Mircryption/XChat 0.4.0-alpha w/ DH1080 Key Exchange !

[gjehle]

Yes, you read correctly.
It's been done.

grab the changed code from http://mein-bowl.de/oss/mcpsx
or directly from http://mein-bowl.de/..._0.4.0-alpha.tar.bz2

this is by NO MEANS an official new mcps/xchat version!
this code is alpha, probably has bugs, might be insecure, blow up in your face.
it also depends on the OpenSSL library for doing the diffie-helman key agreement

i'm posting this here because i need your input and support.
if you're using mircryption with xchat and you feel confident enough to do so, please go ahead and test this code.

if you find any bugs or have suggestions, please contact me.

known bugs:
- doesn't use the name of the current query window if no parameter to /keyx is given (workaround: use /keyx NICKNAME)

known issues:
- there are some return values, mostly from the OpenSSL functions that aren't being checked yet. this has to be done.
- makefile for windows needs to be modified
- only tested on linux x86_64
- doesn't compile on intel macs (known issue with all versions of mircryption/xchat)

UPDATE
i should note a few things that are different in the way i implemented DH1080

- there can only be one key exchange at the same time (to prevent mix ups of public keys)
- there is a 7 second timeout in which B has to answer to A's request to exchange keys
- there is a new command "DH1080_ABORT <reason>" to ignore requests with an optional reason

that's it, this doesn't break compatibility with either fish or mcps/mirc

UPDATE! 2009-01-10
thanks to dev00 (http://dev00.pytalhost.com/) there's now a windows build of the (latest) inofficial mircryption version.
this enables windows users to use the DH1080 keyexchange!
since I don't run windows, I haven't had a chance to test it yet myself.

There's a binary as well as source code with a working visual studio project available from http://voobar.follvalsch.de/mcpsx
The binary version is dynamically linked against OpenSSL 0.8.9i from http://www.slproweb....ts/Win32OpenSSL.html which you'd have to install.

[mouser]

amazing. people have actually been asking for this for a long time.

[housetier]

Ubuntu and debian users need to install the package libssl-dev. This, and all the other packages one needed before.

So far it seems to work on my 32bit ubuntu

[Select]

/keyx hadez

was successful.

[mouser]

gjehle,

you may know that i added a cbc mode of key exchange for mircryption mirc, that will create a random cbc mode key instead of an old-style ecb style key, if both users are using mircryption mirc.  when you get a chance it would be great if you can implement this for your key exchange as well.  should require very little work it's just a matter of seeing if the other person returns an acknowledgement that they also support cbc and then prefixing a cbc: to the key set if so.

[gjehle]

you may know that i added a cbc mode of key exchange for mircryption mirc,[...]

-mouser (May 01, 2007, 05:02 PM)

i'd have to take a look at it first, but it sounds nice.
i'll add it to my todo for future features

[gjehle]

thanks to dev00 (http://dev00.pytalhost.com/) there's now a windows build of the (latest) inofficial mircryption version.
this enables windows users to use the DH1080 keyexchange!
since I don't run windows, I haven't had a chance to test it yet myself.

There's a binary as well as source code with a working visual studio project available from http://voobar.follvalsch.de/mcpsx
The binary version is dynamically linked against OpenSSL 0.8.9i from http://www.slproweb....ts/Win32OpenSSL.html which you'd have to install.

[mouser]

nice!!

[bamboo123]

Just found some little problem with 0.4.0-alpha:
scenerio: you're connected multiple times (diffrent nicknames) to the same network.
when you try to /keyx with a nick you already /keyx'ed with using a other of your connection, xchat chrashes.

gdb says:

[Select]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7148710 (LWP 28464)]
0xb735c613 in strlen () from /lib/tls/i686/cmov/libc.so.6

gdb backtrace:

[Select]

#0  0xb735c613 in strlen () from /lib/tls/i686/cmov/libc.so.6
#1  0xb6d14132 in std::string::operator= () from /usr/lib/libstdc++.so.6
#2  0xb5901acf in mc_keyx () from /home/username/.xchat2/mircryption.so
#3  0x080a0ecc in ?? ()
#4  0x0809e76b in ?? ()
#5  0x0809f493 in ?? ()
#6  0x08071b36 in ?? ()
#7  0xb76d43a4 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#8  0xb76c6c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#9  0xb76dce57 in ?? () from /usr/lib/libgobject-2.0.so.0
#10 0xb7c13670 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#11 0xb7c13c2c in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#12 0xb7c13e9d in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#13 0xb7c1400e in gtk_bindings_activate_event () from /usr/lib/libgtk-x11-2.0.so.0
#14 0xb7c5fdef in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#15 0xb7cd9526 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#16 0xb76c53d9 in ?? () from /usr/lib/libgobject-2.0.so.0
#17 0xb76c6ba8 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#18 0xb76dcaff in ?? () from /usr/lib/libgobject-2.0.so.0
#19 0xb76de34f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#20 0xb76de936 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#21 0xb7df42ae in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#22 0xb7e0811f in gtk_window_propagate_key_event () from /usr/lib/libgtk-x11-2.0.so.0
#23 0xb7e0b49c in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#24 0xb7cd9526 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#25 0xb76c53d9 in ?? () from /usr/lib/libgobject-2.0.so.0
#26 0xb76c6c7b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#27 0xb76dcaff in ?? () from /usr/lib/libgobject-2.0.so.0
#28 0xb76de34f in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#29 0xb76de936 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#30 0xb7df42ae in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#31 0xb7cd2041 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#32 0xb7cd3327 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#33 0xb7b6034a in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#34 0xb749bb88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#35 0xb749f0eb in ?? () from /usr/lib/libglib-2.0.so.0
#36 0xb749f5ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#37 0xb7cd37d9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#38 0x0806158b in ?? ()
#39 0x080aeebd in ?? ()
#40 0xb72fb775 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#41 0x08055c31 in ?? ()

PS: os: ubuntu jaunty 32bit (all updates, Linux 2.6.28-11-generic) with xchat 2.8.6 (from the ubuntu jaunty backports).

[gjehle]

Just found some little problem with 0.4.0-alpha:
scenerio: you're connected multiple times (diffrent nicknames) to the same network.
when you try to /keyx with a nick you already /keyx'ed with using a other of your connection, xchat chrashes.

-bamboo123 (April 28, 2009, 07:19 AM)

How dare you do connect multiple times with the same client to the same network! ;-)
Do you have a paranoid-schizophrenic chatting disorder that you need to encrypt text you're sending to yourself?

I mean, is there really a need for this?

From the top of my head I would say implementing a fix for this could be a bit of work since I'd have to hold different openssl contexts for each opened connection.
Right now there's only one context per /keyx request.

[bamboo123]

Just found some little problem with 0.4.0-alpha:
scenerio: you're connected multiple times (diffrent nicknames) to the same network.
when you try to /keyx with a nick you already /keyx'ed with using a other of your connection, xchat chrashes.

-bamboo123 (April 28, 2009, 07:19 AM)

How dare you do connect multiple times with the same client to the same network! ;-)
Do you have a paranoid-schizophrenic chatting disorder that you need to encrypt text you're sending to yourself?
(...)

-gjehle (April 28, 2009, 09:48 AM)

I'm teh Gollum zwzwzw ME TOO! j/k. the problem isn't about chatting with me, myself and I, it's with messaging a third person from both the connections.

PS: i need multiple connections, as I have no friends and really like to flirt with myself
PSS: i'm connecting using two diffrent proxys, so at least no multiple connections from the same host

[gjehle]

okay,
I'd have to take a look at this if time allows so it might be a while till you hear back from ne on this.
Are you on Windows or Linux?

[bamboo123]

(...)
PS: os: ubuntu jaunty 32bit (all updates, Linux 2.6.28-11-generic) with xchat 2.8.6 (from the ubuntu jaunty backports).

-bamboo123 (April 28, 2009, 07:19 AM)

[Carmageddon]

Can you please tell me how to compile it? I already have Xchat working with Mircryption, I thought I had to compile this separately and add the result as a library or something.. but I cant get it to compile.

user@deskubuntu:~/Downloads/Temp/mcps_xchat_0.4.0-alpha$ make nix64bit
make _mircryption  CFLAGS="-c -x c++ -fPIC" LDFLAGS="-shared -fPIC -Wl,-soname,mircryption.so -lssl -lcrypto"
make[1]: Entering directory `/home/user/Downloads/Temp/mcps_xchat_0.4.0-alpha'
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
To Build mircryption, type 'make TARGET' (generic | linux | nix64bit | freebsd | macosx | macosxintel | windows | altlink | altlink2)
 or type: 'make clean' to clean .o and .so
 or type: 'make install' to try to install the mircryption.so dll into ~/.xchat2
try altlink1 or altlink2 if your linker complains about not being able to find the .o files
    altlink1 may be good for freebsd
Compiling mircryption
gcc -c -x c++ -fPIC  -I../ -I./ -I./dh1080/ mircryption.cpp -o mircryption.o
mircryption.cpp:99:26: fatal error: xchat-plugin.h: No such file or directory
compilation terminated.
make[1]: *** [mircryption.o] Error 1
make[1]: Leaving directory `/home/user/Downloads/Temp/mcps_xchat_0.4.0-alpha'
make: *** [nix64bit] Error 2

I of course have mircryption.so in ~/.xchat2

[gjehle]

Looking at the most prominent error message in your paste, I'd say you're missing the xchat-plugin.h header

mircryption.cpp:99:26: fatal error: xchat-plugin.h: No such file or directory

You have to install xchat-common and add /usr/include/xchat/ to the include path

[Carmageddon]

Ok, I tried this:

[Select]

sudo apt-get install  xchat-common
[sudo] password for genadi:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
xchat-common is already the newest version.
xchat-common set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
user@deskubuntu:~/Downloads/Temp$ sudo ldconfig /usr/include/xchat/

This did not help, same error persists.

[gjehle]

I'll try to look into this during the day. Just got up an hour ago

[gjehle]

Here we go.
I've re-packaged it a bit and put it on Github.
Please clone the repo from here https://github.com/h...d/mircryption-xchat2 or simply download release 0.4.1 from here https://github.com/h...tion-xchat2/releases

Now make sure you have xchat-common and libssl-dev packages installed.

Once you cloned or downloaded it, run ./build.sh nix64bit
This should automagically fetch the mircryption source, apply the necessary changes and build the shared object.
Once the build succeeded, you should find the final outcome in ./build/mircryption.so

Let me know if this works for you

[Carmageddon]

Seems to work, except that I am being asked twice for the Master passphrase for some reason when Xchat is started.

Thanks!!

[gjehle]

Seems to work

-Carmageddon (July 15, 2013, 12:58 PM)

sweet

except that I am being asked twice for the Master passphrase for some reason when Xchat is started.

-Carmageddon (July 15, 2013, 12:58 PM)

that's a little odd. however the passphrase entering and decryption stuff is all in code that i haven't really touched to implement the key exchange logic :/

[mouser]

gjehle, you rock! 

[gjehle]

If you mean by "rock" that I show up after years, then I might be
That was really minimally invasive surgery though.
Still glad I could help