#! /usr/bin/perl use warnings; use strict; use CGI::Carp 'fatalsToBrowser'; # Use the CGI library use CGI; $CGI::DISABLE_UPLOADS = 1; # No file uploads $CGI::POST_MAX = 512 * 1024; # Form may not exceed 512KiB my $cgi = new CGI; # Use our RC4 library use CSCI162_RC4; # HTTP header print $cgi->header(-charset => 'UTF-8'); # This string represents a float: left break my $break = q(

); # Begin the HTML. print qq( ARCFOUR Web Interface

ARCFOUR Web Interface

CSCI 162 Cryptography Spring 2005

Dr. Poorvi Vora

Anasse Bari and Peter S. May

$break ); # An error string we may need my $error = ''; # Did we receive anything to translate? if( defined $cgi->param('message') ) { # Yes. # Do something. TRANSLATE: { my $key = $cgi->param('key'); length($key) > 0 or ($error="Key must be at least one character.", last TRANSLATE); my $message = $cgi->param('message'); my $encoding = lc $cgi->param('encoding'); # But do we recognize it? $encoding =~ /^(?:hexadecimal|base64)$/o or ($error="Unrecognized encoding.", last TRANSLATE); my $mode; { # Encrypt or decrypt? if( $cgi->param('encryptSubmit') ) { $mode = 'e'; } elsif( $cgi->param('decryptSubmit') ) { $mode = 'd'; } else { # Neither? Skip the translate. $error = "Direction not specified."; last TRANSLATE; } } # Throw out the garbage (characters). if( $mode eq 'd' ) { if( $encoding eq 'hexadecimal' ) { $error .= " Non-hexadecimal characters in input were removed." if $message =~ s/[^0-9A-Fa-f]+//osg; } elsif( $encoding eq 'base64' ) { $error .= " Non-Base64 characters in input were removed." if $message =~ s![^A-Za-z0-9+/=\s]+!!osg; } } # Which sub to use? my $sub = { 'base64.e' => \&rc4_encrypt_base64, 'base64.d' => \&rc4_decrypt_base64, 'hexadecimal.e' => \&rc4_encrypt, 'hexadecimal.d' => \&rc4_decrypt }->{"$encoding.$mode"}; unless(defined $sub) { $error ="Invalid encoding/direction combination."; last TRANSLATE; } # Do it. my $result = $sub->($key,$message); # Make sure the result contains no bogus characters. $error .= " Non-ASCII characters in output were replaced." if $result =~ s/[^\x20-\x7f\x0a\x0d]/?/osg; # Put the result back into the form. $cgi->param('message',$result); } } { # Print an explanation. print q#

This program accepts a key and a stream of text and operates on it using the ARCFOUR (unofficial implementation of RC4) stream cipher as implemented in our project. The encrypted form of a message generally contains some non-text characters that possibly won't be handled correctly by the web browser. Therefore, the encrypted form can be represented in either hexadecimal digits or in Base64 encoding.

This application is a demonstration only; using it on a remote server will allow your message to travel over public channels in the clear!

#; } # Print an error if($error ne '') { print "

$error

\n"; } print "

"; # Provide a form print $cgi->start_form(-method=>'post',-action=>'stream.cgi'); print "

Key

"; print $cgi->textfield(-name=>'key',-value=>"This key may be any random string of characters.", -maxLength=>256, -class=>"rightPartInput"); print "

$break

\n"; print "

Message

"; print $cgi->textarea(-name=>'message',-value=>"Enter the message (plaintext or ciphertext) here.", -class=>'rightPartInput',-rows=>10,-cols=>80); print "

$break

\n"; { my @radios = $cgi->radio_group(-name => 'encoding', -values => [qw/Hexadecimal Base64/], -default => 'Hexadecimal' ); $_ = "

" foreach @radios; print "

Encoding

@radios

$break

\n"; } print "

"; print $cgi->submit(-name=>'encryptSubmit',-value=>"Encrypt",-class=>'submitButton'); print $cgi->submit(-name=>'decryptSubmit',-value=>"Decrypt",-class=>'submitButton'); print "

"; $_ = $cgi->end_form; s!()!!sg; print $_; print "

"; print q(

); print "";