Class: Cinch::SASL::DH_Blowfish Private

Inherits:
Mechanism show all
Defined in:
lib/cinch/sasl/dh_blowfish.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

DH-BLOWFISH is a combination of Diffie-Hellman key exchange and the Blowfish encryption algorithm. Due to its nature it is more secure than transmitting the password unencrypted and can be used on potentially insecure networks.

Since:

  • 2.0.0

Class Method Summary collapse

Class Method Details

.generate(user, password, payload) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

  • 2.0.0


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'lib/cinch/sasl/dh_blowfish.rb', line 37

def generate(user, password, payload)
  # duplicate the passed strings because we are modifying them
  # later and they might come from the configuration store or
  # similar
  user     = user.dup
  password = password.dup

  data = Base64.decode64(payload).force_encoding("ASCII-8BIT")

  p, g, y = unpack_payload(data)

  dh      = DiffieHellman.new(p, g, 23)
  pub_key = dh.generate
  secret  = OpenSSL::BN.new(dh.secret(y).to_s).to_s(2)
  public  = OpenSSL::BN.new(pub_key.to_s).to_s(2)

  # Pad password so its length is a multiple of the cipher block size
  password << "\0"
  password << "." * (8 - (password.size % 8))

  crypted = ""
  cipher = OpenSSL::Cipher.new("BF-ECB")
  cipher.key_len = 32 # OpenSSL's default of 16 doesn't work
  cipher.encrypt
  cipher.key = secret

  crypted = cipher.update(password) # we do not want the content of cipher.final

  answer = [public.bytesize, public, user, crypted].pack("na*Z*a*")
  Base64.strict_encode64(answer)
end

.mechanism_nameString

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

  • 2.0.0


14
15
16
# File 'lib/cinch/sasl/dh_blowfish.rb', line 14

def mechanism_name
  "DH-BLOWFISH"
end

.unpack_payload(payload) ⇒ Array(Numeric, Numeric, Numeric)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns p, g and y for DH

Since:

  • 2.0.0


19
20
21
22
23
24
25
26
27
28
29
30
31
# File 'lib/cinch/sasl/dh_blowfish.rb', line 19

def unpack_payload(payload)
  pgy     = []
  payload = payload.dup

  3.times do
    size = payload.unpack("n").first
    payload.slice!(0, 2)
    pgy << payload.unpack("a#{size}").first
    payload.slice!(0, size)
  end

  pgy.map {|i| OpenSSL::BN.new(i, 2).to_i}
end