for (i = 0; i < l; i++)
68 p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);
69
70 *bin = p;
71 if (len)
72 *len = l;
73
74 return 0;
75 }
76
deobfuscate(char * ct,int len,const char ** resp,char * reslenp)77 int deobfuscate(char *ct, int len, const char **resp, char *reslenp)
78 {
79 const char *h1 = ct;
80 const char *h4 = ct + 20;
81 const char *enc = ct + 40;
82
83 char ht[20], h2[20], h3[20], key[24];
84 const char *iv = h1;
85 char *res;
86 gcry_cipher_hd_t ctx;
87 int reslen;
88
89 if (len < 48)
90 return -1;
91 len -= 40;
92
93 memcpy(ht, h1, 20);
94
95 ht[19]++;
96 gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);
97
98 ht[19] += 2;
99 gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);
100
101 memcpy(key, h2, 20);
102 memcpy(key+20, h3, 4);
103 /* who cares about parity anyway? */
104
105 gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);
106
107 if (memcmp(h4, ht, 20) != 0)
108 return -1;
109
110 res = malloc(len);
111 if (res == NULL)
112 return -1;
113
114 gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
115 gcry_cipher_setkey(ctx, key, 24);
116 gcry_cipher_setiv(ctx, iv, 8);
117 gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
118 gcry_cipher_close(ctx);
119
120 reslen = len - res[len-1];
121 res[reslen] = '\0';
122
123 if (resp)
124 *resp = res;
125 if (reslenp)
126 *reslenp = reslen;
127 return 0;
128 }
129