Tweaking RC4 to support streaming, and TLSSocket
Posted November 7th, 2007 byCategories: Uncategorized
Previously, ARC4.as would work as a block cipher. Every call to encrypt() and decrypt() would re-initialize its internal state, guaranteeing the same instance could encrypt and decrypt the same data.
Unfortunately, that’s not how TLS expects things to work. rc4 is seen as a stream cipher, and it is expected to maintain its internal state, so that multiple calls to encrypt() are equivalent to one concatenated call to encrypt().
So ARC4’s constructor gets a second argument, that enables that behavior. Also Crypto.as will treat “rc4-*” ciphers as streaming cipher. To get a block-like cipher, use “rc4block”.
Also, I’m cobbling together a TLSSocket class, that acts like a Socket class, but with TLS.
Sample use looks like:
var t:TLSSocket = new TLSSocket;
t.connect("login.live.com", 443);
t.writeUTFBytes("GET / HTTP/1.0nHost: login.live.comnn");
t.addEventListener(Event.CLOSE, function(e:*):void {
var s:String = t.readUTFBytes(t.bytesAvailable);
trace("Response: "+s);
});
The biggest part missing still is the utter lack of server certificate validation, although I don’t think that’ll stop me from putting an update out.
I’m giving myself another evening to clean stuff up.