summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rc4
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rc4')
-rw-r--r--src/lib/libcrypto/rc4/Makefile123
-rw-r--r--src/lib/libcrypto/rc4/Makefile.ssl110
-rw-r--r--src/lib/libcrypto/rc4/asm/rc4-586.pl114
-rwxr-xr-xsrc/lib/libcrypto/rc4/asm/rc4-amd64.pl227
-rw-r--r--src/lib/libcrypto/rc4/asm/rc4-ia64.S157
-rw-r--r--src/lib/libcrypto/rc4/rc4.c192
-rw-r--r--src/lib/libcrypto/rc4/rc4.h7
-rw-r--r--src/lib/libcrypto/rc4/rc4_enc.c4
-rw-r--r--src/lib/libcrypto/rc4/rc4_locl.h1
-rw-r--r--src/lib/libcrypto/rc4/rc4_skey.c8
-rw-r--r--src/lib/libcrypto/rc4/rc4s.cpp73
-rw-r--r--src/lib/libcrypto/rc4/rc4speed.c250
-rw-r--r--src/lib/libcrypto/rc4/rc4test.c203
-rw-r--r--src/lib/libcrypto/rc4/rrc4.doc278
14 files changed, 1643 insertions, 104 deletions
diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile
new file mode 100644
index 0000000000..64e06924f4
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile
@@ -0,0 +1,123 @@
1#
2# SSLeay/crypto/rc4/Makefile
3#
4
5DIR= rc4
6TOP= ../..
7CC= cc
8CPP= $(CC) -E
9INCLUDES=
10CFLAG=-g
11INSTALL_PREFIX=
12OPENSSLDIR= /usr/local/ssl
13INSTALLTOP=/usr/local/ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile
17AR= ar r
18
19RC4_ENC=rc4_enc.o
20# or use
21#RC4_ENC=asm/rx86-elf.o
22#RC4_ENC=asm/rx86-out.o
23#RC4_ENC=asm/rx86-sol.o
24#RC4_ENC=asm/rx86bdsi.o
25
26CFLAGS= $(INCLUDES) $(CFLAG)
27ASFLAGS= $(INCLUDES) $(ASFLAG)
28
29GENERAL=Makefile
30TEST=rc4test.c
31APPS=
32
33LIB=$(TOP)/libcrypto.a
34LIBSRC=rc4_skey.c rc4_enc.c
35LIBOBJ=rc4_skey.o $(RC4_ENC)
36
37SRC= $(LIBSRC)
38
39EXHEADER= rc4.h
40HEADER= $(EXHEADER) rc4_locl.h
41
42ALL= $(GENERAL) $(SRC) $(HEADER)
43
44top:
45 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
46
47all: lib
48
49lib: $(LIBOBJ)
50 $(AR) $(LIB) $(LIBOBJ)
51 $(RANLIB) $(LIB) || echo Never mind.
52 @touch lib
53
54# elf
55asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
56 (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
57
58# a.out
59asm/rx86-out.o: asm/rx86unix.cpp
60 $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
61
62# bsdi
63asm/rx86bsdi.o: asm/rx86unix.cpp
64 $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
65
66asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
67 (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
68
69asm/rc4-amd64.s: asm/rc4-amd64.pl; $(PERL) asm/rc4-amd64.pl $@
70
71asm/rc4-ia64.s: asm/rc4-ia64.S
72 $(CC) $(CFLAGS) -E asm/rc4-ia64.S > $@
73
74files:
75 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
76
77links:
78 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
79 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
80 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
81
82install:
83 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
84 do \
85 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
86 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
87 done;
88
89tags:
90 ctags $(SRC)
91
92tests:
93
94lint:
95 lint -DLINT $(INCLUDES) $(SRC)>fluff
96
97depend:
98 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
99
100dclean:
101 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
102 mv -f Makefile.new $(MAKEFILE)
103
104clean:
105 rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
106
107# DO NOT DELETE THIS LINE -- make depend depends on it.
108
109rc4_enc.o: ../../e_os.h ../../include/openssl/bio.h
110rc4_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
111rc4_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
112rc4_enc.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
113rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
114rc4_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
115rc4_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h rc4_enc.c rc4_locl.h
116rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
117rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
118rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
119rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
120rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
121rc4_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
122rc4_skey.o: ../../include/openssl/symhacks.h ../cryptlib.h rc4_locl.h
123rc4_skey.o: rc4_skey.c
diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl
new file mode 100644
index 0000000000..3e602662be
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile.ssl
@@ -0,0 +1,110 @@
1#
2# SSLeay/crypto/rc4/Makefile
3#
4
5DIR= rc4
6TOP= ../..
7CC= cc
8CPP= $(CC) -E
9INCLUDES=
10CFLAG=-g
11INSTALL_PREFIX=
12OPENSSLDIR= /usr/local/ssl
13INSTALLTOP=/usr/local/ssl
14MAKE= make -f Makefile.ssl
15MAKEDEPPROG= makedepend
16MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
17MAKEFILE= Makefile.ssl
18AR= ar r
19
20RC4_ENC=rc4_enc.o
21# or use
22#RC4_ENC=asm/rx86-elf.o
23#RC4_ENC=asm/rx86-out.o
24#RC4_ENC=asm/rx86-sol.o
25#RC4_ENC=asm/rx86bdsi.o
26
27CFLAGS= $(INCLUDES) $(CFLAG)
28ASFLAGS= $(INCLUDES) $(ASFLAG)
29
30GENERAL=Makefile
31TEST=rc4test.c
32APPS=
33
34LIB=$(TOP)/libcrypto.a
35LIBSRC=rc4_skey.c rc4_enc.c
36LIBOBJ=rc4_skey.o $(RC4_ENC)
37
38SRC= $(LIBSRC)
39
40EXHEADER= rc4.h
41HEADER= $(EXHEADER) rc4_locl.h
42
43ALL= $(GENERAL) $(SRC) $(HEADER)
44
45top:
46 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
47
48all: lib
49
50lib: $(LIBOBJ)
51 $(AR) $(LIB) $(LIBOBJ)
52 $(RANLIB) $(LIB) || echo Never mind.
53 @touch lib
54
55# elf
56asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
57 (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
58
59# a.out
60asm/rx86-out.o: asm/rx86unix.cpp
61 $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
62
63# bsdi
64asm/rx86bsdi.o: asm/rx86unix.cpp
65 $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
66
67asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
68 (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
69
70files:
71 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
72
73links:
74 @sh $(TOP)/util/point.sh Makefile.ssl Makefile
75 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
76 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
77 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
78
79install:
80 @for i in $(EXHEADER) ; \
81 do \
82 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
83 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
84 done;
85
86tags:
87 ctags $(SRC)
88
89tests:
90
91lint:
92 lint -DLINT $(INCLUDES) $(SRC)>fluff
93
94depend:
95 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
96
97dclean:
98 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
99 mv -f Makefile.new $(MAKEFILE)
100
101clean:
102 rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
103
104# DO NOT DELETE THIS LINE -- make depend depends on it.
105
106rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
107rc4_enc.o: rc4_enc.c rc4_locl.h
108rc4_skey.o: ../../include/openssl/opensslconf.h
109rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
110rc4_skey.o: rc4_locl.h rc4_skey.c
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl
index d6e98f0811..7ef889e5a1 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-586.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl
@@ -1,37 +1,16 @@
1#!/usr/local/bin/perl 1#!/usr/local/bin/perl
2 2
3# At some point it became apparent that the original SSLeay RC4 3# define for pentium pro friendly version
4# assembler implementation performs suboptimaly on latest IA-32
5# microarchitectures. After re-tuning performance has changed as
6# following:
7#
8# Pentium +0%
9# Pentium III +17%
10# AMD +52%(*)
11# P4 +180%(**)
12#
13# (*) This number is actually a trade-off:-) It's possible to
14# achieve +72%, but at the cost of -48% off PIII performance.
15# In other words code performing further 13% faster on AMD
16# would perform almost 2 times slower on Intel PIII...
17# For reference! This code delivers ~80% of rc4-amd64.pl
18# performance on the same Opteron machine.
19# (**) This number requires compressed key schedule set up by
20# RC4_set_key and therefore doesn't apply to 0.9.7 [option for
21# compressed key schedule is implemented in 0.9.8 and later,
22# see commentary section in rc4_skey.c for further details].
23#
24# <appro@fy.chalmers.se>
25 4
26push(@INC,"perlasm","../../perlasm"); 5push(@INC,"perlasm","../../perlasm");
27require "x86asm.pl"; 6require "x86asm.pl";
28 7
29&asm_init($ARGV[0],"rc4-586.pl"); 8&asm_init($ARGV[0],"rc4-586.pl");
30 9
31$x="eax"; 10$tx="eax";
32$y="ebx"; 11$ty="ebx";
33$tx="ecx"; 12$x="ecx";
34$ty="edx"; 13$y="edx";
35$in="esi"; 14$in="esi";
36$out="edi"; 15$out="edi";
37$d="ebp"; 16$d="ebp";
@@ -52,7 +31,7 @@ sub RC4_loop
52 { 31 {
53 &mov($ty, &swtmp(2)); 32 &mov($ty, &swtmp(2));
54 &cmp($ty, $in); 33 &cmp($ty, $in);
55 &jbe(&label("finished")); 34 &jle(&label("finished"));
56 &inc($in); 35 &inc($in);
57 } 36 }
58 else 37 else
@@ -60,23 +39,27 @@ sub RC4_loop
60 &add($ty, 8); 39 &add($ty, 8);
61 &inc($in); 40 &inc($in);
62 &cmp($ty, $in); 41 &cmp($ty, $in);
63 &jb(&label("finished")); 42 &jl(&label("finished"));
64 &mov(&swtmp(2), $ty); 43 &mov(&swtmp(2), $ty);
65 } 44 }
66 } 45 }
67 # Moved out 46 # Moved out
68 # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; 47 # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0;
69 48
70 &add( &LB($y), &LB($tx)); 49 &add( $y, $tx);
50 &and( $y, 0xff);
51 &inc( $x); # NEXT ROUND
71 &mov( $ty, &DWP(0,$d,$y,4)); 52 &mov( $ty, &DWP(0,$d,$y,4));
72 # XXX 53 # XXX
73 &mov( &DWP(0,$d,$x,4),$ty); 54 &mov( &DWP(-4,$d,$x,4),$ty); # AGI
74 &add( $ty, $tx); 55 &add( $ty, $tx);
75 &mov( &DWP(0,$d,$y,4),$tx); 56 &and( $x, 0xff); # NEXT ROUND
76 &and( $ty, 0xff); 57 &and( $ty, 0xff);
77 &inc( &LB($x)); # NEXT ROUND 58 &mov( &DWP(0,$d,$y,4),$tx);
78 &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND 59 &nop();
79 &mov( $ty, &DWP(0,$d,$ty,4)); 60 &mov( $ty, &DWP(0,$d,$ty,4));
61 &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
62 # XXX
80 63
81 if (!$char) 64 if (!$char)
82 { 65 {
@@ -105,47 +88,35 @@ sub RC4
105 88
106 &function_begin_B($name,""); 89 &function_begin_B($name,"");
107 90
108 &mov($ty,&wparam(1)); # len
109 &cmp($ty,0);
110 &jne(&label("proceed"));
111 &ret();
112 &set_label("proceed");
113
114 &comment(""); 91 &comment("");
115 92
116 &push("ebp"); 93 &push("ebp");
117 &push("ebx"); 94 &push("ebx");
118 &push("esi");
119 &xor( $x, $x); # avoid partial register stalls
120 &push("edi");
121 &xor( $y, $y); # avoid partial register stalls
122 &mov( $d, &wparam(0)); # key 95 &mov( $d, &wparam(0)); # key
123 &mov( $in, &wparam(2)); 96 &mov( $ty, &wparam(1)); # num
97 &push("esi");
98 &push("edi");
124 99
125 &movb( &LB($x), &BP(0,$d,"",1)); 100 &mov( $x, &DWP(0,$d,"",1));
126 &movb( &LB($y), &BP(4,$d,"",1)); 101 &mov( $y, &DWP(4,$d,"",1));
127 102
128 &mov( $out, &wparam(3)); 103 &mov( $in, &wparam(2));
129 &inc( &LB($x)); 104 &inc( $x);
130 105
131 &stack_push(3); # 3 temp variables 106 &stack_push(3); # 3 temp variables
132 &add( $d, 8); 107 &add( $d, 8);
133 108 &and( $x, 0xff);
134 # detect compressed schedule, see commentary section in rc4_skey.c...
135 # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant,
136 # as compressed key schedule is set up in 0.9.8 and later.
137 &cmp(&DWP(256,$d),-1);
138 &je(&label("RC4_CHAR"));
139 109
140 &lea( $ty, &DWP(-8,$ty,$in)); 110 &lea( $ty, &DWP(-8,$ty,$in));
141 111
142 # check for 0 length input 112 # check for 0 length input
143 113
114 &mov( $out, &wparam(3));
144 &mov( &swtmp(2), $ty); # this is now address to exit at 115 &mov( &swtmp(2), $ty); # this is now address to exit at
145 &mov( $tx, &DWP(0,$d,$x,4)); 116 &mov( $tx, &DWP(0,$d,$x,4));
146 117
147 &cmp( $ty, $in); 118 &cmp( $ty, $in);
148 &jb( &label("end")); # less than 8 bytes 119 &jl( &label("end")); # less than 8 bytes
149 120
150 &set_label("start"); 121 &set_label("start");
151 122
@@ -177,7 +148,7 @@ sub RC4
177 &mov( &DWP(-4,$out,"",0), $tx); 148 &mov( &DWP(-4,$out,"",0), $tx);
178 &mov( $tx, &DWP(0,$d,$x,4)); 149 &mov( $tx, &DWP(0,$d,$x,4));
179 &cmp($in, $ty); 150 &cmp($in, $ty);
180 &jbe(&label("start")); 151 &jle(&label("start"));
181 152
182 &set_label("end"); 153 &set_label("end");
183 154
@@ -191,37 +162,10 @@ sub RC4
191 &RC4_loop(5,0,1); 162 &RC4_loop(5,0,1);
192 &RC4_loop(6,1,1); 163 &RC4_loop(6,1,1);
193 164
194 &jmp(&label("finished"));
195
196 &align(16);
197 # this is essentially Intel P4 specific codepath, see rc4_skey.c,
198 # and is engaged in 0.9.8 and later context...
199 &set_label("RC4_CHAR");
200
201 &lea ($ty,&DWP(0,$in,$ty));
202 &mov (&swtmp(2),$ty);
203
204 # strangely enough unrolled loop performs over 20% slower...
205 &set_label("RC4_CHAR_loop");
206 &movz ($tx,&BP(0,$d,$x));
207 &add (&LB($y),&LB($tx));
208 &movz ($ty,&BP(0,$d,$y));
209 &movb (&BP(0,$d,$y),&LB($tx));
210 &movb (&BP(0,$d,$x),&LB($ty));
211 &add (&LB($ty),&LB($tx));
212 &movz ($ty,&BP(0,$d,$ty));
213 &xorb (&LB($ty),&BP(0,$in));
214 &movb (&BP(0,$out),&LB($ty));
215 &inc (&LB($x));
216 &inc ($in);
217 &inc ($out);
218 &cmp ($in,&swtmp(2));
219 &jb (&label("RC4_CHAR_loop"));
220
221 &set_label("finished"); 165 &set_label("finished");
222 &dec( $x); 166 &dec( $x);
223 &stack_pop(3); 167 &stack_pop(3);
224 &movb( &BP(-4,$d,"",0),&LB($y)); 168 &mov( &DWP(-4,$d,"",0),$y);
225 &movb( &BP(-8,$d,"",0),&LB($x)); 169 &movb( &BP(-8,$d,"",0),&LB($x));
226 170
227 &function_end($name); 171 &function_end($name);
diff --git a/src/lib/libcrypto/rc4/asm/rc4-amd64.pl b/src/lib/libcrypto/rc4/asm/rc4-amd64.pl
new file mode 100755
index 0000000000..9e0da8af99
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-amd64.pl
@@ -0,0 +1,227 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. Rights for redistribution and usage in source and binary
6# forms are granted according to the OpenSSL license.
7# ====================================================================
8#
9# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
10# "hand-coded assembler"] doesn't stand for the whole improvement
11# coefficient. It turned out that eliminating RC4_CHAR from config
12# line results in ~40% improvement (yes, even for C implementation).
13# Presumably it has everything to do with AMD cache architecture and
14# RAW or whatever penalties. Once again! The module *requires* config
15# line *without* RC4_CHAR! As for coding "secret," I bet on partial
16# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
17# I simply 'inc %r8b'. Even though optimization manual discourages
18# to operate on partial registers, it turned out to be the best bet.
19# At least for AMD... How IA32E would perform remains to be seen...
20
21# As was shown by Marc Bevand reordering of couple of load operations
22# results in even higher performance gain of 3.3x:-) At least on
23# Opteron... For reference, 1x in this case is RC4_CHAR C-code
24# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.
25# Latter means that if you want to *estimate* what to expect from
26# *your* CPU, then multiply 54 by 3.3 and clock frequency in GHz.
27
28# Intel P4 EM64T core was found to run the AMD64 code really slow...
29# The only way to achieve comparable performance on P4 is to keep
30# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
31# compose blended code, which would perform even within 30% marginal
32# on either AMD and Intel platforms, I implement both cases. See
33# rc4_skey.c for further details... This applies to 0.9.8 and later.
34# In 0.9.7 context RC4_CHAR codepath is never engaged and ~70 bytes
35# of code remain redundant.
36
37$output=shift;
38
39$win64a=1 if ($output =~ /win64a.[s|asm]/);
40
41open STDOUT,">$output" || die "can't open $output: $!";
42
43if (defined($win64a)) {
44 $dat="%rcx"; # arg1
45 $len="%rdx"; # arg2
46 $inp="%rsi"; # r8, arg3 moves here
47 $out="%rdi"; # r9, arg4 moves here
48} else {
49 $dat="%rdi"; # arg1
50 $len="%rsi"; # arg2
51 $inp="%rdx"; # arg3
52 $out="%rcx"; # arg4
53}
54
55$XX="%r10";
56$TX="%r8";
57$YY="%r11";
58$TY="%r9";
59
60sub PTR() {
61 my $ret=shift;
62 if (defined($win64a)) {
63 $ret =~ s/\[([\S]+)\+([\S]+)\]/[$2+$1]/g; # [%rN+%rM*4]->[%rM*4+%rN]
64 $ret =~ s/:([^\[]+)\[([^\]]+)\]/:[$2+$1]/g; # :off[ea]->:[ea+off]
65 } else {
66 $ret =~ s/[\+\*]/,/g; # [%rN+%rM*4]->[%rN,%rM,4]
67 $ret =~ s/\[([^\]]+)\]/($1)/g; # [%rN]->(%rN)
68 }
69 $ret;
70}
71
72$code=<<___ if (!defined($win64a));
73.text
74
75.globl RC4
76.type RC4,\@function
77.align 16
78RC4: or $len,$len
79 jne .Lentry
80 repret
81.Lentry:
82___
83$code=<<___ if (defined($win64a));
84_TEXT SEGMENT
85PUBLIC RC4
86ALIGN 16
87RC4 PROC
88 or $len,$len
89 jne .Lentry
90 repret
91.Lentry:
92 push %rdi
93 push %rsi
94 sub \$40,%rsp
95 mov %r8,$inp
96 mov %r9,$out
97___
98$code.=<<___;
99 add \$8,$dat
100 movl `&PTR("DWORD:-8[$dat]")`,$XX#d
101 movl `&PTR("DWORD:-4[$dat]")`,$YY#d
102 cmpl \$-1,`&PTR("DWORD:256[$dat]")`
103 je .LRC4_CHAR
104 test \$-8,$len
105 jz .Lloop1
106.align 16
107.Lloop8:
108 inc $XX#b
109 movl `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
110 add $TX#b,$YY#b
111 movl `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
112 movl $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
113 movl $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
114 add $TX#b,$TY#b
115 inc $XX#b
116 movl `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
117 movb `&PTR("BYTE:[$dat+$TY*4]")`,%al
118___
119for ($i=1;$i<=6;$i++) {
120$code.=<<___;
121 add $TX#b,$YY#b
122 ror \$8,%rax
123 movl `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
124 movl $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
125 movl $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
126 add $TX#b,$TY#b
127 inc $XX#b
128 movl `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
129 movb `&PTR("BYTE:[$dat+$TY*4]")`,%al
130___
131}
132$code.=<<___;
133 add $TX#b,$YY#b
134 ror \$8,%rax
135 movl `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
136 movl $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
137 movl $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
138 sub \$8,$len
139 add $TY#b,$TX#b
140 movb `&PTR("BYTE:[$dat+$TX*4]")`,%al
141 ror \$8,%rax
142 add \$8,$inp
143 add \$8,$out
144
145 xor `&PTR("QWORD:-8[$inp]")`,%rax
146 mov %rax,`&PTR("QWORD:-8[$out]")`
147
148 test \$-8,$len
149 jnz .Lloop8
150 cmp \$0,$len
151 jne .Lloop1
152.Lexit:
153 movl $XX#d,`&PTR("DWORD:-8[$dat]")`
154 movl $YY#d,`&PTR("DWORD:-4[$dat]")`
155___
156$code.=<<___ if (defined($win64a));
157 add \$40,%rsp
158 pop %rsi
159 pop %rdi
160___
161$code.=<<___;
162 repret
163.align 16
164.Lloop1:
165 movzb `&PTR("BYTE:[$inp]")`,%eax
166 inc $XX#b
167 movl `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
168 add $TX#b,$YY#b
169 movl `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
170 movl $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
171 movl $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
172 add $TY#b,$TX#b
173 movl `&PTR("DWORD:[$dat+$TX*4]")`,$TY#d
174 xor $TY,%rax
175 inc $inp
176 movb %al,`&PTR("BYTE:[$out]")`
177 inc $out
178 dec $len
179 jnz .Lloop1
180 jmp .Lexit
181
182.align 16
183.LRC4_CHAR:
184 inc $XX#b
185 movzb `&PTR("BYTE:[$dat+$XX]")`,$TX#d
186 add $TX#b,$YY#b
187 movzb `&PTR("BYTE:[$dat+$YY]")`,$TY#d
188 movb $TX#b,`&PTR("BYTE:[$dat+$YY]")`
189 movb $TY#b,`&PTR("BYTE:[$dat+$XX]")`
190 add $TX#b,$TY#b
191 movzb `&PTR("BYTE:[$dat+$TY]")`,$TY#d
192 xorb `&PTR("BYTE:[$inp]")`,$TY#b
193 movb $TY#b,`&PTR("BYTE:[$out]")`
194 inc $inp
195 inc $out
196 dec $len
197 jnz .LRC4_CHAR
198 jmp .Lexit
199___
200$code.=<<___ if (defined($win64a));
201RC4 ENDP
202_TEXT ENDS
203END
204___
205$code.=<<___ if (!defined($win64a));
206.size RC4,.-RC4
207___
208
209$code =~ s/#([bwd])/$1/gm;
210$code =~ s/\`([^\`]*)\`/eval $1/gem;
211
212if (defined($win64a)) {
213 $code =~ s/\.align/ALIGN/gm;
214 $code =~ s/[\$%]//gm;
215 $code =~ s/\.L/\$L/gm;
216 $code =~ s/([\w]+)([\s]+)([\S]+),([\S]+)/$1$2$4,$3/gm;
217 $code =~ s/([QD]*WORD|BYTE):/$1 PTR/gm;
218 $code =~ s/mov[bwlq]/mov/gm;
219 $code =~ s/movzb/movzx/gm;
220 $code =~ s/repret/DB\t0F3h,0C3h/gm;
221 $code =~ s/cmpl/cmp/gm;
222 $code =~ s/xorb/xor/gm;
223} else {
224 $code =~ s/([QD]*WORD|BYTE)://gm;
225 $code =~ s/repret/.byte\t0xF3,0xC3/gm;
226}
227print $code;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-ia64.S b/src/lib/libcrypto/rc4/asm/rc4-ia64.S
new file mode 100644
index 0000000000..b517d2e88f
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-ia64.S
@@ -0,0 +1,157 @@
1// ====================================================================
2// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
3// project.
4//
5// Rights for redistribution and usage in source and binary forms are
6// granted according to the OpenSSL license. Warranty of any kind is
7// disclaimed.
8// ====================================================================
9
10.ident "rc4-ia64.S, Version 1.1"
11.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
12
13// What's wrong with compiler generated code? Because of the nature of
14// C language, compiler doesn't [dare to] reorder load and stores. But
15// being memory-bound, RC4 should benefit from reorder [on in-order-
16// execution core such as IA-64]. But what can we reorder? At the very
17// least we can safely reorder references to key schedule in respect
18// to input and output streams. Secondly, from the first [close] glance
19// it appeared that it's possible to pull up some references to
20// elements of the key schedule itself. Original rationale ["prior
21// loads are not safe only for "degenerated" key schedule, when some
22// elements equal to the same value"] was kind of sloppy. I should have
23// formulated as it really was: if we assume that pulling up reference
24// to key[x+1] is not safe, then it would mean that key schedule would
25// "degenerate," which is never the case. The problem is that this
26// holds true in respect to references to key[x], but not to key[y].
27// Legitimate "collisions" do occur within every 256^2 bytes window.
28// Fortunately there're enough free instruction slots to keep prior
29// reference to key[x+1], detect "collision" and compensate for it.
30// All this without sacrificing a single clock cycle:-)
31// Furthermore. In order to compress loop body to the minimum, I chose
32// to deploy deposit instruction, which substitutes for the whole
33// key->data+((x&255)<<log2(sizeof(key->data[0]))). This unfortunately
34// requires key->data to be aligned at sizeof(key->data) boundary.
35// This is why you'll find "RC4_INT pad[512-256-2];" addenum to RC4_KEY
36// and "d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));" in
37// rc4_skey.c [and rc4_enc.c, where it's retained for debugging
38// purposes]. Throughput is ~210MBps on 900MHz CPU, which is is >3x
39// faster than gcc generated code and +30% - if compared to HP-UX C.
40// Unrolling loop below should give >30% on top of that...
41
42.text
43.explicit
44
45#if defined(_HPUX_SOURCE) && !defined(_LP64)
46# define ADDP addp4
47#else
48# define ADDP add
49#endif
50
51#define SZ 4 // this is set to sizeof(RC4_INT)
52// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for
53// assembler implementation, while SZ==1 code is ~30% slower.
54#if SZ==1 // RC4_INT is unsigned char
55# define LDKEY ld1
56# define STKEY st1
57# define OFF 0
58#elif SZ==4 // RC4_INT is unsigned int
59# define LDKEY ld4
60# define STKEY st4
61# define OFF 2
62#elif SZ==8 // RC4_INT is unsigned long
63# define LDKEY ld8
64# define STKEY st8
65# define OFF 3
66#endif
67
68out=r8; // [expanded] output pointer
69inp=r9; // [expanded] output pointer
70prsave=r10;
71key=r28; // [expanded] pointer to RC4_KEY
72ksch=r29; // (key->data+255)[&~(sizeof(key->data)-1)]
73xx=r30;
74yy=r31;
75
76// void RC4(RC4_KEY *key,size_t len,const void *inp,void *out);
77.global RC4#
78.proc RC4#
79.align 32
80.skip 16
81RC4:
82 .prologue
83 .fframe 0
84 .save ar.pfs,r2
85 .save ar.lc,r3
86 .save pr,prsave
87{ .mii; alloc r2=ar.pfs,4,12,0,16
88 mov prsave=pr
89 ADDP key=0,in0 };;
90{ .mib; cmp.eq p6,p0=0,in1 // len==0?
91 mov r3=ar.lc
92(p6) br.ret.spnt.many b0 };; // emergency exit
93
94 .body
95 .rotr dat[4],key_x[4],tx[2],rnd[2],key_y[2],ty[1];
96
97{ .mib; LDKEY xx=[key],SZ // load key->x
98 add in1=-1,in1 // adjust len for loop counter
99 nop.b 0 }
100{ .mib; ADDP inp=0,in2
101 ADDP out=0,in3
102 brp.loop.imp .Ltop,.Lexit-16 };;
103{ .mmi; LDKEY yy=[key] // load key->y
104 add ksch=(255+1)*SZ,key // as ksch will be used with
105 // deposit instruction only,
106 // I don't have to &~255...
107 mov ar.lc=in1 }
108{ .mmi; mov key_y[1]=r0 // guarantee inequality
109 // in first iteration
110 add xx=1,xx
111 mov pr.rot=1<<16 };;
112{ .mii; nop.m 0
113 dep key_x[1]=xx,ksch,OFF,8
114 mov ar.ec=3 };; // note that epilogue counter
115 // is off by 1. I compensate
116 // for this at exit...
117.Ltop:
118// The loop is scheduled for 3*(n+2) spin-rate on Itanium 2, which
119// theoretically gives asymptotic performance of clock frequency
120// divided by 3 bytes per seconds, or 500MBps on 1.5GHz CPU. Measured
121// performance however is distinctly lower than 1/4:-( The culplrit
122// seems to be *(out++)=dat, which inadvertently splits the bundle,
123// even though there is M-port available... Unrolling is due...
124// Unrolled loop should collect output with variable shift instruction
125// in order to avoid starvation for integer shifter... It should be
126// possible to get pretty close to theoretical peak...
127{ .mmi; (p16) LDKEY tx[0]=[key_x[1]] // tx=key[xx]
128 (p17) LDKEY ty[0]=[key_y[1]] // ty=key[yy]
129 (p18) dep rnd[1]=rnd[1],ksch,OFF,8} // &key[(tx+ty)&255]
130{ .mmi; (p19) st1 [out]=dat[3],1 // *(out++)=dat
131 (p16) add xx=1,xx // x++
132 (p16) cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
133{ .mmi; (p18) LDKEY rnd[1]=[rnd[1]] // rnd=key[(tx+ty)&255]
134 (p16) ld1 dat[0]=[inp],1 // dat=*(inp++)
135 (p16) dep key_x[0]=xx,ksch,OFF,8 } // &key[xx&255]
136.pred.rel "mutex",p20,p21
137{ .mmi; (p21) add yy=yy,tx[1] // (p16)
138 (p20) add yy=yy,tx[0] // (p16) y+=tx
139 (p21) mov tx[0]=tx[1] };; // (p16)
140{ .mmi; (p17) STKEY [key_y[1]]=tx[1] // key[yy]=tx
141 (p17) STKEY [key_x[2]]=ty[0] // key[xx]=ty
142 (p16) dep key_y[0]=yy,ksch,OFF,8 } // &key[yy&255]
143{ .mmb; (p17) add rnd[0]=tx[1],ty[0] // tx+=ty
144 (p18) xor dat[2]=dat[2],rnd[1] // dat^=rnd
145 br.ctop.sptk .Ltop };;
146.Lexit:
147{ .mib; STKEY [key]=yy,-SZ // save key->y
148 mov pr=prsave,0x1ffff
149 nop.b 0 }
150{ .mib; st1 [out]=dat[3],1 // compensate for truncated
151 // epilogue counter
152 add xx=-1,xx
153 nop.b 0 };;
154{ .mib; STKEY [key]=xx // save key->x
155 mov ar.lc=r3
156 br.ret.sptk.many b0 };;
157.endp RC4#
diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c
new file mode 100644
index 0000000000..b39c070292
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4.c
@@ -0,0 +1,192 @@
1/* crypto/rc4/rc4.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <openssl/rc4.h>
63
64char *usage[]={
65"usage: rc4 args\n",
66"\n",
67" -in arg - input file - default stdin\n",
68" -out arg - output file - default stdout\n",
69" -key key - password\n",
70NULL
71};
72
73int main(int argc, char *argv[])
74 {
75 FILE *in=NULL,*out=NULL;
76 char *infile=NULL,*outfile=NULL,*keystr=NULL;
77 RC4_KEY key;
78 char buf[BUFSIZ];
79 int badops=0,i;
80 char **pp;
81 unsigned char md[MD5_DIGEST_LENGTH];
82
83 argc--;
84 argv++;
85 while (argc >= 1)
86 {
87 if (strcmp(*argv,"-in") == 0)
88 {
89 if (--argc < 1) goto bad;
90 infile= *(++argv);
91 }
92 else if (strcmp(*argv,"-out") == 0)
93 {
94 if (--argc < 1) goto bad;
95 outfile= *(++argv);
96 }
97 else if (strcmp(*argv,"-key") == 0)
98 {
99 if (--argc < 1) goto bad;
100 keystr= *(++argv);
101 }
102 else
103 {
104 fprintf(stderr,"unknown option %s\n",*argv);
105 badops=1;
106 break;
107 }
108 argc--;
109 argv++;
110 }
111
112 if (badops)
113 {
114bad:
115 for (pp=usage; (*pp != NULL); pp++)
116 fprintf(stderr,"%s",*pp);
117 exit(1);
118 }
119
120 if (infile == NULL)
121 in=stdin;
122 else
123 {
124 in=fopen(infile,"r");
125 if (in == NULL)
126 {
127 perror("open");
128 exit(1);
129 }
130
131 }
132 if (outfile == NULL)
133 out=stdout;
134 else
135 {
136 out=fopen(outfile,"w");
137 if (out == NULL)
138 {
139 perror("open");
140 exit(1);
141 }
142 }
143
144#ifdef OPENSSL_SYS_MSDOS
145 /* This should set the file to binary mode. */
146 {
147#include <fcntl.h>
148 setmode(fileno(in),O_BINARY);
149 setmode(fileno(out),O_BINARY);
150 }
151#endif
152
153 if (keystr == NULL)
154 { /* get key */
155 i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
156 if (i != 0)
157 {
158 OPENSSL_cleanse(buf,BUFSIZ);
159 fprintf(stderr,"bad password read\n");
160 exit(1);
161 }
162 keystr=buf;
163 }
164
165 EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
166 OPENSSL_cleanse(keystr,strlen(keystr));
167 RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
168
169 for(;;)
170 {
171 i=fread(buf,1,BUFSIZ,in);
172 if (i == 0) break;
173 if (i < 0)
174 {
175 perror("read");
176 exit(1);
177 }
178 RC4(&key,(unsigned int)i,(unsigned char *)buf,
179 (unsigned char *)buf);
180 i=fwrite(buf,(unsigned int)i,1,out);
181 if (i != 1)
182 {
183 perror("write");
184 exit(1);
185 }
186 }
187 fclose(out);
188 fclose(in);
189 exit(0);
190 return(1);
191 }
192
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
index dd90d9fde0..8722091f2e 100644
--- a/src/lib/libcrypto/rc4/rc4.h
+++ b/src/lib/libcrypto/rc4/rc4.h
@@ -73,17 +73,10 @@ typedef struct rc4_key_st
73 { 73 {
74 RC4_INT x,y; 74 RC4_INT x,y;
75 RC4_INT data[256]; 75 RC4_INT data[256];
76#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
77 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
78 RC4_INT pad[512-256-2];
79#endif
80 } RC4_KEY; 76 } RC4_KEY;
81 77
82 78
83const char *RC4_options(void); 79const char *RC4_options(void);
84#ifdef OPENSSL_FIPS
85void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
86#endif
87void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); 80void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
88void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, 81void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
89 unsigned char *outdata); 82 unsigned char *outdata);
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
index 81a97ea3b7..d5f18a3a70 100644
--- a/src/lib/libcrypto/rc4/rc4_enc.c
+++ b/src/lib/libcrypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
77 x=key->x; 77 x=key->x;
78 y=key->y; 78 y=key->y;
79 d=key->data; 79 d=key->data;
80#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
81 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
82 d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
83#endif
84 80
85#if defined(RC4_CHUNK) 81#if defined(RC4_CHUNK)
86 /* 82 /*
diff --git a/src/lib/libcrypto/rc4/rc4_locl.h b/src/lib/libcrypto/rc4/rc4_locl.h
index c712e1632e..3bb80b6ce9 100644
--- a/src/lib/libcrypto/rc4/rc4_locl.h
+++ b/src/lib/libcrypto/rc4/rc4_locl.h
@@ -1,5 +1,4 @@
1#ifndef HEADER_RC4_LOCL_H 1#ifndef HEADER_RC4_LOCL_H
2#define HEADER_RC4_LOCL_H 2#define HEADER_RC4_LOCL_H
3#include <openssl/opensslconf.h> 3#include <openssl/opensslconf.h>
4#include <cryptlib.h>
5#endif 4#endif
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
index 07234f061a..bb10c1ebe2 100644
--- a/src/lib/libcrypto/rc4/rc4_skey.c
+++ b/src/lib/libcrypto/rc4/rc4_skey.c
@@ -57,7 +57,6 @@
57 */ 57 */
58 58
59#include <openssl/rc4.h> 59#include <openssl/rc4.h>
60#include <openssl/crypto.h>
61#include "rc4_locl.h" 60#include "rc4_locl.h"
62#include <openssl/opensslv.h> 61#include <openssl/opensslv.h>
63 62
@@ -86,7 +85,7 @@ const char *RC4_options(void)
86 * Date: Wed, 14 Sep 1994 06:35:31 GMT 85 * Date: Wed, 14 Sep 1994 06:35:31 GMT
87 */ 86 */
88 87
89FIPS_NON_FIPS_VCIPHER_Init(RC4) 88void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
90 { 89 {
91 register RC4_INT tmp; 90 register RC4_INT tmp;
92 register int id1,id2; 91 register int id1,id2;
@@ -94,11 +93,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
94 unsigned int i; 93 unsigned int i;
95 94
96 d= &(key->data[0]); 95 d= &(key->data[0]);
97#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
98 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
99 d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
100#endif
101
102 for (i=0; i<256; i++) 96 for (i=0; i<256; i++)
103 d[i]=i; 97 d[i]=i;
104 key->x = 0; 98 key->x = 0;
diff --git a/src/lib/libcrypto/rc4/rc4s.cpp b/src/lib/libcrypto/rc4/rc4s.cpp
new file mode 100644
index 0000000000..3814fde997
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4s.cpp
@@ -0,0 +1,73 @@
1//
2// gettsc.inl
3//
4// gives access to the Pentium's (secret) cycle counter
5//
6// This software was written by Leonard Janke (janke@unixg.ubc.ca)
7// in 1996-7 and is entered, by him, into the public domain.
8
9#if defined(__WATCOMC__)
10void GetTSC(unsigned long&);
11#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
12#elif defined(__GNUC__)
13inline
14void GetTSC(unsigned long& tsc)
15{
16 asm volatile(".byte 15, 49\n\t"
17 : "=eax" (tsc)
18 :
19 : "%edx", "%eax");
20}
21#elif defined(_MSC_VER)
22inline
23void GetTSC(unsigned long& tsc)
24{
25 unsigned long a;
26 __asm _emit 0fh
27 __asm _emit 31h
28 __asm mov a, eax;
29 tsc=a;
30}
31#endif
32
33#include <stdio.h>
34#include <stdlib.h>
35#include <openssl/rc4.h>
36
37void main(int argc,char *argv[])
38 {
39 unsigned char buffer[1024];
40 RC4_KEY ctx;
41 unsigned long s1,s2,e1,e2;
42 unsigned char k[16];
43 unsigned long data[2];
44 unsigned char iv[8];
45 int i,num=64,numm;
46 int j=0;
47
48 if (argc >= 2)
49 num=atoi(argv[1]);
50
51 if (num == 0) num=256;
52 if (num > 1024-16) num=1024-16;
53 numm=num+8;
54
55 for (j=0; j<6; j++)
56 {
57 for (i=0; i<10; i++) /**/
58 {
59 RC4(&ctx,numm,buffer,buffer);
60 GetTSC(s1);
61 RC4(&ctx,numm,buffer,buffer);
62 GetTSC(e1);
63 GetTSC(s2);
64 RC4(&ctx,num,buffer,buffer);
65 GetTSC(e2);
66 RC4(&ctx,num,buffer,buffer);
67 }
68
69 printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
70 e1-s1,e2-s2,(e1-s1)-(e2-s2));
71 }
72 }
73
diff --git a/src/lib/libcrypto/rc4/rc4speed.c b/src/lib/libcrypto/rc4/rc4speed.c
new file mode 100644
index 0000000000..ced98c52df
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4speed.c
@@ -0,0 +1,250 @@
1/* crypto/rc4/rc4speed.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
60/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
61
62#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
63#define TIMES
64#endif
65
66#include <stdio.h>
67
68#include <openssl/e_os2.h>
69#include OPENSSL_UNISTD_IO
70OPENSSL_DECLARE_EXIT
71
72#include <signal.h>
73#ifndef _IRIX
74#include <time.h>
75#endif
76#ifdef TIMES
77#include <sys/types.h>
78#include <sys/times.h>
79#endif
80
81/* Depending on the VMS version, the tms structure is perhaps defined.
82 The __TMS macro will show if it was. If it wasn't defined, we should
83 undefine TIMES, since that tells the rest of the program how things
84 should be handled. -- Richard Levitte */
85#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
86#undef TIMES
87#endif
88
89#ifndef TIMES
90#include <sys/timeb.h>
91#endif
92
93#if defined(sun) || defined(__ultrix)
94#define _POSIX_SOURCE
95#include <limits.h>
96#include <sys/param.h>
97#endif
98
99#include <openssl/rc4.h>
100
101/* The following if from times(3) man page. It may need to be changed */
102#ifndef HZ
103#ifndef CLK_TCK
104#define HZ 100.0
105#else /* CLK_TCK */
106#define HZ ((double)CLK_TCK)
107#endif
108#endif
109
110#define BUFSIZE ((long)1024)
111long run=0;
112
113double Time_F(int s);
114#ifdef SIGALRM
115#if defined(__STDC__) || defined(sgi) || defined(_AIX)
116#define SIGRETTYPE void
117#else
118#define SIGRETTYPE int
119#endif
120
121SIGRETTYPE sig_done(int sig);
122SIGRETTYPE sig_done(int sig)
123 {
124 signal(SIGALRM,sig_done);
125 run=0;
126#ifdef LINT
127 sig=sig;
128#endif
129 }
130#endif
131
132#define START 0
133#define STOP 1
134
135double Time_F(int s)
136 {
137 double ret;
138#ifdef TIMES
139 static struct tms tstart,tend;
140
141 if (s == START)
142 {
143 times(&tstart);
144 return(0);
145 }
146 else
147 {
148 times(&tend);
149 ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
150 return((ret == 0.0)?1e-6:ret);
151 }
152#else /* !times() */
153 static struct timeb tstart,tend;
154 long i;
155
156 if (s == START)
157 {
158 ftime(&tstart);
159 return(0);
160 }
161 else
162 {
163 ftime(&tend);
164 i=(long)tend.millitm-(long)tstart.millitm;
165 ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
166 return((ret == 0.0)?1e-6:ret);
167 }
168#endif
169 }
170
171int main(int argc, char **argv)
172 {
173 long count;
174 static unsigned char buf[BUFSIZE];
175 static unsigned char key[] ={
176 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
177 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
178 };
179 RC4_KEY sch;
180 double a,b,c,d;
181#ifndef SIGALRM
182 long ca,cb,cc;
183#endif
184
185#ifndef TIMES
186 printf("To get the most accurate results, try to run this\n");
187 printf("program when this computer is idle.\n");
188#endif
189
190#ifndef SIGALRM
191 printf("First we calculate the approximate speed ...\n");
192 RC4_set_key(&sch,16,key);
193 count=10;
194 do {
195 long i;
196 unsigned long data[2];
197
198 count*=2;
199 Time_F(START);
200 for (i=count; i; i--)
201 RC4(&sch,8,buf,buf);
202 d=Time_F(STOP);
203 } while (d < 3.0);
204 ca=count/512;
205 cc=count*8/BUFSIZE+1;
206 printf("Doing RC4_set_key %ld times\n",ca);
207#define COND(d) (count != (d))
208#define COUNT(d) (d)
209#else
210#define COND(c) (run)
211#define COUNT(d) (count)
212 signal(SIGALRM,sig_done);
213 printf("Doing RC4_set_key for 10 seconds\n");
214 alarm(10);
215#endif
216
217 Time_F(START);
218 for (count=0,run=1; COND(ca); count+=4)
219 {
220 RC4_set_key(&sch,16,key);
221 RC4_set_key(&sch,16,key);
222 RC4_set_key(&sch,16,key);
223 RC4_set_key(&sch,16,key);
224 }
225 d=Time_F(STOP);
226 printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
227 a=((double)COUNT(ca))/d;
228
229#ifdef SIGALRM
230 printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
231 alarm(10);
232#else
233 printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
234#endif
235 Time_F(START);
236 for (count=0,run=1; COND(cc); count++)
237 RC4(&sch,BUFSIZE,buf,buf);
238 d=Time_F(STOP);
239 printf("%ld RC4's of %ld byte blocks in %.2f second\n",
240 count,BUFSIZE,d);
241 c=((double)COUNT(cc)*BUFSIZE)/d;
242
243 printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
244 printf("RC4 bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
245 exit(0);
246#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
247 return(0);
248#endif
249 }
250
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
new file mode 100644
index 0000000000..b9d8f20975
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -0,0 +1,203 @@
1/* crypto/rc4/rc4test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include "../e_os.h"
64
65#ifdef OPENSSL_NO_RC4
66int main(int argc, char *argv[])
67{
68 printf("No RC4 support\n");
69 return(0);
70}
71#else
72#include <openssl/rc4.h>
73
74static unsigned char keys[7][30]={
75 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
76 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
77 {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
78 {4,0xef,0x01,0x23,0x45},
79 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
80 {4,0xef,0x01,0x23,0x45},
81 };
82
83static unsigned char data_len[7]={8,8,8,20,28,10};
84static unsigned char data[7][30]={
85 {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
86 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
87 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
88 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
89 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
90 0x00,0x00,0x00,0x00,0xff},
91 {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
92 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
93 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
94 0x12,0x34,0x56,0x78,0xff},
95 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
96 {0},
97 };
98
99static unsigned char output[7][30]={
100 {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
101 {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
102 {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
103 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
104 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
105 0x36,0xb6,0x78,0x58,0x00},
106 {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
107 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
108 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
109 0x40,0x01,0x1e,0xcf,0x00},
110 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
111 {0},
112 };
113
114int main(int argc, char *argv[])
115 {
116 int i,err=0;
117 int j;
118 unsigned char *p;
119 RC4_KEY key;
120 unsigned char buf[512],obuf[512];
121
122 for (i=0; i<512; i++) buf[i]=0x01;
123
124 for (i=0; i<6; i++)
125 {
126 RC4_set_key(&key,keys[i][0],&(keys[i][1]));
127 memset(obuf,0x00,sizeof(obuf));
128 RC4(&key,data_len[i],&(data[i][0]),obuf);
129 if (memcmp(obuf,output[i],data_len[i]+1) != 0)
130 {
131 printf("error calculating RC4\n");
132 printf("output:");
133 for (j=0; j<data_len[i]+1; j++)
134 printf(" %02x",obuf[j]);
135 printf("\n");
136 printf("expect:");
137 p= &(output[i][0]);
138 for (j=0; j<data_len[i]+1; j++)
139 printf(" %02x",*(p++));
140 printf("\n");
141 err++;
142 }
143 else
144 printf("test %d ok\n",i);
145 }
146 printf("test end processing ");
147 for (i=0; i<data_len[3]; i++)
148 {
149 RC4_set_key(&key,keys[3][0],&(keys[3][1]));
150 memset(obuf,0x00,sizeof(obuf));
151 RC4(&key,i,&(data[3][0]),obuf);
152 if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
153 {
154 printf("error in RC4 length processing\n");
155 printf("output:");
156 for (j=0; j<i+1; j++)
157 printf(" %02x",obuf[j]);
158 printf("\n");
159 printf("expect:");
160 p= &(output[3][0]);
161 for (j=0; j<i; j++)
162 printf(" %02x",*(p++));
163 printf(" 00\n");
164 err++;
165 }
166 else
167 {
168 printf(".");
169 fflush(stdout);
170 }
171 }
172 printf("done\n");
173 printf("test multi-call ");
174 for (i=0; i<data_len[3]; i++)
175 {
176 RC4_set_key(&key,keys[3][0],&(keys[3][1]));
177 memset(obuf,0x00,sizeof(obuf));
178 RC4(&key,i,&(data[3][0]),obuf);
179 RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
180 if (memcmp(obuf,output[3],data_len[3]+1) != 0)
181 {
182 printf("error in RC4 multi-call processing\n");
183 printf("output:");
184 for (j=0; j<data_len[3]+1; j++)
185 printf(" %02x",obuf[j]);
186 printf("\n");
187 printf("expect:");
188 p= &(output[3][0]);
189 for (j=0; j<data_len[3]+1; j++)
190 printf(" %02x",*(p++));
191 err++;
192 }
193 else
194 {
195 printf(".");
196 fflush(stdout);
197 }
198 }
199 printf("done\n");
200 EXIT(err);
201 return(0);
202 }
203#endif
diff --git a/src/lib/libcrypto/rc4/rrc4.doc b/src/lib/libcrypto/rc4/rrc4.doc
new file mode 100644
index 0000000000..2f9a953c12
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rrc4.doc
@@ -0,0 +1,278 @@
1Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
2Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark
3From: sterndark@netcom.com (David Sterndark)
4Subject: RC4 Algorithm revealed.
5Message-ID: <sternCvKL4B.Hyy@netcom.com>
6Sender: sterndark@netcom.com
7Organization: NETCOM On-line Communication Services (408 261-4700 guest)
8X-Newsreader: TIN [version 1.2 PL1]
9Date: Wed, 14 Sep 1994 06:35:31 GMT
10Lines: 263
11Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
12
13I am shocked, shocked, I tell you, shocked, to discover
14that the cypherpunks have illegaly and criminally revealed
15a crucial RSA trade secret and harmed the security of
16America by reverse engineering the RC4 algorithm and
17publishing it to the world.
18
19On Saturday morning an anonymous cypherpunk wrote:
20
21
22 SUBJECT: RC4 Source Code
23
24
25 I've tested this. It is compatible with the RC4 object module
26 that comes in the various RSA toolkits.
27
28 /* rc4.h */
29 typedef struct rc4_key
30 {
31 unsigned char state[256];
32 unsigned char x;
33 unsigned char y;
34 } rc4_key;
35 void prepare_key(unsigned char *key_data_ptr,int key_data_len,
36 rc4_key *key);
37 void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
38
39
40 /*rc4.c */
41 #include "rc4.h"
42 static void swap_byte(unsigned char *a, unsigned char *b);
43 void prepare_key(unsigned char *key_data_ptr, int key_data_len,
44 rc4_key *key)
45 {
46 unsigned char swapByte;
47 unsigned char index1;
48 unsigned char index2;
49 unsigned char* state;
50 short counter;
51
52 state = &key->state[0];
53 for(counter = 0; counter < 256; counter++)
54 state[counter] = counter;
55 key->x = 0;
56 key->y = 0;
57 index1 = 0;
58 index2 = 0;
59 for(counter = 0; counter < 256; counter++)
60 {
61 index2 = (key_data_ptr[index1] + state[counter] +
62 index2) % 256;
63 swap_byte(&state[counter], &state[index2]);
64
65 index1 = (index1 + 1) % key_data_len;
66 }
67 }
68
69 void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
70 {
71 unsigned char x;
72 unsigned char y;
73 unsigned char* state;
74 unsigned char xorIndex;
75 short counter;
76
77 x = key->x;
78 y = key->y;
79
80 state = &key->state[0];
81 for(counter = 0; counter < buffer_len; counter ++)
82 {
83 x = (x + 1) % 256;
84 y = (state[x] + y) % 256;
85 swap_byte(&state[x], &state[y]);
86
87 xorIndex = (state[x] + state[y]) % 256;
88
89 buffer_ptr[counter] ^= state[xorIndex];
90 }
91 key->x = x;
92 key->y = y;
93 }
94
95 static void swap_byte(unsigned char *a, unsigned char *b)
96 {
97 unsigned char swapByte;
98
99 swapByte = *a;
100 *a = *b;
101 *b = swapByte;
102 }
103
104
105
106Another cypherpunk, this one not anonymous, tested the
107output from this algorithm against the output from
108official RC4 object code
109
110
111 Date: Tue, 13 Sep 94 18:37:56 PDT
112 From: ekr@eit.COM (Eric Rescorla)
113 Message-Id: <9409140137.AA17743@eitech.eit.com>
114 Subject: RC4 compatibility testing
115 Cc: cypherpunks@toad.com
116
117 One data point:
118
119 I can't say anything about the internals of RC4 versus the
120 algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
121 since I don't know anything about RC4's internals.
122
123 However, I do have a (legitimately acquired) copy of BSAFE2 and
124 so I'm able to compare the output of this algorithm to the output
125 of genuine RC4 as found in BSAFE. I chose a set of test vectors
126 and ran them through both algorithms. The algorithms appear to
127 give identical results, at least with these key/plaintext pairs.
128
129 I note that this is the algorithm _without_ Hal Finney's
130 proposed modification
131
132 (see <199409130605.XAA24133@jobe.shell.portal.com>).
133
134 The vectors I used (together with the ciphertext they produce)
135 follow at the end of this message.
136
137 -Ekr
138
139 Disclaimer: This posting does not reflect the opinions of EIT.
140
141 --------------------results follow--------------
142 Test vector 0
143 Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef
144 Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef
145 0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96
146
147 Test vector 1
148 Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef
149 Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
150 0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79
151
152 Test vector 2
153 Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
154 Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
155 0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a
156
157 Test vector 3
158 Key: 0xef 0x01 0x23 0x45
159 Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
160 0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61
161
162 Test vector 4
163 Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef
164 Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
165 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
166 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
167 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
168 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
169 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
170 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
171 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
172 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
173 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
174 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
175 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
176 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
177 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
178 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
179 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
180 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
181 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
182 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
183 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
184 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
185 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
186 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
187 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
188 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
189 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
190 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
191 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
192 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
193 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
194 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
195 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
196 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
197 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
198 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
199 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
200 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
201 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
202 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
203 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
204 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
205 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
206 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
207 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
208 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
209 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
210 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
211 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
212 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
213 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
214 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
215 0x01
216 0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4
217 0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f
218 0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca
219 0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d
220 0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1
221 0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6
222 0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95
223 0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a
224 0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3
225 0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56
226 0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa
227 0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd
228 0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5
229 0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6
230 0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a
231 0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6
232 0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53
233 0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32
234 0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8
235 0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0
236 0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10
237 0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62
238 0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e
239 0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef
240 0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90
241 0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29
242 0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b
243 0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16
244 0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64
245 0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86
246 0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26
247 0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91
248 0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3
249 0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35
250 0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b
251 0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8
252 0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80
253 0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2
254 0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8
255 0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d
256 0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6
257 0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c
258 0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37
259 0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00
260 0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd
261 0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f
262 0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58
263 0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12
264 0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58
265 0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4
266 0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0
267 0xc0
268
269
270
271--
272 ---------------------------------------------------------------------
273We have the right to defend ourselves and our
274property, because of the kind of animals that we James A. Donald
275are. True law derives from this right, not from
276the arbitrary power of the omnipotent state. jamesd@netcom.com
277
278
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:50:01 +0000