Class: Cinch::SASL::DH_Blowfish Private
- Defined in:
- lib/cinch/sasl/dh_blowfish.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
DH-BLOWFISH is a combination of Diffie-Hellman key exchange and the Blowfish encryption algorithm. Due to its nature it is more secure than transmitting the password unencrypted and can be used on potentially insecure networks.
Class Method Summary collapse
-
.generate(user, password, payload) ⇒ String
private
-
.mechanism_name ⇒ String
private
-
.unpack_payload(payload) ⇒ Array(Numeric, Numeric, Numeric)
private
P, g and y for DH.
Class Method Details
.generate(user, password, payload) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/cinch/sasl/dh_blowfish.rb', line 37 def generate(user, password, payload) # duplicate the passed strings because we are modifying them # later and they might come from the configuration store or # similar user = user.dup password = password.dup data = Base64.decode64(payload).force_encoding("ASCII-8BIT") p, g, y = unpack_payload(data) dh = DiffieHellman.new(p, g, 23) pub_key = dh.generate secret = OpenSSL::BN.new(dh.secret(y).to_s).to_s(2) public = OpenSSL::BN.new(pub_key.to_s).to_s(2) # Pad password so its length is a multiple of the cipher block size password << "\0" password << "." * (8 - (password.size % 8)) crypted = "" cipher = OpenSSL::Cipher.new("BF-ECB") cipher.key_len = 32 # OpenSSL's default of 16 doesn't work cipher.encrypt cipher.key = secret crypted = cipher.update(password) # we do not want the content of cipher.final answer = [public.bytesize, public, user, crypted].pack("na*Z*a*") Base64.strict_encode64(answer) end |
.mechanism_name ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
14 15 16 |
# File 'lib/cinch/sasl/dh_blowfish.rb', line 14 def mechanism_name "DH-BLOWFISH" end |
.unpack_payload(payload) ⇒ Array(Numeric, Numeric, Numeric)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns p, g and y for DH.
19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/cinch/sasl/dh_blowfish.rb', line 19 def unpack_payload(payload) pgy = [] payload = payload.dup 3.times do size = payload.unpack("n").first payload.slice!(0, 2) pgy << payload.unpack("a#{size}").first payload.slice!(0, size) end pgy.map {|i| OpenSSL::BN.new(i, 2).to_i} end |