/***************************************************************************
 �*  �  Copyright (C) 2005 by hal9000 <hal9000@evilscientists.de>  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
  *  � Copyright (C) 2005 by Maurice Massar <vpnc@unix-ag.uni-kl.de>  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
  *  � Copyright (C) 2005 by Christoph Thielecke <crissi99@gmx.de>  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  � This program is free software; you can redistribute it and/or modify  �*
 �*  � it under the terms of the GNU General Public License as published by  �*
 �*  � the Free Software Foundation; either version 2 of the License, or  �  � *
 �*  � (at your option) any later version.  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  � This program is distributed in the hope that it will be useful,  �  �  � *
 �*  � but WITHOUT ANY WARRANTY; without even the implied warranty of  �  �  �  �*
 �*  � MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  �See the  �  �  �  � *
 �*  � GNU General Public License for more details.  �  �  �  �  �  �  �  �  �  �  �  �  �*
 �*  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  � You should have received a copy of the GNU General Public License  �  � *
 �*  � along with this program; if not, write to the  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  � Free Software Foundation, Inc.,  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  � *
 �*  � 59 Temple Place - Suite 330, Boston, MA  �02111-1307, USA.  �  �  �  �  �  � *
 �***************************************************************************/
#include "ciscopasswddecoder.h"

#include <tqfile.h>
#include <tqtextstream.h>
#include <kmessagebox.h>
#include <klocale.h>

CiscoPasswdDecoder::CiscoPasswdDecoder(TQString& profileFile)
{
	profile = profileFile;
}

CiscoPasswdDecoder::~CiscoPasswdDecoder()
{}

/* read hex strings for "enc_GroupPwd" and "enc_UserPassword" from profile file */
void CiscoPasswdDecoder::readProfileData(TQString& profile, TQString& userData, TQString& groupData)
{
	TQFile PcfFile(profile);
	TQTextStream stream ( &PcfFile );

	if ( PcfFile.open(IO_ReadOnly))
	{
		TQString line = "";
		while ( !stream.atEnd() )
		{
			line = stream.readLine(); // line of text excluding '\n' and replace all white chars with one blank
			if ( !line.startsWith("#") )
			{
				if (line.startsWith("enc_GroupPwd") || line.startsWith("enc_GroupPwd") )
					groupData=line.section('=',1,1).stripWhiteSpace();
				if (line.startsWith("enc_UserPassword") || line.startsWith("enc_GroupPwd") )
					userData=line.section('=',1,1).stripWhiteSpace();
			}
		}
		PcfFile.close();
	}
	else
	{
		KMessageBox::error ( 0, i18n ( "Reading of \"%1\" has been failed!" ).arg ( PcfFile.name() ) );
	}
}

int CiscoPasswdDecoder::hex2bin_c(unsigned int c)
{
	if ((c >= '0')&&(c <= '9'))
		return c - '0';
	if ((c >= 'A')&&(c <= 'F'))
		return c - 'A' + 10;
	if ((c >= 'a')&&(c <= 'f'))
		return c - 'a' + 10;
	return -1;
}

int CiscoPasswdDecoder::hex2bin(TQString str, TQString& bin, int& len)
{
TQString p;
	int i, l;

	for (i = 0; str[i] != '\0'; i++)
		if (hex2bin_c(TQChar(str[i]).tqunicode()) == -1)
			return EINVAL;

	l = i;
	if ((l & 1) != 0)
		return EINVAL;
	l /= 2;

	for (i = 0; i < l; i++)
		p+= hex2bin_c(TQChar(str[i*2]).tqunicode()) << 4 | hex2bin_c(TQChar(str[i*2+1]).tqunicode());

	bin = p;
	if (len)
		len = l;

	return 0;
}

int CiscoPasswdDecoder::c_decrypt(TQString ct, int len, char **resp, int reslenp)
{
	TQString h1  = ct;
	const char *h4  = ct.ascii() + 20;
	const char *enc = ct.ascii() + 40;

	char ht[20], h2[20], h3[20], key[24];
	const char *iv = h1.ascii();
	char *res;
	gcry_cipher_hd_t ctx;
	int reslen;

	if (len < 48)
		return 0;
	len -= 40;

	memcpy(ht, h1.ascii(), 20);

	ht[19]++;
	gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);

	ht[19] += 2;
	gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);

	memcpy(key, h2, 20);
	memcpy(key+20, h3, 4);
	/* who cares about parity anyway? */

	gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);

	if (memcmp(h4, ht, 20) != 0)
		return -1;

	res = (char *)malloc(len);
	if (res == NULL)
		return -1;

	gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
	gcry_cipher_setkey(ctx, key, 24);
	gcry_cipher_setiv(ctx, iv, 8);
	gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
	gcry_cipher_close(ctx);

	reslen = len - res[len-1];
	res[reslen] = '\0';

	if (resp)
		*resp = res;

		reslenp = reslen;
	return 0;
}

bool CiscoPasswdDecoder::decodePasswords(TQString& userPasswd, TQString& groupPasswd)
{
	TQString encUserPasswd="";
	TQString encGroupPasswd="";
	int i, len, ret = 0;
	char *pw, *pw2;
	TQString bin,bin2;
	int len2=0;
	bool success=true;

	readProfileData(profile, encUserPasswd, encGroupPasswd);


	if (!encGroupPasswd.isEmpty())
	{
		ret = hex2bin( encGroupPasswd, bin, len);


		if (ret != 0)
		{
			perror("error: groupPasswd: decoding input");
			success=false;
		}
		ret = c_decrypt(bin, len, &pw, 0);

		if (ret != 0)
		{
			perror("error: groupPasswd: decrypting input");
			success=false;
		}
		else
		{
// 		printf("groupPasswd: %s\n", pw);
// 			std::cout << "groupPasswd: " << TQString::fromLocal8Bit(pw) << std::endl;
			

		groupPasswd = TQString::fromLocal8Bit(pw);
		//free(pw);
		}
	}
	if (!encUserPasswd.isEmpty() )
	{
		i=0;
		len2=0;
	 	ret = 0;
		ret = hex2bin( encUserPasswd, bin2, len2);

		if (ret != 0)
		{
			perror("error: userPasswd: decoding input");
			success=false;
		}
		ret = c_decrypt(bin2, len2, &pw2, 0);
		//free(bin2);
		if (ret != 0)
		{
			perror("error: userPasswd: decrypting input");
			success=false;
		}
		else
		{

// // 		printf("userPasswd: %s\n", pw2);
// 		std::cout << "userPasswd " << TQString::fromLocal8Bit(pw2) << std::endl;
		userPasswd = TQString::fromLocal8Bit(pw2);


		//free(pw);
		}
	}

	

	return success;

}