falso
/
FiSH-irssi
mirror of https://github.com/falsovsky/FiSH-irssi.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge with master, still works

This commit is contained in:
Pedro de Oliveira 2021-05-07 01:11:53 +01:00
parent 67325537be fcc484f09c
commit 467d2c2011
Signed by: falso
GPG Key ID: 1E4F05ACDBB2C85C
10 changed files with 244 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,2 @@
#github: [falsovsky]
custom: ['https://www.paypal.me/falsovsky']

4
.travis.yml
View File

@ -20,8 +20,8 @@ addons:
branches:
only:
- master
- refactoring
- cbc
- testing
- coverity_scan
language:
- c
compiler:

22
LICENSE Normal file
View File

@ -0,0 +1,22 @@
The MIT License
Copyright (c) 2012-2019 Pedro de Oliveira
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

216
README
View File

@ -1,119 +1,153 @@
Introduction
============
== Introduction
This is an encryption add-on for irssi, it's based on blowfish. It
supports private messages and channel encryption in ECB and CBC
modes. It also includes a secure key-exchange system.
FiSH is an encryption add-on module for https://irssi.org/[irssi]. Uses
the https://en.wikipedia.org/wiki/Blowfish_(cipher)[Blowfish cipher] to
encrypt private and public messages in *ECB* or *CBC* modes, using a
specified key. It also includes a secure Diffie-Hellman key exchange for
private chat.
Requirements
============
== Requirements
The requirements for building FiSH-irssi are:
- cmake
- pkg-config
- Glib 2.0
- OpenSSL
- irssi (with includes)
* cmake
* pkg-config
* Glib 2.0
* OpenSSL
* irssi (with includes)
Debian / Ubuntu
---------------
=== Debian - Ubuntu
# apt-get install build-essential irssi-dev libglib2.0-dev libssl-dev cmake git
....
# apt-get install build-essential irssi-dev libglib2.0-dev libssl-dev cmake git
....
OpenBSD
-------
=== OpenBSD
# pkg_add glib2 irssi cmake git
....
# pkg_add glib2 irssi cmake git
....
Arch Linux
----------
=== FreeBSD
# pacman -S cmake pkg-config glib2 openssl irssi
* https://www.freshports.org/irc/irssi-fish/[Official package]
CentOS / Fedora
---------------
=== Arch Linux
# yum install gcc pkgconfig cmake irssi irssi-devel openssl openssl-devel glib2 glib2-devel
....
# pacman -S cmake pkg-config glib2 openssl irssi
....
Building
========
* https://aur.archlinux.org/packages/fish-irssi-git/[AUR package]
=== CentOS - Fedora
....
yum install gcc pkgconfig cmake irssi irssi-devel openssl openssl-devel glib2 glib2-devel
....
* @duritong
https://copr.fedorainfracloud.org/coprs/duritong/irssi-fish/[copr
repository] with binary packages
== Building
Just type in the following commands:
$ git clone https://github.com/falsovsky/FiSH-irssi.git
$ cd FiSH-irssi
$ cmake .
$ make
....
$ git clone https://github.com/falsovsky/FiSH-irssi.git
$ cd FiSH-irssi
$ cmake .
$ make
....
If you want to install to **/usr** instead of **/usr/local**
If you want to install to */usr* instead of */usr/local*
$ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr .
$ make
....
$ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr .
$ make
....
Run `make install` as a privileged user (if needed) to install it.
Running
=======
== Running
If you installed the module in the default directory, you just need to
run the following command inside irssi to load it:
/load fish
....
/load fish
....
If not, just include the path while loading:
/load /home/username/libfish.so
....
/load /home/username/libfish.so
....
Load automatically at start-up
------------------------------
=== Load automatically at start-up
echo "load fish" >> /home/username/.irssi/startup
....
echo "load fish" >> /home/username/.irssi/startup
....
Configurations
==============
== Configurations
FiSH-irssi has some configurations that can be set via `/set` on irssi.
process_outgoing
....
process_outgoing
....
FiSH outgoing messages.
Default value is 1
process_incoming
....
process_incoming
....
unFiSH incoming messages.
Default value is 1
auto_keyxchange
....
auto_keyxchange
....
Do an automatic key exchange in private messages.
Default value is 1
plain_prefix
....
plain_prefix
....
Prefix needed to send an unFiSHed message. For example:
`+p Hi there in clear text`
Default value is `+p`
Default value is `+p `
mark_encrypted
....
mark_encrypted
....
String used to mark a FiSHed message.
Default value is `\002>\002`
Default value is `\002>\002 `
mark_position
....
mark_position
....
Defines if the mark should be a prefix (1) or a suffix (0).
Default value is 1
nicktracker
....
nicktracker
....
Allows seamless conversations when your chat partner changes his nick.
This feature will copy the old key to use with his new nick. It affects
@ -121,79 +155,103 @@ nick changes for opened queries!
Default value is 1
mark_broken_block
....
mark_broken_block
....
Indicates whether a message is incomplete.
Default value is `\002&\002`
Commands
========
== Commands
/topic+ <message>
....
/topic+ <message>
....
Sets a FiSHed topic in the current channel.
/topic+ TAB
....
/topic+ TAB
....
Allows to edit a FiSHed topic.
/notice+ [nick / #channel] <message>
....
/notice+ [nick / #channel] <message>
....
Sends a FiSHed notice to the current window or to the specified target.
/me+ <message>
....
/me+ <message>
....
Send a FiSHed action to the current window.
/setkey [servertag] [nick / #channel] <key>
....
/setkey [servertag] [nick / #channel] <key>
....
Sets the key used to FiSH the messages for the current window or to the
specified target. To use CBC mode, prefix the key with "cbc:".
specified target. To use CBC mode, prefix the key with `cbc:`.
/delkey [servertag] [nick/#channel]
....
/delkey [servertag] [nick/#channel]
....
Unsets the key used to FiSH the messages for the current window or to
the specified target.
/key|showkey [servertag] [nick / #channel]
....
/key|showkey [servertag] [nick / #channel]
....
Shows the used key to FiSH the messages for the current window or to the
specified target. The key will appear in the target window.
/keyx [-ecb] [nick]
....
/keyx [-ecb|-cbc] [nick]
....
Forces a DH key exchange in the current window or to the specified
target. The default mode is CBC, use "-ecb" to use ECB Mode.
target. The default mode is CBC, use the `-ecb` parameter to force ECB
mode.
/setinipw <password>
....
/setinipw <password>
....
Sets a custom password used to cipher the contents of blow.ini.
/unsetinipw
....
/unsetinipw
....
Unset the custom password used to cipher blow.ini.
/fishlogin
....
/fishlogin
....
Used to ask again for the blow.ini password if the user inserts an
invalid password at start-up.
/fishhelp|helpfish
....
/fishhelp|helpfish
....
Show a little help inside irssi.
Tested
======
== Tested
FiSH-irssi has been tested on various OS and arches:
- Linux/x86
- Linux/sparc
- Linux/arm
- OpenBSD/x86
- OpenBSD/macppc
- OpenBSD/sgi
- FreeBSD/x86
- NetBSD/x86
* Linux/x86
* Linux/sparc
* Linux/arm
* OpenBSD/x86
* OpenBSD/macppc
* OpenBSD/sgi
* FreeBSD/x86
* NetBSD/x86

23
README.md
View File

@ -2,7 +2,9 @@
# Introduction
This is an encryption add-on for irssi, it's based on blowfish. It supports private messages and channel encryption in **ECB** and **CBC** modes. It also includes a secure key-exchange system.
FiSH is an encryption add-on module for [irssi](https://irssi.org/).
Uses the [Blowfish cipher](https://en.wikipedia.org/wiki/Blowfish_(cipher)) to encrypt private and public messages in **ECB** or **CBC** modes, using a specified key.
It also includes a secure Diffie-Hellman key exchange for private chat.
# Requirements
@ -14,7 +16,7 @@ The requirements for building FiSH-irssi are:
* OpenSSL
* irssi (with includes)
## Debian / Ubuntu
## Debian - Ubuntu
```
# apt-get install build-essential irssi-dev libglib2.0-dev libssl-dev cmake git
@ -26,17 +28,25 @@ The requirements for building FiSH-irssi are:
# pkg_add glib2 irssi cmake git
```
## FreeBSD
* [Official package](https://www.freshports.org/irc/irssi-fish/)
## Arch Linux
```
# pacman -S cmake pkg-config glib2 openssl irssi
```
## CentOS / Fedora
* [AUR package](https://aur.archlinux.org/packages/fish-irssi-git/)
## CentOS - Fedora
```
yum install gcc pkgconfig cmake irssi irssi-devel openssl openssl-devel glib2 glib2-devel
```
* @duritong [copr repository](https://copr.fedorainfracloud.org/coprs/duritong/irssi-fish/) with binary packages
# Building
Just type in the following commands:
@ -164,7 +174,7 @@ Send a FiSHed action to the current window.
```
/setkey [servertag] [nick / #channel] <key>
```
Sets the key used to FiSH the messages for the current window or to the specified target. To use CBC mode, prefix the key with "cbc:".
Sets the key used to FiSH the messages for the current window or to the specified target. To use CBC mode, prefix the key with ```cbc:```.
```
/delkey [servertag] [nick/#channel]
@ -177,9 +187,9 @@ Unsets the key used to FiSH the messages for the current window or to the specif
Shows the used key to FiSH the messages for the current window or to the specified target. The key will appear in the target window.
```
/keyx [-ecb] [nick]
/keyx [-ecb|-cbc] [nick]
```
Forces a DH key exchange in the current window or to the specified target. The default mode is CBC, use "-ecb" to use ECB Mode.
Forces a DH key exchange in the current window or to the specified target. The default mode is CBC, use the ```-ecb``` parameter to force ECB mode.
```
/setinipw <password>
@ -201,7 +211,6 @@ Used to ask again for the blow.ini password if the user inserts an invalid passw
```
Show a little help inside irssi.
# Tested
FiSH-irssi has been tested on various OS and arches:

2
src/common/blowfish_cbc.c
View File

@ -87,7 +87,7 @@ decrypt_string_cbc (const char *key, const char *str, char *dest, int len)
goto fail;
}
BIO_set_flags(l_b64, BIO_FLAGS_BASE64_NO_NL);
BIO *l_mem = BIO_new_mem_buf(str, len);
BIO *l_mem = BIO_new_mem_buf((char *)str, len);
if(!l_mem) {
goto fail;
}

1
src/common/blowfish_cbc.h
View File

@ -5,6 +5,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
//#include "FiSH_version.h"
#ifdef HAVE_STDINT
#include <stdint.h>
#else

1
src/common/inifile.c
View File

@ -174,7 +174,6 @@ setIniValue(const char *section, const char *key, const char *value,
if (error != NULL) {
g_clear_error(&error);
return -1;
}
return 1;

76
src/irssi/FiSH.c
View File

@ -173,8 +173,10 @@ int FiSH_decrypt(const SERVER_REC * serverRec, char *msg_ptr,
}
// usually a received message does not exceed 512 chars, but we want to prevent evil buffer overflow
if (msg_len >= (int)(sizeof(bf_dest) * 1.5))
msg_ptr[(int)(sizeof(bf_dest) * 1.5) - 20] = '\0';
if (msg_len >= (int)(FiSH_div_ceil(sizeof(bf_dest), 3) * 4)) {
msg_ptr[(int)(FiSH_div_ceil(sizeof(bf_dest), 3) * 4) - 20] = '\0';
msg_len = strlen(msg_ptr); /* Update msg_len after re-setting the null terminator */
}
// block-align blowcrypt strings if truncated by IRC server (each block is 12 chars long)
// such a truncated block is destroyed and not needed anymore
@ -478,6 +480,24 @@ void raw_handler(SERVER_REC * server, char *data)
g_string_free(decrypted, TRUE);
}
static char *mark_crypted(const char *original) {
const char * mark = settings_get_str("mark_encrypted");
if(mark == NULL || *mark == '\0') {
return strdup(original);
}
// 0 for suffix, anything else for prefix
const int mark_position = settings_get_int("mark_position");
const size_t new_len = strlen(original) + strlen(mark) + 1;
char * new = (char *) calloc(new_len, sizeof(char));
snprintf(new, new_len, "%s%s", mark_position == 0 ? original : mark,
mark_position == 0 ? mark : original);
return new;
}
/*
* /notice+ <nick/#channel> <notice message>
*/
@ -486,6 +506,7 @@ void cmd_crypt_notice(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
char bf_dest[1000] = "", *msg;
const char *target;
void *free_arg = NULL;
char *marked;
if (data == NULL || (strlen(data) < 3))
goto notice_error;
@ -516,8 +537,11 @@ void cmd_crypt_notice(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
irc_send_cmdv((IRC_SERVER_REC *) server, "NOTICE %s :%s\n", target,
bf_dest);
signal_emit("message irc own_notice", 3, server, msg, target);
marked = mark_crypted(msg);
signal_emit("message irc own_notice", 3, server, marked, target);
cmd_params_free(free_arg);
free(marked);
return;
notice_error:
@ -535,6 +559,7 @@ void cmd_crypt_action(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
{
char bf_dest[1000] = "";
const char *target;
char *marked;
if (data == NULL || (strlen(data) < 2))
goto action_error;
@ -562,7 +587,10 @@ void cmd_crypt_action(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
irc_send_cmdv((IRC_SERVER_REC *) server,
"PRIVMSG %s :\001ACTION %s\001\n", target, bf_dest);
signal_emit("message irc own_action", 3, server, data, target);
marked = mark_crypted(data);
signal_emit("message irc own_action", 3, server, marked, target);
free(marked);
return;
action_error:
@ -639,7 +667,7 @@ static void sig_complete_topic_plus(GList **list, WINDOW_REC *window,
}
else { // prefix
if (strncmp(topic, mark, mark_len) == 0) {
g_memmove(topic, topic + mark_len, topic_len - mark_len);
memmove(topic, topic + mark_len, topic_len - mark_len + 1);
}
}
}
@ -661,7 +689,7 @@ void cmd_helpfish(const char *arg, SERVER_REC * server, WI_ITEM_REC * item)
" /setkey [-<server tag>] [<nick | #channel>] <key>\n"
" /delkey [-<server tag>] [<nick | #channel>]\n"
" /key|showkey [-<server tag>] [<nick | #channel>]\n"
" /keyx [-ecb] [<nick>]\n"
" /keyx [-ecb|-cbc] [<nick>]\n"
" /setinipw <blow.ini_password>\n"
" /unsetinipw\n"
" /fishlogin\n");
@ -1035,7 +1063,9 @@ void cmd_keyx(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
GHashTable *optlist = NULL;
char *target = NULL;
void *free_arg = NULL;
int ecb = 0;
int mode = -1;
char contactName[CONTACT_SIZE] = "";
struct IniValue iniValue;
if (server == NULL) {
printtext(NULL, NULL, MSGLEVEL_CRAP,
@ -1047,14 +1077,20 @@ void cmd_keyx(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
"keyx", &optlist, &target))
goto fail;
ecb = g_hash_table_lookup(optlist, "ecb") != NULL;
if (g_hash_table_lookup(optlist, "ecb") != NULL) {
mode = 0;
}
if (g_hash_table_lookup(optlist, "cbc") != NULL) {
mode = 1;
}
if (item != NULL && IsNULLorEmpty(target))
target = (char *)window_item_get_target(item);
if (IsNULLorEmpty(target)) {
printtext(NULL, NULL, MSGLEVEL_CRAP,
"\002FiSH:\002 Please define nick/#channel. Usage: /keyx [-ecb] <nick>");
"\002FiSH:\002 Please define nick/#channel. Usage: /keyx [-ecb|-cbc] <nick>");
goto fail;
}
@ -1066,15 +1102,27 @@ void cmd_keyx(const char *data, SERVER_REC * server, WI_ITEM_REC * item)
target = (char *)g_strchomp(target);
if ((mode == -1) && (getIniSectionForContact(server, target, contactName))) {
iniValue = allocateIni(contactName, "key", iniPath);
if (iniValue.iniKeySize == 1) {
mode = 1;
} else {
mode = iniValue.cbc;
}
freeIni(iniValue);
}
target = (char *)g_strchomp(target);
DH1080_gen(g_myPrivKey, g_myPubKey);
irc_send_cmdv((IRC_SERVER_REC *) server, "NOTICE %s :%s%s%s", target,
DH1080_INIT, g_myPubKey, ecb == 0 ? CBC_SUFFIX : "");
DH1080_INIT, g_myPubKey, mode == 1 ? CBC_SUFFIX : "");
printtext(server, item != NULL ? window_item_get_target(item) : NULL,
MSGLEVEL_CRAP,
"\002FiSH:\002 Sent my DH1080 public key to %s@%s (%s), waiting for reply ...",
target, server->tag, ecb == 1 ? "ECB" : "CBC");
target, server->tag, mode == 1 ? "CBC" : "ECB");
fail:
if(free_arg) {
cmd_params_free(free_arg);
@ -1173,8 +1221,8 @@ void DH1080_received(SERVER_REC * server, char *msg, char *nick, char *address,
return;
}
// Remember to use CBC mode
if ((mode == 1) && (setIniValue(contactName, "cbc", "1", iniPath) == -1)) {
// Remember mode
if (setIniValue(contactName, "cbc", mode == 0 ? "0" : "1", iniPath) == -1) {
printtext(server, nick, MSGLEVEL_CRAP,
"\002FiSH ERROR:\002 Unable to write to blow.ini, probably out of space or permission denied.");
return;
@ -1301,7 +1349,7 @@ void setup_fish()
command_bind("key", NULL, (SIGNAL_FUNC) cmd_key);
command_bind("showkey", NULL, (SIGNAL_FUNC) cmd_key);
command_bind("keyx", NULL, (SIGNAL_FUNC) cmd_keyx);
command_set_options("keyx", "-ecb");
command_set_options("keyx", "-ecb -cbc");
command_bind("setinipw", NULL, (SIGNAL_FUNC) cmd_setinipw);
command_bind("unsetinipw", NULL, (SIGNAL_FUNC) cmd_unsetinipw);

1
src/irssi/FiSH.h
View File

@ -23,6 +23,7 @@ int keyx_query_created = 0;
#define ZeroMemory(dest,count) memset((void *)dest, 0, count)
#define IsNULLorEmpty(psz) (psz==NULL || *psz=='\0')
#define isNoChar(c) ((c) == 'n' || (c) == 'N' || (c) == '0')
#define FiSH_div_ceil(n, d) ((n / d) + (!!(n % d)))
#define DH1080_INIT "DH1080_INIT "
#define DH1080_FINISH "DH1080_FINISH "
#define CBC_SUFFIX " CBC"