projects / u / mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
primeiter: New functions for iterating over small primes.
[u/mdw/catacomb] / rc4.c
1 /* -*-c-*-
2 *
3 * $Id: rc4.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
4 *
5 * The alleged RC4 stream cipher
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Header files ------------------------------------------------------*/
31
32 #include <assert.h>
33 #include <stdarg.h>
34 #include <stdio.h>
35
36 #include <mLib/bits.h>
37 #include <mLib/sub.h>
38
39 #include "arena.h"
40 #include "gcipher.h"
41 #include "grand.h"
42 #include "paranoia.h"
43 #include "rc4.h"
44
45 /*----- Global variables --------------------------------------------------*/
46
47 const octet rc4_keysz[] = { KSZ_RANGE, RC4_KEYSZ, 1, 255, 1 };
48
49 /*----- Main code ---------------------------------------------------------*/
50
51 /* --- @rc4_addkey@ --- *
52 *
53 * Arguments: @rc4_ctx *ctx@ = pointer to context to key
54 * @const void *k@ = pointer to key data to use
55 * @size_t sz@ = size of the key data
56 *
57 * Returns: ---
58 *
59 * Use: Mixes key data with an RC4 context. The RC4 context is not
60 * reset before mixing. This may be used to mix new key
61 * material with an existing RC4 context.
62 */
63
64 void rc4_addkey(rc4_ctx *ctx, const void *k, size_t sz)
65 {
66 unsigned i, j;
67 const octet *p = k, *q = p + sz;
68
69 KSZ_ASSERT(rc4, sz);
70
71 for (i = j = 0; i < 256; i++) {
72 unsigned si = ctx->s[i];
73 j = (j + si + *p++) & 0xff;
74 ctx->s[i] = ctx->s[j];
75 ctx->s[j] = si;
76 if (p == q)
77 p = k;
78 }
79
80 ctx->i = ctx->j = 0;
81 }
82
83 /* --- @rc4_init@ --- *
84 *
85 * Arguments: @rc4_ctx *ctx@ = pointer to context to initialize
86 * @const void *k@ = pointer to key data to use
87 * @size_t sz@ = size of the key data
88 *
89 * Returns: ---
90 *
91 * Use: Initializes an RC4 context ready for use.
92 */
93
94 void rc4_init(rc4_ctx *ctx, const void *k, size_t sz)
95 {
96 unsigned i;
97
98 for (i = 0; i < 256; i++)
99 ctx->s[i] = i;
100 ctx->f = 0;
101 rc4_addkey(ctx, k, sz);
102 }
103
104 /* --- @rc4_encrypt@ --- *
105 *
106 * Arguments: @rc4_ctx *ctx@ = pointer to context to use
107 * @const void *src@ = pointer to the source block
108 * @void *dest@ = pointer to the destination block
109 * @size_t sz@ = size of the block
110 *
111 * Returns: ---
112 *
113 * Use: Encrypts or decrypts a block of data. The destination may
114 * be null to just grind the generator around for a while. It's
115 * recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
116 * after initializing a new context, to prevent keystream
117 * guessing attacks. The source may be null to just extract a
118 * big lump of data from the generator.
119 */
120
121 void rc4_encrypt(rc4_ctx *ctx, const void *src, void *dest, size_t sz)
122 {
123 const octet *s = src;
124 octet *d = dest;
125
126 if (!d)
127 RC4_OPEN(ctx, while (sz) { unsigned x; RC4_BYTE(x); sz--; });
128 else if (!s)
129 RC4_OPEN(ctx, while (sz) { RC4_BYTE(*d++); sz--; });
130 else
131 RC4_OPEN(ctx,
132 while (sz) { unsigned x; RC4_BYTE(x); *d++ = *s++ ^ x; sz--; });
133 }
134
135 /*----- Generic cipher interface ------------------------------------------*/
136
137 typedef struct gctx {
138 gcipher c;
139 rc4_ctx rc4;
140 } gctx;
141
142 static const gcipher_ops gops;
143
144 static gcipher *ginit(const void *k, size_t sz)
145 {
146 gctx *g = S_CREATE(gctx);
147 g->c.ops = &gops;
148 rc4_init(&g->rc4, k, sz);
149 return (&g->c);
150 }
151
152 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)
153 {
154 gctx *g = (gctx *)c;
155 rc4_encrypt(&g->rc4, s, t, sz);
156 }
157
158 static void gdestroy(gcipher *c)
159 {
160 gctx *g = (gctx *)c;
161 BURN(*g);
162 S_DESTROY(g);
163 }
164
165 static const gcipher_ops gops = {
166 &rc4,
167 gencrypt, gencrypt, gdestroy, 0, 0
168 };
169
170 const gccipher rc4 = {
171 "rc4", rc4_keysz, 0,
172 ginit
173 };
174
175 /*----- Generic random number generator interface -------------------------*/
176
177 typedef struct grctx {
178 grand r;
179 rc4_ctx rc4;
180 } grctx;
181
182 static void grdestroy(grand *r)
183 {
184 grctx *g = (grctx *)r;
185 BURN(*g);
186 S_DESTROY(g);
187 }
188
189 static int grmisc(grand *r, unsigned op, ...)
190 {
191 grctx *g = (grctx *)r;
192 va_list ap;
193 int rc = 0;
194 uint32 i;
195 octet buf[4];
196 va_start(ap, op);
197
198 switch (op) {
199 case GRAND_CHECK:
200 switch (va_arg(ap, unsigned)) {
201 case GRAND_CHECK:
202 case GRAND_SEEDINT:
203 case GRAND_SEEDUINT32:
204 case GRAND_SEEDBLOCK:
205 case GRAND_SEEDRAND:
206 rc = 1;
207 break;
208 default:
209 rc = 0;
210 break;
211 }
212 break;
213 case GRAND_SEEDINT:
214 i = va_arg(ap, unsigned);
215 STORE32(buf, i);
216 rc4_addkey(&g->rc4, buf, sizeof(buf));
217 break;
218 case GRAND_SEEDUINT32:
219 i = va_arg(ap, uint32);
220 STORE32(buf, i);
221 rc4_addkey(&g->rc4, buf, sizeof(buf));
222 break;
223 case GRAND_SEEDBLOCK: {
224 const void *p = va_arg(ap, const void *);
225 size_t sz = va_arg(ap, size_t);
226 rc4_addkey(&g->rc4, p, sz);
227 } break;
228 case GRAND_SEEDRAND: {
229 grand *rr = va_arg(ap, grand *);
230 octet buf[16];
231 rr->ops->fill(rr, buf, sizeof(buf));
232 rc4_addkey(&g->rc4, buf, sizeof(buf));
233 } break;
234 default:
235 GRAND_BADOP;
236 break;
237 }
238
239 va_end(ap);
240 return (rc);
241 }
242
243 static octet grbyte(grand *r)
244 {
245 grctx *g = (grctx *)r;
246 octet o;
247 RC4_OPEN(&g->rc4, RC4_BYTE(o););
248 return (o);
249 }
250
251 static uint32 grword(grand *r)
252 {
253 grctx *g = (grctx *)r;
254 octet b[4];
255 int i;
256 RC4_OPEN(&g->rc4,
257 for (i = 0; i < sizeof(b); i++)
258 RC4_BYTE(b[i]););
259 return (LOAD32(b));
260 }
261
262 static void grfill(grand *r, void *p, size_t sz)
263 {
264 grctx *g = (grctx *)r;
265 rc4_encrypt(&g->rc4, 0, p, sz);
266 }
267
268 static const grand_ops grops = {
269 "rc4",
270 GRAND_CRYPTO, 0,
271 grmisc, grdestroy,
272 grword, grbyte, grword, grand_range, grfill
273 };
274
275 /* --- @rc4_rand@ --- *
276 *
277 * Arguments: @const void *k@ = pointer to key material
278 * @size_t sz@ = size of key material
279 *
280 * Returns: Pointer to generic random number generator interface.
281 *
282 * Use: Creates a random number interface wrapper around an
283 * OFB-mode block cipher.
284 */
285
286 grand *rc4_rand(const void *k, size_t sz)
287 {
288 grctx *g = S_CREATE(grctx);
289 g->r.ops = &grops;
290 rc4_init(&g->rc4, k, sz);
291 return (&g->r);
292 }
293
294 /*----- Test rig ----------------------------------------------------------*/
295
296 #ifdef TEST_RIG
297
298 #include <stdio.h>
299 #include <string.h>
300
301 #include <mLib/quis.h>
302 #include <mLib/testrig.h>
303
304 static int v_encrypt(dstr *v)
305 {
306 rc4_ctx ctx;
307 dstr d = DSTR_INIT;
308 int ok = 1;
309
310 rc4_init(&ctx, v[0].buf, v[0].len);
311 dstr_ensure(&d, v[1].len);
312 d.len = v[1].len;
313 rc4_encrypt(&ctx, v[1].buf, d.buf, d.len);
314
315 if (memcmp(v[2].buf, d.buf, d.len) != 0) {
316 ok = 0;
317 printf("\nfail encryption:"
318 "\n\tkey = ");
319 type_hex.dump(&v[0], stdout);
320 printf("\n\tplaintext = "); type_hex.dump(&v[1], stdout);
321 printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
322 printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
323 putchar('\n');
324 }
325
326 return (ok);
327 }
328
329 static int v_generate(dstr *v)
330 {
331 rc4_ctx ctx;
332 dstr d = DSTR_INIT;
333 int ok = 1;
334
335 rc4_init(&ctx, v[0].buf, v[0].len);
336 rc4_encrypt(&ctx, 0, 0, *(int *)v[1].buf);
337 dstr_ensure(&d, v[2].len);
338 d.len = v[2].len;
339 rc4_encrypt(&ctx, 0, d.buf, d.len);
340
341 if (memcmp(v[2].buf, d.buf, d.len) != 0) {
342 ok = 0;
343 printf("\nfail generation:"
344 "\n\tkey = ");
345 type_hex.dump(&v[0], stdout);
346 printf("\n\tskip len = %i", *(int *)v[1].buf);
347 printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
348 printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
349 putchar('\n');
350 }
351
352 return (ok);
353 }
354
355 static test_chunk defs[] = {
356 { "rc4-encrypt", v_encrypt, { &type_hex, &type_hex, &type_hex, 0 } },
357 { "rc4-generate", v_generate, { &type_hex, &type_int, &type_hex, 0 } },
358 { 0, 0, { 0 } }
359 };
360
361 int main(int argc, char *argv[])
362 {
363 test_run(argc, argv, defs, SRCDIR"/tests/rc4");
364 return (0);
365 }
366
367 #endif
368
369 /*----- That's all, folks -------------------------------------------------*/
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)