/* arcfour.c - The arcfour stream cipher
* Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
* For a description of the algorithm, see:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9. Pages 397 ff.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "types.h"
#include "g10lib.h"
#include "cipher.h"
/* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */
#undef USE_AMD64_ASM
#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
# define USE_AMD64_ASM 1
#endif
static const char *selftest(void);
#ifdef USE_AMD64_ASM
typedef struct {
u32 sbox[256];
u32 idx_i, idx_j;
} ARCFOUR_context;
void _gcry_arcfour_amd64(void *key, size_t len, const byte *indata,
byte *outdata);
static void
encrypt_stream (void *context,
byte *outbuf, const byte *inbuf, size_t length)
{
#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
const void *fn = _gcry_arcfour_amd64;
/* Call SystemV ABI function without storing non-volatile XMM registers,
* as target function does not use vector instruction sets. */
asm volatile ("callq *%0\n\t"
: "+a" (fn),
"+D" (context),
"+S" (length),
"+d" (inbuf),
"+c" (outbuf)
:
: "cc", "memory", "r8", "r9", "r10", "r11");
#else
_gcry_arcfour_amd64 (context, length, inbuf, outbuf );
#endif
}
#else /*!USE_AMD64_ASM*/
typedef struct {
byte sbox[256];
int idx_i, idx_j;
} ARCFOUR_context;
static void
do_encrypt_stream( ARCFOUR_context *ctx,
byte *outbuf, const byte *inbuf, size_t length )
{
#ifndef __i386__
register unsigned int i = ctx->idx_i;
register byte j = ctx->idx_j;
register byte *sbox = ctx->sbox;
register byte t, u;
while ( length-- )
{
i++;
t = sbox[(byte)i];
j += t;
u = sbox[j];
sbox[(byte)i] = u;
u += t;
sbox[j] = t;
*outbuf++ = sbox[u] ^ *inbuf++;
}
ctx->idx_i = (byte)i;
ctx->idx_j = (byte)j;
#else /*__i386__*/
/* Old implementation of arcfour is faster on i386 than the version above.
* This is because version above increases register pressure which on i386
* would push some of the variables to memory/stack. Therefore keep this
* version for i386 to avoid regressing performance. */
register int i = ctx->idx_i;
register int j = ctx->idx_j;
register byte *sbox = ctx->sbox;
register int t;
while ( length-- )
{
i++;
i = i & 255; /* The and-op seems to be faster than the mod-op. */
j += sbox[i];
j &= 255;
t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;
*outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];
}
ctx->idx_i = i;
ctx->idx_j = j;
#endif
}
static void
encrypt_stream (void *context,
byte *outbuf, const byte *inbuf, size_t length)
{
ARCFOUR_context *ctx = (ARCFOUR_context *) context;
do_encrypt_stream (ctx, outbuf, inbuf, length );
_gcry_burn_stack (64);
}
#endif /*!USE_AMD64_ASM*/
static gcry_err_code_t
do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
{
static int initialized;
static const char* selftest_failed;
int i, j;
byte karr[256];
ARCFOUR_context *ctx = (ARCFOUR_context *) context;
if (!initialized )
{
initialized = 1;
selftest_failed = selftest();
if( selftest_failed )
log_error ("ARCFOUR selftest failed (%s)\n", selftest_failed );
}
if( selftest_failed )
return GPG_ERR_SELFTEST_FAILED;
if( keylen < 40/8 ) /* we want at least 40 bits */
return GPG_ERR_INV_KEYLEN;
ctx->idx_i = ctx->idx_j = 0;
for (i=0; i < 256; i++ )
ctx->sbox[i] = i;
for (i=j=0; i < 256; i++,j++ )
{
if (j >= keylen)
j = 0;
karr[i] = key[j];
}
for (i=j=0; i < 256; i++ )
{
int t;
j = (j + ctx->sbox[i] + karr[i]) & 255;
t = ctx->sbox[i];
ctx->sbox[i] = ctx->sbox[j];
ctx->sbox[j] = t;
}
wipememory( karr, sizeof(karr) );
return GPG_ERR_NO_ERROR;
}
static gcry_err_code_t
arcfour_setkey ( void *context, const byte *key, unsigned int keylen )
{
ARCFOUR_context *ctx = (ARCFOUR_context *) context;
gcry_err_code_t rc = do_arcfour_setkey (ctx, key, keylen );
return rc;
}
static const char*
selftest(void)
{
ARCFOUR_context ctx;
byte scratch[16];
/* Test vector from Cryptlib labeled there: "from the
State/Commerce Department". */
static const byte key_1[] =
{ 0x61, 0x8A, 0x63, 0xD2, 0xFB };
static const byte plaintext_1[] =
{ 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };
static const byte ciphertext_1[] =
{ 0xF1, 0x38, 0x29, 0xC9, 0xDE };
arcfour_setkey( &ctx, key_1, sizeof(key_1));
encrypt_stream( &ctx, scratch, plaintext_1, sizeof(plaintext_1));
if ( memcmp (scratch, ciphertext_1, sizeof (ciphertext_1)))
return "Arcfour encryption test 1 failed.";
arcfour_setkey( &ctx, key_1, sizeof(key_1));
encrypt_stream(&ctx, scratch, scratch, sizeof(plaintext_1)); /* decrypt */
if ( memcmp (scratch, plaintext_1, sizeof (plaintext_1)))
return "Arcfour decryption test 1 failed.";
return NULL;
}
gcry_cipher_spec_t _gcry_cipher_spec_arcfour =
{
GCRY_CIPHER_ARCFOUR, {0, 0},
"ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),
arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,
};
