idnits 2.17.1 draft-kaukonen-cipher-arcfour-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 13 longer pages, the longest (page 1) being 62 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. (A line matching the expected section header was found, but with an unexpected indentation: ' 1. Introduction' ) ** The document seems to lack a Security Considerations section. (A line matching the expected section header was found, but with an unexpected indentation: ' 6. Security Considerations' ) ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** There are 208 instances of too long lines in the document, the longest one being 8 characters in excess of 72. ** The abstract seems to contain references ([Caronni], [2], [3], [SSHARCFOUR], [SCHNEIER], [4], [5], [6], [7], [CRYPTLIB], [JENKINS], [SSH], [8], [ROOS], [255], [256], [9], [500], [10], [GOLIC], [IPSEC], [11], [TLS], [RSA], [12], [13], [FINNEY], [0], [14], [COMMERCE], [Schneier], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 119 looks like a reference -- Missing reference section? '2' on line 65 looks like a reference -- Missing reference section? 'RSA' on line 243 looks like a reference -- Missing reference section? 'IPSEC' on line 234 looks like a reference -- Missing reference section? 'SSH' on line 251 looks like a reference -- Missing reference section? 'TLS' on line 259 looks like a reference -- Missing reference section? 'Caronni' on line 209 looks like a reference -- Missing reference section? 'Schneier' on line 106 looks like a reference -- Missing reference section? '0' on line 119 looks like a reference -- Missing reference section? '255' on line 119 looks like a reference -- Missing reference section? '3' on line 121 looks like a reference -- Missing reference section? '4' on line 176 looks like a reference -- Missing reference section? 'GOLIC' on line 228 looks like a reference -- Missing reference section? 'FINNEY' on line 225 looks like a reference -- Missing reference section? 'JENKINS' on line 237 looks like a reference -- Missing reference section? 'ROOS' on line 240 looks like a reference -- Missing reference section? 'COMMERCE' on line 311 looks like a reference -- Missing reference section? 'CRYPTLIB' on line 301 looks like a reference -- Missing reference section? '5' on line 231 looks like a reference -- Missing reference section? 'SCHNEIER' on line 247 looks like a reference -- Missing reference section? 'SSH ARCFOUR' on line 320 looks like a reference -- Missing reference section? '6' on line 287 looks like a reference -- Missing reference section? '7' on line 296 looks like a reference -- Missing reference section? '8' on line 352 looks like a reference -- Missing reference section? '9' on line 407 looks like a reference -- Missing reference section? '10' on line 412 looks like a reference -- Missing reference section? '256' on line 442 looks like a reference -- Missing reference section? '500' on line 453 looks like a reference -- Missing reference section? '11' on line 466 looks like a reference -- Missing reference section? '12' on line 520 looks like a reference -- Missing reference section? '13' on line 532 looks like a reference -- Missing reference section? '14' on line 561 looks like a reference Summary: 9 errors (**), 0 flaws (~~), 3 warnings (==), 35 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT K.Kaukonen 2 14 July 1999 R.Thayer 3 Expires: 17 December 1999 SSH 5 A Stream Cipher Encryption Algorithm "Arcfour" 6 8 Status of this Memo 10 This document is an Internet-Draft and is in full conformance 11 with all provisions of Section 10 of RFC2026. 13 Internet-Drafts are working documents of the Internet 14 Engineering Task Force (IETF), its areas, and its working 15 groups. Note that other groups may also distribute working 16 documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six 19 months and may be updated, replaced, or obsoleted by other 20 documents at any time. It is inappropriate to use 21 Internet-Drafts as reference material or to cite them other 22 than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 Abstract 32 This document describes an algorithm here called Arcfour that is 33 believed to be fully interoperable with the RC4 algoritm. RC4 34 is trademark of RSA Data Security, Inc. There is a need in the 35 Internet community for an encryption algorithm that provides 36 interoperable operation with existing deployed commercial 37 cryptographic applications. This interoperability will allow 38 for a smoother transition to protocols that have been developed 39 through the IETF standards process. 41 Kaukonen,Thayer Page [1] 42 Contents 44 Status of this Memo . . . . . . . . . . . . . . . . . . . . 1 45 Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . 1 46 Contents . . . . . . . . . . . . . . . . . . . . . . . . . . 2 47 1. Introduction . . . . . . . . . . . . . . . . . . . . . . 3 48 2. Requirements for this Encryption Algorithm . . . . . . . 3 49 3. Description of Algorithm . . . . . . . . . . . . . . . . 3 50 3.1 Key Setup . . . . . . . . . . . . . . . . . . . . . . . 3 51 3.2 Stream Generation . . . . . . . . . . . . . . . . . . . 4 52 4. Intellectual Property Considerations . . . . . . . . . . 4 53 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . 4 54 6. Security Considerations . . . . . . . . . . . . . . . . . 5 55 7. References . . . . . . . . . . . . . . . . . . . . . . . 5 56 8. Colophon . . . . . . . . . . . . . . . . . . . . . . . . 6 57 8.1 Authors' Addresses . . . . . . . . . . . . . . . . . . . 6 58 8.2 About this document . . . . . . . . . . . . . . . . . . 6 59 8.3 Change History . . . . . . . . . . . . . . . . . . . . . 7 60 Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . 8 61 A. Test Vectors . . . . . . . . . . . . . . . . . . . . . . 8 62 B. Sample Code . . . . . . . . . . . . . . . . . . . . . . . 11 63 C. Copyright Statement . . . . . . . . . . . . . . . . . . . 14 65 Kaukonen,Thayer Page [2] 66 1. Introduction 68 There is a need in the Internet community for an encryption algorithm 69 that provides interoperable operation with existing deployed 70 commercial cryptographic applications. This interoperability allows 71 for a smoother transition to protocols that have been developed 72 through the IETF standards process. This document describes an 73 existing algorithm that satisifies this requirement. 75 There is a large body of experience in developing and deploying 76 encryption applications, especially in the HTTP/HTML browser/server 77 markets. These browsers typically implement the RC4 encryption 78 algorithm provided by [RSA]. It would be beneficial for the IETF 79 standards processes to produce protocols that can be deployed into 80 existing Internet environments. This would allow graceful addition 81 of new (IETF-developed) protocols. It would allow less disruption of 82 existing users, since there would be more interoperability between 83 pre-exisiting protocols and IETF-based protocols. 85 2. Requirements for this Encryption Algorithm 87 The algorithm described here is called Arcfour, and it has been 88 chosen because it is compatible with the RC4(TM) algorithm that is 89 one of the most popular encryption algorithms in the browser market. 90 (See chapter Intellectual Property Considerations.) Arcfour is 91 potentially useful in several environments, including IPSEC [IPSEC], 92 SSH [SSH], and TLS [TLS]. There are existing Internet Drafts that 93 describe how it can be applied, see e.g. [Caronni], [SSH], and [TLS]. 95 The algorithm can be used with a variety of key lengths. It 96 specifically can be operated with 40-bit keys and with 128-bit keys. 97 See the Security Considerations section for comments on the use of 98 40-bit keys. 100 Compatibility of the algorithm with commercial algorithms can be 101 tested by comparing the encrypted data that is produced by the test 102 vectors listed in the appendix to this document. 104 3. Description of Algorithm 106 The algorithm itself is documented in [Schneier], pages 397-398, in 107 the chapter titled "Other Stream Ciphers and Real Random Sequence 108 Generators". 110 3.1 Key Setup 112 1. Allocate an 256 element array of 8 bit bytes to be used as an 113 S-box, label it 115 S [0] .. S [255]. 117 2. Initialize the S-box. Fill each entry first with it's index: 119 S [0] = 0; S [1] = 1; etc. up to S [255] = 255; 121 Kaukonen,Thayer Page [3] 122 3. Fill another array of the same size (256) with the key, repeating 123 bytes as necessary. 125 for (i = 0; i < 256; i = i + 1) 126 S2 [i] = key [i % keylen]; 128 4. Set j to zero and initialize the S-box like this: 130 for (i = 0; i < 256; i = i + 1) 131 { 132 j = (j + S [i] + S2 [i]) % 256; 133 temp = S [i]; 134 S [i] = S [j]; 135 S [j] = temp; 136 } 138 5. Initialize i and j to zero. If superuser priviledged program 139 sniffing is feared (that is, always) set also the S2 array and the 140 key array to zero. That gives a slightly better protection since 141 the key is believed to be not feasible to calculate after it has 142 been zeroed and thus forgotten. 144 3.2 Stream Generation 146 For either encryption or decryption, the input text is processed one 147 byte at a time. A pseudorandom byte K is generated: 149 i = (i+1) % 256; 150 j = (j + S[i]) % 256; 151 temp = S [i]; 152 S [i] = S [j]; 153 S [j] = temp; 154 t = (S [i] + S [j]) % 256; 155 K = S [t]; 157 To encrypt, XOR the value K with the next byte of the plaintext. To 158 decrypt, XOR the value K with the next byte of the ciphertext. 160 4. Intellectual Property Considerations 162 This document does not address Intellectual Property issues. No claim 163 is made as to who owns this algorithm, of the performance of the 164 algorithm, its cryptographic security or any other liability issues 165 related to the algoritm itself, its implementation or use. 167 The Arcfour algorithm is believed to be fully interoperable with the 168 RC4 algorithm. "RC4" is believed to be trademark of RSA Data 169 Security, Inc. Contact [RSA] if RC4(TM) algorithm is needed. 171 5. Acknowledgements 173 This work was based on conversations with several collegues within 174 the IETF. 176 Kaukonen,Thayer Page [4] 177 6. Security Considerations 179 This algorithm can be operated with several different key sizes. If 180 the key is 128 bits in length then this algorithm is believed to be 181 secure. If the key length is significantly shorter, specifically 40 182 bits, then there are known attacts that have been successfully 183 applied. For this algorithm to be operated in a cryptographically 184 sound manner it is believed that a key length of 128 bits or more 185 should be used. 187 On the other hand, the 40-bit version of this algorithm is 188 specifically regulated by the U.S. Government. This means that 189 deployment of 40-bit implementations may be easier to export than 190 alternative algorithms. 192 It must be strongly recommended that no two plaintexts are encrypted 193 with the same key. Otherwise the plaintext can usually be broken, and 194 often even quite easily. If the two encrypted messages are XORed 195 together, the result is the XOR of the original plaintexts. Given the 196 encrypted messages are text strings, credit card numbers, or other 197 byte streams with some known properties, the plaintexts can be 198 estimated with great accuracy. See the [DAWSON AND NIELSEN] for more 199 details. 201 Initial cryptanalysis results are favorable, but the current 202 literature should be consulted to assess the security of this cipher. 203 A good starting point for a citation search would be [GOLIC]. For 204 Internet news group posting, start with [FINNEY], [JENKINS] and 205 [ROOS]. 207 7. References 209 [Caronni] Caronni, G., Waldvogel, M. "The ESP Stream Transform", 210 ftp://ds.internic.net/internet-drafts/ 211 draft-caronni-esp-stream-01.txt, September, 1996. 213 [COMMERCE] Test vectors issued by United States Department of 214 Commerce, Bureau of Export Administration, Office of Strategic 215 Trade and Foreign Policy, Strategic Trade Controls Division. 217 [CRYPTLIB] Gutmann, P, Young, E., Plumb, C. "Cryptlib, A Portable 218 Encryption Library", Version 2.00. 219 http://www.cs.auckland.ac.nz/~pgut001/cryptlib.html, 1996. 221 [DAWSON AND NIELSEN] Dawson E. and Nielsen L.: Automated 222 Cryptoanalysis of XOR Plaintext Strings, Cryptologia, April 1996, 223 Volume XX, Number 2. 225 [FINNEY] Finney, H. Internet message posted to sci.crypt 21 226 September, 1994. 228 [GOLIC] Golic, J. "Linear Statistical Weakness of Alleged RC4 229 Keystream Generator." In, W. Fumy (ed.), Proceedings of Eurocrypt 231 Kaukonen,Thayer Page [5] 232 '97, 226-238, Springer-Verlag, 1997. 234 [IPSEC] Atkinson, R, "Security Architecture for the Internet 235 Protocol", ftp://ds.internic.net/rfc/rfc1825.txt, August 1995. 237 [JENKINS] Jenkins, B. Internet message posted to sci.crypt 22 238 September, 1994. 240 [ROOS] Roos, A. Internet message posted to sci.crypt 28 September, 241 1995. 243 [RSA] RSA Data Security, Inc., http://www.rsa.com, Address: RSA Data 244 Security, Inc. 100 Marine Parkway, Suite 500, Redwood City, CA 245 94065-1031. 247 [SCHNEIER] Schneier, B. "Applied Cryptography", Second Edition, 248 http://www.counterpane.com. Published by John Wiley & Sons, Inc. 249 ISBN 0-471-11709-9, 1996. 251 [SSH] Ylonen, T., "SSH Transport Layer Protocol", 252 ftp://ietf.org/internet-drafts/draft-ietf-secsh-transport-00.txt, 253 March, 1997. 255 [SSH ARCFOUR] Kaukonen, K. Long test vectors for Arcfour and RC4 256 algorithms issued by Kalle Kaukonen, SSH Communications Security, Ltd, 257 July, 1997. 259 [TLS] Freier, A., Karlton, P., Kocher, P., Dierks, T., "The TLS 260 Protocol", ftp://ds.internic.net/internet-drafts/ 261 draft-ietf-tls-protocol-00.txt, December, 1996. 263 8. Colophon 265 8.1 Authors' Addresses 267 Kalle Kaukonen 268 SSH Communications Security Oy 269 Tekniikantie 12 270 02150 Espoo 271 Finland 272 kalle@ssh.fi 273 http://www.ssh.fi 275 Rodney Thayer 276 SSH Communications Security, Inc. 277 650 Castro Street, Suite 220 278 Mountain View, CA 94041 279 rodney@ipsec.com 281 8.2 About this document 283 This document was written in plain text using 'ifmt', a text formatter 284 designed to work on generic C platforms. Original source is in 285 plain ascii, transliterated from the original NROFF source. 287 Kaukonen,Thayer Page [6] 288 IETF draft boilerplate was current at the time this document was 289 published. 291 8.3 Change History 293 This is revision 02 of draft-kaukonen-cipher-arcfour. This revision 294 is a resubmission only. 296 Kaukonen,Thayer Page [7] 297 Appendix 299 A. Test Vectors 301 1. Test Vectors from [CRYPTLIB]: 303 Plain Text: 304 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 305 Key: 306 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF 308 Cipher Text: 309 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 311 2. Test Vectors from [COMMERCE]: 313 Plain Text: 314 0xdc, 0xee, 0x4c, 0xf9, 0x2c 315 Key: 316 0x61, 0x8a, 0x63, 0xd2, 0xfb 317 Cipher Text: 318 0xf1, 0x38, 0x29, 0xc9, 0xde 320 3. Test Vectors from [SSH ARCFOUR]: 322 Plain Text: 323 0x52, 0x75, 0x69, 0x73, 0x6c, 0x69, 0x6e, 0x6e, 324 0x75, 0x6e, 0x20, 0x6c, 0x61, 0x75, 0x6c, 0x75, 325 0x20, 0x6b, 0x6f, 0x72, 0x76, 0x69, 0x73, 0x73, 326 0x73, 0x61, 0x6e, 0x69, 0x2c, 0x20, 0x74, 0xe4, 327 0x68, 0x6b, 0xe4, 0x70, 0xe4, 0x69, 0x64, 0x65, 328 0x6e, 0x20, 0x70, 0xe4, 0xe4, 0x6c, 0x6c, 0xe4, 329 0x20, 0x74, 0xe4, 0x79, 0x73, 0x69, 0x6b, 0x75, 330 0x75, 0x2e, 0x20, 0x4b, 0x65, 0x73, 0xe4, 0x79, 331 0xf6, 0x6e, 0x20, 0x6f, 0x6e, 0x20, 0x6f, 0x6e, 332 0x6e, 0x69, 0x20, 0x6f, 0x6d, 0x61, 0x6e, 0x61, 333 0x6e, 0x69, 0x2c, 0x20, 0x6b, 0x61, 0x73, 0x6b, 334 0x69, 0x73, 0x61, 0x76, 0x75, 0x75, 0x6e, 0x20, 335 0x6c, 0x61, 0x61, 0x6b, 0x73, 0x6f, 0x74, 0x20, 336 0x76, 0x65, 0x72, 0x68, 0x6f, 0x75, 0x75, 0x2e, 337 0x20, 0x45, 0x6e, 0x20, 0x6d, 0x61, 0x20, 0x69, 338 0x6c, 0x6f, 0x69, 0x74, 0x73, 0x65, 0x2c, 0x20, 339 0x73, 0x75, 0x72, 0x65, 0x20, 0x68, 0x75, 0x6f, 340 0x6b, 0x61, 0x61, 0x2c, 0x20, 0x6d, 0x75, 0x74, 341 0x74, 0x61, 0x20, 0x6d, 0x65, 0x74, 0x73, 0xe4, 342 0x6e, 0x20, 0x74, 0x75, 0x6d, 0x6d, 0x75, 0x75, 343 0x73, 0x20, 0x6d, 0x75, 0x6c, 0x6c, 0x65, 0x20, 344 0x74, 0x75, 0x6f, 0x6b, 0x61, 0x61, 0x2e, 0x20, 345 0x50, 0x75, 0x75, 0x6e, 0x74, 0x6f, 0x20, 0x70, 346 0x69, 0x6c, 0x76, 0x65, 0x6e, 0x2c, 0x20, 0x6d, 347 0x69, 0x20, 0x68, 0x75, 0x6b, 0x6b, 0x75, 0x75, 348 0x2c, 0x20, 0x73, 0x69, 0x69, 0x6e, 0x74, 0x6f, 349 0x20, 0x76, 0x61, 0x72, 0x61, 0x6e, 0x20, 0x74, 350 0x75, 0x75, 0x6c, 0x69, 0x73, 0x65, 0x6e, 0x2c, 352 Kaukonen,Thayer Page [8] 353 0x20, 0x6d, 0x69, 0x20, 0x6e, 0x75, 0x6b, 0x6b, 354 0x75, 0x75, 0x2e, 0x20, 0x54, 0x75, 0x6f, 0x6b, 355 0x73, 0x75, 0x74, 0x20, 0x76, 0x61, 0x6e, 0x61, 356 0x6d, 0x6f, 0x6e, 0x20, 0x6a, 0x61, 0x20, 0x76, 357 0x61, 0x72, 0x6a, 0x6f, 0x74, 0x20, 0x76, 0x65, 358 0x65, 0x6e, 0x2c, 0x20, 0x6e, 0x69, 0x69, 0x73, 359 0x74, 0xe4, 0x20, 0x73, 0x79, 0x64, 0xe4, 0x6d, 360 0x65, 0x6e, 0x69, 0x20, 0x6c, 0x61, 0x75, 0x6c, 361 0x75, 0x6e, 0x20, 0x74, 0x65, 0x65, 0x6e, 0x2e, 362 0x20, 0x2d, 0x20, 0x45, 0x69, 0x6e, 0x6f, 0x20, 363 0x4c, 0x65, 0x69, 0x6e, 0x6f 365 Key: 366 0x29, 0x04, 0x19, 0x72, 0xfb, 0x42, 0xba, 0x5f, 367 0xc7, 0x12, 0x77, 0x12, 0xf1, 0x38, 0x29, 0xc9 369 Cipher Text: 370 0x35, 0x81, 0x86, 0x99, 0x90, 0x01, 0xe6, 0xb5, 371 0xda, 0xf0, 0x5e, 0xce, 0xeb, 0x7e, 0xee, 0x21, 372 0xe0, 0x68, 0x9c, 0x1f, 0x00, 0xee, 0xa8, 0x1f, 373 0x7d, 0xd2, 0xca, 0xae, 0xe1, 0xd2, 0x76, 0x3e, 374 0x68, 0xaf, 0x0e, 0xad, 0x33, 0xd6, 0x6c, 0x26, 375 0x8b, 0xc9, 0x46, 0xc4, 0x84, 0xfb, 0xe9, 0x4c, 376 0x5f, 0x5e, 0x0b, 0x86, 0xa5, 0x92, 0x79, 0xe4, 377 0xf8, 0x24, 0xe7, 0xa6, 0x40, 0xbd, 0x22, 0x32, 378 0x10, 0xb0, 0xa6, 0x11, 0x60, 0xb7, 0xbc, 0xe9, 379 0x86, 0xea, 0x65, 0x68, 0x80, 0x03, 0x59, 0x6b, 380 0x63, 0x0a, 0x6b, 0x90, 0xf8, 0xe0, 0xca, 0xf6, 381 0x91, 0x2a, 0x98, 0xeb, 0x87, 0x21, 0x76, 0xe8, 382 0x3c, 0x20, 0x2c, 0xaa, 0x64, 0x16, 0x6d, 0x2c, 383 0xce, 0x57, 0xff, 0x1b, 0xca, 0x57, 0xb2, 0x13, 384 0xf0, 0xed, 0x1a, 0xa7, 0x2f, 0xb8, 0xea, 0x52, 385 0xb0, 0xbe, 0x01, 0xcd, 0x1e, 0x41, 0x28, 0x67, 386 0x72, 0x0b, 0x32, 0x6e, 0xb3, 0x89, 0xd0, 0x11, 387 0xbd, 0x70, 0xd8, 0xaf, 0x03, 0x5f, 0xb0, 0xd8, 388 0x58, 0x9d, 0xbc, 0xe3, 0xc6, 0x66, 0xf5, 0xea, 389 0x8d, 0x4c, 0x79, 0x54, 0xc5, 0x0c, 0x3f, 0x34, 390 0x0b, 0x04, 0x67, 0xf8, 0x1b, 0x42, 0x59, 0x61, 391 0xc1, 0x18, 0x43, 0x07, 0x4d, 0xf6, 0x20, 0xf2, 392 0x08, 0x40, 0x4b, 0x39, 0x4c, 0xf9, 0xd3, 0x7f, 393 0xf5, 0x4b, 0x5f, 0x1a, 0xd8, 0xf6, 0xea, 0x7d, 394 0xa3, 0xc5, 0x61, 0xdf, 0xa7, 0x28, 0x1f, 0x96, 395 0x44, 0x63, 0xd2, 0xcc, 0x35, 0xa4, 0xd1, 0xb0, 396 0x34, 0x90, 0xde, 0xc5, 0x1b, 0x07, 0x11, 0xfb, 397 0xd6, 0xf5, 0x5f, 0x79, 0x23, 0x4d, 0x5b, 0x7c, 398 0x76, 0x66, 0x22, 0xa6, 0x6d, 0xe9, 0x2b, 0xe9, 399 0x96, 0x46, 0x1d, 0x5e, 0x4d, 0xc8, 0x78, 0xef, 400 0x9b, 0xca, 0x03, 0x05, 0x21, 0xe8, 0x35, 0x1e, 401 0x4b, 0xae, 0xd2, 0xfd, 0x04, 0xf9, 0x46, 0x73, 402 0x68, 0xc4, 0xad, 0x6a, 0xc1, 0x86, 0xd0, 0x82, 403 0x45, 0xb2, 0x63, 0xa2, 0x66, 0x6d, 0x1f, 0x6c, 404 0x54, 0x20, 0xf1, 0x59, 0x9d, 0xfd, 0x9f, 0x43, 405 0x89, 0x21, 0xc2, 0xf5, 0xa4, 0x63, 0x93, 0x8c, 407 Kaukonen,Thayer Page [9] 408 0xe0, 0x98, 0x22, 0x65, 0xee, 0xf7, 0x01, 0x79, 409 0xbc, 0x55, 0x3f, 0x33, 0x9e, 0xb1, 0xa4, 0xc1, 410 0xaf, 0x5f, 0x6a, 0x54, 0x7f 412 Kaukonen,Thayer Page [10] 413 B. Sample Code 415 /* This code illustrates a sample implementation 416 * of the Arcfour algorithm 417 * Copyright (c) April 29, 1997 Kalle Kaukonen. 418 * All Rights Reserved. 419 * 420 * Redistribution and use in source and binary forms, with or 421 * without modification, are permitted provided that this copyright 422 * notice and disclaimer are retained. 423 * 424 * THIS SOFTWARE IS PROVIDED BY KALLE KAUKONEN AND CONTRIBUTORS ``AS 425 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 426 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 427 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KALLE 428 * KAUKONEN OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 429 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 430 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 431 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 432 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 433 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 434 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 435 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 436 */ 438 typedef struct 439 { 440 unsigned int x; 441 unsigned int y; 442 unsigned char state[256]; 443 } ArcfourContext; 445 void arcfour_init(ArcfourContext *ctx, const unsigned char *key, 446 unsigned int key_len); 447 unsigned int arcfour_byte(ArcfourContext *ctx); 448 void arcfour_encrypt(ArcfourContext *ctx, unsigned char *dest, 449 const unsigned char *src, unsigned int len); 451 int main(int argc, char **argv) 452 { 453 unsigned char dest[500]; 454 unsigned char mykey[] = {0x29, 0x04, 0x19, 0x72, 0xfb, 0x42, 455 0xba, 0x5f, 0xc7, 0x12, 0x77, 0x12, 456 0xf1, 0x38, 0x29, 0xc9}; 457 unsigned char src[] = "Know thyself"; 459 ArcfourContext mycontext; 461 /* Initialize the algoritm */ 462 arcfour_init(&mycontext, mykey, 16); 464 /* Encrypt 13 bytes of the src string */ 466 Kaukonen,Thayer Page [11] 467 arcfour_encrypt(&mycontext, dest, src, 13); 469 /* Now "dest" contains the encrypted string. Do whatever 470 you please with it... */ 472 return 0; 473 } 475 void arcfour_init(ArcfourContext *ctx, const unsigned char *key, 476 unsigned int key_len) 477 { 478 unsigned int t, u; 479 unsigned int keyindex; 480 unsigned int stateindex; 481 unsigned char *state; 482 unsigned int counter; 484 state = ctx->state; 485 ctx->x = 0; 486 ctx->y = 0; 487 for (counter = 0; counter < 256; counter++) 488 state[counter] = counter; 489 keyindex = 0; 490 stateindex = 0; 491 for (counter = 0; counter < 256; counter++) 492 { 493 t = state[counter]; 494 stateindex = (stateindex + key[keyindex] + t) & 0xff; 495 u = state[stateindex]; 496 state[stateindex] = t; 497 state[counter] = u; 498 if (++keyindex >= key_len) 499 keyindex = 0; 500 } 501 } 503 unsigned int arcfour_byte(ArcfourContext *ctx) 504 { 505 unsigned int x; 506 unsigned int y; 507 unsigned int sx, sy; 508 unsigned char *state; 510 state = ctx->state; 511 x = (ctx->x + 1) & 0xff; 512 sx = state[x]; 513 y = (sx + ctx->y) & 0xff; 514 sy = state[y]; 515 ctx->x = x; 516 ctx->y = y; 517 state[y] = sx; 518 state[x] = sy; 520 Kaukonen,Thayer Page [12] 521 return state[(sx + sy) & 0xff]; 522 } 524 void arcfour_encrypt(ArcfourContext *ctx, unsigned char *dest, 525 const unsigned char *src, unsigned int len) 526 { 527 unsigned int i; 528 for (i = 0; i < len; i++) 529 dest[i] = src[i] ^ arcfour_byte(ctx); 530 } 532 Kaukonen,Thayer Page [13] 533 C. Copyright Statement 535 Copyright (C) The Internet Society 1999. All Rights Reserved. 537 This document and translations of it may be copied and furnished to 538 others, and derivative works that comment on or otherwise explain it 539 or assist in its implementation may be prepared, copied, published and 540 distributed, in whole or in part, without restriction of any kind, 541 provided that the above copyright notice and this paragraph are 542 included on all such copies and derivative works. However, this 543 document itself may not be modified in any way, such as by removing 544 the copyright notice or references to the Internet Society or other 545 Internet organisations, except as needed for the purpose of developing 546 Internet standards in which case the procedures for copyrights defined 547 in the Internet Standards process shall be followed, or as required to 548 translate it into languages other than English. 550 The limited permissions granted above are perpetual and will not be 551 revoked by the Internet Society or its successors or assigns. This 552 document and the information contained herein is provided on an "AS 553 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 554 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 555 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 556 NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 557 OR FITNESS FOR A PARTICULAR PURPOSE. 559 This draft expires 9 December 1999. 561 Kaukonen,Thayer Page [14]