diff options
-rw-r--r-- | AUTHORS | 1 | ||||
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | doc/de/autogen/user/irc_options.txt | 4 | ||||
-rw-r--r-- | doc/de/autogen/user/weechat_commands.txt | 62 | ||||
-rw-r--r-- | doc/de/weechat_user.de.txt | 19 | ||||
-rw-r--r-- | doc/en/autogen/user/irc_options.txt | 4 | ||||
-rw-r--r-- | doc/en/weechat_user.en.txt | 15 | ||||
-rw-r--r-- | doc/fr/autogen/user/irc_options.txt | 4 | ||||
-rw-r--r-- | doc/fr/weechat_user.fr.txt | 14 | ||||
-rw-r--r-- | doc/it/autogen/user/irc_options.txt | 4 | ||||
-rw-r--r-- | doc/it/weechat_user.it.txt | 17 | ||||
-rw-r--r-- | doc/ja/autogen/user/irc_options.txt | 4 | ||||
-rw-r--r-- | doc/ja/weechat_user.ja.txt | 17 | ||||
-rw-r--r-- | po/cs.po | 6 | ||||
-rw-r--r-- | po/de.po | 44 | ||||
-rw-r--r-- | po/es.po | 7 | ||||
-rw-r--r-- | po/fr.po | 11 | ||||
-rw-r--r-- | po/hu.po | 6 | ||||
-rw-r--r-- | po/it.po | 7 | ||||
-rw-r--r-- | po/ja.po | 7 | ||||
-rw-r--r-- | po/pl.po | 7 | ||||
-rw-r--r-- | po/pt_BR.po | 6 | ||||
-rw-r--r-- | po/ru.po | 6 | ||||
-rw-r--r-- | po/weechat.pot | 6 | ||||
-rw-r--r-- | src/plugins/irc/irc-config.c | 5 | ||||
-rw-r--r-- | src/plugins/irc/irc-protocol.c | 9 | ||||
-rw-r--r-- | src/plugins/irc/irc-sasl.c | 260 | ||||
-rw-r--r-- | src/plugins/irc/irc-sasl.h | 4 |
28 files changed, 386 insertions, 173 deletions
@@ -26,6 +26,7 @@ Alphabetically: * Dmitry Kobylin * Dominik Honnef * Elián Hanisch (m4v) +* Elizabeth Myers (Elizacat) * Frank Zacharias * Gu1ll4um3r0m41n * gwenn @@ -1,7 +1,7 @@ WeeChat ChangeLog ================= Sébastien Helleu <flashcode@flashtux.org> -v0.4.1-dev, 2013-04-29 +v0.4.1-dev, 2013-05-01 This document lists all changes for each version. @@ -55,6 +55,7 @@ Version 0.4.1 (under dev!) list with arguments inside), guile >= 2.0 is now required (bug #38350) * guile: fix crash on calls to callbacks during load of script (bug #38343) * guile: fix compilation with guile 2.0 +* irc: add support of "dh-aes" SASL mechanism (patch #8020) * irc: fix duplicate nick completion when someone rejoins the channel with same nick but a different case (bug #38841) * irc: add support of UHNAMES (capability "userhost-in-names") (task #9353) diff --git a/doc/de/autogen/user/irc_options.txt b/doc/de/autogen/user/irc_options.txt index 6a5163b1d..7c758ce39 100644 --- a/doc/de/autogen/user/irc_options.txt +++ b/doc/de/autogen/user/irc_options.txt @@ -519,9 +519,9 @@ ** Werte: beliebige Zeichenkette (Standardwert: `""`) * [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism* -** Beschreibung: `Verfahren welches bei einer SASL Authentifizierung angewandt werden soll: "plain" Passwort liegt in Klartext vor, "dh-blowfish" Passwort wird verschlüsselt, "external" SSL Zertifikat welches auf Client Seite vorliegt` +** Beschreibung: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert` ** Typ: integer -** Werte: plain, dh-blowfish, external (Standardwert: `plain`) +** Werte: plain, dh-blowfish, dh-aes, external (Standardwert: `plain`) * [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password* ** Beschreibung: `Passwort für SASL Authentifizierung` diff --git a/doc/de/autogen/user/weechat_commands.txt b/doc/de/autogen/user/weechat_commands.txt index b149b0cbd..069ae11e6 100644 --- a/doc/de/autogen/user/weechat_commands.txt +++ b/doc/de/autogen/user/weechat_commands.txt @@ -207,40 +207,40 @@ infolists: zeigt Information über die Infolists an /eval [-n] <expression> [-n] <expression1> <operator> <expression2> - -n: display result without sending it to buffer (debug mode) -expression: expression to evaluate, variables with format ${variable} are replaced (see below) - operator: a logical or comparison operator: - - logical operators: - && boolean "and" - || boolean "or" - - comparison operators: - == equal - != not equal - <= less or equal - < less - >= greater or equal - > greater - =~ is matching regex - !~ is NOT matching regex - -An expression is considered as "true" if it is not NULL, not empty, and different from "0". -The comparison is made using integers if the two expressions are valid integers. -To force a string comparison, add double quotes around each expression, for example: + -n: zeigt das Ergebnis an, ohne dieses in den Buffer zu schreiben (debug Modus) +expression: Ausdruck welcher verarbeitet werden soll. Variablen im Format ${variable} werden ersetzt (siehe unten) + operator: ein logischer oder vergleichender Operand: + - logische Operanden: + && boolean "und" + || boolean "oder" + - vergleichende Operanden: + == gleich + != ungleich + <= kleiner oder gleich + < kleiner + >= größer oder gleich + > größer + =~ stimmt mit regulärem Ausdruck überein + !~ stimmt NICHT mit regulärem Ausdruck überein + +Ein Ausdruck gilt als "wahr", sofern das Ergebnis nicht NULL, nicht leer und von "0" abweichend ist. +Der Vergleich findet zwischen zwei Integer statt, sofern die beiden Ausdrücke gültige Integer-Werte sind. +Um einen Vergleich zwischen zwei Zeichenketten zu erzwingen, müssen die Ausdrücke in Anführungszeichen gesetzt werden, zum Beispiel: 50 > 100 ==> 0 "50" > "100" ==> 1 -Some variables are replaced in expression, using the format ${variable}, variable can be, by order of priority : - 1. the name of an option (file.section.option) - 2. the name of a local variable in buffer - 3. a hdata name/variable (the value is automatically converted to string), by default "window" and "buffer" point to current window/buffer. -Format for hdata can be one of following: - hdata.var1.var2...: start with a hdata (pointer must be known), and ask variables one after one (other hdata can be followed) - hdata[list].var1.var2...: start with a hdata using a list, for example: - ${buffer[gui_buffers].full_name}: full name of first buffer in linked list of buffers - ${plugin[weechat_plugins].name}: name of first plugin in linked list of plugins -For name of hdata and variables, please look at "Plugin API reference", function "weechat_hdata_get". - -Examples: +Einige Variablen werden im Ausdruck, mittels der Formatierung ${Variable}, ersetzt. Mögliche Variablen sind, nach Reihenfolge ihrer Priorität: + 1. der Name einer Option (file.section.option) + 2. der Name der lokalen Variablen für Buffer + 3. ein hdata Name/Variable (der Wert wird automatisch als Zeichenkette konvertiert), Standardmäßig wird für "window" und "buffer" das aktuelle Fenster/Buffer verwendet. +Das Format für hdata: + hdata.var1.var2...: startet mit hdata (der Pointer muss bekannt sein) und fragt eine Variable nach der anderen ab (weitere hdata können folgen) + hdata[list].var1.var2...: startet hdata mittels einer Liste, zum Beispiel: + ${buffer[gui_buffers].full_name}: der vollständige Name des ersten Buffers, in der verknüpften Liste aller Buffer + ${plugin[weechat_plugins].name}: Name der ersten Erweiterung, in der verknüpften Liste aller Erweiterungen +Die vorhandenen Namen für hdata und Variablen sind in der "Anleitung für API Erweiterung", Bereich "weechat_hdata_get". beschrieben + +Beispiele: /eval -n ${weechat.look.scroll_amount} ==> 3 /eval -n ${window} ==> 0x2549aa0 /eval -n ${window.buffer} ==> 0x2549320 diff --git a/doc/de/weechat_user.de.txt b/doc/de/weechat_user.de.txt index 0c7854ac2..51480e149 100644 --- a/doc/de/weechat_user.de.txt +++ b/doc/de/weechat_user.de.txt @@ -91,7 +91,8 @@ welche Pakete optional genutzt werden können. | libncursesw5-dev ^(2)^ | | *ja* | ncurses Oberfläche | libcurl4-gnutls-dev | | *ja* | URL Transfer | zlib1g-dev | | *ja* | Kompression für Pakete, die mittels Relay- (WeeChat Protokoll), Script-Erweiterung übertragen werden -| libgcrypt11-dev | | *ja* | SASL Authentifikation am IRC Server mittels DH-BLOWFISH Methode, Script-Erweiterung +// TRANSLATION MISSING +| libgcrypt11-dev | | *ja* | IRC SASL authentication (DH-BLOWFISH/DH-AES), Script-Erweiterung | libgnutls-dev | ≥ 2.2.0 | | SSL Verbindung zu einem IRC Server, Unterstützung von SSL in der Relay-Erweiterung | gettext | | | Internationalisierung (Übersetzung der Mitteilungen; Hauptsprache ist englisch) | ca-certificates | | | Zertifikate für SSL Verbindungen @@ -1834,14 +1835,20 @@ Für weiterreichende Informationen lesen Sie bitte: http://www.oftc.net/oftc/Nic SASL Authentifizierung ^^^^^^^^^^^^^^^^^^^^^^ -WeeChat unterstützt drei mögliche Verfahren bei einer SASL Authentifikation: -"plain" (Passwort liegt in Klarschrift vor), "dh-blowfish" (Passwort wird verschlüsselt) -oder "external" (SSL Zertifikat welches auf Client Seite vorliegt) +// TRANSLATION MISSING +WeeChat supports SASL authentication, using different mechanisms: + +* 'plain': Passwort liegt in Klarschrift vor +// TRANSLATION MISSING +* 'dh-blowfish': blowfish encrypted password +// TRANSLATION MISSING +* 'dh-aes': AES encrypted password +* 'external': SSL Zertifikat welches auf Client Seite vorliegt Optionen für Server sind: -* 'sasl_mechanism': Mechanismus welcher genutzt werden soll ("plain", - "dh-blowfish" oder "external") +// TRANSLATION MISSING +* 'sasl_mechanism': Mechanismus welcher genutzt werden soll (see above) * 'sasl_timeout': Zeitüberschreitung für Authentifizierung (in Sekunden) * 'sasl_username': Username (Nickname) * 'sasl_password': Passwort diff --git a/doc/en/autogen/user/irc_options.txt b/doc/en/autogen/user/irc_options.txt index 395ecceea..11ab1ba60 100644 --- a/doc/en/autogen/user/irc_options.txt +++ b/doc/en/autogen/user/irc_options.txt @@ -519,9 +519,9 @@ ** values: any string (default value: `""`) * [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism* -** description: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for crypted password, "external" for authentication using client side SSL cert` +** description: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert` ** type: integer -** values: plain, dh-blowfish, external (default value: `plain`) +** values: plain, dh-blowfish, dh-aes, external (default value: `plain`) * [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password* ** description: `password for SASL authentication` diff --git a/doc/en/weechat_user.en.txt b/doc/en/weechat_user.en.txt index c455c0149..335196542 100644 --- a/doc/en/weechat_user.en.txt +++ b/doc/en/weechat_user.en.txt @@ -91,7 +91,7 @@ compile WeeChat. | libncursesw5-dev ^(2)^ | | *yes* | ncurses interface | libcurl4-gnutls-dev | | *yes* | URL transfer | zlib1g-dev | | *yes* | compression of packets in relay plugin (weechat protocol), script plugin -| libgcrypt11-dev | | *yes* | SASL authentication with IRC server using DH-BLOWFISH mechanism, script plugin +| libgcrypt11-dev | | *yes* | IRC SASL authentication (DH-BLOWFISH/DH-AES), script plugin | libgnutls-dev | ≥ 2.2.0 | | SSL connection to IRC server, support of SSL in relay plugin | gettext | | | internationalization (translation of messages; base language is English) | ca-certificates | | | certificates for SSL connections @@ -1800,13 +1800,16 @@ For more information, look at http://www.oftc.net/oftc/NickServ/CertFP SASL authentication ^^^^^^^^^^^^^^^^^^^ -WeeChat supports SASL authentication, using three mechanisms: "plain" (plain -text password), "dh-blowfish" (encrypted password) or "external" (client side -SSL cert). +WeeChat supports SASL authentication, using different mechanisms: + +* 'plain': plain text password +* 'dh-blowfish': blowfish encrypted password +* 'dh-aes': AES encrypted password +* 'external': client side SSL cert Options in servers are: -* 'sasl_mechanism': mechanism to use ("plain", "dh-blowfish" or "external") +* 'sasl_mechanism': mechanism to use (see above) * 'sasl_timeout': timeout (in seconds) for authentication * 'sasl_username': username (nick) * 'sasl_password': password @@ -1819,7 +1822,7 @@ If you want to use "dh-blowfish" by default for all servers: [NOTE] The "gcrypt" library is required when compiling WeeChat in order to use -"dh-blowfish" mechanism (see <<dependencies,dependencies>>). +"dh-blowfish" and "dh-aes" mechanisms (see <<dependencies,dependencies>>). [[irc_tor_freenode]] Connect to Freenode with TOR/SASL diff --git a/doc/fr/autogen/user/irc_options.txt b/doc/fr/autogen/user/irc_options.txt index c2f4703b6..d53910856 100644 --- a/doc/fr/autogen/user/irc_options.txt +++ b/doc/fr/autogen/user/irc_options.txt @@ -519,9 +519,9 @@ ** valeurs: toute chaîne (valeur par défaut: `""`) * [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism* -** description: `mécanisme pour l'authentification SASL: "plain" pour un mot de passe en clair, "dh-blowfish" pour un mot de passe chiffré, "external" pour une authentification en utilisant un certificat SSL côté client` +** description: `mécanisme pour l'authentification SASL: "plain" pour un mot de passe en clair, "dh-blowfish" pour un mot de passe chiffré avec blowfish, "dh-aes" pour un mot de passe chiffré avec AES, "external" pour une authentification en utilisant un certificat SSL côté client` ** type: entier -** valeurs: plain, dh-blowfish, external (valeur par défaut: `plain`) +** valeurs: plain, dh-blowfish, dh-aes, external (valeur par défaut: `plain`) * [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password* ** description: `mot de passe pour l'authentification SASL` diff --git a/doc/fr/weechat_user.fr.txt b/doc/fr/weechat_user.fr.txt index bd1d8279a..8edc9b19f 100644 --- a/doc/fr/weechat_user.fr.txt +++ b/doc/fr/weechat_user.fr.txt @@ -93,7 +93,7 @@ compiler WeeChat. | libncursesw5-dev ^(2)^ | | *oui* | interface ncurses | libcurl4-gnutls-dev | | *oui* | transfert d'URL | zlib1g-dev | | *oui* | compression des paquets dans l'extension relay (protocole weechat), extension script -| libgcrypt11-dev | | *oui* | authentification SASL avec le serveur IRC, en utilisant le mécanisme DH-BLOWFISH, extension script +| libgcrypt11-dev | | *oui* | authentification IRC SASL (DH-BLOWFISH/DH-AES), extension script | libgnutls-dev | ≥ 2.2.0 | | connexion SSL au serveur IRC, support SSL dans l'extension relay | gettext | | | internationalisation (traduction des messages; la langue de base est l'anglais) | ca-certificates | | | certificats pour les connexions SSL @@ -1863,13 +1863,17 @@ Pour plus d'informations, consulter http://www.oftc.net/oftc/NickServ/CertFP Authentification avec SASL ^^^^^^^^^^^^^^^^^^^^^^^^^^ -WeeChat supporte l'authentification avec SASL, en utilisant trois mécanismes : -"plain" (mot de passe en clair), "dh-blowfish" (mot de passe chiffré) ou -"external" (certificat SSL côté client). +WeeChat supporte l'authentification avec SASL, en utilisant différents +mécanismes : + +* 'plain' : mot de passe en clair +* 'dh-blowfish' : mot de passe chiffré avec blowfish +* 'dh-aes' : mot de passe chiffré avec AES +* 'external' : certificat SSL côté client Les options dans le serveur sont : -* 'sasl_mechanism' : mécanisme à utiliser ("plain", "dh-blowfish" ou "external") +* 'sasl_mechanism' : mécanisme à utiliser (voir ci-dessus) * 'sasl_timeout' : délai d'attente maximum (en secondes) pour l'authentification * 'sasl_username' : nom d'utilisateur (pseudo) * 'sasl_password' : mot de passe diff --git a/doc/it/autogen/user/irc_options.txt b/doc/it/autogen/user/irc_options.txt index ca2c4af99..e30da0cb4 100644 --- a/doc/it/autogen/user/irc_options.txt +++ b/doc/it/autogen/user/irc_options.txt @@ -519,9 +519,9 @@ ** valori: qualsiasi stringa (valore predefinito: `""`) * [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism* -** descrizione: `meccanismo per l'autenticazione SASL: "plain" per le password in chiaro, "dh-blowfish" per le password cifrate, "external" per l'autenticazione con certificati SSL lato client` +** descrizione: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert` ** tipo: intero -** valori: plain, dh-blowfish, external (valore predefinito: `plain`) +** valori: plain, dh-blowfish, dh-aes, external (valore predefinito: `plain`) * [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password* ** descrizione: `password per l'autenticazione SASL` diff --git a/doc/it/weechat_user.it.txt b/doc/it/weechat_user.it.txt index cf51e96b9..fb95f097a 100644 --- a/doc/it/weechat_user.it.txt +++ b/doc/it/weechat_user.it.txt @@ -97,7 +97,7 @@ compilare WeeChat. // TRANSLATION MISSING | zlib1g-dev | | *sì* | compression of packets in relay plugin (weechat protocol), script plugin // TRANSLATION MISSING -| libgcrypt11-dev | | *sì* | autenticazione SASL per i server IRC che utilizzano il meccanismo DH-BLOWFISH, script plugin +| libgcrypt11-dev | | *sì* | IRC SASL authentication (DH-BLOWFISH/DH-AES), script plugin // TRANSLATION MISSING | libgnutls-dev | ≥ 2.2.0 | | connessione SSL al server IRC, support of SSL in relay plugin | gettext | | | internazionalizzazione (traduzione dei messaggi; la lingua base è l'inglese) @@ -1843,13 +1843,20 @@ Per maggiori informazioni consultare http://www.oftc.net/oftc/NickServ/CertFP Autenticazione SASL ^^^^^^^^^^^^^^^^^^^ -WeeChat supporta l'autenticazione SASL, usando tre meccanismi: "plain" (password -in chiaro), "dh-blowfish" (password cifrata)" o "external" (certificato SSL da -lato client). +// TRANSLATION MISSING +WeeChat supports SASL authentication, using different mechanisms: + +* 'plain': password in chiaro +// TRANSLATION MISSING +* 'dh-blowfish': blowfish encrypted password +// TRANSLATION MISSING +* 'dh-aes': AES encrypted password +* 'external': certificato SSL da lato client Le opzioni nel server sono: -* 'sasl_mechanism': meccanismo da usare ("plain", "dh-blowfish" o "external") +// TRANSLATION MISSING +* 'sasl_mechanism': meccanismo da usare (see above) * 'sasl_timeout': timeout (in secondi) per l'autenticazione * 'sasl_username': nome utente (nick) * 'sasl_password': password diff --git a/doc/ja/autogen/user/irc_options.txt b/doc/ja/autogen/user/irc_options.txt index 702be0505..68fcd71ae 100644 --- a/doc/ja/autogen/user/irc_options.txt +++ b/doc/ja/autogen/user/irc_options.txt @@ -519,9 +519,9 @@ ** 値: 未制約文字列 (デフォルト値: `""`) * [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism* -** 説明: `SASL 認証メカニズム: "plain" は平文パスワード、"dh-blowfish" は暗号パスワード、"external" はクライアントサイド SSL 証明書を利用した認証` +** 説明: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert` ** タイプ: 整数 -** 値: plain, dh-blowfish, external (デフォルト値: `plain`) +** 値: plain, dh-blowfish, dh-aes, external (デフォルト値: `plain`) * [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password* ** 説明: `SASL 認証用パスワード` diff --git a/doc/ja/weechat_user.ja.txt b/doc/ja/weechat_user.ja.txt index d5ea656ef..122e4db8a 100644 --- a/doc/ja/weechat_user.ja.txt +++ b/doc/ja/weechat_user.ja.txt @@ -83,7 +83,8 @@ WeeChat は cmake または autotools を使ってコンパイルできます (c | libncursesw5-dev ^(2)^ | | *yes* | ncurses インターフェイス | libcurl4-gnutls-dev | | *yes* | URL 転送 | zlib1g-dev | | *yes* | relay プラグインでパケットを圧縮 (weechat プロトコル)、スクリプトプラグイン -| libgcrypt11-dev | | *yes* | DH-BLOWFISH メカニズムを用いた IRC サーバ用の SASL 認証、スクリプトプラグイン +// TRANSLATION MISSING +| libgcrypt11-dev | | *yes* | IRC SASL authentication (DH-BLOWFISH/DH-AES), script plugin | libgnutls-dev | ≥ 2.2.0 | | IRC サーバへの SSL 接続 | gettext | | | 国際化 (メッセージの翻訳; ベース言語は英語です) | ca-certificates | | | SSL 接続に必要な証明書、relay プラグインで SSL サポート @@ -1733,13 +1734,19 @@ $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick [[irc_sasl_authentication]] ==== SASL 認証 ==== -WeeChat は SASL 認証をサポートしています。認証アルゴリズムは "plain" -(平文パスワード)、"dh-blowfish" (暗号化パスワード)、"external" -(クライアント側 SSL 証明書) の 3 つです。 +// TRANSLATION MISSING +WeeChat supports SASL authentication, using different mechanisms: + +// TRANSLATION MISSING +* 'plain': plain text password +* 'dh-blowfish': blowfish encrypted password +* 'dh-aes': AES encrypted password +* 'external': client side SSL cert サーバオプション: -* 'sasl_mechanism': 利用する認証メカニズム ("plain"、"dh-blowfish"、"external") +// TRANSLATION MISSING +* 'sasl_mechanism': 利用する認証メカニズム (see above) * 'sasl_timeout': 認証時のタイムアウト (秒単位) * 'sasl_username': ユーザ名 (ニックネーム) * 'sasl_password': パスワード @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-16 17:49+0100\n" "Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5735,8 +5735,8 @@ msgstr "" msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" msgid "username for SASL authentication" @@ -22,7 +22,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-04-25 12:07+0200\n" "Last-Translator: Nils Görs <weechatter@arcor.de>\n" "Language-Team: German <weechatter@arcor.de>\n" @@ -1341,8 +1341,10 @@ msgid "" " /eval -n abcd =~ (?-i)^abc ==> 1\n" " /eval -n abcd !~ abc ==> 0" msgstr "" -" -n: zeigt das Ergebnis an, ohne dieses in den Buffer zu schreiben (debug Modus)\n" -"expression: Ausdruck welcher verarbeitet werden soll. Variablen im Format ${variable} werden ersetzt (siehe unten)\n" +" -n: zeigt das Ergebnis an, ohne dieses in den Buffer zu schreiben " +"(debug Modus)\n" +"expression: Ausdruck welcher verarbeitet werden soll. Variablen im Format " +"${variable} werden ersetzt (siehe unten)\n" " operator: ein logischer oder vergleichender Operand:\n" " - logische Operanden:\n" " && boolean \"und\"\n" @@ -1357,22 +1359,33 @@ msgstr "" " =~ stimmt mit regulärem Ausdruck überein\n" " !~ stimmt NICHT mit regulärem Ausdruck überein\n" "\n" -"Ein Ausdruck gilt als \"wahr\", sofern das Ergebnis nicht NULL, nicht leer und von \"0\" abweichend ist.\n" -"Der Vergleich findet zwischen zwei Integer statt, sofern die beiden Ausdrücke gültige Integer-Werte sind.\n" -"Um einen Vergleich zwischen zwei Zeichenketten zu erzwingen, müssen die Ausdrücke in Anführungszeichen gesetzt werden, zum Beispiel:\n" +"Ein Ausdruck gilt als \"wahr\", sofern das Ergebnis nicht NULL, nicht leer " +"und von \"0\" abweichend ist.\n" +"Der Vergleich findet zwischen zwei Integer statt, sofern die beiden " +"Ausdrücke gültige Integer-Werte sind.\n" +"Um einen Vergleich zwischen zwei Zeichenketten zu erzwingen, müssen die " +"Ausdrücke in Anführungszeichen gesetzt werden, zum Beispiel:\n" " 50 > 100 ==> 0\n" " \"50\" > \"100\" ==> 1\n" "\n" -"Einige Variablen werden im Ausdruck, mittels der Formatierung ${Variable}, ersetzt. Mögliche Variablen sind, nach Reihenfolge ihrer Priorität:\n" +"Einige Variablen werden im Ausdruck, mittels der Formatierung ${Variable}, " +"ersetzt. Mögliche Variablen sind, nach Reihenfolge ihrer Priorität:\n" " 1. der Name einer Option (file.section.option)\n" " 2. der Name der lokalen Variablen für Buffer\n" -" 3. ein hdata Name/Variable (der Wert wird automatisch als Zeichenkette konvertiert), Standardmäßig wird für \"window\" und \"buffer\" das aktuelle Fenster/Buffer verwendet.\n" +" 3. ein hdata Name/Variable (der Wert wird automatisch als Zeichenkette " +"konvertiert), Standardmäßig wird für \"window\" und \"buffer\" das aktuelle " +"Fenster/Buffer verwendet.\n" "Das Format für hdata:\n" -" hdata.var1.var2...: startet mit hdata (der Pointer muss bekannt sein) und fragt eine Variable nach der anderen ab (weitere hdata können folgen)\n" -" hdata[list].var1.var2...: startet hdata mittels einer Liste, zum Beispiel:\n" -" ${buffer[gui_buffers].full_name}: der vollständige Name des ersten Buffers, in der verknüpften Liste aller Buffer\n" -" ${plugin[weechat_plugins].name}: Name der ersten Erweiterung, in der verknüpften Liste aller Erweiterungen\n" -"Die vorhandenen Namen für hdata und Variablen sind in der \"Anleitung für API Erweiterung\", Bereich \"weechat_hdata_get\". beschrieben\n" +" hdata.var1.var2...: startet mit hdata (der Pointer muss bekannt sein) und " +"fragt eine Variable nach der anderen ab (weitere hdata können folgen)\n" +" hdata[list].var1.var2...: startet hdata mittels einer Liste, zum " +"Beispiel:\n" +" ${buffer[gui_buffers].full_name}: der vollständige Name des ersten " +"Buffers, in der verknüpften Liste aller Buffer\n" +" ${plugin[weechat_plugins].name}: Name der ersten Erweiterung, in der " +"verknüpften Liste aller Erweiterungen\n" +"Die vorhandenen Namen für hdata und Variablen sind in der \"Anleitung für " +"API Erweiterung\", Bereich \"weechat_hdata_get\". beschrieben\n" "\n" "Beispiele:\n" " /eval -n ${weechat.look.scroll_amount} ==> 3\n" @@ -6271,10 +6284,11 @@ msgstr "" "capabilities\"), welche vom Server angeboten und genutzt werden sollen " "(Beispiel: \"multi-prefix,extended-join\")" +#, fuzzy msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" "Verfahren welches bei einer SASL Authentifizierung angewandt werden soll: " "\"plain\" Passwort liegt in Klartext vor, \"dh-blowfish\" Passwort wird " @@ -22,7 +22,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-17 08:20+0100\n" "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5947,10 +5947,11 @@ msgstr "" "\") para habilitar en el servidor si están disponibles (ejemplo: \"multi-" "prefix,extended-join\")" +#, fuzzy msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" "mecanismo de autenticación SASL: \"plain\" para contraseñas en texto plano, " "\"dh-blowfish\" para contraseña encriptada, \"external\" para autentificar " @@ -21,8 +21,8 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" -"PO-Revision-Date: 2013-04-25 12:06+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" +"PO-Revision-Date: 2013-05-01 09:23+0200\n" "Last-Translator: Sebastien Helleu <flashcode@flashtux.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" "Language: fr\n" @@ -6122,11 +6122,12 @@ msgstr "" msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" "mécanisme pour l'authentification SASL: \"plain\" pour un mot de passe en " -"clair, \"dh-blowfish\" pour un mot de passe chiffré, \"external\" pour une " +"clair, \"dh-blowfish\" pour un mot de passe chiffré avec blowfish, \"dh-aes" +"\" pour un mot de passe chiffré avec AES, \"external\" pour une " "authentification en utilisant un certificat SSL côté client" msgid "username for SASL authentication" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-16 17:50+0100\n" "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5300,8 +5300,8 @@ msgstr "" msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" #, fuzzy @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-17 08:20+0100\n" "Last-Translator: Marco Paolone <marcopaolone@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5955,10 +5955,11 @@ msgstr "" "\") da abilitare per il server se disponibili (esempio: \"multi-prefix," "extended-join\")" +#, fuzzy msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" "meccanismo per l'autenticazione SASL: \"plain\" per le password in chiaro, " "\"dh-blowfish\" per le password cifrate, \"external\" per l'autenticazione " @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-17 08:20+0100\n" "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n" "Language-Team: Japanese <https://github.com/l/WeeChat>\n" @@ -5917,10 +5917,11 @@ msgstr "" "サーバで利用可能ならば有効化する、クライアントの機能のコンマ区切りリスト " "(例: \"multi-prefix,extended-join\")" +#, fuzzy msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" "SASL 認証メカニズム: \"plain\" は平文パスワード、\"dh-blowfish\" は暗号パス" "ワード、\"external\" はクライアントサイド SSL 証明書を利用した認証" @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-17 08:20+0100\n" "Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6031,10 +6031,11 @@ msgstr "" "oddzielona przecinkami lista opcji włączanych dla serwera, jeśli są dostępne " "(na przykład \"multi-prefix,extended-join\")" +#, fuzzy msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" "mechanizm autentykacji SASL: \"plain\" dla hasła w czystym tekście, \"dh-" "blowfish\" dla szyfrowanego hasła, \"external\" dla uwierzytelnienia za " diff --git a/po/pt_BR.po b/po/pt_BR.po index 64ca3863b..ea55a466d 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-17 08:20+0100\n" "Last-Translator: Sergio Durigan Junior <sergiosdj@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5476,8 +5476,8 @@ msgstr "" msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" msgid "username for SASL authentication" @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-03-16 17:50+0100\n" "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5324,8 +5324,8 @@ msgstr "" msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" #, fuzzy diff --git a/po/weechat.pot b/po/weechat.pot index 3bf4ddd9f..3b8f069e4 100644 --- a/po/weechat.pot +++ b/po/weechat.pot @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2013-04-25 12:05+0200\n" +"POT-Creation-Date: 2013-05-01 09:48+0200\n" "PO-Revision-Date: 2013-02-14 18:20+0100\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -4616,8 +4616,8 @@ msgstr "" msgid "" "mechanism for SASL authentication: \"plain\" for plain text password, \"dh-" -"blowfish\" for crypted password, \"external\" for authentication using " -"client side SSL cert" +"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted " +"password, \"external\" for authentication using client side SSL cert" msgstr "" msgid "username for SASL authentication" diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c index dad57185d..cf1c989c5 100644 --- a/src/plugins/irc/irc-config.c +++ b/src/plugins/irc/irc-config.c @@ -1573,9 +1573,10 @@ irc_config_server_new_option (struct t_config_file *config_file, config_file, section, option_name, "integer", N_("mechanism for SASL authentication: \"plain\" for plain text " - "password, \"dh-blowfish\" for crypted password, \"external\" " + "password, \"dh-blowfish\" for blowfish crypted password, " + "\"dh-aes\" for AES crypted password, \"external\" " "for authentication using client side SSL cert"), - "plain|dh-blowfish|external", 0, 0, + "plain|dh-blowfish|dh-aes|external", 0, 0, default_value, value, null_value_allowed, callback_check_value, callback_check_value_data, diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c index 15ce86d10..917f57a5e 100644 --- a/src/plugins/irc/irc-protocol.c +++ b/src/plugins/irc/irc-protocol.c @@ -170,6 +170,11 @@ IRC_PROTOCOL_CALLBACK(authenticate) sasl_username, sasl_password); break; + case IRC_SASL_MECHANISM_DH_AES: + answer = irc_sasl_mechanism_dh_aes (argv_eol[1], + sasl_username, + sasl_password); + break; case IRC_SASL_MECHANISM_EXTERNAL: answer = strdup ("+"); break; @@ -336,6 +341,10 @@ IRC_PROTOCOL_CALLBACK(cap) irc_server_sendf (server, 0, NULL, "AUTHENTICATE DH-BLOWFISH"); break; + case IRC_SASL_MECHANISM_DH_AES: + irc_server_sendf (server, 0, NULL, + "AUTHENTICATE DH-AES"); + break; case IRC_SASL_MECHANISM_EXTERNAL: irc_server_sendf (server, 0, NULL, "AUTHENTICATE EXTERNAL"); diff --git a/src/plugins/irc/irc-sasl.c b/src/plugins/irc/irc-sasl.c index db3ab9f7d..a410ad826 100644 --- a/src/plugins/irc/irc-sasl.c +++ b/src/plugins/irc/irc-sasl.c @@ -31,7 +31,7 @@ char *irc_sasl_mechanism_string[IRC_NUM_SASL_MECHANISMS] = -{ "plain", "dh-blowfish", "external" }; +{ "plain", "dh-blowfish", "dh-aes", "external" }; /* @@ -68,39 +68,28 @@ irc_sasl_mechanism_plain (const char *sasl_username, const char *sasl_password) } /* - * Builds answer for SASL authentication, using mechanism "DH-BLOWFISH". + * Reads key sent by server (Diffie-Hellman key exchange). * - * Argument data_base64 is a concatenation of 3 strings, each string is composed - * of 2 bytes (length of string), followed by content of string: - * 1. a prime number - * 2. a generator number - * 3. server-generated public key - * - * Note: result must be freed after use. + * Returns: + * 1: OK + * 0: error */ -char * -irc_sasl_mechanism_dh_blowfish (const char *data_base64, - const char *sasl_username, - const char *sasl_password) +int +irc_sasl_dh (const char *data_base64, + unsigned char **public_bin, unsigned char **secret_bin, + int *length_key) { - char *data, *answer, *ptr_answer, *answer_base64; - unsigned char *ptr_data, *secret_bin, *public_bin; - unsigned char *password_clear, *password_crypted; - int length_data, size, num_bits_prime_number, length_key; - int length_username, length_password, length_answer; + char *data; + unsigned char *ptr_data; + int length_data, size, num_bits_prime_number, rc; size_t num_written; gcry_mpi_t data_prime_number, data_generator_number, data_server_pub_key; gcry_mpi_t pub_key, priv_key, secret_mpi; - gcry_cipher_hd_t gcrypt_handle; + + rc = 0; data = NULL; - secret_bin = NULL; - public_bin = NULL; - password_clear = NULL; - password_crypted = NULL; - answer = NULL; - answer_base64 = NULL; data_prime_number = NULL; data_generator_number = NULL; data_server_pub_key = NULL; @@ -118,7 +107,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, ptr_data += 2; length_data -= 2; if (size > length_data) - goto end; + goto dhend; data_prime_number = gcry_mpi_new (size * 8); gcry_mpi_scan (&data_prime_number, GCRYMPI_FMT_USG, ptr_data, size, NULL); num_bits_prime_number = gcry_mpi_get_nbits (data_prime_number); @@ -130,7 +119,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, ptr_data += 2; length_data -= 2; if (size > length_data) - goto end; + goto dhend; data_generator_number = gcry_mpi_new (size * 8); gcry_mpi_scan (&data_generator_number, GCRYMPI_FMT_USG, ptr_data, size, NULL); ptr_data += size; @@ -141,7 +130,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, ptr_data += 2; length_data -= 2; if (size > length_data) - goto end; + goto dhend; data_server_pub_key = gcry_mpi_new (size * 8); gcry_mpi_scan (&data_server_pub_key, GCRYMPI_FMT_USG, ptr_data, size, NULL); @@ -153,18 +142,70 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, gcry_mpi_powm (pub_key, data_generator_number, priv_key, data_prime_number); /* compute secret_bin */ - length_key = num_bits_prime_number / 8; - secret_bin = malloc (length_key); + *length_key = num_bits_prime_number / 8; + *secret_bin = malloc (*length_key); secret_mpi = gcry_mpi_new (num_bits_prime_number); /* secret_mpi = (y ^ priv_key) % p */ gcry_mpi_powm (secret_mpi, data_server_pub_key, priv_key, data_prime_number); - gcry_mpi_print (GCRYMPI_FMT_USG, secret_bin, length_key, + gcry_mpi_print (GCRYMPI_FMT_USG, *secret_bin, *length_key, &num_written, secret_mpi); /* create public_bin */ - public_bin = malloc (length_key); - gcry_mpi_print (GCRYMPI_FMT_USG, public_bin, length_key, + *public_bin = malloc (*length_key); + gcry_mpi_print (GCRYMPI_FMT_USG, *public_bin, *length_key, &num_written, pub_key); + rc = 1; + +dhend: + if (data) + free (data); + if (data_prime_number) + gcry_mpi_release (data_prime_number); + if (data_generator_number) + gcry_mpi_release (data_generator_number); + if (data_server_pub_key) + gcry_mpi_release (data_server_pub_key); + if (pub_key) + gcry_mpi_release (pub_key); + if (priv_key) + gcry_mpi_release (priv_key); + if (secret_mpi) + gcry_mpi_release (secret_mpi); + + return rc; +} + +/* + * Builds answer for SASL authentication, using mechanism "DH-BLOWFISH". + * + * Argument data_base64 is a concatenation of 3 strings, each string is composed + * of 2 bytes (length of string), followed by content of string: + * 1. a prime number + * 2. a generator number + * 3. server-generated public key + * + * Note: result must be freed after use. + */ +char * +irc_sasl_mechanism_dh_blowfish (const char *data_base64, + const char *sasl_username, + const char *sasl_password) +{ + char *answer, *ptr_answer, *answer_base64; + unsigned char *password_clear, *password_crypted; + int length_key, length_username, length_password, length_answer; + unsigned char *public_bin, *secret_bin; + gcry_cipher_hd_t gcrypt_handle; + + password_clear = NULL; + password_crypted = NULL; + answer = NULL; + answer_base64 = NULL; + secret_bin = NULL; + public_bin = NULL; + + if (!irc_sasl_dh (data_base64, &public_bin, &secret_bin, &length_key)) + goto bfend; /* create password buffers (clear and crypted) */ length_password = strlen (sasl_password) + @@ -178,13 +219,15 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, /* crypt password using blowfish */ if (gcry_cipher_open (&gcrypt_handle, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 0) != 0) - goto end; + goto bfend; if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0) - goto end; + goto bfend; if (gcry_cipher_encrypt (gcrypt_handle, password_crypted, length_password, password_clear, length_password) != 0) - goto end; + goto bfend; + + gcry_cipher_close (gcrypt_handle); /* * build answer for server, it is concatenation of: @@ -193,16 +236,16 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, * 3. sasl_username ('length_username'+1 bytes) * 4. encrypted password ('length_password' bytes) */ - length_username = strlen (sasl_username); - length_answer = 2 + length_key + length_username + 1 + length_password; + length_username = strlen (sasl_username) + 1; + length_answer = 2 + length_key + length_username + length_password; answer = malloc (length_answer); ptr_answer = answer; *((unsigned int *)ptr_answer) = htons(length_key); ptr_answer += 2; memcpy (ptr_answer, public_bin, length_key); ptr_answer += length_key; - memcpy (ptr_answer, sasl_username, length_username + 1); - ptr_answer += length_username + 1; + memcpy (ptr_answer, sasl_username, length_username); + ptr_answer += length_username; memcpy (ptr_answer, password_crypted, length_password); /* encode answer to base64 */ @@ -210,9 +253,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64, if (answer_base64) weechat_string_encode_base64 (answer, length_answer, answer_base64); -end: - if (data) - free (data); +bfend: if (secret_bin) free (secret_bin); if (public_bin) @@ -223,18 +264,127 @@ end: free (password_crypted); if (answer) free (answer); - if (data_prime_number) - gcry_mpi_release (data_prime_number); - if (data_generator_number) - gcry_mpi_release (data_generator_number); - if (data_server_pub_key) - gcry_mpi_release (data_server_pub_key); - if (pub_key) - gcry_mpi_release (pub_key); - if (priv_key) - gcry_mpi_release (priv_key); - if (secret_mpi) - gcry_mpi_release (secret_mpi); + + return answer_base64; +} + +/* + * Builds answer for SASL authentication, using mechanism "DH-AES". + * + * Argument data_base64 is a concatenation of 3 strings, each string is composed + * of 2 bytes (length of string), followed by content of string: + * 1. a prime number + * 2. a generator number + * 3. server-generated public key + * + * Note: result must be freed after use. + */ +char * +irc_sasl_mechanism_dh_aes (const char *data_base64, + const char *sasl_username, + const char *sasl_password) +{ + char *answer, *ptr_answer, *answer_base64; + unsigned char *ptr_userpass, *userpass_clear, *userpass_crypted; + int length_key, length_answer; + int length_username, length_password, length_userpass; + unsigned char *public_bin, *secret_bin; + char iv[16]; + int cipher_algo; + gcry_cipher_hd_t gcrypt_handle; + + userpass_clear = NULL; + userpass_crypted = NULL; + answer = NULL; + answer_base64 = NULL; + secret_bin = NULL; + public_bin = NULL; + + if (irc_sasl_dh(data_base64, &public_bin, &secret_bin, &length_key) == 0) + goto aesend; + + /* Select cipher algorithm: key length * 8 = cipher bit size */ + switch (length_key) + { + case 32: + cipher_algo = GCRY_CIPHER_AES256; + break; + case 24: + cipher_algo = GCRY_CIPHER_AES192; + break; + case 16: + cipher_algo = GCRY_CIPHER_AES128; + break; + default: + /* Invalid bit length */ + goto aesend; + } + + /* Generate the IV */ + gcry_randomize (iv, sizeof (iv), GCRY_STRONG_RANDOM); + + /* create user/pass buffers (clear and crypted) */ + length_username = strlen (sasl_username) + 1; + length_password = strlen (sasl_password) + 1; + length_userpass = length_username + length_password + + ((16 - ((length_username + length_password) % 16)) % 16); + ptr_userpass = userpass_clear = malloc (length_userpass); + userpass_crypted = malloc (length_userpass); + memset (userpass_clear, 0, length_password); + memset (userpass_crypted, 0, length_password); + memcpy (ptr_userpass, sasl_username, length_username); + ptr_userpass += length_username; + memcpy (ptr_userpass, sasl_password, length_password); + + /* crypt password using AES in CBC mode */ + if (gcry_cipher_open (&gcrypt_handle, cipher_algo, + GCRY_CIPHER_MODE_CBC, 0) != 0) + goto aesend; + if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0) + goto aesend; + if (gcry_cipher_setiv (gcrypt_handle, iv, sizeof(iv)) != 0) + goto aesend; + if (gcry_cipher_encrypt (gcrypt_handle, + userpass_crypted, length_userpass, + userpass_clear, length_userpass) != 0) + goto aesend; + + gcry_cipher_close (gcrypt_handle); + + /* + * build answer for server, it is concatenation of: + * 1. key length (2 bytes) + * 2. public key ('length_key' bytes) + * 3. IV (sizeof (iv) bytes) + * 4. encrypted password ('length_userpass' bytes) + */ + length_answer = 2 + length_key + sizeof (iv) + length_userpass; + answer = malloc (length_answer); + ptr_answer = answer; + *((unsigned int *)ptr_answer) = htons(length_key); + ptr_answer += 2; + memcpy (ptr_answer, public_bin, length_key); + ptr_answer += length_key; + memcpy (ptr_answer, iv, sizeof (iv)); + ptr_answer += sizeof (iv); + memcpy (ptr_answer, userpass_crypted, length_userpass); + + /* encode answer to base64 */ + answer_base64 = malloc (length_answer * 4); + if (answer_base64) + weechat_string_encode_base64 (answer, length_answer, answer_base64); + +aesend: + if (secret_bin) + free (secret_bin); + if (public_bin) + free (public_bin); + if (userpass_clear) + free (userpass_clear); + if (userpass_crypted) + free (userpass_crypted); + if (answer) + free (answer); return answer_base64; } diff --git a/src/plugins/irc/irc-sasl.h b/src/plugins/irc/irc-sasl.h index 75a96900c..211381ef8 100644 --- a/src/plugins/irc/irc-sasl.h +++ b/src/plugins/irc/irc-sasl.h @@ -26,6 +26,7 @@ enum t_irc_sasl_mechanism { IRC_SASL_MECHANISM_PLAIN = 0, IRC_SASL_MECHANISM_DH_BLOWFISH, + IRC_SASL_MECHANISM_DH_AES, IRC_SASL_MECHANISM_EXTERNAL, /* number of SASL mechanisms */ IRC_NUM_SASL_MECHANISMS, @@ -38,5 +39,8 @@ extern char *irc_sasl_mechanism_plain (const char *sasl_username, extern char *irc_sasl_mechanism_dh_blowfish (const char *data_base64, const char *sasl_username, const char *sasl_password); +extern char *irc_sasl_mechanism_dh_aes (const char *data_base64, + const char *sasl_username, + const char *sasl_password); #endif /* __WEECHAT_IRC_SASL_H */ |