World: r3wp

REBOL [
Title: "ARCFOUR and CipherSaber"
Date: 17-Jan-2004
File: %arcfour.r
Author: "Cal Dixon"

Purpose: {Provides encryption and decryption using the ARCFOUR algorithm}

Note: {this implementation can decrypt data at about 40KB/s on my 
1Ghz AMD Duron system with Rebol/View 1.2.10.3.1}
Library: [
level: 'advanced
platform: 'all
type: [function module protocol]
domain: [encryption scheme]
tested-under: [view 1.2.10.3.1 on [W2K] by "Cal"]
license: 'PD
support: none
]
]


;ARCFOUR specification: http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt

;CipherSabre specification: http://ciphersaber.gurus.com/faq.html#getrc4


arcfour-short: func [key [string! binary!] stream [binary! string!] 
/mix n /local state i j output swap addmod sz][

swap: func [a b s /local][ local: sz s a poke s a + 1 to-char sz 
s b poke s b + 1 to-char local ]
addmod: func [ a b ][ a + b // 256 ]
sz: func [ s a ][ pick s a + 1 ]

state: make binary! 256 repeat var 256 [ insert tail state to-char 
var - 1 ]

j: 0 loop any [ n 1 ] [ i: 0 loop 256 [ swap i j: addmod j add sz 
state i sz key i // length? key state i: i + 1] ]
i: j: 0 output: make binary! length? stream
repeat byte stream [
swap i: addmod i 1 j: addmod j sz state i state

insert tail output to-char xor~ byte to-char sz state addmod (sz 
state i) (sz state j)
]
clear state
return output
] 

make root-protocol [
addmod: addmod: func [ a b ][ a + b // 256 ]
sz: func [ s a ][ pick s a + 1 ]

swap: func [a b s /local][ local: sz s a poke s a + 1 to-char sz 
s b poke s b + 1 to-char local ]
ins: get in system/words 'insert
i: 0 j: 0
open: func [port][
port/state/tail: 2000
port/state/index: 0
port/state/flags: port/state/flags or port-flags

port/locals: context [ inbuffer: make binary! 40000 state: make binary! 
256]
use [key n i j] [
key: port/key
n: port/strength
repeat var 256 [ ins tail port/locals/state to-char var - 1 ]
j: 0 loop any [ n 1 ] [
i: 0 loop 256 [

swap i j: addmod j add sz port/locals/state i sz key i // length? 
key port/locals/state i: i + 1
]
]
]
i: j: 0
]
insert: func [port data][
system/words/insert tail port/locals/inbuffer data do []
]
copy: func [port /local output][
output: make binary! local: length? port/locals/inbuffer
loop local [

swap i: addmod i 1 j: addmod j sz port/locals/state i port/locals/state

ins tail output to-char sz port/locals/state addmod (sz port/locals/state 
i) (sz port/locals/state j)
]
local: xor~ output port/locals/inbuffer
clear port/locals/inbuffer
local
]

close: func [port][ clear port/locals/inbuffer clear port/locals/state 
clear port/url clear port/key]
port-flags: system/standard/port-flags/pass-thru
net-utils/net-install arcfour self 0
]

arcfour: func [key stream /mix n /local port][
port: open compose [scheme: 'arcfour key: (key) strength: (n)]
insert port stream
local: copy port
close port
return local
]


; CipherSaber is an ARCFOUR stream prepended with 10 bytes of random 
key data
ciphersaber: func [ key stream /v2 n ][

arcfour/mix join key copy/part stream 10 skip stream 10 either v2 
[ any [ n 42 ] ][ 1 ]
]

I've found this 2 scripts:

http://user1.matsumoto.ne.jp/~goma/js/blowfish.html

http://code.google.com/p/crypto-js/

I'm thinking to convert line by line. I really don't know it's not 
in the Rebol/Core. Years ago, it should have a market value to pay 
for it, but now,  I really don't know why Carl doesn't include this 
in Rebol/Core.

At least it must be for free in R3

Rondon, Using Rebol View 2.7.8.3.1 on Win/XP I ran your test and 
decrypt gives back "This is a string"

Mike, I'm using Rebol /Cmd, because when I call rebol/view at my 
isp, I receive an error of libX not found..

gab, right. e.g md5 for simple password security and rsa for dataflow. 
the javascript link above containing RSA functions too just to step 
in.

Graham: IIRC Maarten was able to use AES with REBOL and OpenSSL. 
I seem to remember that I had tried that and was successful as well. 
In any case, the only reason I can think of that would make it not 
work is a difference in the IV and padding.

Graham: I was able to implement TLS1.0 protocol configured to use 
the TLS_RSA_WITH_RC4_128_SHA cipher-suite. All the mentioned algorithms 
were calculated using the  build-in Rebol2 encryption functionality. 
I had no problems regarding the compatibility. I haven't tried the 
cipher-suite with the AES enctryption though but my guess it will 
work as well.

Cyphre: do you plan to release it in open source? Is your implementation 
client-side, server-side or both? It would be a great addition to 
Cheyenne to support SSL natively.

That's how imo SSL support should be implemented - not as an hardwired 
C implementation, but using Rebol crypto facilities, and being part 
of Core, not Command ...

Interesting ...

Ditto on what doc says

Doc: the code is in sort of "prototype state" and It was meant as 
possible implementation for R3 in future (once Carl put the encryption 
algorithms codebase into the R3/host-kit or someone write an extension 
for that).

I wrote it because I wanted to know if we could get rid of unnecesary 
C code that is currently in R2 to just handle the protocol logic 
while the performance of the crypto algorithms will remain in C. 
The current size is less than 20Kb of Rebol script code so IMO it 
could be useful and also easier maintainable way.

Currently it works in client-side mode only but there is already 
support for ASN.1 certificates also I tried to write the code so 
the server-side mode and other cipher-suites shouldn't be hard to 
add.

I plan to release the prototype to open public after some cleanup 
but if you want to waste some time with the current 'raw stuff' just 
post me privately and I'll send you a copy.

github?

ok, you can get it here: https://github.com/cyphre/tls-prototype

(use at your own risk ;))

Cool, thanks Cyphre! There's no license attached, you should at least 
add a MIT/BSD license in the header.

+1

Thanks Cyphre, _much_ appreciated.

Doc: license added.

Thanks. :-)