use std::{ cmp::{min}, ffi::{OsStr}, io::{self, Read, Write, stdin, stdout},

1. use std::{
2. cmp::{min},
3. ffi::{OsStr},
4. io::{self, Read, Write, stdin, stdout},
5. process::{exit}
6. };
7.  
8. const ROUNDS: usize = 128;
9.  
10. struct StreamCipher {
11. ks: KeySchedule,
12. counter: [u128; 2],
13. buf: [u128; 2],
14. index: usize
15. }
16.  
17. struct KeySchedule {
18. ks: [u128; ROUNDS]
19. }
20.  
21. impl KeySchedule {
22. fn new(key: &[u128; 2]) -> Self {
23. let mut ks = [0; ROUNDS];
24.  
25. let mut y = key[0];
26. let mut x = key[1];
27.  
28. for i in 0..ROUNDS {
29. Self::round(&mut x, &mut y, i as _);
30. ks[i] = y;
31. }
32.  
33. KeySchedule { ks }
34. }
35.  
36. fn round(x: &mut u128, y: &mut u128, k: u128) {
37. *x = x.rotate_right(8).wrapping_add(*y) ^ k;
38. *y = y.rotate_left(3) ^ *x;
39. }
40.  
41. fn encrypt(&self, msg: &[u128; 2]) -> [u128; 2] {
42. let mut y = msg[0];
43. let mut x = msg[1];
44.  
45. for &k in self.ks.iter() {
46. Self::round(&mut x, &mut y, k);
47. }
48.  
49. [y, x]
50. }
51. }
52.  
53. impl StreamCipher {
54. fn new(key: &[u128; 2], nonce: u128) -> Self {
55. let ks = KeySchedule::new(key);
56. let counter = [0, nonce];
57.  
58. StreamCipher {
59. buf: ks.encrypt(&counter),
60. index: 0,
61. ks,
62. counter
63. }
64. }
65.  
66. fn buf(&self) -> &[u8; 32] {
67. unsafe { &*(self.buf.as_ptr() as *const [u8; 32]) }
68. }
69.  
70. fn crypt(&mut self, mut buf: &mut [u8]) {
71. while !buf.is_empty() {
72. if self.index >= self.buf.len() {
73. self.counter[0] = self.counter[0].checked_add(1).unwrap();
74. self.buf = self.ks.encrypt(&self.counter);
75. self.buf[0] = self.buf[0].to_le();
76. self.buf[1] = self.buf[1].to_le();
77. self.index = 0;
78. }
79.  
80. let len = min(buf.len(), self.buf()[self.index..].len());
81.  
82. for (a, &b) in buf[..len].iter_mut().zip(&self.buf()[self.index..][..len]) {
83. *a ^= b;
84. }
85.  
86. buf = &mut { buf }[len..];
87. self.index += len;
88. }
89. }
90. }
91.  
92. fn main() {
93. let mut args = std::env::args_os();
94. let name = args.next().unwrap_or_default();
95.  
96. if args.len() != 2 {
97. eprintln!("{} <nonce> <key>", name.to_string_lossy());
98. exit(1);
99. }
100.  
101. let mut stream_cipher = {
102. let nonce = parse_hex(&args.next().unwrap(), "nonce", 32);
103. assert!(nonce[1] == 0);
104. let key = parse_hex(&args.next().unwrap(), "key", 64);
105.  
106. StreamCipher::new(&key, nonce[0])
107. };
108.  
109. let stdin = stdin();
110. let mut stdin = stdin.lock();
111.  
112. let stdout = stdout();
113. let mut stdout = stdout.lock();
114.  
115. let mut buf = vec!(0; 8 << 10).into_boxed_slice();
116.  
117. loop {
118. match stdin.read(&mut buf) {
119. Ok(0) => { break; }
120. Ok(read) => {
121. stream_cipher.crypt(&mut buf[..read]);
122.  
123. match stdout.write_all(&buf[..read]) {
124. Ok(()) => {}
125. Err(ref e) if e.kind() == io::ErrorKind::BrokenPipe => { break; }
126. Err(e) => {
127. eprintln!("{}", e);
128. exit(1);
129. }
130. }
131. }
132. Err(ref e) if e.kind() == io::ErrorKind::Interrupted => {}
133. Err(e) => {
134. eprintln!("{}", e);
135. exit(1);
136. }
137. }
138. }
139. }
140.  
141. fn parse_hex(s: &OsStr, name: &str, max_len: usize) -> [u128; 2] {
142. fn val(b: u8, name: &str) -> u8 {
143. match b {
144. b'0'...b'9' => { b - b'0' }
145. b'a'...b'f' => { b - b'a' + 10 }
146. b'A'...b'F' => { b - b'A' + 10 }
147. _ => {
148. eprintln!("{} must be hexadecimal", name);
149. exit(1);
150. }
151. }
152. }
153.  
154. let bytes = s.to_str().unwrap().as_bytes();
155.  
156. if bytes.len() > max_len {
157. eprintln!("{} must not be longer than {} hex characters", name, max_len);
158. exit(1);
159. }
160.  
161. let mut ret = [0; 2];
162.  
163. {
164. let ret = unsafe { &mut *(ret.as_mut_ptr() as *mut [u8; 32]) };
165.  
166. for (c, r) in bytes.chunks(2).zip(ret) {
167. *r = (val(c[0], name) << 4) | val(c[1], name);
168. }
169. }
170.  
171. [u128::from_le(ret[0]), u128::from_le(ret[1])]
172. }