mundane/
insecure_rc4.rs

1// Copyright 2020 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#![cfg(feature = "insecure")]
6
7use boringssl::{self, CStackWrapper};
8
9/// INSECURE: The RC4 cipher.
10///
11/// # Security
12///
13/// RC4 is considered insecure and should only be used for compatibility with
14/// legacy applications.
15#[deprecated(note = "RC4 is considered insecure")]
16#[allow(deprecated)] // Work-around until Rust issue #56195 is resolved
17pub struct InsecureRc4Key {
18    ctx: CStackWrapper<boringssl::RC4_KEY>,
19}
20
21#[allow(deprecated)] // Work-around until Rust issue #56195 is resolved
22impl InsecureRc4Key {
23    /// INSECURE: Constructs an RC4 cipher from the given key data.
24    ///
25    /// The data used to construct an RC4 cipher can be of arbitrary length
26    /// (within the bounds of `u32`; see below). This includes zero-length keys,
27    /// for which care should be taken to avoid.
28    ///
29    /// # Security
30    ///
31    /// RC4 is considered insecure and should only be used for compatibility
32    /// with legacy applications.
33    ///
34    /// # Aborts
35    ///
36    /// This function aborts if the length of the `key` slice exceeds
37    /// `u32::MAX`.
38    #[deprecated(note = "RC4 is considered insecure")]
39    pub fn insecure_new(key: &[u8]) -> Self {
40        InsecureRc4Key { ctx: CStackWrapper::rc4_set_key(key.as_ref()) }
41    }
42
43    /// INSECURE: Encrypts or decrypts a byte slice into another byte slice.
44    ///
45    /// RC4 is a symmetrical streaming cipher; there is no distinction between
46    /// encryption and decryption.
47    ///
48    /// The minimum of the input and output slice lengths determines how much
49    /// data is read from `input` and written to `output`.
50    ///
51    /// # Security
52    ///
53    /// RC4 is considered insecure and should only be used for compatibility
54    /// with legacy applications.
55    #[deprecated(note = "RC4 is considered insecure")]
56    pub fn insecure_xor_stream(&mut self, input: &[u8], output: &mut [u8]) {
57        self.ctx.rc4(input, output);
58    }
59}
60
61#[allow(deprecated)] // Work-around until Rust issue #56195 is resolved
62#[cfg(test)]
63mod tests {
64    use super::*;
65
66    // Compliments `rc4_decrypt`.
67    #[test]
68    fn rc4_encrypt() {
69        let mut rc4 = InsecureRc4Key::insecure_new(b"Key");
70
71        let plaintext = b"Plaintext";
72        let mut ciphertext = vec![0u8; 9];
73
74        rc4.insecure_xor_stream(plaintext, &mut ciphertext);
75        assert_eq!(&ciphertext, b"\xBB\xF3\x16\xE8\xD9\x40\xAF\x0A\xD3");
76    }
77
78    // Compliments `rc4_encrypt`.
79    #[test]
80    fn rc4_decrypt() {
81        let mut rc4 = InsecureRc4Key::insecure_new(b"Key");
82
83        let plaintext = b"\xBB\xF3\x16\xE8\xD9\x40\xAF\x0A\xD3";
84        let mut ciphertext = vec![0u8; 9];
85
86        rc4.insecure_xor_stream(plaintext, &mut ciphertext);
87        assert_eq!(&ciphertext, b"Plaintext");
88    }
89}