3 * $Id: rc4.c,v 1.5 2001/04/03 19:36:36 mdw Exp $
5 * The alleged RC4 stream cipher
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.5 2001/04/03 19:36:36 mdw
34 * Don't use @va_arg@ as an argument to @STORE32@!
36 * Revision 1.4 2000/06/17 11:55:22 mdw
37 * New key size interface. Allow key material to be combined with an
38 * existing initialized context. Use secure arena for memory allocation.
40 * Revision 1.3 1999/12/13 15:34:01 mdw
41 * Add support for seeding from a generic pseudorandom source.
43 * Revision 1.2 1999/12/10 23:27:35 mdw
44 * Generic cipher and RNG interfaces.
46 * Revision 1.1 1999/09/03 08:41:12 mdw
51 /*----- Header files ------------------------------------------------------*/
57 #include <mLib/bits.h>
66 /*----- Global variables --------------------------------------------------*/
68 const octet rc4_keysz
[] = { KSZ_RANGE
, RC4_KEYSZ
, 1, 255, 1 };
70 /*----- Main code ---------------------------------------------------------*/
72 /* --- @rc4_addkey@ --- *
74 * Arguments: @rc4_ctx *ctx@ = pointer to context to key
75 * @const void *k@ = pointer to key data to use
76 * @size_t sz@ = size of the key data
80 * Use: Mixes key data with an RC4 context. The RC4 context is not
81 * reset before mixing. This may be used to mix new key
82 * material with an existing RC4 context.
85 void rc4_addkey(rc4_ctx
*ctx
, const void *k
, size_t sz
)
88 const octet
*p
= k
, *q
= p
+ sz
;
92 for (i
= j
= 0; i
< 256; i
++) {
93 unsigned si
= ctx
->s
[i
];
94 j
= (j
+ si
+ *p
++) & 0xff;
95 ctx
->s
[i
] = ctx
->s
[j
];
104 /* --- @rc4_init@ --- *
106 * Arguments: @rc4_ctx *ctx@ = pointer to context to initialize
107 * @const void *k@ = pointer to key data to use
108 * @size_t sz@ = size of the key data
112 * Use: Initializes an RC4 context ready for use.
115 void rc4_init(rc4_ctx
*ctx
, const void *k
, size_t sz
)
119 for (i
= 0; i
< 256; i
++)
122 rc4_addkey(ctx
, k
, sz
);
125 /* --- @rc4_encrypt@ --- *
127 * Arguments: @rc4_ctx *ctx@ = pointer to context to use
128 * @const void *src@ = pointer to the source block
129 * @void *dest@ = pointer to the destination block
130 * @size_t sz@ = size of the block
134 * Use: Encrypts or decrypts a block of data. The destination may
135 * be null to just grind the generator around for a while. It's
136 * recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
137 * after initializing a new context, to prevent keystream
138 * guessing attacks. The source may be null to just extract a
139 * big lump of data from the generator.
142 void rc4_encrypt(rc4_ctx
*ctx
, const void *src
, void *dest
, size_t sz
)
144 const octet
*s
= src
;
148 RC4_OPEN(ctx
, while (sz
) { unsigned x
; RC4_BYTE(x
); sz
--; });
150 RC4_OPEN(ctx
, while (sz
) { RC4_BYTE(*d
++); sz
--; });
153 while (sz
) { unsigned x
; RC4_BYTE(x
); *d
++ = *s
++ ^ x
; sz
--; });
156 /*----- Generic cipher interface ------------------------------------------*/
158 typedef struct gctx
{
163 static const gcipher_ops gops
;
165 static gcipher
*ginit(const void *k
, size_t sz
)
167 gctx
*g
= S_CREATE(gctx
);
169 rc4_init(&g
->rc4
, k
, sz
);
173 static void gencrypt(gcipher
*c
, const void *s
, void *t
, size_t sz
)
176 rc4_encrypt(&g
->rc4
, s
, t
, sz
);
179 static void gdestroy(gcipher
*c
)
186 static const gcipher_ops gops
= {
188 gencrypt
, gencrypt
, gdestroy
, 0, 0
191 const gccipher rc4
= {
196 /*----- Generic random number generator interface -------------------------*/
198 typedef struct grctx
{
203 static void grdestroy(grand
*r
)
205 grctx
*g
= (grctx
*)r
;
210 static int grmisc(grand
*r
, unsigned op
, ...)
212 grctx
*g
= (grctx
*)r
;
221 switch (va_arg(ap
, unsigned)) {
224 case GRAND_SEEDUINT32
:
225 case GRAND_SEEDBLOCK
:
235 i
= va_arg(ap
, unsigned);
237 rc4_addkey(&g
->rc4
, buf
, sizeof(buf
));
239 case GRAND_SEEDUINT32
:
240 i
= va_arg(ap
, uint32
);
242 rc4_addkey(&g
->rc4
, buf
, sizeof(buf
));
244 case GRAND_SEEDBLOCK
: {
245 const void *p
= va_arg(ap
, const void *);
246 size_t sz
= va_arg(ap
, size_t);
247 rc4_addkey(&g
->rc4
, p
, sz
);
249 case GRAND_SEEDRAND
: {
250 grand
*rr
= va_arg(ap
, grand
*);
252 rr
->ops
->fill(rr
, buf
, sizeof(buf
));
253 rc4_addkey(&g
->rc4
, buf
, sizeof(buf
));
264 static octet
grbyte(grand
*r
)
266 grctx
*g
= (grctx
*)r
;
268 RC4_OPEN(&g
->rc4
, RC4_BYTE(o
););
272 static uint32
grword(grand
*r
)
274 grctx
*g
= (grctx
*)r
;
278 for (i
= 0; i
< sizeof(b
); i
++)
283 static void grfill(grand
*r
, void *p
, size_t sz
)
285 grctx
*g
= (grctx
*)r
;
286 rc4_encrypt(&g
->rc4
, 0, p
, sz
);
289 static const grand_ops grops
= {
293 grword
, grbyte
, grword
, grand_range
, grfill
296 /* --- @rc4_rand@ --- *
298 * Arguments: @const void *k@ = pointer to key material
299 * @size_t sz@ = size of key material
301 * Returns: Pointer to generic random number generator interface.
303 * Use: Creates a random number interface wrapper around an
304 * OFB-mode block cipher.
307 grand
*rc4_rand(const void *k
, size_t sz
)
309 grctx
*g
= S_CREATE(grctx
);
311 rc4_init(&g
->rc4
, k
, sz
);
315 /*----- Test rig ----------------------------------------------------------*/
322 #include <mLib/quis.h>
323 #include <mLib/testrig.h>
325 static int v_encrypt(dstr
*v
)
331 rc4_init(&ctx
, v
[0].buf
, v
[0].len
);
332 dstr_ensure(&d
, v
[1].len
);
334 rc4_encrypt(&ctx
, v
[1].buf
, d
.buf
, d
.len
);
336 if (memcmp(v
[2].buf
, d
.buf
, d
.len
) != 0) {
338 printf("\nfail encryption:"
340 type_hex
.dump(&v
[0], stdout
);
341 printf("\n\tplaintext = "); type_hex
.dump(&v
[1], stdout
);
342 printf("\n\texpected = "); type_hex
.dump(&v
[2], stdout
);
343 printf("\n\tcalculated = "); type_hex
.dump(&d
, stdout
);
350 static int v_generate(dstr
*v
)
356 rc4_init(&ctx
, v
[0].buf
, v
[0].len
);
357 rc4_encrypt(&ctx
, 0, 0, *(int *)v
[1].buf
);
358 dstr_ensure(&d
, v
[2].len
);
360 rc4_encrypt(&ctx
, 0, d
.buf
, d
.len
);
362 if (memcmp(v
[2].buf
, d
.buf
, d
.len
) != 0) {
364 printf("\nfail generation:"
366 type_hex
.dump(&v
[0], stdout
);
367 printf("\n\tskip len = %i", *(int *)v
[1].buf
);
368 printf("\n\texpected = "); type_hex
.dump(&v
[2], stdout
);
369 printf("\n\tcalculated = "); type_hex
.dump(&d
, stdout
);
376 static test_chunk defs
[] = {
377 { "rc4-encrypt", v_encrypt
, { &type_hex
, &type_hex
, &type_hex
, 0 } },
378 { "rc4-generate", v_generate
, { &type_hex
, &type_int
, &type_hex
, 0 } },
382 int main(int argc
, char *argv
[])
384 test_run(argc
, argv
, defs
, SRCDIR
"/tests/rc4");
390 /*----- That's all, folks -------------------------------------------------*/