summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--AUTHORS1
-rw-r--r--ChangeLog3
-rw-r--r--doc/de/autogen/user/irc_options.txt4
-rw-r--r--doc/de/autogen/user/weechat_commands.txt62
-rw-r--r--doc/de/weechat_user.de.txt19
-rw-r--r--doc/en/autogen/user/irc_options.txt4
-rw-r--r--doc/en/weechat_user.en.txt15
-rw-r--r--doc/fr/autogen/user/irc_options.txt4
-rw-r--r--doc/fr/weechat_user.fr.txt14
-rw-r--r--doc/it/autogen/user/irc_options.txt4
-rw-r--r--doc/it/weechat_user.it.txt17
-rw-r--r--doc/ja/autogen/user/irc_options.txt4
-rw-r--r--doc/ja/weechat_user.ja.txt17
-rw-r--r--po/cs.po6
-rw-r--r--po/de.po44
-rw-r--r--po/es.po7
-rw-r--r--po/fr.po11
-rw-r--r--po/hu.po6
-rw-r--r--po/it.po7
-rw-r--r--po/ja.po7
-rw-r--r--po/pl.po7
-rw-r--r--po/pt_BR.po6
-rw-r--r--po/ru.po6
-rw-r--r--po/weechat.pot6
-rw-r--r--src/plugins/irc/irc-config.c5
-rw-r--r--src/plugins/irc/irc-protocol.c9
-rw-r--r--src/plugins/irc/irc-sasl.c260
-rw-r--r--src/plugins/irc/irc-sasl.h4
28 files changed, 386 insertions, 173 deletions
diff --git a/AUTHORS b/AUTHORS
index 6ab892edd..12de797c5 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -26,6 +26,7 @@ Alphabetically:
* Dmitry Kobylin
* Dominik Honnef
* Elián Hanisch (m4v)
+* Elizabeth Myers (Elizacat)
* Frank Zacharias
* Gu1ll4um3r0m41n
* gwenn
diff --git a/ChangeLog b/ChangeLog
index 45309ec60..10e21111e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,7 @@
WeeChat ChangeLog
=================
Sébastien Helleu <flashcode@flashtux.org>
-v0.4.1-dev, 2013-04-29
+v0.4.1-dev, 2013-05-01
This document lists all changes for each version.
@@ -55,6 +55,7 @@ Version 0.4.1 (under dev!)
list with arguments inside), guile >= 2.0 is now required (bug #38350)
* guile: fix crash on calls to callbacks during load of script (bug #38343)
* guile: fix compilation with guile 2.0
+* irc: add support of "dh-aes" SASL mechanism (patch #8020)
* irc: fix duplicate nick completion when someone rejoins the channel with same
nick but a different case (bug #38841)
* irc: add support of UHNAMES (capability "userhost-in-names") (task #9353)
diff --git a/doc/de/autogen/user/irc_options.txt b/doc/de/autogen/user/irc_options.txt
index 6a5163b1d..7c758ce39 100644
--- a/doc/de/autogen/user/irc_options.txt
+++ b/doc/de/autogen/user/irc_options.txt
@@ -519,9 +519,9 @@
** Werte: beliebige Zeichenkette (Standardwert: `""`)
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
-** Beschreibung: `Verfahren welches bei einer SASL Authentifizierung angewandt werden soll: "plain" Passwort liegt in Klartext vor, "dh-blowfish" Passwort wird verschlüsselt, "external" SSL Zertifikat welches auf Client Seite vorliegt`
+** Beschreibung: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert`
** Typ: integer
-** Werte: plain, dh-blowfish, external (Standardwert: `plain`)
+** Werte: plain, dh-blowfish, dh-aes, external (Standardwert: `plain`)
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
** Beschreibung: `Passwort für SASL Authentifizierung`
diff --git a/doc/de/autogen/user/weechat_commands.txt b/doc/de/autogen/user/weechat_commands.txt
index b149b0cbd..069ae11e6 100644
--- a/doc/de/autogen/user/weechat_commands.txt
+++ b/doc/de/autogen/user/weechat_commands.txt
@@ -207,40 +207,40 @@ infolists: zeigt Information über die Infolists an
/eval [-n] <expression>
[-n] <expression1> <operator> <expression2>
- -n: display result without sending it to buffer (debug mode)
-expression: expression to evaluate, variables with format ${variable} are replaced (see below)
- operator: a logical or comparison operator:
- - logical operators:
- && boolean "and"
- || boolean "or"
- - comparison operators:
- == equal
- != not equal
- <= less or equal
- < less
- >= greater or equal
- > greater
- =~ is matching regex
- !~ is NOT matching regex
-
-An expression is considered as "true" if it is not NULL, not empty, and different from "0".
-The comparison is made using integers if the two expressions are valid integers.
-To force a string comparison, add double quotes around each expression, for example:
+ -n: zeigt das Ergebnis an, ohne dieses in den Buffer zu schreiben (debug Modus)
+expression: Ausdruck welcher verarbeitet werden soll. Variablen im Format ${variable} werden ersetzt (siehe unten)
+ operator: ein logischer oder vergleichender Operand:
+ - logische Operanden:
+ && boolean "und"
+ || boolean "oder"
+ - vergleichende Operanden:
+ == gleich
+ != ungleich
+ <= kleiner oder gleich
+ < kleiner
+ >= größer oder gleich
+ > größer
+ =~ stimmt mit regulärem Ausdruck überein
+ !~ stimmt NICHT mit regulärem Ausdruck überein
+
+Ein Ausdruck gilt als "wahr", sofern das Ergebnis nicht NULL, nicht leer und von "0" abweichend ist.
+Der Vergleich findet zwischen zwei Integer statt, sofern die beiden Ausdrücke gültige Integer-Werte sind.
+Um einen Vergleich zwischen zwei Zeichenketten zu erzwingen, müssen die Ausdrücke in Anführungszeichen gesetzt werden, zum Beispiel:
50 > 100 ==> 0
"50" > "100" ==> 1
-Some variables are replaced in expression, using the format ${variable}, variable can be, by order of priority :
- 1. the name of an option (file.section.option)
- 2. the name of a local variable in buffer
- 3. a hdata name/variable (the value is automatically converted to string), by default "window" and "buffer" point to current window/buffer.
-Format for hdata can be one of following:
- hdata.var1.var2...: start with a hdata (pointer must be known), and ask variables one after one (other hdata can be followed)
- hdata[list].var1.var2...: start with a hdata using a list, for example:
- ${buffer[gui_buffers].full_name}: full name of first buffer in linked list of buffers
- ${plugin[weechat_plugins].name}: name of first plugin in linked list of plugins
-For name of hdata and variables, please look at "Plugin API reference", function "weechat_hdata_get".
-
-Examples:
+Einige Variablen werden im Ausdruck, mittels der Formatierung ${Variable}, ersetzt. Mögliche Variablen sind, nach Reihenfolge ihrer Priorität:
+ 1. der Name einer Option (file.section.option)
+ 2. der Name der lokalen Variablen für Buffer
+ 3. ein hdata Name/Variable (der Wert wird automatisch als Zeichenkette konvertiert), Standardmäßig wird für "window" und "buffer" das aktuelle Fenster/Buffer verwendet.
+Das Format für hdata:
+ hdata.var1.var2...: startet mit hdata (der Pointer muss bekannt sein) und fragt eine Variable nach der anderen ab (weitere hdata können folgen)
+ hdata[list].var1.var2...: startet hdata mittels einer Liste, zum Beispiel:
+ ${buffer[gui_buffers].full_name}: der vollständige Name des ersten Buffers, in der verknüpften Liste aller Buffer
+ ${plugin[weechat_plugins].name}: Name der ersten Erweiterung, in der verknüpften Liste aller Erweiterungen
+Die vorhandenen Namen für hdata und Variablen sind in der "Anleitung für API Erweiterung", Bereich "weechat_hdata_get". beschrieben
+
+Beispiele:
/eval -n ${weechat.look.scroll_amount} ==> 3
/eval -n ${window} ==> 0x2549aa0
/eval -n ${window.buffer} ==> 0x2549320
diff --git a/doc/de/weechat_user.de.txt b/doc/de/weechat_user.de.txt
index 0c7854ac2..51480e149 100644
--- a/doc/de/weechat_user.de.txt
+++ b/doc/de/weechat_user.de.txt
@@ -91,7 +91,8 @@ welche Pakete optional genutzt werden können.
| libncursesw5-dev ^(2)^ | | *ja* | ncurses Oberfläche
| libcurl4-gnutls-dev | | *ja* | URL Transfer
| zlib1g-dev | | *ja* | Kompression für Pakete, die mittels Relay- (WeeChat Protokoll), Script-Erweiterung übertragen werden
-| libgcrypt11-dev | | *ja* | SASL Authentifikation am IRC Server mittels DH-BLOWFISH Methode, Script-Erweiterung
+// TRANSLATION MISSING
+| libgcrypt11-dev | | *ja* | IRC SASL authentication (DH-BLOWFISH/DH-AES), Script-Erweiterung
| libgnutls-dev | ≥ 2.2.0 | | SSL Verbindung zu einem IRC Server, Unterstützung von SSL in der Relay-Erweiterung
| gettext | | | Internationalisierung (Übersetzung der Mitteilungen; Hauptsprache ist englisch)
| ca-certificates | | | Zertifikate für SSL Verbindungen
@@ -1834,14 +1835,20 @@ Für weiterreichende Informationen lesen Sie bitte: http://www.oftc.net/oftc/Nic
SASL Authentifizierung
^^^^^^^^^^^^^^^^^^^^^^
-WeeChat unterstützt drei mögliche Verfahren bei einer SASL Authentifikation:
-"plain" (Passwort liegt in Klarschrift vor), "dh-blowfish" (Passwort wird verschlüsselt)
-oder "external" (SSL Zertifikat welches auf Client Seite vorliegt)
+// TRANSLATION MISSING
+WeeChat supports SASL authentication, using different mechanisms:
+
+* 'plain': Passwort liegt in Klarschrift vor
+// TRANSLATION MISSING
+* 'dh-blowfish': blowfish encrypted password
+// TRANSLATION MISSING
+* 'dh-aes': AES encrypted password
+* 'external': SSL Zertifikat welches auf Client Seite vorliegt
Optionen für Server sind:
-* 'sasl_mechanism': Mechanismus welcher genutzt werden soll ("plain",
- "dh-blowfish" oder "external")
+// TRANSLATION MISSING
+* 'sasl_mechanism': Mechanismus welcher genutzt werden soll (see above)
* 'sasl_timeout': Zeitüberschreitung für Authentifizierung (in Sekunden)
* 'sasl_username': Username (Nickname)
* 'sasl_password': Passwort
diff --git a/doc/en/autogen/user/irc_options.txt b/doc/en/autogen/user/irc_options.txt
index 395ecceea..11ab1ba60 100644
--- a/doc/en/autogen/user/irc_options.txt
+++ b/doc/en/autogen/user/irc_options.txt
@@ -519,9 +519,9 @@
** values: any string (default value: `""`)
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
-** description: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for crypted password, "external" for authentication using client side SSL cert`
+** description: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert`
** type: integer
-** values: plain, dh-blowfish, external (default value: `plain`)
+** values: plain, dh-blowfish, dh-aes, external (default value: `plain`)
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
** description: `password for SASL authentication`
diff --git a/doc/en/weechat_user.en.txt b/doc/en/weechat_user.en.txt
index c455c0149..335196542 100644
--- a/doc/en/weechat_user.en.txt
+++ b/doc/en/weechat_user.en.txt
@@ -91,7 +91,7 @@ compile WeeChat.
| libncursesw5-dev ^(2)^ | | *yes* | ncurses interface
| libcurl4-gnutls-dev | | *yes* | URL transfer
| zlib1g-dev | | *yes* | compression of packets in relay plugin (weechat protocol), script plugin
-| libgcrypt11-dev | | *yes* | SASL authentication with IRC server using DH-BLOWFISH mechanism, script plugin
+| libgcrypt11-dev | | *yes* | IRC SASL authentication (DH-BLOWFISH/DH-AES), script plugin
| libgnutls-dev | ≥ 2.2.0 | | SSL connection to IRC server, support of SSL in relay plugin
| gettext | | | internationalization (translation of messages; base language is English)
| ca-certificates | | | certificates for SSL connections
@@ -1800,13 +1800,16 @@ For more information, look at http://www.oftc.net/oftc/NickServ/CertFP
SASL authentication
^^^^^^^^^^^^^^^^^^^
-WeeChat supports SASL authentication, using three mechanisms: "plain" (plain
-text password), "dh-blowfish" (encrypted password) or "external" (client side
-SSL cert).
+WeeChat supports SASL authentication, using different mechanisms:
+
+* 'plain': plain text password
+* 'dh-blowfish': blowfish encrypted password
+* 'dh-aes': AES encrypted password
+* 'external': client side SSL cert
Options in servers are:
-* 'sasl_mechanism': mechanism to use ("plain", "dh-blowfish" or "external")
+* 'sasl_mechanism': mechanism to use (see above)
* 'sasl_timeout': timeout (in seconds) for authentication
* 'sasl_username': username (nick)
* 'sasl_password': password
@@ -1819,7 +1822,7 @@ If you want to use "dh-blowfish" by default for all servers:
[NOTE]
The "gcrypt" library is required when compiling WeeChat in order to use
-"dh-blowfish" mechanism (see <<dependencies,dependencies>>).
+"dh-blowfish" and "dh-aes" mechanisms (see <<dependencies,dependencies>>).
[[irc_tor_freenode]]
Connect to Freenode with TOR/SASL
diff --git a/doc/fr/autogen/user/irc_options.txt b/doc/fr/autogen/user/irc_options.txt
index c2f4703b6..d53910856 100644
--- a/doc/fr/autogen/user/irc_options.txt
+++ b/doc/fr/autogen/user/irc_options.txt
@@ -519,9 +519,9 @@
** valeurs: toute chaîne (valeur par défaut: `""`)
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
-** description: `mécanisme pour l'authentification SASL: "plain" pour un mot de passe en clair, "dh-blowfish" pour un mot de passe chiffré, "external" pour une authentification en utilisant un certificat SSL côté client`
+** description: `mécanisme pour l'authentification SASL: "plain" pour un mot de passe en clair, "dh-blowfish" pour un mot de passe chiffré avec blowfish, "dh-aes" pour un mot de passe chiffré avec AES, "external" pour une authentification en utilisant un certificat SSL côté client`
** type: entier
-** valeurs: plain, dh-blowfish, external (valeur par défaut: `plain`)
+** valeurs: plain, dh-blowfish, dh-aes, external (valeur par défaut: `plain`)
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
** description: `mot de passe pour l'authentification SASL`
diff --git a/doc/fr/weechat_user.fr.txt b/doc/fr/weechat_user.fr.txt
index bd1d8279a..8edc9b19f 100644
--- a/doc/fr/weechat_user.fr.txt
+++ b/doc/fr/weechat_user.fr.txt
@@ -93,7 +93,7 @@ compiler WeeChat.
| libncursesw5-dev ^(2)^ | | *oui* | interface ncurses
| libcurl4-gnutls-dev | | *oui* | transfert d'URL
| zlib1g-dev | | *oui* | compression des paquets dans l'extension relay (protocole weechat), extension script
-| libgcrypt11-dev | | *oui* | authentification SASL avec le serveur IRC, en utilisant le mécanisme DH-BLOWFISH, extension script
+| libgcrypt11-dev | | *oui* | authentification IRC SASL (DH-BLOWFISH/DH-AES), extension script
| libgnutls-dev | ≥ 2.2.0 | | connexion SSL au serveur IRC, support SSL dans l'extension relay
| gettext | | | internationalisation (traduction des messages; la langue de base est l'anglais)
| ca-certificates | | | certificats pour les connexions SSL
@@ -1863,13 +1863,17 @@ Pour plus d'informations, consulter http://www.oftc.net/oftc/NickServ/CertFP
Authentification avec SASL
^^^^^^^^^^^^^^^^^^^^^^^^^^
-WeeChat supporte l'authentification avec SASL, en utilisant trois mécanismes :
-"plain" (mot de passe en clair), "dh-blowfish" (mot de passe chiffré) ou
-"external" (certificat SSL côté client).
+WeeChat supporte l'authentification avec SASL, en utilisant différents
+mécanismes :
+
+* 'plain' : mot de passe en clair
+* 'dh-blowfish' : mot de passe chiffré avec blowfish
+* 'dh-aes' : mot de passe chiffré avec AES
+* 'external' : certificat SSL côté client
Les options dans le serveur sont :
-* 'sasl_mechanism' : mécanisme à utiliser ("plain", "dh-blowfish" ou "external")
+* 'sasl_mechanism' : mécanisme à utiliser (voir ci-dessus)
* 'sasl_timeout' : délai d'attente maximum (en secondes) pour l'authentification
* 'sasl_username' : nom d'utilisateur (pseudo)
* 'sasl_password' : mot de passe
diff --git a/doc/it/autogen/user/irc_options.txt b/doc/it/autogen/user/irc_options.txt
index ca2c4af99..e30da0cb4 100644
--- a/doc/it/autogen/user/irc_options.txt
+++ b/doc/it/autogen/user/irc_options.txt
@@ -519,9 +519,9 @@
** valori: qualsiasi stringa (valore predefinito: `""`)
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
-** descrizione: `meccanismo per l'autenticazione SASL: "plain" per le password in chiaro, "dh-blowfish" per le password cifrate, "external" per l'autenticazione con certificati SSL lato client`
+** descrizione: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert`
** tipo: intero
-** valori: plain, dh-blowfish, external (valore predefinito: `plain`)
+** valori: plain, dh-blowfish, dh-aes, external (valore predefinito: `plain`)
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
** descrizione: `password per l'autenticazione SASL`
diff --git a/doc/it/weechat_user.it.txt b/doc/it/weechat_user.it.txt
index cf51e96b9..fb95f097a 100644
--- a/doc/it/weechat_user.it.txt
+++ b/doc/it/weechat_user.it.txt
@@ -97,7 +97,7 @@ compilare WeeChat.
// TRANSLATION MISSING
| zlib1g-dev | | *sì* | compression of packets in relay plugin (weechat protocol), script plugin
// TRANSLATION MISSING
-| libgcrypt11-dev | | *sì* | autenticazione SASL per i server IRC che utilizzano il meccanismo DH-BLOWFISH, script plugin
+| libgcrypt11-dev | | *sì* | IRC SASL authentication (DH-BLOWFISH/DH-AES), script plugin
// TRANSLATION MISSING
| libgnutls-dev | ≥ 2.2.0 | | connessione SSL al server IRC, support of SSL in relay plugin
| gettext | | | internazionalizzazione (traduzione dei messaggi; la lingua base è l'inglese)
@@ -1843,13 +1843,20 @@ Per maggiori informazioni consultare http://www.oftc.net/oftc/NickServ/CertFP
Autenticazione SASL
^^^^^^^^^^^^^^^^^^^
-WeeChat supporta l'autenticazione SASL, usando tre meccanismi: "plain" (password
-in chiaro), "dh-blowfish" (password cifrata)" o "external" (certificato SSL da
-lato client).
+// TRANSLATION MISSING
+WeeChat supports SASL authentication, using different mechanisms:
+
+* 'plain': password in chiaro
+// TRANSLATION MISSING
+* 'dh-blowfish': blowfish encrypted password
+// TRANSLATION MISSING
+* 'dh-aes': AES encrypted password
+* 'external': certificato SSL da lato client
Le opzioni nel server sono:
-* 'sasl_mechanism': meccanismo da usare ("plain", "dh-blowfish" o "external")
+// TRANSLATION MISSING
+* 'sasl_mechanism': meccanismo da usare (see above)
* 'sasl_timeout': timeout (in secondi) per l'autenticazione
* 'sasl_username': nome utente (nick)
* 'sasl_password': password
diff --git a/doc/ja/autogen/user/irc_options.txt b/doc/ja/autogen/user/irc_options.txt
index 702be0505..68fcd71ae 100644
--- a/doc/ja/autogen/user/irc_options.txt
+++ b/doc/ja/autogen/user/irc_options.txt
@@ -519,9 +519,9 @@
** 値: 未制約文字列 (デフォルト値: `""`)
* [[option_irc.server_default.sasl_mechanism]] *irc.server_default.sasl_mechanism*
-** 説明: `SASL 認証メカニズム: "plain" は平文パスワード、"dh-blowfish" は暗号パスワード、"external" はクライアントサイド SSL 証明書を利用した認証`
+** 説明: `mechanism for SASL authentication: "plain" for plain text password, "dh-blowfish" for blowfish crypted password, "dh-aes" for AES crypted password, "external" for authentication using client side SSL cert`
** タイプ: 整数
-** 値: plain, dh-blowfish, external (デフォルト値: `plain`)
+** 値: plain, dh-blowfish, dh-aes, external (デフォルト値: `plain`)
* [[option_irc.server_default.sasl_password]] *irc.server_default.sasl_password*
** 説明: `SASL 認証用パスワード`
diff --git a/doc/ja/weechat_user.ja.txt b/doc/ja/weechat_user.ja.txt
index d5ea656ef..122e4db8a 100644
--- a/doc/ja/weechat_user.ja.txt
+++ b/doc/ja/weechat_user.ja.txt
@@ -83,7 +83,8 @@ WeeChat は cmake または autotools を使ってコンパイルできます (c
| libncursesw5-dev ^(2)^ | | *yes* | ncurses インターフェイス
| libcurl4-gnutls-dev | | *yes* | URL 転送
| zlib1g-dev | | *yes* | relay プラグインでパケットを圧縮 (weechat プロトコル)、スクリプトプラグイン
-| libgcrypt11-dev | | *yes* | DH-BLOWFISH メカニズムを用いた IRC サーバ用の SASL 認証、スクリプトプラグイン
+// TRANSLATION MISSING
+| libgcrypt11-dev | | *yes* | IRC SASL authentication (DH-BLOWFISH/DH-AES), script plugin
| libgnutls-dev | ≥ 2.2.0 | | IRC サーバへの SSL 接続
| gettext | | | 国際化 (メッセージの翻訳; ベース言語は英語です)
| ca-certificates | | | SSL 接続に必要な証明書、relay プラグインで SSL サポート
@@ -1733,13 +1734,19 @@ $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick
[[irc_sasl_authentication]]
==== SASL 認証 ====
-WeeChat は SASL 認証をサポートしています。認証アルゴリズムは "plain"
-(平文パスワード)、"dh-blowfish" (暗号化パスワード)、"external"
-(クライアント側 SSL 証明書) の 3 つです。
+// TRANSLATION MISSING
+WeeChat supports SASL authentication, using different mechanisms:
+
+// TRANSLATION MISSING
+* 'plain': plain text password
+* 'dh-blowfish': blowfish encrypted password
+* 'dh-aes': AES encrypted password
+* 'external': client side SSL cert
サーバオプション:
-* 'sasl_mechanism': 利用する認証メカニズム ("plain"、"dh-blowfish"、"external")
+// TRANSLATION MISSING
+* 'sasl_mechanism': 利用する認証メカニズム (see above)
* 'sasl_timeout': 認証時のタイムアウト (秒単位)
* 'sasl_username': ユーザ名 (ニックネーム)
* 'sasl_password': パスワード
diff --git a/po/cs.po b/po/cs.po
index 7426676be..af00f5470 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-16 17:49+0100\n"
"Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5735,8 +5735,8 @@ msgstr ""
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
msgid "username for SASL authentication"
diff --git a/po/de.po b/po/de.po
index 944106ec5..2d0e22464 100644
--- a/po/de.po
+++ b/po/de.po
@@ -22,7 +22,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-04-25 12:07+0200\n"
"Last-Translator: Nils Görs <weechatter@arcor.de>\n"
"Language-Team: German <weechatter@arcor.de>\n"
@@ -1341,8 +1341,10 @@ msgid ""
" /eval -n abcd =~ (?-i)^abc ==> 1\n"
" /eval -n abcd !~ abc ==> 0"
msgstr ""
-" -n: zeigt das Ergebnis an, ohne dieses in den Buffer zu schreiben (debug Modus)\n"
-"expression: Ausdruck welcher verarbeitet werden soll. Variablen im Format ${variable} werden ersetzt (siehe unten)\n"
+" -n: zeigt das Ergebnis an, ohne dieses in den Buffer zu schreiben "
+"(debug Modus)\n"
+"expression: Ausdruck welcher verarbeitet werden soll. Variablen im Format "
+"${variable} werden ersetzt (siehe unten)\n"
" operator: ein logischer oder vergleichender Operand:\n"
" - logische Operanden:\n"
" && boolean \"und\"\n"
@@ -1357,22 +1359,33 @@ msgstr ""
" =~ stimmt mit regulärem Ausdruck überein\n"
" !~ stimmt NICHT mit regulärem Ausdruck überein\n"
"\n"
-"Ein Ausdruck gilt als \"wahr\", sofern das Ergebnis nicht NULL, nicht leer und von \"0\" abweichend ist.\n"
-"Der Vergleich findet zwischen zwei Integer statt, sofern die beiden Ausdrücke gültige Integer-Werte sind.\n"
-"Um einen Vergleich zwischen zwei Zeichenketten zu erzwingen, müssen die Ausdrücke in Anführungszeichen gesetzt werden, zum Beispiel:\n"
+"Ein Ausdruck gilt als \"wahr\", sofern das Ergebnis nicht NULL, nicht leer "
+"und von \"0\" abweichend ist.\n"
+"Der Vergleich findet zwischen zwei Integer statt, sofern die beiden "
+"Ausdrücke gültige Integer-Werte sind.\n"
+"Um einen Vergleich zwischen zwei Zeichenketten zu erzwingen, müssen die "
+"Ausdrücke in Anführungszeichen gesetzt werden, zum Beispiel:\n"
" 50 > 100 ==> 0\n"
" \"50\" > \"100\" ==> 1\n"
"\n"
-"Einige Variablen werden im Ausdruck, mittels der Formatierung ${Variable}, ersetzt. Mögliche Variablen sind, nach Reihenfolge ihrer Priorität:\n"
+"Einige Variablen werden im Ausdruck, mittels der Formatierung ${Variable}, "
+"ersetzt. Mögliche Variablen sind, nach Reihenfolge ihrer Priorität:\n"
" 1. der Name einer Option (file.section.option)\n"
" 2. der Name der lokalen Variablen für Buffer\n"
-" 3. ein hdata Name/Variable (der Wert wird automatisch als Zeichenkette konvertiert), Standardmäßig wird für \"window\" und \"buffer\" das aktuelle Fenster/Buffer verwendet.\n"
+" 3. ein hdata Name/Variable (der Wert wird automatisch als Zeichenkette "
+"konvertiert), Standardmäßig wird für \"window\" und \"buffer\" das aktuelle "
+"Fenster/Buffer verwendet.\n"
"Das Format für hdata:\n"
-" hdata.var1.var2...: startet mit hdata (der Pointer muss bekannt sein) und fragt eine Variable nach der anderen ab (weitere hdata können folgen)\n"
-" hdata[list].var1.var2...: startet hdata mittels einer Liste, zum Beispiel:\n"
-" ${buffer[gui_buffers].full_name}: der vollständige Name des ersten Buffers, in der verknüpften Liste aller Buffer\n"
-" ${plugin[weechat_plugins].name}: Name der ersten Erweiterung, in der verknüpften Liste aller Erweiterungen\n"
-"Die vorhandenen Namen für hdata und Variablen sind in der \"Anleitung für API Erweiterung\", Bereich \"weechat_hdata_get\". beschrieben\n"
+" hdata.var1.var2...: startet mit hdata (der Pointer muss bekannt sein) und "
+"fragt eine Variable nach der anderen ab (weitere hdata können folgen)\n"
+" hdata[list].var1.var2...: startet hdata mittels einer Liste, zum "
+"Beispiel:\n"
+" ${buffer[gui_buffers].full_name}: der vollständige Name des ersten "
+"Buffers, in der verknüpften Liste aller Buffer\n"
+" ${plugin[weechat_plugins].name}: Name der ersten Erweiterung, in der "
+"verknüpften Liste aller Erweiterungen\n"
+"Die vorhandenen Namen für hdata und Variablen sind in der \"Anleitung für "
+"API Erweiterung\", Bereich \"weechat_hdata_get\". beschrieben\n"
"\n"
"Beispiele:\n"
" /eval -n ${weechat.look.scroll_amount} ==> 3\n"
@@ -6271,10 +6284,11 @@ msgstr ""
"capabilities\"), welche vom Server angeboten und genutzt werden sollen "
"(Beispiel: \"multi-prefix,extended-join\")"
+#, fuzzy
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
"Verfahren welches bei einer SASL Authentifizierung angewandt werden soll: "
"\"plain\" Passwort liegt in Klartext vor, \"dh-blowfish\" Passwort wird "
diff --git a/po/es.po b/po/es.po
index e6b46ed33..b32a8a7ad 100644
--- a/po/es.po
+++ b/po/es.po
@@ -22,7 +22,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-17 08:20+0100\n"
"Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5947,10 +5947,11 @@ msgstr ""
"\") para habilitar en el servidor si están disponibles (ejemplo: \"multi-"
"prefix,extended-join\")"
+#, fuzzy
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
"mecanismo de autenticación SASL: \"plain\" para contraseñas en texto plano, "
"\"dh-blowfish\" para contraseña encriptada, \"external\" para autentificar "
diff --git a/po/fr.po b/po/fr.po
index 806c32d00..a93b31c20 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -21,8 +21,8 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
-"PO-Revision-Date: 2013-04-25 12:06+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
+"PO-Revision-Date: 2013-05-01 09:23+0200\n"
"Last-Translator: Sebastien Helleu <flashcode@flashtux.org>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
"Language: fr\n"
@@ -6122,11 +6122,12 @@ msgstr ""
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
"mécanisme pour l'authentification SASL: \"plain\" pour un mot de passe en "
-"clair, \"dh-blowfish\" pour un mot de passe chiffré, \"external\" pour une "
+"clair, \"dh-blowfish\" pour un mot de passe chiffré avec blowfish, \"dh-aes"
+"\" pour un mot de passe chiffré avec AES, \"external\" pour une "
"authentification en utilisant un certificat SSL côté client"
msgid "username for SASL authentication"
diff --git a/po/hu.po b/po/hu.po
index 35033fd5f..00fe3c835 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-16 17:50+0100\n"
"Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5300,8 +5300,8 @@ msgstr ""
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
#, fuzzy
diff --git a/po/it.po b/po/it.po
index e1be7ab17..3f04b8809 100644
--- a/po/it.po
+++ b/po/it.po
@@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-17 08:20+0100\n"
"Last-Translator: Marco Paolone <marcopaolone@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5955,10 +5955,11 @@ msgstr ""
"\") da abilitare per il server se disponibili (esempio: \"multi-prefix,"
"extended-join\")"
+#, fuzzy
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
"meccanismo per l'autenticazione SASL: \"plain\" per le password in chiaro, "
"\"dh-blowfish\" per le password cifrate, \"external\" per l'autenticazione "
diff --git a/po/ja.po b/po/ja.po
index 0870d12e4..d2bbeca93 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-17 08:20+0100\n"
"Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
"Language-Team: Japanese <https://github.com/l/WeeChat>\n"
@@ -5917,10 +5917,11 @@ msgstr ""
"サーバで利用可能ならば有効化する、クライアントの機能のコンマ区切りリスト "
"(例: \"multi-prefix,extended-join\")"
+#, fuzzy
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
"SASL 認証メカニズム: \"plain\" は平文パスワード、\"dh-blowfish\" は暗号パス"
"ワード、\"external\" はクライアントサイド SSL 証明書を利用した認証"
diff --git a/po/pl.po b/po/pl.po
index 467c8c518..d57dd36dc 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -21,7 +21,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-17 08:20+0100\n"
"Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6031,10 +6031,11 @@ msgstr ""
"oddzielona przecinkami lista opcji włączanych dla serwera, jeśli są dostępne "
"(na przykład \"multi-prefix,extended-join\")"
+#, fuzzy
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
"mechanizm autentykacji SASL: \"plain\" dla hasła w czystym tekście, \"dh-"
"blowfish\" dla szyfrowanego hasła, \"external\" dla uwierzytelnienia za "
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 64ca3863b..ea55a466d 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -21,7 +21,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-17 08:20+0100\n"
"Last-Translator: Sergio Durigan Junior <sergiosdj@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5476,8 +5476,8 @@ msgstr ""
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
msgid "username for SASL authentication"
diff --git a/po/ru.po b/po/ru.po
index e98b550d1..fd85ded62 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -21,7 +21,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-03-16 17:50+0100\n"
"Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5324,8 +5324,8 @@ msgstr ""
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
#, fuzzy
diff --git a/po/weechat.pot b/po/weechat.pot
index 3bf4ddd9f..3b8f069e4 100644
--- a/po/weechat.pot
+++ b/po/weechat.pot
@@ -21,7 +21,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat 0.4.1-dev\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2013-04-25 12:05+0200\n"
+"POT-Creation-Date: 2013-05-01 09:48+0200\n"
"PO-Revision-Date: 2013-02-14 18:20+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -4616,8 +4616,8 @@ msgstr ""
msgid ""
"mechanism for SASL authentication: \"plain\" for plain text password, \"dh-"
-"blowfish\" for crypted password, \"external\" for authentication using "
-"client side SSL cert"
+"blowfish\" for blowfish crypted password, \"dh-aes\" for AES crypted "
+"password, \"external\" for authentication using client side SSL cert"
msgstr ""
msgid "username for SASL authentication"
diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c
index dad57185d..cf1c989c5 100644
--- a/src/plugins/irc/irc-config.c
+++ b/src/plugins/irc/irc-config.c
@@ -1573,9 +1573,10 @@ irc_config_server_new_option (struct t_config_file *config_file,
config_file, section,
option_name, "integer",
N_("mechanism for SASL authentication: \"plain\" for plain text "
- "password, \"dh-blowfish\" for crypted password, \"external\" "
+ "password, \"dh-blowfish\" for blowfish crypted password, "
+ "\"dh-aes\" for AES crypted password, \"external\" "
"for authentication using client side SSL cert"),
- "plain|dh-blowfish|external", 0, 0,
+ "plain|dh-blowfish|dh-aes|external", 0, 0,
default_value, value,
null_value_allowed,
callback_check_value, callback_check_value_data,
diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c
index 15ce86d10..917f57a5e 100644
--- a/src/plugins/irc/irc-protocol.c
+++ b/src/plugins/irc/irc-protocol.c
@@ -170,6 +170,11 @@ IRC_PROTOCOL_CALLBACK(authenticate)
sasl_username,
sasl_password);
break;
+ case IRC_SASL_MECHANISM_DH_AES:
+ answer = irc_sasl_mechanism_dh_aes (argv_eol[1],
+ sasl_username,
+ sasl_password);
+ break;
case IRC_SASL_MECHANISM_EXTERNAL:
answer = strdup ("+");
break;
@@ -336,6 +341,10 @@ IRC_PROTOCOL_CALLBACK(cap)
irc_server_sendf (server, 0, NULL,
"AUTHENTICATE DH-BLOWFISH");
break;
+ case IRC_SASL_MECHANISM_DH_AES:
+ irc_server_sendf (server, 0, NULL,
+ "AUTHENTICATE DH-AES");
+ break;
case IRC_SASL_MECHANISM_EXTERNAL:
irc_server_sendf (server, 0, NULL,
"AUTHENTICATE EXTERNAL");
diff --git a/src/plugins/irc/irc-sasl.c b/src/plugins/irc/irc-sasl.c
index db3ab9f7d..a410ad826 100644
--- a/src/plugins/irc/irc-sasl.c
+++ b/src/plugins/irc/irc-sasl.c
@@ -31,7 +31,7 @@
char *irc_sasl_mechanism_string[IRC_NUM_SASL_MECHANISMS] =
-{ "plain", "dh-blowfish", "external" };
+{ "plain", "dh-blowfish", "dh-aes", "external" };
/*
@@ -68,39 +68,28 @@ irc_sasl_mechanism_plain (const char *sasl_username, const char *sasl_password)
}
/*
- * Builds answer for SASL authentication, using mechanism "DH-BLOWFISH".
+ * Reads key sent by server (Diffie-Hellman key exchange).
*
- * Argument data_base64 is a concatenation of 3 strings, each string is composed
- * of 2 bytes (length of string), followed by content of string:
- * 1. a prime number
- * 2. a generator number
- * 3. server-generated public key
- *
- * Note: result must be freed after use.
+ * Returns:
+ * 1: OK
+ * 0: error
*/
-char *
-irc_sasl_mechanism_dh_blowfish (const char *data_base64,
- const char *sasl_username,
- const char *sasl_password)
+int
+irc_sasl_dh (const char *data_base64,
+ unsigned char **public_bin, unsigned char **secret_bin,
+ int *length_key)
{
- char *data, *answer, *ptr_answer, *answer_base64;
- unsigned char *ptr_data, *secret_bin, *public_bin;
- unsigned char *password_clear, *password_crypted;
- int length_data, size, num_bits_prime_number, length_key;
- int length_username, length_password, length_answer;
+ char *data;
+ unsigned char *ptr_data;
+ int length_data, size, num_bits_prime_number, rc;
size_t num_written;
gcry_mpi_t data_prime_number, data_generator_number, data_server_pub_key;
gcry_mpi_t pub_key, priv_key, secret_mpi;
- gcry_cipher_hd_t gcrypt_handle;
+
+ rc = 0;
data = NULL;
- secret_bin = NULL;
- public_bin = NULL;
- password_clear = NULL;
- password_crypted = NULL;
- answer = NULL;
- answer_base64 = NULL;
data_prime_number = NULL;
data_generator_number = NULL;
data_server_pub_key = NULL;
@@ -118,7 +107,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
ptr_data += 2;
length_data -= 2;
if (size > length_data)
- goto end;
+ goto dhend;
data_prime_number = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_prime_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
num_bits_prime_number = gcry_mpi_get_nbits (data_prime_number);
@@ -130,7 +119,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
ptr_data += 2;
length_data -= 2;
if (size > length_data)
- goto end;
+ goto dhend;
data_generator_number = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_generator_number, GCRYMPI_FMT_USG, ptr_data, size, NULL);
ptr_data += size;
@@ -141,7 +130,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
ptr_data += 2;
length_data -= 2;
if (size > length_data)
- goto end;
+ goto dhend;
data_server_pub_key = gcry_mpi_new (size * 8);
gcry_mpi_scan (&data_server_pub_key, GCRYMPI_FMT_USG, ptr_data, size, NULL);
@@ -153,18 +142,70 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
gcry_mpi_powm (pub_key, data_generator_number, priv_key, data_prime_number);
/* compute secret_bin */
- length_key = num_bits_prime_number / 8;
- secret_bin = malloc (length_key);
+ *length_key = num_bits_prime_number / 8;
+ *secret_bin = malloc (*length_key);
secret_mpi = gcry_mpi_new (num_bits_prime_number);
/* secret_mpi = (y ^ priv_key) % p */
gcry_mpi_powm (secret_mpi, data_server_pub_key, priv_key, data_prime_number);
- gcry_mpi_print (GCRYMPI_FMT_USG, secret_bin, length_key,
+ gcry_mpi_print (GCRYMPI_FMT_USG, *secret_bin, *length_key,
&num_written, secret_mpi);
/* create public_bin */
- public_bin = malloc (length_key);
- gcry_mpi_print (GCRYMPI_FMT_USG, public_bin, length_key,
+ *public_bin = malloc (*length_key);
+ gcry_mpi_print (GCRYMPI_FMT_USG, *public_bin, *length_key,
&num_written, pub_key);
+ rc = 1;
+
+dhend:
+ if (data)
+ free (data);
+ if (data_prime_number)
+ gcry_mpi_release (data_prime_number);
+ if (data_generator_number)
+ gcry_mpi_release (data_generator_number);
+ if (data_server_pub_key)
+ gcry_mpi_release (data_server_pub_key);
+ if (pub_key)
+ gcry_mpi_release (pub_key);
+ if (priv_key)
+ gcry_mpi_release (priv_key);
+ if (secret_mpi)
+ gcry_mpi_release (secret_mpi);
+
+ return rc;
+}
+
+/*
+ * Builds answer for SASL authentication, using mechanism "DH-BLOWFISH".
+ *
+ * Argument data_base64 is a concatenation of 3 strings, each string is composed
+ * of 2 bytes (length of string), followed by content of string:
+ * 1. a prime number
+ * 2. a generator number
+ * 3. server-generated public key
+ *
+ * Note: result must be freed after use.
+ */
+char *
+irc_sasl_mechanism_dh_blowfish (const char *data_base64,
+ const char *sasl_username,
+ const char *sasl_password)
+{
+ char *answer, *ptr_answer, *answer_base64;
+ unsigned char *password_clear, *password_crypted;
+ int length_key, length_username, length_password, length_answer;
+ unsigned char *public_bin, *secret_bin;
+ gcry_cipher_hd_t gcrypt_handle;
+
+ password_clear = NULL;
+ password_crypted = NULL;
+ answer = NULL;
+ answer_base64 = NULL;
+ secret_bin = NULL;
+ public_bin = NULL;
+
+ if (!irc_sasl_dh (data_base64, &public_bin, &secret_bin, &length_key))
+ goto bfend;
/* create password buffers (clear and crypted) */
length_password = strlen (sasl_password) +
@@ -178,13 +219,15 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
/* crypt password using blowfish */
if (gcry_cipher_open (&gcrypt_handle, GCRY_CIPHER_BLOWFISH,
GCRY_CIPHER_MODE_ECB, 0) != 0)
- goto end;
+ goto bfend;
if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0)
- goto end;
+ goto bfend;
if (gcry_cipher_encrypt (gcrypt_handle,
password_crypted, length_password,
password_clear, length_password) != 0)
- goto end;
+ goto bfend;
+
+ gcry_cipher_close (gcrypt_handle);
/*
* build answer for server, it is concatenation of:
@@ -193,16 +236,16 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
* 3. sasl_username ('length_username'+1 bytes)
* 4. encrypted password ('length_password' bytes)
*/
- length_username = strlen (sasl_username);
- length_answer = 2 + length_key + length_username + 1 + length_password;
+ length_username = strlen (sasl_username) + 1;
+ length_answer = 2 + length_key + length_username + length_password;
answer = malloc (length_answer);
ptr_answer = answer;
*((unsigned int *)ptr_answer) = htons(length_key);
ptr_answer += 2;
memcpy (ptr_answer, public_bin, length_key);
ptr_answer += length_key;
- memcpy (ptr_answer, sasl_username, length_username + 1);
- ptr_answer += length_username + 1;
+ memcpy (ptr_answer, sasl_username, length_username);
+ ptr_answer += length_username;
memcpy (ptr_answer, password_crypted, length_password);
/* encode answer to base64 */
@@ -210,9 +253,7 @@ irc_sasl_mechanism_dh_blowfish (const char *data_base64,
if (answer_base64)
weechat_string_encode_base64 (answer, length_answer, answer_base64);
-end:
- if (data)
- free (data);
+bfend:
if (secret_bin)
free (secret_bin);
if (public_bin)
@@ -223,18 +264,127 @@ end:
free (password_crypted);
if (answer)
free (answer);
- if (data_prime_number)
- gcry_mpi_release (data_prime_number);
- if (data_generator_number)
- gcry_mpi_release (data_generator_number);
- if (data_server_pub_key)
- gcry_mpi_release (data_server_pub_key);
- if (pub_key)
- gcry_mpi_release (pub_key);
- if (priv_key)
- gcry_mpi_release (priv_key);
- if (secret_mpi)
- gcry_mpi_release (secret_mpi);
+
+ return answer_base64;
+}
+
+/*
+ * Builds answer for SASL authentication, using mechanism "DH-AES".
+ *
+ * Argument data_base64 is a concatenation of 3 strings, each string is composed
+ * of 2 bytes (length of string), followed by content of string:
+ * 1. a prime number
+ * 2. a generator number
+ * 3. server-generated public key
+ *
+ * Note: result must be freed after use.
+ */
+char *
+irc_sasl_mechanism_dh_aes (const char *data_base64,
+ const char *sasl_username,
+ const char *sasl_password)
+{
+ char *answer, *ptr_answer, *answer_base64;
+ unsigned char *ptr_userpass, *userpass_clear, *userpass_crypted;
+ int length_key, length_answer;
+ int length_username, length_password, length_userpass;
+ unsigned char *public_bin, *secret_bin;
+ char iv[16];
+ int cipher_algo;
+ gcry_cipher_hd_t gcrypt_handle;
+
+ userpass_clear = NULL;
+ userpass_crypted = NULL;
+ answer = NULL;
+ answer_base64 = NULL;
+ secret_bin = NULL;
+ public_bin = NULL;
+
+ if (irc_sasl_dh(data_base64, &public_bin, &secret_bin, &length_key) == 0)
+ goto aesend;
+
+ /* Select cipher algorithm: key length * 8 = cipher bit size */
+ switch (length_key)
+ {
+ case 32:
+ cipher_algo = GCRY_CIPHER_AES256;
+ break;
+ case 24:
+ cipher_algo = GCRY_CIPHER_AES192;
+ break;
+ case 16:
+ cipher_algo = GCRY_CIPHER_AES128;
+ break;
+ default:
+ /* Invalid bit length */
+ goto aesend;
+ }
+
+ /* Generate the IV */
+ gcry_randomize (iv, sizeof (iv), GCRY_STRONG_RANDOM);
+
+ /* create user/pass buffers (clear and crypted) */
+ length_username = strlen (sasl_username) + 1;
+ length_password = strlen (sasl_password) + 1;
+ length_userpass = length_username + length_password +
+ ((16 - ((length_username + length_password) % 16)) % 16);
+ ptr_userpass = userpass_clear = malloc (length_userpass);
+ userpass_crypted = malloc (length_userpass);
+ memset (userpass_clear, 0, length_password);
+ memset (userpass_crypted, 0, length_password);
+ memcpy (ptr_userpass, sasl_username, length_username);
+ ptr_userpass += length_username;
+ memcpy (ptr_userpass, sasl_password, length_password);
+
+ /* crypt password using AES in CBC mode */
+ if (gcry_cipher_open (&gcrypt_handle, cipher_algo,
+ GCRY_CIPHER_MODE_CBC, 0) != 0)
+ goto aesend;
+ if (gcry_cipher_setkey (gcrypt_handle, secret_bin, length_key) != 0)
+ goto aesend;
+ if (gcry_cipher_setiv (gcrypt_handle, iv, sizeof(iv)) != 0)
+ goto aesend;
+ if (gcry_cipher_encrypt (gcrypt_handle,
+ userpass_crypted, length_userpass,
+ userpass_clear, length_userpass) != 0)
+ goto aesend;
+
+ gcry_cipher_close (gcrypt_handle);
+
+ /*
+ * build answer for server, it is concatenation of:
+ * 1. key length (2 bytes)
+ * 2. public key ('length_key' bytes)
+ * 3. IV (sizeof (iv) bytes)
+ * 4. encrypted password ('length_userpass' bytes)
+ */
+ length_answer = 2 + length_key + sizeof (iv) + length_userpass;
+ answer = malloc (length_answer);
+ ptr_answer = answer;
+ *((unsigned int *)ptr_answer) = htons(length_key);
+ ptr_answer += 2;
+ memcpy (ptr_answer, public_bin, length_key);
+ ptr_answer += length_key;
+ memcpy (ptr_answer, iv, sizeof (iv));
+ ptr_answer += sizeof (iv);
+ memcpy (ptr_answer, userpass_crypted, length_userpass);
+
+ /* encode answer to base64 */
+ answer_base64 = malloc (length_answer * 4);
+ if (answer_base64)
+ weechat_string_encode_base64 (answer, length_answer, answer_base64);
+
+aesend:
+ if (secret_bin)
+ free (secret_bin);
+ if (public_bin)
+ free (public_bin);
+ if (userpass_clear)
+ free (userpass_clear);
+ if (userpass_crypted)
+ free (userpass_crypted);
+ if (answer)
+ free (answer);
return answer_base64;
}
diff --git a/src/plugins/irc/irc-sasl.h b/src/plugins/irc/irc-sasl.h
index 75a96900c..211381ef8 100644
--- a/src/plugins/irc/irc-sasl.h
+++ b/src/plugins/irc/irc-sasl.h
@@ -26,6 +26,7 @@ enum t_irc_sasl_mechanism
{
IRC_SASL_MECHANISM_PLAIN = 0,
IRC_SASL_MECHANISM_DH_BLOWFISH,
+ IRC_SASL_MECHANISM_DH_AES,
IRC_SASL_MECHANISM_EXTERNAL,
/* number of SASL mechanisms */
IRC_NUM_SASL_MECHANISMS,
@@ -38,5 +39,8 @@ extern char *irc_sasl_mechanism_plain (const char *sasl_username,
extern char *irc_sasl_mechanism_dh_blowfish (const char *data_base64,
const char *sasl_username,
const char *sasl_password);
+extern char *irc_sasl_mechanism_dh_aes (const char *data_base64,
+ const char *sasl_username,
+ const char *sasl_password);
#endif /* __WEECHAT_IRC_SASL_H */