accessing arcfour sboxes

Moritz Schulte
Sat, 27 Sep 2003 22:38:36 +0200

Simon Josefsson <> writes:

> I tried to implement this in libgcrypt, and noticed the
> cipher-specific _ctl functions has been removed,

Sorry, about exactly which functions are you talking here?

> (btw, why does a stream cipher need different encryption/decryption
> calls?).

Hmm, well, the encrypt/decrypt functions of a stream cipher need an
argument that specify the amount of bytes provided, don't they?

> Would it be possible to add a 'gcry_cipher_ctl_t ctl', or something,
> to that struct, and in the arcfour.c define this to a function that
> extract/set the (sbox, i, j)?

Yes, something like that seems to be necessary.

> /* Perform various operations on the cipher object H. */
> gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
> 			     size_t buflen);

I just wonder wether this would be the best interface.  How exactly
would you like to call this function?  I mean, you somehow have to
pack the data (the S-Box array and two numbers) into a `buffer' and
arcfour.c would have to access this buffer the same way.

I have something like this in mind:

Let Libgcrypt export:

  typedef enum gcry_ctl
  } gcry_ctl_t;

  typedef struct gcry_arcfour_context
    int i, j;
    byte sbox[256];
  } gcry_arcfour_context_t;

  gcry_error_t gcry_cipher_control (gcry_cipher_hd_t handle,
                                    gcry_ctl_t action,
                                    void *data);

Then the caller could do:

  gcry_arcfour_context_t c = { ... };
  err = gcry_cipher_control (handle,
                             GCRY_CTL_ARCFOUR_CONTEXT_SET, &c);

Extending other ciphers this way would mean, one would have to:

  * add new `actions' to the gcry_ctl_t list,
  * define according types for casting to/from the `void *data'

> Is there any other way to communicate, from the application,
> directly to each low-level cipher object in libgcrypt, that I
> missed?

No, you did not.

What do you think about this, Simon, Werner?

((gpg-key-id . "6F984199")
 (email      . "")
 (webpage    . ""))