[u/mdw/catacomb] / rc4.c

/* -*-c-*-
 *
 * $Id: rc4.c,v 1.3 1999/12/13 15:34:01 mdw Exp $
 *
 * The alleged RC4 stream cipher
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: rc4.c,v $
 * Revision 1.3  1999/12/13 15:34:01  mdw
 * Add support for seeding from a generic pseudorandom source.
 *
 * Revision 1.2  1999/12/10 23:27:35  mdw
 * Generic cipher and RNG interfaces.
 *
 * Revision 1.1  1999/09/03 08:41:12  mdw
 * Initial import.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include <assert.h>
#include <stdarg.h>
#include <stdio.h>

#include <mLib/bits.h>
#include <mLib/sub.h>

#include "gcipher.h"
#include "grand.h"
#include "rc4.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @rc4_init@ --- *
 *
 * Arguments:	@rc4_ctx *ctx@ = pointer to context to initialize
 *		@const void *k@ = pointer to key data to use
 *		@size_t sz@ = size of the key data
 *
 * Returns:	---
 *
 * Use:		Initializes an RC4 context ready for use.
 */

void rc4_init(rc4_ctx *ctx, const void *k, size_t sz)
{
  unsigned i, j;
  const octet *p = k, *q = p + sz;

  assert(((void)"RC4 does not support zero length keys", sz != 0));

  for (i = 0; i < 256; i++)
    ctx->s[i] = i;
  ctx->f = 0;
  ctx->i = ctx->j = 0;
  
  for (i = j = 0; i < 256; i++) {
    unsigned si = ctx->s[i];
    j = (j + si + *p++) & 0xff;
    ctx->s[i] = ctx->s[j];
    ctx->s[j] = si;
    if (p == q)
      p = k;
  }
}

/* --- @rc4_encrypt@ --- *
 *
 * Arguments:	@rc4_ctx *ctx@ = pointer to context to use
 *		@const void *src@ = pointer to the source block
 *		@void *dest@ = pointer to the destination block
 *		@size_t sz@ = size of the block
 *
 * Returns:	---
 *
 * Use:		Encrypts or decrypts a block of data.  The destination may
 *		be null to just grind the generator around for a while.  It's
 *		recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
 *		after initializing a new context, to prevent keystream
 *		guessing attacks.  The source may be null to just extract a
 *		big lump of data from the generator.
 */

void rc4_encrypt(rc4_ctx *ctx, const void *src, void *dest, size_t sz)
{
  const octet *s = src;
  octet *d = dest;

  if (!d)
    RC4_OPEN(ctx, while (sz) { unsigned x; RC4_BYTE(x); sz--; });
  else if (!s)
    RC4_OPEN(ctx, while (sz) { RC4_BYTE(*d++); sz--; });
  else
    RC4_OPEN(ctx,
	     while (sz) { unsigned x; RC4_BYTE(x); *d++ = *s++ ^ x; sz--; });
}

/*----- Generic cipher interface ------------------------------------------*/

typedef struct gctx {
  gcipher c;
  rc4_ctx rc4;
} gctx;

static const gcipher_ops gops;

static gcipher *ginit(const void *k, size_t sz)
{
  gctx *g = CREATE(gctx);
  g->c.ops = &gops;
  rc4_init(&g->rc4, k, sz);
  return (&g->c);
}

static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)
{
  gctx *g = (gctx *)c;
  rc4_encrypt(&g->rc4, s, t, sz);
}

static void gdestroy(gcipher *c)
{
  gctx *g = (gctx *)c;
  DESTROY(g);
}

static const gcipher_ops gops = {
  &rc4.b,
  gencrypt, gencrypt, gdestroy, 0, 0
};

const gccipher rc4 = {
  { "rc4", 0, 0 },
  ginit
};

/*----- Generic random number generator interface -------------------------*/

typedef struct grctx {
  grand r;
  rc4_ctx rc4;
} grctx;

static void grdestroy(grand *r)
{
  grctx *g = (grctx *)r;
  DESTROY(g);
}

static int grmisc(grand *r, unsigned op, ...)
{
  grctx *g = (grctx *)r;
  va_list ap;
  int rc = 0;
  octet buf[4];
  va_start(ap, op);

  switch (op) {
    case GRAND_CHECK:
      switch (va_arg(ap, unsigned)) {
	case GRAND_CHECK:
	case GRAND_SEEDINT:
	case GRAND_SEEDUINT32:
	case GRAND_SEEDBLOCK:
	case GRAND_SEEDRAND:
	  rc = 1;
	  break;
	default:
	  rc = 0;
	  break;
      }
      break;
    case GRAND_SEEDINT:
      STORE32(buf, va_arg(ap, unsigned));
      rc4_init(&g->rc4, buf, sizeof(buf));
      break;
    case GRAND_SEEDUINT32:
      STORE32(buf, va_arg(ap, uint32));
      rc4_init(&g->rc4, buf, sizeof(buf));
      break;
    case GRAND_SEEDBLOCK: {
      const void *p = va_arg(ap, const void *);
      size_t sz = va_arg(ap, size_t);
      rc4_init(&g->rc4, p, sz);
    } break;
    case GRAND_SEEDRAND: {
      grand *rr = va_arg(ap, grand *);
      octet buf[16];
      rr->ops->fill(rr, buf, sizeof(buf));
      rc4_init(&g->rc4, buf, sizeof(buf));
    } break;
    default:
      GRAND_BADOP;
      break;
  }

  va_end(ap);
  return (rc);
}

static octet grbyte(grand *r)
{
  grctx *g = (grctx *)r;
  octet o;
  RC4_OPEN(&g->rc4, RC4_BYTE(o););
  return (o);
}

static uint32 grword(grand *r)
{
  grctx *g = (grctx *)r;
  octet b[4];
  int i;
  RC4_OPEN(&g->rc4,
	   for (i = 0; i < sizeof(b); i++)
	     RC4_BYTE(b[i]););
  return (LOAD32(b));
}

static void grfill(grand *r, void *p, size_t sz)
{
  grctx *g = (grctx *)r;
  rc4_encrypt(&g->rc4, 0, p, sz);
}

static const grand_ops grops = {
  "rc4",
  0,
  grmisc, grdestroy,
  grword, grbyte, grword, grand_range, grfill
};

/* --- @rc4_rand@ --- *
 *
 * Arguments:	@const void *k@ = pointer to key material
 *		@size_t sz@ = size of key material
 *
 * Returns:	Pointer to generic random number generator interface.
 *
 * Use:		Creates a random number interface wrapper around an
 *		OFB-mode block cipher.
 */

grand *rc4_rand(const void *k, size_t sz)
{
  grctx *g = CREATE(grctx);
  g->r.ops = &grops;
  rc4_init(&g->rc4, k, sz);
  return (&g->r);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>
#include <string.h>

#include <mLib/quis.h>
#include <mLib/testrig.h>

static int v_encrypt(dstr *v)
{
  rc4_ctx ctx;
  dstr d = DSTR_INIT;
  int ok = 1;

  rc4_init(&ctx, v[0].buf, v[0].len);
  dstr_ensure(&d, v[1].len);
  d.len = v[1].len;
  rc4_encrypt(&ctx, v[1].buf, d.buf, d.len);

  if (memcmp(v[2].buf, d.buf, d.len) != 0) {
    ok = 0;
    printf("\nfail encryption:"
	   "\n\tkey        = ");
    type_hex.dump(&v[0], stdout);
    printf("\n\tplaintext  = "); type_hex.dump(&v[1], stdout);
    printf("\n\texpected   = "); type_hex.dump(&v[2], stdout);
    printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
    putchar('\n');
  }

  return (ok);
}

static int v_generate(dstr *v)
{
  rc4_ctx ctx;
  dstr d = DSTR_INIT;
  int ok = 1;

  rc4_init(&ctx, v[0].buf, v[0].len);
  rc4_encrypt(&ctx, 0, 0, *(int *)v[1].buf);
  dstr_ensure(&d, v[2].len);
  d.len = v[2].len;
  rc4_encrypt(&ctx, 0, d.buf, d.len);

  if (memcmp(v[2].buf, d.buf, d.len) != 0) {
    ok = 0;
    printf("\nfail generation:"
	   "\n\tkey        = ");
    type_hex.dump(&v[0], stdout);
    printf("\n\tskip len   = %i", *(int *)v[1].buf);
    printf("\n\texpected   = "); type_hex.dump(&v[2], stdout);
    printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
    putchar('\n');
  }

  return (ok);
}

static test_chunk defs[] = {
  { "rc4-encrypt", v_encrypt, { &type_hex, &type_hex, &type_hex, 0 } },
  { "rc4-generate", v_generate, { &type_hex, &type_int, &type_hex, 0 } },
  { 0, 0, { 0 } }
};

int main(int argc, char *argv[])
{
  test_run(argc, argv, defs, SRCDIR"/tests/rc4");
  return (0);
}

#endif

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
d03ab969	1	/* --c--
d03ab969	2	*
4ab1268f	3	* $Id: rc4.c,v 1.3 1999/12/13 15:34:01 mdw Exp $
d03ab969	4	*
	5	* The alleged RC4 stream cipher
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: rc4.c,v $
4ab1268f	33	* Revision 1.3 1999/12/13 15:34:01 mdw
	34	* Add support for seeding from a generic pseudorandom source.
	35	*
41f91aa3	36	* Revision 1.2 1999/12/10 23:27:35 mdw
	37	* Generic cipher and RNG interfaces.
	38	*
d03ab969	39	* Revision 1.1 1999/09/03 08:41:12 mdw
	40	* Initial import.
	41	*
	42	*/
	43
	44	/----- Header files ------------------------------------------------------/
	45
	46	#include <assert.h>
41f91aa3	47	#include <stdarg.h>
d03ab969	48	#include <stdio.h>
	49
	50	#include <mLib/bits.h>
41f91aa3	51	#include <mLib/sub.h>
d03ab969	52
41f91aa3	53	#include "gcipher.h"
41f91aa3	54	#include "grand.h"
d03ab969	55	#include "rc4.h"
	56
	57	/----- Main code ---------------------------------------------------------/
	58
	59	/* --- @rc4_init@ --- *
	60	*
	61	* Arguments: @rc4_ctx *ctx@ = pointer to context to initialize
	62	* @const void *k@ = pointer to key data to use
	63	* @size_t sz@ = size of the key data
	64	*
	65	* Returns: ---
	66	*
	67	* Use: Initializes an RC4 context ready for use.
	68	*/
	69
	70	void rc4_init(rc4_ctx ctx, const void k, size_t sz)
	71	{
	72	unsigned i, j;
	73	const octet p = k, q = p + sz;
	74
	75	assert(((void)"RC4 does not support zero length keys", sz != 0));
	76
	77	for (i = 0; i < 256; i++)
	78	ctx->s[i] = i;
	79	ctx->f = 0;
	80	ctx->i = ctx->j = 0;
	81
	82	for (i = j = 0; i < 256; i++) {
	83	unsigned si = ctx->s[i];
	84	j = (j + si + *p++) & 0xff;
	85	ctx->s[i] = ctx->s[j];
	86	ctx->s[j] = si;
	87	if (p == q)
	88	p = k;
	89	}
d03ab969	90	}
	91
	92	/* --- @rc4_encrypt@ --- *
	93	*
	94	* Arguments: @rc4_ctx *ctx@ = pointer to context to use
	95	* @const void *src@ = pointer to the source block
	96	* @void *dest@ = pointer to the destination block
	97	* @size_t sz@ = size of the block
	98	*
	99	* Returns: ---
	100	*
	101	* Use: Encrypts or decrypts a block of data. The destination may
	102	* be null to just grind the generator around for a while. It's
	103	* recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
	104	* after initializing a new context, to prevent keystream
	105	* guessing attacks. The source may be null to just extract a
	106	* big lump of data from the generator.
	107	*/
	108
	109	void rc4_encrypt(rc4_ctx ctx, const void src, void *dest, size_t sz)
	110	{
	111	const octet *s = src;
	112	octet *d = dest;
	113
	114	if (!d)
	115	RC4_OPEN(ctx, while (sz) { unsigned x; RC4_BYTE(x); sz--; });
	116	else if (!s)
	117	RC4_OPEN(ctx, while (sz) { RC4_BYTE(*d++); sz--; });
	118	else
	119	RC4_OPEN(ctx,
	120	while (sz) { unsigned x; RC4_BYTE(x); d++ = s++ ^ x; sz--; });
	121	}
	122
41f91aa3	123	/----- Generic cipher interface ------------------------------------------/
	124
	125	typedef struct gctx {
	126	gcipher c;
	127	rc4_ctx rc4;
	128	} gctx;
	129
	130	static const gcipher_ops gops;
	131
	132	static gcipher ginit(const void k, size_t sz)
	133	{
	134	gctx *g = CREATE(gctx);
	135	g->c.ops = &gops;
	136	rc4_init(&g->rc4, k, sz);
	137	return (&g->c);
	138	}
	139
	140	static void gencrypt(gcipher c, const void s, void *t, size_t sz)
	141	{
	142	gctx g = (gctx )c;
	143	rc4_encrypt(&g->rc4, s, t, sz);
	144	}
	145
	146	static void gdestroy(gcipher *c)
	147	{
	148	gctx g = (gctx )c;
	149	DESTROY(g);
	150	}
	151
	152	static const gcipher_ops gops = {
	153	&rc4.b,
	154	gencrypt, gencrypt, gdestroy, 0, 0
	155	};
	156
	157	const gccipher rc4 = {
	158	{ "rc4", 0, 0 },
	159	ginit
	160	};
	161
	162	/----- Generic random number generator interface -------------------------/
	163
	164	typedef struct grctx {
	165	grand r;
	166	rc4_ctx rc4;
	167	} grctx;
	168
	169	static void grdestroy(grand *r)
	170	{
	171	grctx g = (grctx )r;
	172	DESTROY(g);
	173	}
	174
	175	static int grmisc(grand *r, unsigned op, ...)
	176	{
	177	grctx g = (grctx )r;
	178	va_list ap;
	179	int rc = 0;
	180	octet buf[4];
	181	va_start(ap, op);
	182
	183	switch (op) {
	184	case GRAND_CHECK:
	185	switch (va_arg(ap, unsigned)) {
	186	case GRAND_CHECK:
187	case GRAND_SEEDINT:
188	case GRAND_SEEDUINT32:
189	case GRAND_SEEDBLOCK:
4ab1268f	190	case GRAND_SEEDRAND:
41f91aa3	191	rc = 1;
	192	break;
	193	default:
	194	rc = 0;
	195	break;
	196	}
	197	break;
	198	case GRAND_SEEDINT:
	199	STORE32(buf, va_arg(ap, unsigned));
	200	rc4_init(&g->rc4, buf, sizeof(buf));
	201	break;
	202	case GRAND_SEEDUINT32:
	203	STORE32(buf, va_arg(ap, uint32));
	204	rc4_init(&g->rc4, buf, sizeof(buf));
	205	break;
	206	case GRAND_SEEDBLOCK: {
	207	const void p = va_arg(ap, const void );
	208	size_t sz = va_arg(ap, size_t);
	209	rc4_init(&g->rc4, p, sz);
	210	} break;
4ab1268f	211	case GRAND_SEEDRAND: {
	212	grand rr = va_arg(ap, grand );
	213	octet buf[16];
	214	rr->ops->fill(rr, buf, sizeof(buf));
	215	rc4_init(&g->rc4, buf, sizeof(buf));
	216	} break;
	217	default:
	218	GRAND_BADOP;
	219	break;
41f91aa3	220	}
	221
	222	va_end(ap);
	223	return (rc);
	224	}
	225
	226	static octet grbyte(grand *r)
	227	{
	228	grctx g = (grctx )r;
	229	octet o;
	230	RC4_OPEN(&g->rc4, RC4_BYTE(o););
	231	return (o);
	232	}
	233
	234	static uint32 grword(grand *r)
	235	{
	236	grctx g = (grctx )r;
	237	octet b[4];
	238	int i;
	239	RC4_OPEN(&g->rc4,
	240	for (i = 0; i < sizeof(b); i++)
	241	RC4_BYTE(b[i]););
	242	return (LOAD32(b));
	243	}
	244
	245	static void grfill(grand r, void p, size_t sz)
	246	{
	247	grctx g = (grctx )r;
	248	rc4_encrypt(&g->rc4, 0, p, sz);
	249	}
	250
	251	static const grand_ops grops = {
	252	"rc4",
	253	0,
	254	grmisc, grdestroy,
	255	grword, grbyte, grword, grand_range, grfill
	256	};
	257
	258	/* --- @rc4_rand@ --- *
	259	*
	260	* Arguments: @const void *k@ = pointer to key material
	261	* @size_t sz@ = size of key material
	262	*
	263	* Returns: Pointer to generic random number generator interface.
	264	*
	265	* Use: Creates a random number interface wrapper around an
	266	* OFB-mode block cipher.
	267	*/
	268
	269	grand rc4_rand(const void k, size_t sz)
	270	{
	271	grctx *g = CREATE(grctx);
	272	g->r.ops = &grops;
	273	rc4_init(&g->rc4, k, sz);
	274	return (&g->r);
	275	}
	276
d03ab969	277	/----- Test rig ----------------------------------------------------------/
	278
	279	#ifdef TEST_RIG
	280
	281	#include <stdio.h>
	282	#include <string.h>
	283
	284	#include <mLib/quis.h>
	285	#include <mLib/testrig.h>
	286
	287	static int v_encrypt(dstr *v)
	288	{
	289	rc4_ctx ctx;
	290	dstr d = DSTR_INIT;
	291	int ok = 1;
	292
	293	rc4_init(&ctx, v[0].buf, v[0].len);
	294	dstr_ensure(&d, v[1].len);
	295	d.len = v[1].len;
	296	rc4_encrypt(&ctx, v[1].buf, d.buf, d.len);
	297
	298	if (memcmp(v[2].buf, d.buf, d.len) != 0) {
	299	ok = 0;
	300	printf("\nfail encryption:"
	301	"\n\tkey = ");
	302	type_hex.dump(&v[0], stdout);
	303	printf("\n\tplaintext = "); type_hex.dump(&v[1], stdout);
	304	printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
	305	printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
	306	putchar('\n');
	307	}
	308
	309	return (ok);
	310	}
	311
	312	static int v_generate(dstr *v)
	313	{
	314	rc4_ctx ctx;
	315	dstr d = DSTR_INIT;
	316	int ok = 1;
	317
	318	rc4_init(&ctx, v[0].buf, v[0].len);
	319	rc4_encrypt(&ctx, 0, 0, (int )v[1].buf);
	320	dstr_ensure(&d, v[2].len);
	321	d.len = v[2].len;
	322	rc4_encrypt(&ctx, 0, d.buf, d.len);
	323
	324	if (memcmp(v[2].buf, d.buf, d.len) != 0) {
	325	ok = 0;
	326	printf("\nfail generation:"
	327	"\n\tkey = ");
	328	type_hex.dump(&v[0], stdout);
	329	printf("\n\tskip len = %i", (int )v[1].buf);
	330	printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
	331	printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
	332	putchar('\n');
	333	}
	334
	335	return (ok);
	336	}
	337
	338	static test_chunk defs[] = {
	339	{ "rc4-encrypt", v_encrypt, { &type_hex, &type_hex, &type_hex, 0 } },
	340	{ "rc4-generate", v_generate, { &type_hex, &type_int, &type_hex, 0 } },
341	{ 0, 0, { 0 } }
342	};
343
344	int main(int argc, char *argv[])
345	{
346	test_run(argc, argv, defs, SRCDIR"/tests/rc4");
347	return (0);
348	}
349
350	#endif
351
352	/----- That's all, folks -------------------------------------------------/