[u/mdw/catacomb] / symm / rc4.c

/* -*-c-*-
 *
 * The alleged RC4 stream cipher
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <assert.h>
#include <stdarg.h>
#include <stdio.h>

#include <mLib/bits.h>
#include <mLib/sub.h>

#include "arena.h"
#include "gcipher.h"
#include "grand.h"
#include "paranoia.h"
#include "rc4.h"

/*----- Global variables --------------------------------------------------*/

const octet rc4_keysz[] = { KSZ_RANGE, RC4_KEYSZ, 1, 255, 1 };

/*----- Main code ---------------------------------------------------------*/

/* --- @rc4_addkey@ --- *
 *
 * Arguments:	@rc4_ctx *ctx@ = pointer to context to key
 *		@const void *k@ = pointer to key data to use
 *		@size_t sz@ = size of the key data
 *
 * Returns:	---
 *
 * Use:		Mixes key data with an RC4 context.  The RC4 context is not
 *		reset before mixing.  This may be used to mix new key
 *		material with an existing RC4 context.
 */

void rc4_addkey(rc4_ctx *ctx, const void *k, size_t sz)
{
  unsigned i, j;
  const octet *p = k, *q = p + sz;

  KSZ_ASSERT(rc4, sz);

  for (i = j = 0; i < 256; i++) {
    unsigned si = ctx->s[i];
    j = (j + si + *p++) & 0xff;
    ctx->s[i] = ctx->s[j];
    ctx->s[j] = si;
    if (p == q)
      p = k;
  }

  ctx->i = ctx->j = 0;
}

/* --- @rc4_init@ --- *
 *
 * Arguments:	@rc4_ctx *ctx@ = pointer to context to initialize
 *		@const void *k@ = pointer to key data to use
 *		@size_t sz@ = size of the key data
 *
 * Returns:	---
 *
 * Use:		Initializes an RC4 context ready for use.
 */

void rc4_init(rc4_ctx *ctx, const void *k, size_t sz)
{
  unsigned i;

  for (i = 0; i < 256; i++)
    ctx->s[i] = i;
  ctx->f = 0;
  rc4_addkey(ctx, k, sz);
}

/* --- @rc4_encrypt@ --- *
 *
 * Arguments:	@rc4_ctx *ctx@ = pointer to context to use
 *		@const void *src@ = pointer to the source block
 *		@void *dest@ = pointer to the destination block
 *		@size_t sz@ = size of the block
 *
 * Returns:	---
 *
 * Use:		Encrypts or decrypts a block of data.  The destination may
 *		be null to just grind the generator around for a while.  It's
 *		recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
 *		after initializing a new context, to prevent keystream
 *		guessing attacks.  The source may be null to just extract a
 *		big lump of data from the generator.
 */

void rc4_encrypt(rc4_ctx *ctx, const void *src, void *dest, size_t sz)
{
  const octet *s = src;
  octet *d = dest;

  if (!d)
    RC4_OPEN(ctx, while (sz) { unsigned x; RC4_BYTE(x); (void)x; sz--; });
  else if (!s)
    RC4_OPEN(ctx, while (sz) { RC4_BYTE(*d++); sz--; });
  else
    RC4_OPEN(ctx,
	     while (sz) { unsigned x; RC4_BYTE(x); *d++ = *s++ ^ x; sz--; });
}

/*----- Generic cipher interface ------------------------------------------*/

typedef struct gctx {
  gcipher c;
  rc4_ctx rc4;
} gctx;

static const gcipher_ops gops;

static gcipher *ginit(const void *k, size_t sz)
{
  gctx *g = S_CREATE(gctx);
  g->c.ops = &gops;
  rc4_init(&g->rc4, k, sz);
  return (&g->c);
}

static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)
{
  gctx *g = (gctx *)c;
  rc4_encrypt(&g->rc4, s, t, sz);
}

static void gdestroy(gcipher *c)
{
  gctx *g = (gctx *)c;
  BURN(*g);
  S_DESTROY(g);
}

static const gcipher_ops gops = {
  &rc4,
  gencrypt, gencrypt, gdestroy, 0, 0
};

const gccipher rc4 = {
  "rc4", rc4_keysz, 0,
  ginit
};

/*----- Generic random number generator interface -------------------------*/

typedef struct grctx {
  grand r;
  rc4_ctx rc4;
} grctx;

static void grdestroy(grand *r)
{
  grctx *g = (grctx *)r;
  BURN(*g);
  S_DESTROY(g);
}

static int grmisc(grand *r, unsigned op, ...)
{
  grctx *g = (grctx *)r;
  va_list ap;
  int rc = 0;
  uint32 i;
  octet buf[4];
  va_start(ap, op);

  switch (op) {
    case GRAND_CHECK:
      switch (va_arg(ap, unsigned)) {
	case GRAND_CHECK:
	case GRAND_SEEDINT:
	case GRAND_SEEDUINT32:
	case GRAND_SEEDBLOCK:
	case GRAND_SEEDRAND:
	  rc = 1;
	  break;
	default:
	  rc = 0;
	  break;
      }
      break;
    case GRAND_SEEDINT:
      i = va_arg(ap, unsigned);
      STORE32(buf, i);
      rc4_addkey(&g->rc4, buf, sizeof(buf));
      break;
    case GRAND_SEEDUINT32:
      i = va_arg(ap, uint32);
      STORE32(buf, i);
      rc4_addkey(&g->rc4, buf, sizeof(buf));
      break;
    case GRAND_SEEDBLOCK: {
      const void *p = va_arg(ap, const void *);
      size_t sz = va_arg(ap, size_t);
      rc4_addkey(&g->rc4, p, sz);
    } break;
    case GRAND_SEEDRAND: {
      grand *rr = va_arg(ap, grand *);
      octet buf[16];
      rr->ops->fill(rr, buf, sizeof(buf));
      rc4_addkey(&g->rc4, buf, sizeof(buf));
    } break;
    default:
      GRAND_BADOP;
      break;
  }

  va_end(ap);
  return (rc);
}

static octet grbyte(grand *r)
{
  grctx *g = (grctx *)r;
  octet o;
  RC4_OPEN(&g->rc4, RC4_BYTE(o););
  return (o);
}

static uint32 grword(grand *r)
{
  grctx *g = (grctx *)r;
  octet b[4];
  int i;
  RC4_OPEN(&g->rc4,
	   for (i = 0; i < sizeof(b); i++)
	     RC4_BYTE(b[i]););
  return (LOAD32(b));
}

static void grfill(grand *r, void *p, size_t sz)
{
  grctx *g = (grctx *)r;
  rc4_encrypt(&g->rc4, 0, p, sz);
}

static const grand_ops grops = {
  "rc4",
  GRAND_CRYPTO, 0,
  grmisc, grdestroy,
  grword, grbyte, grword, grand_range, grfill
};

/* --- @rc4_rand@ --- *
 *
 * Arguments:	@const void *k@ = pointer to key material
 *		@size_t sz@ = size of key material
 *
 * Returns:	Pointer to generic random number generator interface.
 *
 * Use:		Creates a random number interface wrapper around an
 *		OFB-mode block cipher.
 */

grand *rc4_rand(const void *k, size_t sz)
{
  grctx *g = S_CREATE(grctx);
  g->r.ops = &grops;
  rc4_init(&g->rc4, k, sz);
  return (&g->r);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>
#include <string.h>

#include <mLib/quis.h>
#include <mLib/testrig.h>

static int v_encrypt(dstr *v)
{
  rc4_ctx ctx;
  dstr d = DSTR_INIT;
  int ok = 1;

  rc4_init(&ctx, v[0].buf, v[0].len);
  dstr_ensure(&d, v[1].len);
  d.len = v[1].len;
  rc4_encrypt(&ctx, v[1].buf, d.buf, d.len);

  if (memcmp(v[2].buf, d.buf, d.len) != 0) {
    ok = 0;
    printf("\nfail encryption:"
	   "\n\tkey	   = ");
    type_hex.dump(&v[0], stdout);
    printf("\n\tplaintext  = "); type_hex.dump(&v[1], stdout);
    printf("\n\texpected   = "); type_hex.dump(&v[2], stdout);
    printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
    putchar('\n');
  }

  return (ok);
}

static int v_generate(dstr *v)
{
  rc4_ctx ctx;
  dstr d = DSTR_INIT;
  int ok = 1;

  rc4_init(&ctx, v[0].buf, v[0].len);
  rc4_encrypt(&ctx, 0, 0, *(int *)v[1].buf);
  dstr_ensure(&d, v[2].len);
  d.len = v[2].len;
  rc4_encrypt(&ctx, 0, d.buf, d.len);

  if (memcmp(v[2].buf, d.buf, d.len) != 0) {
    ok = 0;
    printf("\nfail generation:"
	   "\n\tkey	   = ");
    type_hex.dump(&v[0], stdout);
    printf("\n\tskip len   = %i", *(int *)v[1].buf);
    printf("\n\texpected   = "); type_hex.dump(&v[2], stdout);
    printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
    putchar('\n');
  }

  return (ok);
}

static test_chunk defs[] = {
  { "rc4-encrypt", v_encrypt, { &type_hex, &type_hex, &type_hex, 0 } },
  { "rc4-generate", v_generate, { &type_hex, &type_int, &type_hex, 0 } },
  { 0, 0, { 0 } }
};

int main(int argc, char *argv[])
{
  test_run(argc, argv, defs, SRCDIR"/t/rc4");
  return (0);
}

#endif

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
d03ab969	1	/* --c--
d03ab969	2	*
d03ab969	3	* The alleged RC4 stream cipher
	4	*
	5	* (c) 1999 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
d03ab969	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
d03ab969	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
d03ab969	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
d03ab969	28	/----- Header files ------------------------------------------------------/
	29
	30	#include <assert.h>
41f91aa3	31	#include <stdarg.h>
d03ab969	32	#include <stdio.h>
	33
	34	#include <mLib/bits.h>
41f91aa3	35	#include <mLib/sub.h>
d03ab969	36
4b8968dd	37	#include "arena.h"
41f91aa3	38	#include "gcipher.h"
41f91aa3	39	#include "grand.h"
4b8968dd	40	#include "paranoia.h"
d03ab969	41	#include "rc4.h"
d03ab969	42
4b8968dd	43	/----- Global variables --------------------------------------------------/
	44
	45	const octet rc4_keysz[] = { KSZ_RANGE, RC4_KEYSZ, 1, 255, 1 };
	46
d03ab969	47	/----- Main code ---------------------------------------------------------/
d03ab969	48
4b8968dd	49	/* --- @rc4_addkey@ --- *
d03ab969	50	*
4b8968dd	51	* Arguments: @rc4_ctx *ctx@ = pointer to context to key
d03ab969	52	* @const void *k@ = pointer to key data to use
	53	* @size_t sz@ = size of the key data
	54	*
	55	* Returns: ---
	56	*
4b8968dd	57	* Use: Mixes key data with an RC4 context. The RC4 context is not
	58	* reset before mixing. This may be used to mix new key
	59	* material with an existing RC4 context.
d03ab969	60	*/
d03ab969	61
4b8968dd	62	void rc4_addkey(rc4_ctx ctx, const void k, size_t sz)
d03ab969	63	{
	64	unsigned i, j;
	65	const octet p = k, q = p + sz;
	66
4b8968dd	67	KSZ_ASSERT(rc4, sz);
d03ab969	68
d03ab969	69	for (i = j = 0; i < 256; i++) {
	70	unsigned si = ctx->s[i];
	71	j = (j + si + *p++) & 0xff;
	72	ctx->s[i] = ctx->s[j];
	73	ctx->s[j] = si;
	74	if (p == q)
	75	p = k;
45c0fd36	76	}
4b8968dd	77
	78	ctx->i = ctx->j = 0;
	79	}
	80
	81	/* --- @rc4_init@ --- *
	82	*
	83	* Arguments: @rc4_ctx *ctx@ = pointer to context to initialize
	84	* @const void *k@ = pointer to key data to use
	85	* @size_t sz@ = size of the key data
	86	*
	87	* Returns: ---
	88	*
	89	* Use: Initializes an RC4 context ready for use.
	90	*/
	91
	92	void rc4_init(rc4_ctx ctx, const void k, size_t sz)
	93	{
	94	unsigned i;
	95
	96	for (i = 0; i < 256; i++)
	97	ctx->s[i] = i;
	98	ctx->f = 0;
	99	rc4_addkey(ctx, k, sz);
d03ab969	100	}
	101
	102	/* --- @rc4_encrypt@ --- *
	103	*
	104	* Arguments: @rc4_ctx *ctx@ = pointer to context to use
	105	* @const void *src@ = pointer to the source block
	106	* @void *dest@ = pointer to the destination block
	107	* @size_t sz@ = size of the block
	108	*
	109	* Returns: ---
	110	*
	111	* Use: Encrypts or decrypts a block of data. The destination may
	112	* be null to just grind the generator around for a while. It's
	113	* recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
	114	* after initializing a new context, to prevent keystream
	115	* guessing attacks. The source may be null to just extract a
	116	* big lump of data from the generator.
	117	*/
	118
	119	void rc4_encrypt(rc4_ctx ctx, const void src, void *dest, size_t sz)
	120	{
	121	const octet *s = src;
	122	octet *d = dest;
	123
	124	if (!d)
aa02ed36	125	RC4_OPEN(ctx, while (sz) { unsigned x; RC4_BYTE(x); (void)x; sz--; });
d03ab969	126	else if (!s)
	127	RC4_OPEN(ctx, while (sz) { RC4_BYTE(*d++); sz--; });
	128	else
	129	RC4_OPEN(ctx,
	130	while (sz) { unsigned x; RC4_BYTE(x); d++ = s++ ^ x; sz--; });
	131	}
	132
41f91aa3	133	/----- Generic cipher interface ------------------------------------------/
	134
	135	typedef struct gctx {
	136	gcipher c;
	137	rc4_ctx rc4;
	138	} gctx;
	139
	140	static const gcipher_ops gops;
	141
	142	static gcipher ginit(const void k, size_t sz)
	143	{
4b8968dd	144	gctx *g = S_CREATE(gctx);
41f91aa3	145	g->c.ops = &gops;
	146	rc4_init(&g->rc4, k, sz);
	147	return (&g->c);
	148	}
	149
	150	static void gencrypt(gcipher c, const void s, void *t, size_t sz)
	151	{
	152	gctx g = (gctx )c;
	153	rc4_encrypt(&g->rc4, s, t, sz);
	154	}
	155
	156	static void gdestroy(gcipher *c)
	157	{
	158	gctx g = (gctx )c;
4b8968dd	159	BURN(*g);
4b8968dd	160	S_DESTROY(g);
41f91aa3	161	}
	162
	163	static const gcipher_ops gops = {
4b8968dd	164	&rc4,
41f91aa3	165	gencrypt, gencrypt, gdestroy, 0, 0
	166	};
	167
	168	const gccipher rc4 = {
4b8968dd	169	"rc4", rc4_keysz, 0,
41f91aa3	170	ginit
	171	};
	172
	173	/----- Generic random number generator interface -------------------------/
	174
	175	typedef struct grctx {
	176	grand r;
	177	rc4_ctx rc4;
	178	} grctx;
	179
	180	static void grdestroy(grand *r)
	181	{
	182	grctx g = (grctx )r;
4b8968dd	183	BURN(*g);
4b8968dd	184	S_DESTROY(g);
41f91aa3	185	}
	186
	187	static int grmisc(grand *r, unsigned op, ...)
	188	{
	189	grctx g = (grctx )r;
	190	va_list ap;
	191	int rc = 0;
360c232e	192	uint32 i;
41f91aa3	193	octet buf[4];
	194	va_start(ap, op);
	195
	196	switch (op) {
	197	case GRAND_CHECK:
	198	switch (va_arg(ap, unsigned)) {
	199	case GRAND_CHECK:
	200	case GRAND_SEEDINT:
	201	case GRAND_SEEDUINT32:
	202	case GRAND_SEEDBLOCK:
4ab1268f	203	case GRAND_SEEDRAND:
41f91aa3	204	rc = 1;
	205	break;
	206	default:
	207	rc = 0;
	208	break;
	209	}
	210	break;
	211	case GRAND_SEEDINT:
360c232e	212	i = va_arg(ap, unsigned);
360c232e	213	STORE32(buf, i);
4b8968dd	214	rc4_addkey(&g->rc4, buf, sizeof(buf));
41f91aa3	215	break;
41f91aa3	216	case GRAND_SEEDUINT32:
360c232e	217	i = va_arg(ap, uint32);
360c232e	218	STORE32(buf, i);
4b8968dd	219	rc4_addkey(&g->rc4, buf, sizeof(buf));
41f91aa3	220	break;
	221	case GRAND_SEEDBLOCK: {
	222	const void p = va_arg(ap, const void );
	223	size_t sz = va_arg(ap, size_t);
4b8968dd	224	rc4_addkey(&g->rc4, p, sz);
41f91aa3	225	} break;
4ab1268f	226	case GRAND_SEEDRAND: {
	227	grand rr = va_arg(ap, grand );
	228	octet buf[16];
	229	rr->ops->fill(rr, buf, sizeof(buf));
4b8968dd	230	rc4_addkey(&g->rc4, buf, sizeof(buf));
4ab1268f	231	} break;
	232	default:
	233	GRAND_BADOP;
	234	break;
41f91aa3	235	}
	236
	237	va_end(ap);
	238	return (rc);
	239	}
	240
	241	static octet grbyte(grand *r)
	242	{
	243	grctx g = (grctx )r;
	244	octet o;
	245	RC4_OPEN(&g->rc4, RC4_BYTE(o););
	246	return (o);
	247	}
	248
	249	static uint32 grword(grand *r)
	250	{
	251	grctx g = (grctx )r;
	252	octet b[4];
	253	int i;
	254	RC4_OPEN(&g->rc4,
	255	for (i = 0; i < sizeof(b); i++)
	256	RC4_BYTE(b[i]););
	257	return (LOAD32(b));
	258	}
	259
	260	static void grfill(grand r, void p, size_t sz)
	261	{
	262	grctx g = (grctx )r;
	263	rc4_encrypt(&g->rc4, 0, p, sz);
	264	}
	265
	266	static const grand_ops grops = {
	267	"rc4",
4b8968dd	268	GRAND_CRYPTO, 0,
41f91aa3	269	grmisc, grdestroy,
	270	grword, grbyte, grword, grand_range, grfill
	271	};
	272
	273	/* --- @rc4_rand@ --- *
	274	*
	275	* Arguments: @const void *k@ = pointer to key material
	276	* @size_t sz@ = size of key material
	277	*
	278	* Returns: Pointer to generic random number generator interface.
	279	*
	280	* Use: Creates a random number interface wrapper around an
	281	* OFB-mode block cipher.
	282	*/
	283
	284	grand rc4_rand(const void k, size_t sz)
	285	{
4b8968dd	286	grctx *g = S_CREATE(grctx);
41f91aa3	287	g->r.ops = &grops;
	288	rc4_init(&g->rc4, k, sz);
	289	return (&g->r);
	290	}
	291
d03ab969	292	/----- Test rig ----------------------------------------------------------/
	293
	294	#ifdef TEST_RIG
	295
	296	#include <stdio.h>
	297	#include <string.h>
	298
	299	#include <mLib/quis.h>
	300	#include <mLib/testrig.h>
	301
	302	static int v_encrypt(dstr *v)
	303	{
	304	rc4_ctx ctx;
	305	dstr d = DSTR_INIT;
	306	int ok = 1;
	307
	308	rc4_init(&ctx, v[0].buf, v[0].len);
	309	dstr_ensure(&d, v[1].len);
	310	d.len = v[1].len;
	311	rc4_encrypt(&ctx, v[1].buf, d.buf, d.len);
	312
	313	if (memcmp(v[2].buf, d.buf, d.len) != 0) {
	314	ok = 0;
	315	printf("\nfail encryption:"
45c0fd36	316	"\n\tkey = ");
d03ab969	317	type_hex.dump(&v[0], stdout);
	318	printf("\n\tplaintext = "); type_hex.dump(&v[1], stdout);
	319	printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
	320	printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
	321	putchar('\n');
	322	}
	323
	324	return (ok);
	325	}
	326
	327	static int v_generate(dstr *v)
	328	{
	329	rc4_ctx ctx;
	330	dstr d = DSTR_INIT;
	331	int ok = 1;
	332
	333	rc4_init(&ctx, v[0].buf, v[0].len);
	334	rc4_encrypt(&ctx, 0, 0, (int )v[1].buf);
	335	dstr_ensure(&d, v[2].len);
	336	d.len = v[2].len;
	337	rc4_encrypt(&ctx, 0, d.buf, d.len);
	338
	339	if (memcmp(v[2].buf, d.buf, d.len) != 0) {
	340	ok = 0;
	341	printf("\nfail generation:"
45c0fd36	342	"\n\tkey = ");
d03ab969	343	type_hex.dump(&v[0], stdout);
	344	printf("\n\tskip len = %i", (int )v[1].buf);
	345	printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
	346	printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
	347	putchar('\n');
	348	}
	349
	350	return (ok);
	351	}
	352
	353	static test_chunk defs[] = {
	354	{ "rc4-encrypt", v_encrypt, { &type_hex, &type_hex, &type_hex, 0 } },
	355	{ "rc4-generate", v_generate, { &type_hex, &type_int, &type_hex, 0 } },
	356	{ 0, 0, { 0 } }
	357	};
	358
	359	int main(int argc, char *argv[])
	360	{
0f00dc4c	361	test_run(argc, argv, defs, SRCDIR"/t/rc4");
d03ab969	362	return (0);
	363	}
	364
	365	#endif
	366
	367	/----- That's all, folks -------------------------------------------------/