3 * $Id: rc4.c,v 1.4 2000/06/17 11:55:22 mdw Exp $
5 * The alleged RC4 stream cipher
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.4 2000/06/17 11:55:22 mdw
34 * New key size interface. Allow key material to be combined with an
35 * existing initialized context. Use secure arena for memory allocation.
37 * Revision 1.3 1999/12/13 15:34:01 mdw
38 * Add support for seeding from a generic pseudorandom source.
40 * Revision 1.2 1999/12/10 23:27:35 mdw
41 * Generic cipher and RNG interfaces.
43 * Revision 1.1 1999/09/03 08:41:12 mdw
48 /*----- Header files ------------------------------------------------------*/
54 #include <mLib/bits.h>
63 /*----- Global variables --------------------------------------------------*/
65 const octet rc4_keysz[] = { KSZ_RANGE, RC4_KEYSZ, 1, 255, 1 };
67 /*----- Main code ---------------------------------------------------------*/
69 /* --- @rc4_addkey@ --- *
71 * Arguments: @rc4_ctx *ctx@ = pointer to context to key
72 * @const void *k@ = pointer to key data to use
73 * @size_t sz@ = size of the key data
77 * Use: Mixes key data with an RC4 context. The RC4 context is not
78 * reset before mixing. This may be used to mix new key
79 * material with an existing RC4 context.
82 void rc4_addkey(rc4_ctx *ctx, const void *k, size_t sz)
85 const octet *p = k, *q = p + sz;
89 for (i = j = 0; i < 256; i++) {
90 unsigned si = ctx->s[i];
91 j = (j + si + *p++) & 0xff;
92 ctx->s[i] = ctx->s[j];
101 /* --- @rc4_init@ --- *
103 * Arguments: @rc4_ctx *ctx@ = pointer to context to initialize
104 * @const void *k@ = pointer to key data to use
105 * @size_t sz@ = size of the key data
109 * Use: Initializes an RC4 context ready for use.
112 void rc4_init(rc4_ctx *ctx, const void *k, size_t sz)
116 for (i = 0; i < 256; i++)
119 rc4_addkey(ctx, k, sz);
122 /* --- @rc4_encrypt@ --- *
124 * Arguments: @rc4_ctx *ctx@ = pointer to context to use
125 * @const void *src@ = pointer to the source block
126 * @void *dest@ = pointer to the destination block
127 * @size_t sz@ = size of the block
131 * Use: Encrypts or decrypts a block of data. The destination may
132 * be null to just grind the generator around for a while. It's
133 * recommended that you say `@rc4_encrypt(&ctx, 0, 0, 1024)@'
134 * after initializing a new context, to prevent keystream
135 * guessing attacks. The source may be null to just extract a
136 * big lump of data from the generator.
139 void rc4_encrypt(rc4_ctx *ctx, const void *src, void *dest, size_t sz)
141 const octet *s = src;
145 RC4_OPEN(ctx, while (sz) { unsigned x; RC4_BYTE(x); sz--; });
147 RC4_OPEN(ctx, while (sz) { RC4_BYTE(*d++); sz--; });
150 while (sz) { unsigned x; RC4_BYTE(x); *d++ = *s++ ^ x; sz--; });
153 /*----- Generic cipher interface ------------------------------------------*/
155 typedef struct gctx {
160 static const gcipher_ops gops;
162 static gcipher *ginit(const void *k, size_t sz)
164 gctx *g = S_CREATE(gctx);
166 rc4_init(&g->rc4, k, sz);
170 static void gencrypt(gcipher *c, const void *s, void *t, size_t sz)
173 rc4_encrypt(&g->rc4, s, t, sz);
176 static void gdestroy(gcipher *c)
183 static const gcipher_ops gops = {
185 gencrypt, gencrypt, gdestroy, 0, 0
188 const gccipher rc4 = {
193 /*----- Generic random number generator interface -------------------------*/
195 typedef struct grctx {
200 static void grdestroy(grand *r)
202 grctx *g = (grctx *)r;
207 static int grmisc(grand *r, unsigned op, ...)
209 grctx *g = (grctx *)r;
217 switch (va_arg(ap, unsigned)) {
220 case GRAND_SEEDUINT32:
221 case GRAND_SEEDBLOCK:
231 STORE32(buf, va_arg(ap, unsigned));
232 rc4_addkey(&g->rc4, buf, sizeof(buf));
234 case GRAND_SEEDUINT32:
235 STORE32(buf, va_arg(ap, uint32));
236 rc4_addkey(&g->rc4, buf, sizeof(buf));
238 case GRAND_SEEDBLOCK: {
239 const void *p = va_arg(ap, const void *);
240 size_t sz = va_arg(ap, size_t);
241 rc4_addkey(&g->rc4, p, sz);
243 case GRAND_SEEDRAND: {
244 grand *rr = va_arg(ap, grand *);
246 rr->ops->fill(rr, buf, sizeof(buf));
247 rc4_addkey(&g->rc4, buf, sizeof(buf));
258 static octet grbyte(grand *r)
260 grctx *g = (grctx *)r;
262 RC4_OPEN(&g->rc4, RC4_BYTE(o););
266 static uint32 grword(grand *r)
268 grctx *g = (grctx *)r;
272 for (i = 0; i < sizeof(b); i++)
277 static void grfill(grand *r, void *p, size_t sz)
279 grctx *g = (grctx *)r;
280 rc4_encrypt(&g->rc4, 0, p, sz);
283 static const grand_ops grops = {
287 grword, grbyte, grword, grand_range, grfill
290 /* --- @rc4_rand@ --- *
292 * Arguments: @const void *k@ = pointer to key material
293 * @size_t sz@ = size of key material
295 * Returns: Pointer to generic random number generator interface.
297 * Use: Creates a random number interface wrapper around an
298 * OFB-mode block cipher.
301 grand *rc4_rand(const void *k, size_t sz)
303 grctx *g = S_CREATE(grctx);
305 rc4_init(&g->rc4, k, sz);
309 /*----- Test rig ----------------------------------------------------------*/
316 #include <mLib/quis.h>
317 #include <mLib/testrig.h>
319 static int v_encrypt(dstr *v)
325 rc4_init(&ctx, v[0].buf, v[0].len);
326 dstr_ensure(&d, v[1].len);
328 rc4_encrypt(&ctx, v[1].buf, d.buf, d.len);
330 if (memcmp(v[2].buf, d.buf, d.len) != 0) {
332 printf("\nfail encryption:"
334 type_hex.dump(&v[0], stdout);
335 printf("\n\tplaintext = "); type_hex.dump(&v[1], stdout);
336 printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
337 printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
344 static int v_generate(dstr *v)
350 rc4_init(&ctx, v[0].buf, v[0].len);
351 rc4_encrypt(&ctx, 0, 0, *(int *)v[1].buf);
352 dstr_ensure(&d, v[2].len);
354 rc4_encrypt(&ctx, 0, d.buf, d.len);
356 if (memcmp(v[2].buf, d.buf, d.len) != 0) {
358 printf("\nfail generation:"
360 type_hex.dump(&v[0], stdout);
361 printf("\n\tskip len = %i", *(int *)v[1].buf);
362 printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
363 printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
370 static test_chunk defs[] = {
371 { "rc4-encrypt", v_encrypt, { &type_hex, &type_hex, &type_hex, 0 } },
372 { "rc4-generate", v_generate, { &type_hex, &type_int, &type_hex, 0 } },
376 int main(int argc, char *argv[])
378 test_run(argc, argv, defs, SRCDIR"/tests/rc4");
384 /*----- That's all, folks -------------------------------------------------*/