Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- PoC application showing openssl enc -rc4 -K <8byte_key_hd> is broken
- 128-bit key HD is 0123456789abcdef
- # this file: rc4.c
- $ gcc -o rc4_polarssl rc4.c
- $ gcc -o rc4_openssl rc4.c -lcrypto -DOPENSSL
- $ head -c 8 /dev/zero | openssl enc -rc4 -K 0123456789abcdef | hexdump -C
- 00000000 68 51 73 3e 92 f9 8f 5e |hQs>...^|
- 00000008
- $ head -c 8 /dev/zero | ./rc4_polarssl | hexdump -C
- 00000000 74 94 c2 e7 10 4b 08 79 |t....K.y|
- 00000008
- $ head -c 8 /dev/zero | ./rc4_openssl | hexdump -C
- 00000000 74 94 c2 e7 10 4b 08 79 |t....K.y|
- 00000008
- $
- # the above result of crypting 8 zero-bytes with key 0123456789abcdef (128 bit/8 bytes) matches proposed polarssl test vector.
- */
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
- #ifdef OPENSSL
- #include <openssl/rc4.h>
- #endif
- #ifndef OPENSSL
- typedef struct
- {
- int x; /*!< permutation index */
- int y; /*!< permutation index */
- unsigned char m[256]; /*!< permutation table */
- } arc4_context;
- void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen );
- void arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,unsigned char *output );
- int arc4_self_test( int verbose );
- #endif
- int main() {
- unsigned char * in = alloca(4096);
- unsigned char * out = alloca(4096);
- int rr;
- #ifndef OPENSSL
- arc4_context ctx;
- #else
- RC4_KEY k;
- #endif
- //arc4_self_test(1);
- //arc4_setup(&ctx,"\x38\xe6\x89\x75\x49\x52\x5e\x82",8);
- #ifndef OPENSSL
- arc4_setup(&ctx,"\x01\x23\x45\x67\x89\xab\xcd\xef",8);
- #else
- RC4_set_key(&k,8,"\x01\x23\x45\x67\x89\xab\xcd\xef");
- #endif
- while ( 0 < ( rr = read(0,in,4096) ) ) {
- #ifndef OPENSSL
- arc4_crypt(&ctx,rr,in,out);
- #else
- RC4(&k,rr,in,out);
- #endif
- if ( rr != write(1,out,rr) )
- return 1;
- }
- return 0;
- }
- #ifndef OPENSSL
- static const unsigned char arc4_test_key[3][8] =
- {
- { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
- { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
- };
- static const unsigned char arc4_test_pt[3][8] =
- {
- { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
- };
- static const unsigned char arc4_test_ct[3][8] =
- {
- { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
- { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
- { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
- };
- int arc4_self_test( int verbose )
- {
- int i;
- unsigned char ibuf[8];
- unsigned char obuf[8];
- arc4_context ctx;
- for( i = 0; i < 3; i++ )
- {
- if( verbose != 0 )
- printf( " ARC4 test #%d: ", i + 1 );
- memcpy( ibuf, arc4_test_pt[i], 8 );
- arc4_setup( &ctx, (unsigned char *) arc4_test_key[i], 8 );
- arc4_crypt( &ctx, 8, ibuf, obuf );
- if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
- {
- if( verbose != 0 )
- printf( "failed\n" );
- return( 1 );
- }
- if( verbose != 0 )
- printf( "passed\n" );
- }
- if( verbose != 0 )
- printf( "\n" );
- return( 0 );
- }
- void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen )
- {
- int i, j, a;
- unsigned int k;
- unsigned char *m;
- ctx->x = 0;
- ctx->y = 0;
- m = ctx->m;
- for( i = 0; i < 256; i++ )
- m[i] = (unsigned char) i;
- j = k = 0;
- for( i = 0; i < 256; i++, k++ )
- {
- if( k >= keylen ) k = 0;
- a = m[i];
- j = ( j + a + key[k] ) & 0xFF;
- m[i] = m[j];
- m[j] = (unsigned char) a;
- }
- }
- void arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
- unsigned char *output )
- {
- int x, y, a, b;
- size_t i;
- unsigned char *m;
- x = ctx->x;
- y = ctx->y;
- m = ctx->m;
- for( i = 0; i < length; i++ )
- {
- x = ( x + 1 ) & 0xFF; a = m[x];
- y = ( y + a ) & 0xFF; b = m[y];
- m[x] = (unsigned char) b;
- m[y] = (unsigned char) a;
- output[i] = (unsigned char)
- ( input[i] ^ m[(unsigned char)( a + b )] );
- }
- ctx->x = x;
- ctx->y = y;
- }
- #endif
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement