3 * $Id: rc4.c,v 1.4 2000/06/17 11:55:22 mdw Exp $
5 * The alleged RC4 stream cipher
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.4 2000/06/17 11:55:22 mdw
34 * New key size interface. Allow key material to be combined with an
35 * existing initialized context. Use secure arena for memory allocation.
37 * Revision 1.3 1999/12/13 15:34:01 mdw
38 * Add support for seeding from a generic pseudorandom source.
40 * Revision 1.2 1999/12/10 23:27:35 mdw
41 * Generic cipher and RNG interfaces.
43 * Revision 1.1 1999/09/03 08:41:12 mdw
48 /*----- Header files ------------------------------------------------------*/
54 #include <mLib/bits.h>
63 /*----- Global variables --------------------------------------------------*/
65 const octet rc4_keysz
[] = { KSZ_RANGE
, RC4_KEYSZ
, 1, 255, 1 };
67 /*----- Main code ---------------------------------------------------------*/
69 /* --- @rc4_addkey@ --- *
71 * Arguments: @rc4_ctx *ctx@ = pointer to context to key
72 * @const void *k@ = pointer to key data to use
73 * @size_t sz@ = size of the key data
77 * Use: Mixes key data with an RC4 context. The RC4 context is not
78 * reset before mixing. This may be used to mix new key
79 * material with an existing RC4 context.
82 void rc4_addkey(rc4_ctx
*ctx
, const void *k
, size_t sz
)
85 const octet
*p
= k
, *q
= p
+ sz
;
89 for (i
= j
= 0; i
< 256; i
++) {
90 unsigned si
= ctx
->s
[i
];
91 j
= (j
+ si
+ *p
++) & 0xff;
92 ctx
->s
[i
] = ctx
->s
[j
];
101 /* --- @rc4_init@ --- *
103 * Arguments: @rc4_ctx *ctx@ = pointer to context to initialize
104 * @const void *k@ = pointer to key data to use
105 * @size_t sz@ = size of the key data
109 * Use: Initializes an RC4 context ready for use.
112 void rc4_init(rc4_ctx
*ctx
, const void *k
, size_t sz
)
116 for (i
= 0; i
< 256; i
++)
119 rc4_addkey(ctx
, k
, sz
);
122 /* --- @rc4_encrypt@ --- *
124 * Arguments: @rc4_ctx *ctx@ = pointer to context to use
125 * @const void *src@ = pointer to the source block
126 * @void *dest@ = pointer to the destination block
127 * @size_t sz@ = size of the block
131 * Use: Encrypts or decrypts a block of data. The destination may
132 * be null to just grind the generator around for a while. It's
133 * recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
134 * after initializing a new context, to prevent keystream
135 * guessing attacks. The source may be null to just extract a
136 * big lump of data from the generator.
139 void rc4_encrypt(rc4_ctx
*ctx
, const void *src
, void *dest
, size_t sz
)
141 const octet
*s
= src
;
145 RC4_OPEN(ctx
, while (sz
) { unsigned x
; RC4_BYTE(x
); sz
--; });
147 RC4_OPEN(ctx
, while (sz
) { RC4_BYTE(*d
++); sz
--; });
150 while (sz
) { unsigned x
; RC4_BYTE(x
); *d
++ = *s
++ ^ x
; sz
--; });
153 /*----- Generic cipher interface ------------------------------------------*/
155 typedef struct gctx
{
160 static const gcipher_ops gops
;
162 static gcipher
*ginit(const void *k
, size_t sz
)
164 gctx
*g
= S_CREATE(gctx
);
166 rc4_init(&g
->rc4
, k
, sz
);
170 static void gencrypt(gcipher
*c
, const void *s
, void *t
, size_t sz
)
173 rc4_encrypt(&g
->rc4
, s
, t
, sz
);
176 static void gdestroy(gcipher
*c
)
183 static const gcipher_ops gops
= {
185 gencrypt
, gencrypt
, gdestroy
, 0, 0
188 const gccipher rc4
= {
193 /*----- Generic random number generator interface -------------------------*/
195 typedef struct grctx
{
200 static void grdestroy(grand
*r
)
202 grctx
*g
= (grctx
*)r
;
207 static int grmisc(grand
*r
, unsigned op
, ...)
209 grctx
*g
= (grctx
*)r
;
217 switch (va_arg(ap
, unsigned)) {
220 case GRAND_SEEDUINT32
:
221 case GRAND_SEEDBLOCK
:
231 STORE32(buf
, va_arg(ap
, unsigned));
232 rc4_addkey(&g
->rc4
, buf
, sizeof(buf
));
234 case GRAND_SEEDUINT32
:
235 STORE32(buf
, va_arg(ap
, uint32
));
236 rc4_addkey(&g
->rc4
, buf
, sizeof(buf
));
238 case GRAND_SEEDBLOCK
: {
239 const void *p
= va_arg(ap
, const void *);
240 size_t sz
= va_arg(ap
, size_t);
241 rc4_addkey(&g
->rc4
, p
, sz
);
243 case GRAND_SEEDRAND
: {
244 grand
*rr
= va_arg(ap
, grand
*);
246 rr
->ops
->fill(rr
, buf
, sizeof(buf
));
247 rc4_addkey(&g
->rc4
, buf
, sizeof(buf
));
258 static octet
grbyte(grand
*r
)
260 grctx
*g
= (grctx
*)r
;
262 RC4_OPEN(&g
->rc4
, RC4_BYTE(o
););
266 static uint32
grword(grand
*r
)
268 grctx
*g
= (grctx
*)r
;
272 for (i
= 0; i
< sizeof(b
); i
++)
277 static void grfill(grand
*r
, void *p
, size_t sz
)
279 grctx
*g
= (grctx
*)r
;
280 rc4_encrypt(&g
->rc4
, 0, p
, sz
);
283 static const grand_ops grops
= {
287 grword
, grbyte
, grword
, grand_range
, grfill
290 /* --- @rc4_rand@ --- *
292 * Arguments: @const void *k@ = pointer to key material
293 * @size_t sz@ = size of key material
295 * Returns: Pointer to generic random number generator interface.
297 * Use: Creates a random number interface wrapper around an
298 * OFB-mode block cipher.
301 grand
*rc4_rand(const void *k
, size_t sz
)
303 grctx
*g
= S_CREATE(grctx
);
305 rc4_init(&g
->rc4
, k
, sz
);
309 /*----- Test rig ----------------------------------------------------------*/
316 #include <mLib/quis.h>
317 #include <mLib/testrig.h>
319 static int v_encrypt(dstr
*v
)
325 rc4_init(&ctx
, v
[0].buf
, v
[0].len
);
326 dstr_ensure(&d
, v
[1].len
);
328 rc4_encrypt(&ctx
, v
[1].buf
, d
.buf
, d
.len
);
330 if (memcmp(v
[2].buf
, d
.buf
, d
.len
) != 0) {
332 printf("\nfail encryption:"
334 type_hex
.dump(&v
[0], stdout
);
335 printf("\n\tplaintext = "); type_hex
.dump(&v
[1], stdout
);
336 printf("\n\texpected = "); type_hex
.dump(&v
[2], stdout
);
337 printf("\n\tcalculated = "); type_hex
.dump(&d
, stdout
);
344 static int v_generate(dstr
*v
)
350 rc4_init(&ctx
, v
[0].buf
, v
[0].len
);
351 rc4_encrypt(&ctx
, 0, 0, *(int *)v
[1].buf
);
352 dstr_ensure(&d
, v
[2].len
);
354 rc4_encrypt(&ctx
, 0, d
.buf
, d
.len
);
356 if (memcmp(v
[2].buf
, d
.buf
, d
.len
) != 0) {
358 printf("\nfail generation:"
360 type_hex
.dump(&v
[0], stdout
);
361 printf("\n\tskip len = %i", *(int *)v
[1].buf
);
362 printf("\n\texpected = "); type_hex
.dump(&v
[2], stdout
);
363 printf("\n\tcalculated = "); type_hex
.dump(&d
, stdout
);
370 static test_chunk defs
[] = {
371 { "rc4-encrypt", v_encrypt
, { &type_hex
, &type_hex
, &type_hex
, 0 } },
372 { "rc4-generate", v_generate
, { &type_hex
, &type_int
, &type_hex
, 0 } },
376 int main(int argc
, char *argv
[])
378 test_run(argc
, argv
, defs
, SRCDIR
"/tests/rc4");
384 /*----- That's all, folks -------------------------------------------------*/