180 lines
6.5 KiB
Python
180 lines
6.5 KiB
Python
|
# -*- coding: utf-8 -*-
|
||
|
#
|
||
|
# Cipher/ARC4.py : ARC4
|
||
|
#
|
||
|
# ===================================================================
|
||
|
# The contents of this file are dedicated to the public domain. To
|
||
|
# the extent that dedication to the public domain is not available,
|
||
|
# everyone is granted a worldwide, perpetual, royalty-free,
|
||
|
# non-exclusive license to exercise all rights associated with the
|
||
|
# contents of this file for any purpose whatsoever.
|
||
|
# No rights are reserved.
|
||
|
#
|
||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
||
|
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
||
|
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||
|
# SOFTWARE.
|
||
|
# ===================================================================
|
||
|
"""ARC4 symmetric cipher
|
||
|
|
||
|
ARC4_ (Alleged RC4) is an implementation of RC4 (Rivest's Cipher version 4),
|
||
|
a symmetric stream cipher designed by Ron Rivest in 1987.
|
||
|
|
||
|
The cipher started as a proprietary design, that was reverse engineered and
|
||
|
anonymously posted on Usenet in 1994. The company that owns RC4 (RSA Data
|
||
|
Inc.) never confirmed the correctness of the leaked algorithm.
|
||
|
|
||
|
Unlike RC2, the company has never published the full specification of RC4,
|
||
|
of whom it still holds the trademark.
|
||
|
|
||
|
ARC4 keys can vary in length from 40 to 2048 bits.
|
||
|
|
||
|
One problem of ARC4 is that it does not take a nonce or an IV.
|
||
|
If it is required to encrypt multiple messages with the same long-term key, a
|
||
|
distinct independent nonce must be created for each message, and a short-term
|
||
|
key must be derived from the combination of the long-term key and the nonce.
|
||
|
Due to the weak key scheduling algorithm of RC2, the combination must be
|
||
|
carried out with a complex function (e.g. a cryptographic hash) and not by
|
||
|
simply concatenating key and nonce.
|
||
|
|
||
|
**Use ChaCha20, not ARC4. This module is only provided for legacy purposes.**
|
||
|
|
||
|
As an example, encryption can be done as follows:
|
||
|
|
||
|
>>> from Crypto.Cipher import ARC4
|
||
|
>>> from Crypto.Hash import SHA
|
||
|
>>> from Crypto.Random import get_random_bytes
|
||
|
>>>
|
||
|
>>> key = b'Very long and confidential key'
|
||
|
>>> nonce = get_random_bytes(16)
|
||
|
>>> tempkey = SHA.new(key+nonce).digest()
|
||
|
>>> cipher = ARC4.new(tempkey)
|
||
|
>>> msg = nonce + cipher.encrypt(b'Open the pod bay doors, HAL')
|
||
|
|
||
|
.. _ARC4: http://en.wikipedia.org/wiki/RC4
|
||
|
|
||
|
:undocumented: __package__
|
||
|
"""
|
||
|
|
||
|
from Crypto.Util.py3compat import b
|
||
|
|
||
|
from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
|
||
|
create_string_buffer, get_raw_buffer,
|
||
|
SmartPointer, c_size_t, expect_byte_string)
|
||
|
|
||
|
|
||
|
_raw_arc4_lib = load_pycryptodome_raw_lib("Crypto.Cipher._ARC4", """
|
||
|
int ARC4_stream_encrypt(void *rc4State, const uint8_t in[],
|
||
|
uint8_t out[], size_t len);
|
||
|
int ARC4_stream_init(uint8_t *key, size_t keylen,
|
||
|
void **pRc4State);
|
||
|
int ARC4_stream_destroy(void *rc4State);
|
||
|
""")
|
||
|
|
||
|
|
||
|
class ARC4Cipher:
|
||
|
"""ARC4 cipher object"""
|
||
|
|
||
|
def __init__(self, key, *args, **kwargs):
|
||
|
"""Initialize an ARC4 cipher object
|
||
|
|
||
|
See also `new()` at the module level."""
|
||
|
|
||
|
if len(args) > 0:
|
||
|
ndrop = args[0]
|
||
|
args = args[1:]
|
||
|
else:
|
||
|
ndrop = kwargs.pop('drop', 0)
|
||
|
|
||
|
if len(key) not in key_size:
|
||
|
raise ValueError("Incorrect ARC4 key length (%d bytes)" %
|
||
|
len(key))
|
||
|
|
||
|
expect_byte_string(key)
|
||
|
|
||
|
self._state = VoidPointer()
|
||
|
result = _raw_arc4_lib.ARC4_stream_init(key,
|
||
|
c_size_t(len(key)),
|
||
|
self._state.address_of())
|
||
|
if result != 0:
|
||
|
raise ValueError("Error %d while creating the ARC4 cipher"
|
||
|
% result)
|
||
|
self._state = SmartPointer(self._state.get(),
|
||
|
_raw_arc4_lib.ARC4_stream_destroy)
|
||
|
|
||
|
if ndrop > 0:
|
||
|
# This is OK even if the cipher is used for decryption,
|
||
|
# since encrypt and decrypt are actually the same thing
|
||
|
# with ARC4.
|
||
|
self.encrypt(b('\x00') * ndrop)
|
||
|
|
||
|
self.block_size = 1
|
||
|
self.key_size = len(key)
|
||
|
|
||
|
def encrypt(self, plaintext):
|
||
|
"""Encrypt a piece of data.
|
||
|
|
||
|
:Parameters:
|
||
|
plaintext : byte string
|
||
|
The piece of data to encrypt. It can be of any size.
|
||
|
:Return: the encrypted data (byte string, as long as the
|
||
|
plaintext).
|
||
|
"""
|
||
|
|
||
|
expect_byte_string(plaintext)
|
||
|
ciphertext = create_string_buffer(len(plaintext))
|
||
|
result = _raw_arc4_lib.ARC4_stream_encrypt(self._state.get(),
|
||
|
plaintext,
|
||
|
ciphertext,
|
||
|
c_size_t(len(plaintext)))
|
||
|
if result:
|
||
|
raise ValueError("Error %d while encrypting with RC4" % result)
|
||
|
return get_raw_buffer(ciphertext)
|
||
|
|
||
|
def decrypt(self, ciphertext):
|
||
|
"""Decrypt a piece of data.
|
||
|
|
||
|
:Parameters:
|
||
|
ciphertext : byte string
|
||
|
The piece of data to decrypt. It can be of any size.
|
||
|
:Return: the decrypted data (byte string, as long as the
|
||
|
ciphertext).
|
||
|
"""
|
||
|
try:
|
||
|
return self.encrypt(ciphertext)
|
||
|
except ValueError as e:
|
||
|
raise ValueError(str(e).replace("enc", "dec"))
|
||
|
|
||
|
|
||
|
def new(key, *args, **kwargs):
|
||
|
"""Create a new ARC4 cipher
|
||
|
|
||
|
:Parameters:
|
||
|
key : byte string
|
||
|
The secret key to use in the symmetric cipher.
|
||
|
Its length must be in the range ``[5..256]``.
|
||
|
The recommended length is 16 bytes.
|
||
|
|
||
|
:Keywords:
|
||
|
drop : integer
|
||
|
The amount of bytes to discard from the initial part of the keystream.
|
||
|
In fact, such part has been found to be distinguishable from random
|
||
|
data (while it shouldn't) and also correlated to key.
|
||
|
|
||
|
The recommended value is 3072_ bytes. The default value is 0.
|
||
|
|
||
|
:Return: an `ARC4Cipher` object
|
||
|
|
||
|
.. _3072: http://eprint.iacr.org/2002/067.pdf
|
||
|
"""
|
||
|
return ARC4Cipher(key, *args, **kwargs)
|
||
|
|
||
|
#: Size of a data block (in bytes)
|
||
|
block_size = 1
|
||
|
#: Size of a key (in bytes)
|
||
|
key_size = range(5, 256+1)
|