/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* lib/crypto/builtin/enc_provider/rc4.c */
/*
 * Copyright (c) 2000 by Computer Science Laboratory,
 *                       Rensselaer Polytechnic Institute
 *
 * #include STD_DISCLAIMER
 */

#include "crypto_int.h"

typedef struct
{
    unsigned int x;
    unsigned int y;
    unsigned char state[256];
} ArcfourContext;

typedef struct {
    int initialized;
    ArcfourContext ctx;
} ArcFourCipherState;

/* gets the next byte from the PRNG */
#if ((__GNUC__ >= 2) )
static __inline__ unsigned int k5_arcfour_byte(ArcfourContext *);
#else
static unsigned int k5_arcfour_byte(ArcfourContext *);
#endif /* gcc inlines*/

/* Initializes the context and sets the key. */
static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
                                       unsigned int keylen);

/* Encrypts/decrypts data. */
static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
                             const unsigned char *src, unsigned int len);

static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
{
    unsigned int x;
    unsigned int y;
    unsigned int sx, sy;
    unsigned char *state;

    state = ctx->state;
    x = (ctx->x + 1) & 0xff;
    sx = state[x];
    y = (sx + ctx->y) & 0xff;
    sy = state[y];
    ctx->x = x;
    ctx->y = y;
    state[y] = sx;
    state[x] = sy;
    return state[(sx + sy) & 0xff];
}

static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
                             const unsigned char *src, unsigned int len)
{
    unsigned int i;
    for (i = 0; i < len; i++)
        dest[i] = src[i] ^ k5_arcfour_byte(ctx);
}


static krb5_error_code
k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
                unsigned int key_len)
{
    unsigned int t, u;
    unsigned int keyindex;
    unsigned int stateindex;
    unsigned char* state;
    unsigned int counter;

    if (key_len != 16)
        return KRB5_BAD_MSIZE;     /*this is probably not the correct error code
                                     to return */
    state = &ctx->state[0];
    ctx->x = 0;
    ctx->y = 0;
    for (counter = 0; counter < 256; counter++)
        state[counter] = counter;
    keyindex = 0;
    stateindex = 0;
    for (counter = 0; counter < 256; counter++)
    {
        t = state[counter];
        stateindex = (stateindex + key[keyindex] + t) & 0xff;
        u = state[stateindex];
        state[stateindex] = t;
        state[counter] = u;
        if (++keyindex >= key_len)
            keyindex = 0;
    }
    return 0;
}


static krb5_error_code
k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
                   size_t num_data)
{
    ArcfourContext *arcfour_ctx = NULL;
    ArcFourCipherState *cipher_state = NULL;
    krb5_error_code ret;
    size_t i;

    if (key->keyblock.length != 16)
        return KRB5_BAD_KEYSIZE;
    if (state != NULL && (state->length != sizeof(ArcFourCipherState)))
        return KRB5_BAD_MSIZE;

    if (state != NULL) {
        cipher_state = (ArcFourCipherState *)(void *)state->data;
        arcfour_ctx = &cipher_state->ctx;
        if (cipher_state->initialized == 0) {
            ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
                                  key->keyblock.length);
            if (ret != 0)
                return ret;

            cipher_state->initialized = 1;
        }
    } else {
        arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext));
        if (arcfour_ctx == NULL)
            return ENOMEM;

        ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
                              key->keyblock.length);
        if (ret != 0) {
            free(arcfour_ctx);
            return ret;
        }
    }

    for (i = 0; i < num_data; i++) {
        krb5_crypto_iov *iov = &data[i];

        if (ENCRYPT_IOV(iov))
            k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data,
                             (const unsigned char *)iov->data.data, iov->data.length);
    }

    if (state == NULL)
        zapfree(arcfour_ctx, sizeof(ArcfourContext));

    return 0;
}

static krb5_error_code
k5_arcfour_init_state (const krb5_keyblock *key,
                       krb5_keyusage keyusage, krb5_data *new_state)
{
    /* Note that we can't actually set up the state here  because the key
     * will change  between now and when encrypt is called
     * because  it is data dependent.  Yeah, this has strange
     * properties. --SDH
     */
    new_state->length = sizeof (ArcFourCipherState);
    new_state->data = malloc (new_state->length);
    if (new_state->data) {
        memset (new_state->data, 0 , new_state->length);
        /* That will set initialized to zero*/
    }else {
        return (ENOMEM);
    }
    return 0;
}

/* Since the arcfour cipher is identical going forwards and backwards,
   we just call "docrypt" directly
*/
const struct krb5_enc_provider krb5int_enc_arcfour = {
    /* This seems to work... although I am not sure what the
       implications are in other places in the kerberos library */
    1,
    /* Keysize is arbitrary in arcfour, but the constraints of the
       system, and to attempt to work with the MSFT system forces us
       to 16byte/128bit.  Since there is no parity in the key, the
       byte and length are the same.  */
    16, 16,
    k5_arcfour_docrypt,
    k5_arcfour_docrypt,
    NULL,
    k5_arcfour_init_state, /*xxx not implemented yet*/
    krb5int_default_free_state
};