Merge pull request #186 from libtom/pr/stream_rc4_sober128
Move rc4 + sober128 to src/stream/
This commit is contained in:
commit
253f3c45e1
@ -2347,50 +2347,6 @@
|
||||
RelativePath="src\prngs\sober128.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath="src\prngs\sober128tab.c"
|
||||
>
|
||||
<FileConfiguration
|
||||
Name="Debug|Win32"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Release|Win32"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Debug|x64"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Release|x64"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
</File>
|
||||
<File
|
||||
RelativePath="src\prngs\sprng.c"
|
||||
>
|
||||
@ -2435,6 +2391,74 @@
|
||||
>
|
||||
</File>
|
||||
</Filter>
|
||||
<Filter
|
||||
Name="rc4"
|
||||
>
|
||||
<File
|
||||
RelativePath="src\stream\rc4\rc4.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath="src\stream\rc4\rc4_test.c"
|
||||
>
|
||||
</File>
|
||||
</Filter>
|
||||
<Filter
|
||||
Name="sober128"
|
||||
>
|
||||
<File
|
||||
RelativePath="src\stream\sober128\sober128.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath="src\stream\sober128\sober128_test.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath="src\stream\sober128\sober128tab.c"
|
||||
>
|
||||
<FileConfiguration
|
||||
Name="Debug|Win32"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Release|Win32"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Debug|x64"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Release|x64"
|
||||
ExcludedFromBuild="true"
|
||||
>
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalIncludeDirectories=""
|
||||
PreprocessorDefinitions=""
|
||||
/>
|
||||
</FileConfiguration>
|
||||
</File>
|
||||
</Filter>
|
||||
</Filter>
|
||||
</Files>
|
||||
<Globals>
|
||||
|
4
makefile
4
makefile
@ -191,7 +191,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
|
||||
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
|
||||
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
|
||||
src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
|
||||
src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
|
||||
src/stream/sober128/sober128_test.o
|
||||
|
||||
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
|
||||
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
|
||||
|
@ -245,7 +245,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
|
||||
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
|
||||
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
|
||||
src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
|
||||
src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
|
||||
src/stream/sober128/sober128_test.o
|
||||
|
||||
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
|
||||
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
|
||||
|
@ -181,7 +181,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
|
||||
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
|
||||
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
|
||||
src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
|
||||
src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
|
||||
src/stream/sober128/sober128_test.o
|
||||
|
||||
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
|
||||
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
|
||||
|
@ -156,7 +156,9 @@ src/pk/rsa/rsa_verify_hash.obj src/prngs/chacha20.obj src/prngs/fortuna.obj src/
|
||||
src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj \
|
||||
src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_done.obj \
|
||||
src/stream/chacha/chacha_ivctr32.obj src/stream/chacha/chacha_ivctr64.obj \
|
||||
src/stream/chacha/chacha_keystream.obj src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj
|
||||
src/stream/chacha/chacha_keystream.obj src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj \
|
||||
src/stream/rc4/rc4.obj src/stream/rc4/rc4_test.obj src/stream/sober128/sober128.obj \
|
||||
src/stream/sober128/sober128_test.obj
|
||||
|
||||
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
|
||||
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
|
||||
|
@ -179,7 +179,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
|
||||
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
|
||||
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
|
||||
src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
|
||||
src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
|
||||
src/stream/sober128/sober128_test.o
|
||||
|
||||
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
|
||||
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
|
||||
|
@ -186,7 +186,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
|
||||
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
|
||||
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
|
||||
src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
|
||||
src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
|
||||
src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
|
||||
src/stream/sober128/sober128_test.o
|
||||
|
||||
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
|
||||
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
|
||||
|
@ -18,7 +18,8 @@ int chacha20poly1305_test(void)
|
||||
#else
|
||||
chacha20poly1305_state st1, st2;
|
||||
unsigned char k[] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f };
|
||||
unsigned char iv[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
|
||||
unsigned char i12[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
|
||||
unsigned char i8[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43 };
|
||||
unsigned char aad[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
|
||||
unsigned char enc[] = { 0xD3, 0x1A, 0x8D, 0x34, 0x64, 0x8E, 0x60, 0xDB, 0x7B, 0x86, 0xAF, 0xBC, 0x53, 0xEF, 0x7E, 0xC2,
|
||||
0xA4, 0xAD, 0xED, 0x51, 0x29, 0x6E, 0x08, 0xFE, 0xA9, 0xE2, 0xB5, 0xA7, 0x36, 0xEE, 0x62, 0xD6,
|
||||
@ -36,72 +37,92 @@ int chacha20poly1305_test(void)
|
||||
unsigned char rfc7905_enc[] = { 0xE4, 0x62, 0x85, 0xB4, 0x29, 0x95, 0x34, 0x96, 0xAB, 0xFB, 0x67, 0xCD, 0xAE, 0xAC, 0x94, 0x1E };
|
||||
unsigned char rfc7905_tag[] = { 0x16, 0x2C, 0x92, 0x48, 0x2A, 0xDB, 0xD3, 0x5D, 0x48, 0xBE, 0xC6, 0xFF, 0x10, 0x9C, 0xBA, 0xE4 };
|
||||
unsigned char ct[1000], pt[1000], emac[16], dmac[16];
|
||||
int err;
|
||||
|
||||
/* encrypt */
|
||||
chacha20poly1305_init(&st1, k, sizeof(k));
|
||||
chacha20poly1305_setiv(&st1, iv, sizeof(iv));
|
||||
chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
|
||||
/* encrypt IV 96bit */
|
||||
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_setiv(&st1, i12, sizeof(i12))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
|
||||
/* encrypt piece by piece */
|
||||
chacha20poly1305_encrypt(&st1, (unsigned char *)m, 25, ct);
|
||||
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 25, 10, ct + 25);
|
||||
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 35, 35, ct + 35);
|
||||
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 70, 5, ct + 70);
|
||||
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 75, 5, ct + 75);
|
||||
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 80, mlen - 80, ct + 80);
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m, 25, ct)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 25, 10, ct + 25)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 35, 35, ct + 35)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 70, 5, ct + 70)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 75, 5, ct + 75)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 80, mlen - 80, ct + 80)) != CRYPT_OK) return err;
|
||||
len = sizeof(emac);
|
||||
chacha20poly1305_done(&st1, emac, &len);
|
||||
if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
|
||||
|
||||
if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* decrypt */
|
||||
chacha20poly1305_init(&st2, k, len = sizeof(k));
|
||||
chacha20poly1305_setiv(&st2, iv, len = sizeof(iv));
|
||||
chacha20poly1305_add_aad(&st2, aad, len = sizeof(aad));
|
||||
chacha20poly1305_decrypt(&st2, ct, 21, pt);
|
||||
chacha20poly1305_decrypt(&st2, ct + 21, mlen - 21, pt + 21);
|
||||
/* decrypt IV 96bit */
|
||||
if ((err = chacha20poly1305_init(&st2, k, sizeof(k))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_setiv(&st2, i12, sizeof(i12))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_add_aad(&st2, aad, sizeof(aad))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_decrypt(&st2, ct, 21, pt)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_decrypt(&st2, ct + 21, mlen - 21, pt + 21)) != CRYPT_OK) return err;
|
||||
len = sizeof(dmac);
|
||||
chacha20poly1305_done(&st2, dmac, &len);
|
||||
if ((err = chacha20poly1305_done(&st2, dmac, &len)) != CRYPT_OK) return err;
|
||||
|
||||
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(dmac, len, tag, sizeof(tag), "DEC-TAG", 4) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* chacha20poly1305_memory - encrypt */
|
||||
len = sizeof(emac);
|
||||
chacha20poly1305_memory(k, sizeof(k), iv, sizeof(iv), aad, sizeof(aad),
|
||||
(unsigned char *)m, mlen, ct, emac, &len, CHCHA20POLY1305_ENCRYPT);
|
||||
if ((err = chacha20poly1305_memory(k, sizeof(k), i12, sizeof(i12), aad, sizeof(aad), (unsigned char *)m,
|
||||
mlen, ct, emac, &len, CHCHA20POLY1305_ENCRYPT)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG2", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* chacha20poly1305_memory - decrypt */
|
||||
len = sizeof(dmac);
|
||||
chacha20poly1305_memory(k, sizeof(k), iv, sizeof(iv), aad, sizeof(aad),
|
||||
ct, mlen, pt, dmac, &len, CHCHA20POLY1305_DECRYPT);
|
||||
if ((err = chacha20poly1305_memory(k, sizeof(k), i12, sizeof(i12), aad, sizeof(aad),
|
||||
ct, mlen, pt, dmac, &len, CHCHA20POLY1305_DECRYPT)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT2", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(dmac, len, tag, sizeof(tag), "DEC-TAG2", 4) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* encrypt - rfc7905 */
|
||||
chacha20poly1305_init(&st1, k, sizeof(k));
|
||||
chacha20poly1305_setiv_rfc7905(&st1, iv, sizeof(iv), CONST64(0x1122334455667788));
|
||||
chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
|
||||
chacha20poly1305_encrypt(&st1, rfc7905_pt, 16, ct);
|
||||
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_setiv_rfc7905(&st1, i12, sizeof(i12), CONST64(0x1122334455667788))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, rfc7905_pt, 16, ct)) != CRYPT_OK) return err;
|
||||
len = sizeof(emac);
|
||||
chacha20poly1305_done(&st1, emac, &len);
|
||||
if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
|
||||
|
||||
if (compare_testvector(ct, 16, rfc7905_enc, 16, "ENC-CT3", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(emac, len, rfc7905_tag, 16, "ENC-TAG3", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* decrypt - rfc7905 */
|
||||
chacha20poly1305_init(&st1, k, sizeof(k));
|
||||
chacha20poly1305_setiv_rfc7905(&st1, iv, sizeof(iv), CONST64(0x1122334455667788));
|
||||
chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
|
||||
chacha20poly1305_decrypt(&st1, ct, 16, pt);
|
||||
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_setiv_rfc7905(&st1, i12, sizeof(i12), CONST64(0x1122334455667788))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_decrypt(&st1, ct, 16, pt)) != CRYPT_OK) return err;
|
||||
len = sizeof(dmac);
|
||||
chacha20poly1305_done(&st1, dmac, &len);
|
||||
if ((err = chacha20poly1305_done(&st1, dmac, &len)) != CRYPT_OK) return err;
|
||||
|
||||
if (compare_testvector(pt, 16, rfc7905_pt, 16, "DEC-CT3", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(dmac, len, rfc7905_tag, 16, "DEC-TAG3", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* encrypt IV 64bit */
|
||||
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_setiv(&st1, i8, sizeof(i8))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m, mlen, ct)) != CRYPT_OK) return err;
|
||||
len = sizeof(emac);
|
||||
if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
|
||||
|
||||
/* decrypt IV 64bit */
|
||||
if ((err = chacha20poly1305_init(&st2, k, sizeof(k))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_setiv(&st2, i8, sizeof(i8))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_add_aad(&st2, aad, sizeof(aad))) != CRYPT_OK) return err;
|
||||
if ((err = chacha20poly1305_decrypt(&st2, ct, mlen, pt)) != CRYPT_OK) return err;
|
||||
len = sizeof(dmac);
|
||||
if ((err = chacha20poly1305_done(&st2, dmac, &len)) != CRYPT_OK) return err;
|
||||
|
||||
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT4", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (compare_testvector(dmac, len, emac, len, "DEC-TAG4", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
}
|
||||
|
@ -959,6 +959,40 @@ int chacha_test(void);
|
||||
|
||||
#endif /* LTC_CHACHA */
|
||||
|
||||
#ifdef LTC_RC4_STREAM
|
||||
|
||||
typedef struct {
|
||||
int x, y;
|
||||
unsigned char buf[256];
|
||||
} rc4_state;
|
||||
|
||||
int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen);
|
||||
int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
|
||||
int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen);
|
||||
int rc4_stream_done(rc4_state *st);
|
||||
int rc4_stream_test(void);
|
||||
|
||||
#endif /* LTC_RC4_STREAM */
|
||||
|
||||
#ifdef LTC_SOBER128_STREAM
|
||||
|
||||
typedef struct {
|
||||
ulong32 R[17], /* Working storage for the shift register */
|
||||
initR[17], /* saved register contents */
|
||||
konst, /* key dependent constant */
|
||||
sbuf; /* partial word encryption buffer */
|
||||
int nbuf; /* number of part-word stream bits buffered */
|
||||
} sober128_state;
|
||||
|
||||
int sober128_stream_setup(sober128_state *st, const unsigned char *key, unsigned long keylen);
|
||||
int sober128_stream_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen);
|
||||
int sober128_stream_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
|
||||
int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen);
|
||||
int sober128_stream_done(sober128_state *st);
|
||||
int sober128_stream_test(void);
|
||||
|
||||
#endif /* LTC_SOBER128_STREAM */
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
||||
|
@ -189,8 +189,11 @@
|
||||
#define LTC_KASUMI
|
||||
#define LTC_MULTI2
|
||||
#define LTC_CAMELLIA
|
||||
/* ChaCha is special (a stream cipher) */
|
||||
|
||||
/* stream ciphers */
|
||||
#define LTC_CHACHA
|
||||
#define LTC_RC4_STREAM
|
||||
#define LTC_SOBER128_STREAM
|
||||
|
||||
#endif /* LTC_NO_CIPHERS */
|
||||
|
||||
@ -295,7 +298,7 @@
|
||||
/* a PRNG that simply reads from an available system source */
|
||||
#define LTC_SPRNG
|
||||
|
||||
/* The LTC_RC4 stream cipher */
|
||||
/* The RC4 stream cipher based PRNG */
|
||||
#define LTC_RC4
|
||||
|
||||
/* The ChaCha20 stream cipher based PRNG */
|
||||
@ -304,7 +307,7 @@
|
||||
/* Fortuna PRNG */
|
||||
#define LTC_FORTUNA
|
||||
|
||||
/* Greg's LTC_SOBER128 PRNG ;-0 */
|
||||
/* Greg's SOBER128 stream cipher based PRNG */
|
||||
#define LTC_SOBER128
|
||||
|
||||
/* the *nix style /dev/random device */
|
||||
@ -523,6 +526,14 @@
|
||||
#error LTC_CHACHA20_PRNG requires LTC_CHACHA
|
||||
#endif
|
||||
|
||||
#if defined(LTC_RC4) && !defined(LTC_RC4_STREAM)
|
||||
#error LTC_RC4 requires LTC_RC4_STREAM
|
||||
#endif
|
||||
|
||||
#if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM)
|
||||
#error LTC_SOBER128 requires LTC_SOBER128_STREAM
|
||||
#endif
|
||||
|
||||
#if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S)
|
||||
#error LTC_BLAKE2SMAC requires LTC_BLAKE2S
|
||||
#endif
|
||||
@ -557,7 +568,7 @@
|
||||
|
||||
/* Debuggers */
|
||||
|
||||
/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and LTC_RC4 work (see the code) */
|
||||
/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */
|
||||
/* #define LTC_VALGRIND */
|
||||
|
||||
#endif
|
||||
|
@ -4,14 +4,12 @@ struct yarrow_prng {
|
||||
int cipher, hash;
|
||||
unsigned char pool[MAXBLOCKSIZE];
|
||||
symmetric_CTR ctr;
|
||||
LTC_MUTEX_TYPE(prng_lock)
|
||||
};
|
||||
#endif
|
||||
|
||||
#ifdef LTC_RC4
|
||||
struct rc4_prng {
|
||||
int x, y;
|
||||
unsigned char buf[256];
|
||||
rc4_state s;
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -20,7 +18,6 @@ struct chacha20_prng {
|
||||
chacha_state s; /* chacha state */
|
||||
unsigned char ent[40]; /* entropy buffer */
|
||||
unsigned long idx; /* entropy counter */
|
||||
short ready; /* ready flag 0-1 */
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -38,25 +35,19 @@ struct fortuna_prng {
|
||||
wd;
|
||||
|
||||
ulong64 reset_cnt; /* number of times we have reset */
|
||||
LTC_MUTEX_TYPE(prng_lock)
|
||||
};
|
||||
#endif
|
||||
|
||||
#ifdef LTC_SOBER128
|
||||
struct sober128_prng {
|
||||
ulong32 R[17], /* Working storage for the shift register */
|
||||
initR[17], /* saved register contents */
|
||||
konst, /* key dependent constant */
|
||||
sbuf; /* partial word encryption buffer */
|
||||
|
||||
int nbuf, /* number of part-word stream bits buffered */
|
||||
flag, /* first add_entropy call or not? */
|
||||
set; /* did we call add_entropy to set key? */
|
||||
|
||||
sober128_state s; /* sober128 state */
|
||||
unsigned char ent[40]; /* entropy buffer */
|
||||
unsigned long idx; /* entropy counter */
|
||||
};
|
||||
#endif
|
||||
|
||||
typedef union Prng_state {
|
||||
typedef struct {
|
||||
union {
|
||||
char dummy[1];
|
||||
#ifdef LTC_YARROW
|
||||
struct yarrow_prng yarrow;
|
||||
@ -73,6 +64,9 @@ typedef union Prng_state {
|
||||
#ifdef LTC_SOBER128
|
||||
struct sober128_prng sober128;
|
||||
#endif
|
||||
};
|
||||
short ready; /* ready flag 0-1 */
|
||||
LTC_MUTEX_TYPE(lock); /* lock */
|
||||
} prng_state;
|
||||
|
||||
/** PRNG descriptor */
|
||||
|
@ -28,20 +28,22 @@ int poly1305_test(void)
|
||||
unsigned long len = 16, mlen = strlen(m);
|
||||
unsigned char out[1000];
|
||||
poly1305_state st;
|
||||
int err;
|
||||
|
||||
/* process piece by piece */
|
||||
poly1305_init(&st, k, 32);
|
||||
poly1305_process(&st, (unsigned char*)m, 5);
|
||||
poly1305_process(&st, (unsigned char*)m + 5, 4);
|
||||
poly1305_process(&st, (unsigned char*)m + 9, 3);
|
||||
poly1305_process(&st, (unsigned char*)m + 12, 2);
|
||||
poly1305_process(&st, (unsigned char*)m + 14, 1);
|
||||
poly1305_process(&st, (unsigned char*)m + 15, mlen - 15);
|
||||
poly1305_done(&st, out, &len);
|
||||
if ((err = poly1305_init(&st, k, 32)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m, 5)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m + 5, 4)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m + 9, 3)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m + 12, 2)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m + 14, 1)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m + 15, mlen - 15)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_done(&st, out, &len)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV1", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
/* process in one go */
|
||||
poly1305_init(&st, k, 32);
|
||||
poly1305_process(&st, (unsigned char*)m, mlen);
|
||||
poly1305_done(&st, out, &len);
|
||||
if ((err = poly1305_init(&st, k, 32)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_process(&st, (unsigned char*)m, mlen)) != CRYPT_OK) return err;
|
||||
if ((err = poly1305_done(&st, out, &len)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
|
@ -124,9 +124,16 @@ const char *crypt_build_settings =
|
||||
#if defined(LTC_CAMELLIA)
|
||||
" Camellia\n"
|
||||
#endif
|
||||
"Stream ciphers built-in:\n"
|
||||
#if defined(LTC_CHACHA)
|
||||
" ChaCha\n"
|
||||
#endif
|
||||
#if defined(LTC_RC4_STREAM)
|
||||
" RC4\n"
|
||||
#endif
|
||||
#if defined(LTC_SOBER128_STREAM)
|
||||
" SOBER128\n"
|
||||
#endif
|
||||
|
||||
"\nHashes built-in:\n"
|
||||
#if defined(LTC_SHA3)
|
||||
|
@ -17,8 +17,8 @@
|
||||
|
||||
const struct ltc_prng_descriptor chacha20_prng_desc =
|
||||
{
|
||||
"chacha",
|
||||
sizeof(chacha_state),
|
||||
"chacha20",
|
||||
40,
|
||||
&chacha20_prng_start,
|
||||
&chacha20_prng_add_entropy,
|
||||
&chacha20_prng_ready,
|
||||
@ -37,9 +37,10 @@ const struct ltc_prng_descriptor chacha20_prng_desc =
|
||||
int chacha20_prng_start(prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
prng->chacha.ready = 0;
|
||||
XMEMSET(&prng->chacha.ent, 0, 40);
|
||||
prng->ready = 0;
|
||||
XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
|
||||
prng->chacha.idx = 0;
|
||||
LTC_MUTEX_INIT(&prng->lock)
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
@ -60,23 +61,26 @@ int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(inlen > 0);
|
||||
|
||||
if (prng->chacha.ready) {
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (prng->ready) {
|
||||
/* chacha20_prng_ready() was already called, do "rekey" operation */
|
||||
if ((err = chacha_keystream(&prng->chacha.s, buf, 40)) != CRYPT_OK) return err;
|
||||
for(i = 0; i < inlen; i++) buf[i % 40] ^= in[i];
|
||||
if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
|
||||
/* key 32 bytes, 20 rounds */
|
||||
if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* iv 8 bytes */
|
||||
if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* clear KEY + IV */
|
||||
XMEMSET(buf, 0, 40);
|
||||
XMEMSET(buf, 0, sizeof(buf));
|
||||
}
|
||||
else {
|
||||
/* chacha20_prng_ready() was not called yet, add entropy to ent buffer */
|
||||
while (inlen--) prng->chacha.ent[prng->chacha.idx++ % 40] ^= *in++;
|
||||
while (inlen--) prng->chacha.ent[prng->chacha.idx++ % sizeof(prng->chacha.ent)] ^= *in++;
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
err = CRYPT_OK;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -90,14 +94,18 @@ int chacha20_prng_ready(prng_state *prng)
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
|
||||
/* key 32 bytes, 20 rounds */
|
||||
if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* iv 8 bytes */
|
||||
if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) return err;
|
||||
XMEMSET(&prng->chacha.ent, 0, 40);
|
||||
prng->chacha.ready = 1;
|
||||
if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
|
||||
prng->chacha.idx = 0;
|
||||
return CRYPT_OK;
|
||||
prng->ready = 1;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -109,8 +117,12 @@ int chacha20_prng_ready(prng_state *prng)
|
||||
*/
|
||||
unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) return 0;
|
||||
if (outlen == 0 || prng == NULL || out == NULL) return 0;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
|
||||
if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return outlen;
|
||||
}
|
||||
|
||||
@ -121,8 +133,13 @@ unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_
|
||||
*/
|
||||
int chacha20_prng_done(prng_state *prng)
|
||||
{
|
||||
int err;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
return chacha_done(&prng->chacha.s);
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
prng->ready = 0;
|
||||
err = chacha_done(&prng->chacha.s);
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -134,19 +151,21 @@ int chacha20_prng_done(prng_state *prng)
|
||||
*/
|
||||
int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
{
|
||||
unsigned long len = sizeof(chacha_state);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
unsigned long len = chacha20_prng_desc.export_size;
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
|
||||
if (!prng->chacha.ready) {
|
||||
return CRYPT_ERROR;
|
||||
}
|
||||
if (*outlen < len) {
|
||||
*outlen = len;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
XMEMCPY(out, &prng->chacha.s, len);
|
||||
|
||||
if (chacha20_prng_read(out, len, prng) != len) {
|
||||
return CRYPT_ERROR_READPRNG;
|
||||
}
|
||||
|
||||
*outlen = len;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
@ -160,13 +179,14 @@ int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *
|
||||
*/
|
||||
int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
{
|
||||
unsigned long len = sizeof(chacha_state);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
int err;
|
||||
|
||||
if (inlen != len) return CRYPT_INVALID_ARG;
|
||||
XMEMCPY(&prng->chacha.s, in, inlen);
|
||||
prng->chacha.ready = 1;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
if (inlen < (unsigned long)chacha20_prng_desc.export_size) return CRYPT_INVALID_ARG;
|
||||
|
||||
if ((err = chacha20_prng_start(prng)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20_prng_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
@ -188,29 +208,32 @@ int chacha20_prng_test(void)
|
||||
unsigned char dmp[300];
|
||||
unsigned long dmplen = sizeof(dmp);
|
||||
unsigned char out[500];
|
||||
unsigned char t1[] = { 0x59, 0xb2, 0x26, 0x95, 0x2b, 0x01, 0x8f, 0x05, 0xbe, 0xd8 };
|
||||
unsigned char t2[] = { 0x30, 0x34, 0x5c, 0x6e, 0x56, 0x18, 0x8c, 0x46, 0xbe, 0x8a };
|
||||
unsigned char t1[] = { 0x59, 0xB2, 0x26, 0x95, 0x2B, 0x01, 0x8F, 0x05, 0xBE, 0xD8 };
|
||||
unsigned char t2[] = { 0x47, 0xC9, 0x0D, 0x03, 0xE4, 0x75, 0x34, 0x27, 0xBD, 0xDE };
|
||||
unsigned char t3[] = { 0xBC, 0xFA, 0xEF, 0x59, 0x37, 0x7F, 0x1A, 0x91, 0x1A, 0xA6 };
|
||||
int err;
|
||||
|
||||
chacha20_prng_start(&st);
|
||||
chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to uninitialized prng */
|
||||
chacha20_prng_ready(&st);
|
||||
chacha20_prng_read(out, 10, &st); /* 10 bytes for testing */
|
||||
if ((err = chacha20_prng_start(&st)) != CRYPT_OK) return err;
|
||||
/* add entropy to uninitialized prng */
|
||||
if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20_prng_ready(&st)) != CRYPT_OK) return err;
|
||||
if (chacha20_prng_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
|
||||
chacha20_prng_read(out, 500, &st);
|
||||
chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to already initialized prng */
|
||||
chacha20_prng_read(out, 500, &st);
|
||||
chacha20_prng_export(dmp, &dmplen, &st);
|
||||
chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
|
||||
chacha20_prng_read(out, 10, &st); /* 10 bytes for testing */
|
||||
if (chacha20_prng_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
/* add entropy to already initialized prng */
|
||||
if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if (chacha20_prng_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if ((err = chacha20_prng_export(dmp, &dmplen, &st)) != CRYPT_OK) return err;
|
||||
if (chacha20_prng_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if (chacha20_prng_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
|
||||
chacha20_prng_done(&st);
|
||||
|
||||
XMEMSET(&st, 0xFF, sizeof(st)); /* just to be sure */
|
||||
chacha20_prng_import(dmp, dmplen, &st);
|
||||
chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
|
||||
chacha20_prng_read(out, 10, &st); /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
|
||||
chacha20_prng_done(&st);
|
||||
if ((err = chacha20_prng_done(&st)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20_prng_import(dmp, dmplen, &st)) != CRYPT_OK) return err;
|
||||
if ((err = chacha20_prng_ready(&st)) != CRYPT_OK) return err;
|
||||
if (chacha20_prng_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if (chacha20_prng_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t3, sizeof(t3), "CHACHA-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if ((err = chacha20_prng_done(&st)) != CRYPT_OK) return err;
|
||||
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
|
@ -5,8 +5,6 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
@ -38,7 +36,8 @@ we reseed automatically when len(pool0) >= 64 or every LTC_FORTUNA_WD calls to t
|
||||
#endif
|
||||
|
||||
const struct ltc_prng_descriptor fortuna_desc = {
|
||||
"fortuna", 1024,
|
||||
"fortuna",
|
||||
(32 * LTC_FORTUNA_POOLS), /* default: 1024 */
|
||||
&fortuna_start,
|
||||
&fortuna_add_entropy,
|
||||
&fortuna_ready,
|
||||
@ -133,6 +132,7 @@ int fortuna_start(prng_state *prng)
|
||||
unsigned char tmp[MAXBLOCKSIZE];
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
prng->ready = 0;
|
||||
|
||||
/* initialize the pools */
|
||||
for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
|
||||
@ -156,7 +156,7 @@ int fortuna_start(prng_state *prng)
|
||||
}
|
||||
zeromem(prng->fortuna.IV, 16);
|
||||
|
||||
LTC_MUTEX_INIT(&prng->fortuna.prng_lock)
|
||||
LTC_MUTEX_INIT(&prng->lock)
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
@ -173,27 +173,25 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
|
||||
unsigned char tmp[2];
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(inlen > 0);
|
||||
|
||||
/* ensure inlen <= 32 */
|
||||
if (inlen > 32) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return CRYPT_INVALID_ARG;
|
||||
inlen = 32;
|
||||
}
|
||||
|
||||
/* add s || length(in) || in to pool[pool_idx] */
|
||||
tmp[0] = 0;
|
||||
tmp[1] = (unsigned char)inlen;
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], tmp, 2)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], in, inlen)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
if (prng->fortuna.pool_idx == 0) {
|
||||
prng->fortuna.pool0_len += inlen;
|
||||
@ -201,9 +199,11 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
|
||||
if (++(prng->fortuna.pool_idx) == LTC_FORTUNA_POOLS) {
|
||||
prng->fortuna.pool_idx = 0;
|
||||
}
|
||||
err = CRYPT_OK; /* success */
|
||||
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return CRYPT_OK;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -213,7 +213,15 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
|
||||
*/
|
||||
int fortuna_ready(prng_state *prng)
|
||||
{
|
||||
return fortuna_reseed(prng);
|
||||
int err;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
err = fortuna_reseed(prng);
|
||||
prng->ready = (err == CRYPT_OK) ? 1 : 0;
|
||||
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -226,18 +234,20 @@ int fortuna_ready(prng_state *prng)
|
||||
unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng)
|
||||
{
|
||||
unsigned char tmp[16];
|
||||
unsigned long tlen;
|
||||
unsigned long tlen = 0;
|
||||
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
if (outlen == 0 || prng == NULL || out == NULL) return 0;
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
|
||||
if (!prng->ready) {
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* do we have to reseed? */
|
||||
if (++prng->fortuna.wd == LTC_FORTUNA_WD || prng->fortuna.pool0_len >= 64) {
|
||||
if (fortuna_reseed(prng) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return 0;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
}
|
||||
|
||||
@ -268,14 +278,14 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
|
||||
fortuna_update_iv(prng);
|
||||
|
||||
if (rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return 0;
|
||||
tlen = 0;
|
||||
}
|
||||
|
||||
LBL_UNLOCK:
|
||||
#ifdef LTC_CLEAN_STACK
|
||||
zeromem(tmp, sizeof(tmp));
|
||||
#endif
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return tlen;
|
||||
}
|
||||
|
||||
@ -290,23 +300,25 @@ int fortuna_done(prng_state *prng)
|
||||
unsigned char tmp[32];
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
prng->ready = 0;
|
||||
|
||||
/* terminate all the hashes */
|
||||
for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
|
||||
if ((err = sha256_done(&(prng->fortuna.pool[x]), tmp)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
}
|
||||
/* call cipher done when we invent one ;-) */
|
||||
err = CRYPT_OK; /* success */
|
||||
|
||||
LBL_UNLOCK:
|
||||
#ifdef LTC_CLEAN_STACK
|
||||
zeromem(tmp, sizeof(tmp));
|
||||
#endif
|
||||
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return CRYPT_OK;
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -320,24 +332,30 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
{
|
||||
int x, err;
|
||||
hash_state *md;
|
||||
unsigned long len = fortuna_desc.export_size;
|
||||
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
|
||||
if (!prng->ready) {
|
||||
err = CRYPT_ERROR;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* we'll write bytes for s&g's */
|
||||
if (*outlen < 32*LTC_FORTUNA_POOLS) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
*outlen = 32*LTC_FORTUNA_POOLS;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
if (*outlen < len) {
|
||||
*outlen = len;
|
||||
err = CRYPT_BUFFER_OVERFLOW;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
md = XMALLOC(sizeof(hash_state));
|
||||
if (md == NULL) {
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
return CRYPT_MEM;
|
||||
err = CRYPT_MEM;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* to emit the state we copy each pool, terminate it then hash it again so
|
||||
@ -363,7 +381,7 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
goto LBL_ERR;
|
||||
}
|
||||
}
|
||||
*outlen = 32*LTC_FORTUNA_POOLS;
|
||||
*outlen = len;
|
||||
err = CRYPT_OK;
|
||||
|
||||
LBL_ERR:
|
||||
@ -371,7 +389,8 @@ LBL_ERR:
|
||||
zeromem(md, sizeof(*md));
|
||||
#endif
|
||||
XFREE(md);
|
||||
LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -389,7 +408,7 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
if (inlen != 32*LTC_FORTUNA_POOLS) {
|
||||
if (inlen < (unsigned long)fortuna_desc.export_size) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
@ -401,7 +420,7 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn
|
||||
return err;
|
||||
}
|
||||
}
|
||||
return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
|
245
src/prngs/rc4.c
245
src/prngs/rc4.c
@ -5,21 +5,20 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@file rc4.c
|
||||
LTC_RC4 PRNG, Tom St Denis
|
||||
RC4 PRNG, Tom St Denis
|
||||
*/
|
||||
|
||||
#ifdef LTC_RC4
|
||||
|
||||
const struct ltc_prng_descriptor rc4_desc =
|
||||
{
|
||||
"rc4", 32,
|
||||
"rc4",
|
||||
32,
|
||||
&rc4_start,
|
||||
&rc4_add_entropy,
|
||||
&rc4_ready,
|
||||
@ -38,10 +37,12 @@ const struct ltc_prng_descriptor rc4_desc =
|
||||
int rc4_start(prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
/* set keysize to zero */
|
||||
prng->rc4.x = 0;
|
||||
|
||||
prng->ready = 0;
|
||||
/* set entropy (key) size to zero */
|
||||
prng->rc4.s.x = 0;
|
||||
/* clear entropy (key) buffer */
|
||||
XMEMSET(&prng->rc4.s.buf, 0, sizeof(prng->rc4.s.buf));
|
||||
LTC_MUTEX_INIT(&prng->lock)
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
@ -54,26 +55,32 @@ int rc4_start(prng_state *prng)
|
||||
*/
|
||||
int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(in != NULL);
|
||||
unsigned char buf[256];
|
||||
unsigned long i;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(inlen > 0);
|
||||
|
||||
/* trim as required */
|
||||
if (prng->rc4.x + inlen > 256) {
|
||||
if (prng->rc4.x == 256) {
|
||||
/* I can't possibly accept another byte, ok maybe a mint wafer... */
|
||||
return CRYPT_OK;
|
||||
} else {
|
||||
/* only accept part of it */
|
||||
inlen = 256 - prng->rc4.x;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (prng->ready) {
|
||||
/* rc4_ready() was already called, do "rekey" operation */
|
||||
if ((err = rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
|
||||
/* initialize RC4 */
|
||||
if ((err = rc4_stream_setup(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
|
||||
for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf));
|
||||
}
|
||||
else {
|
||||
/* rc4_ready() was not called yet, add entropy to the buffer */
|
||||
while (inlen--) prng->rc4.s.buf[prng->rc4.s.x++ % sizeof(prng->rc4.s.buf)] ^= *in++;
|
||||
}
|
||||
|
||||
while (inlen--) {
|
||||
prng->rc4.buf[prng->rc4.x++] = *in++;
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
|
||||
err = CRYPT_OK;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -83,36 +90,24 @@ int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *pr
|
||||
*/
|
||||
int rc4_ready(prng_state *prng)
|
||||
{
|
||||
unsigned char key[256], tmp, *s;
|
||||
int keylen, x, y, j;
|
||||
unsigned char buf[256] = { 0 };
|
||||
unsigned long len;
|
||||
int err, i;
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
/* extract the key */
|
||||
s = prng->rc4.buf;
|
||||
XMEMCPY(key, s, 256);
|
||||
keylen = prng->rc4.x;
|
||||
|
||||
/* make LTC_RC4 perm and shuffle */
|
||||
for (x = 0; x < 256; x++) {
|
||||
s[x] = x;
|
||||
}
|
||||
|
||||
for (j = x = y = 0; x < 256; x++) {
|
||||
y = (y + prng->rc4.buf[x] + key[j++]) & 255;
|
||||
if (j == keylen) {
|
||||
j = 0;
|
||||
}
|
||||
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
|
||||
}
|
||||
prng->rc4.x = 0;
|
||||
prng->rc4.y = 0;
|
||||
|
||||
#ifdef LTC_CLEAN_STACK
|
||||
zeromem(key, sizeof(key));
|
||||
#endif
|
||||
|
||||
return CRYPT_OK;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
|
||||
XMEMCPY(buf, prng->rc4.s.buf, sizeof(buf));
|
||||
/* initialize RC4 */
|
||||
len = MIN(prng->rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */
|
||||
if ((err = rc4_stream_setup(&prng->rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
|
||||
for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf));
|
||||
prng->ready = 1;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -124,30 +119,13 @@ int rc4_ready(prng_state *prng)
|
||||
*/
|
||||
unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng)
|
||||
{
|
||||
unsigned char x, y, *s, tmp;
|
||||
unsigned long n;
|
||||
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
#ifdef LTC_VALGRIND
|
||||
zeromem(out, outlen);
|
||||
#endif
|
||||
|
||||
n = outlen;
|
||||
x = prng->rc4.x;
|
||||
y = prng->rc4.y;
|
||||
s = prng->rc4.buf;
|
||||
while (outlen--) {
|
||||
x = (x + 1) & 255;
|
||||
y = (y + s[x]) & 255;
|
||||
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
|
||||
tmp = (s[x] + s[y]) & 255;
|
||||
*out++ ^= s[tmp];
|
||||
}
|
||||
prng->rc4.x = x;
|
||||
prng->rc4.y = y;
|
||||
return n;
|
||||
if (outlen == 0 || prng == NULL || out == NULL) return 0;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
|
||||
if (rc4_stream_keystream(&prng->rc4.s, out, outlen) != CRYPT_OK) outlen = 0;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return outlen;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -157,8 +135,13 @@ unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prn
|
||||
*/
|
||||
int rc4_done(prng_state *prng)
|
||||
{
|
||||
int err;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
return CRYPT_OK;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
prng->ready = 0;
|
||||
err = rc4_stream_done(&prng->rc4.s);
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -170,20 +153,22 @@ int rc4_done(prng_state *prng)
|
||||
*/
|
||||
int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
unsigned long len = rc4_desc.export_size;
|
||||
|
||||
if (*outlen < 32) {
|
||||
*outlen = 32;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
|
||||
if (*outlen < len) {
|
||||
*outlen = len;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
|
||||
if (rc4_read(out, 32, prng) != 32) {
|
||||
if (rc4_read(out, len, prng) != len) {
|
||||
return CRYPT_ERROR_READPRNG;
|
||||
}
|
||||
*outlen = 32;
|
||||
|
||||
*outlen = len;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
@ -197,17 +182,14 @@ int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
{
|
||||
int err;
|
||||
LTC_ARGCHK(in != NULL);
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
if (inlen < (unsigned long)rc4_desc.export_size) return CRYPT_INVALID_ARG;
|
||||
|
||||
if (inlen != 32) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
if ((err = rc4_start(prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
return rc4_add_entropy(in, 32, prng);
|
||||
if ((err = rc4_start(prng)) != CRYPT_OK) return err;
|
||||
if ((err = rc4_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -216,54 +198,47 @@ int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
*/
|
||||
int rc4_test(void)
|
||||
{
|
||||
#if !defined(LTC_TEST) || defined(LTC_VALGRIND)
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
static const struct {
|
||||
unsigned char key[8], pt[8], ct[8];
|
||||
} tests[] = {
|
||||
{
|
||||
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
|
||||
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
|
||||
{ 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 }
|
||||
}
|
||||
};
|
||||
prng_state prng;
|
||||
unsigned char dst[8];
|
||||
int err, x;
|
||||
prng_state st;
|
||||
unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
|
||||
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
|
||||
0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
|
||||
0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
|
||||
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
|
||||
unsigned char dmp[500];
|
||||
unsigned long dmplen = sizeof(dmp);
|
||||
unsigned char out[1000];
|
||||
unsigned char t1[] = { 0xE0, 0x4D, 0x9A, 0xF6, 0xA8, 0x9D, 0x77, 0x53, 0xAE, 0x09 };
|
||||
unsigned char t2[] = { 0xEF, 0x80, 0xA2, 0xE6, 0x50, 0x91, 0xF3, 0x17, 0x4A, 0x8A };
|
||||
unsigned char t3[] = { 0x4B, 0xD6, 0x5C, 0x67, 0x99, 0x03, 0x56, 0x12, 0x80, 0x48 };
|
||||
int err;
|
||||
|
||||
if ((err = rc4_start(&st)) != CRYPT_OK) return err;
|
||||
/* add entropy to uninitialized prng */
|
||||
if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if ((err = rc4_ready(&st)) != CRYPT_OK) return err;
|
||||
if (rc4_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t1, sizeof(t1), "RC4-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
/* add entropy to already initialized prng */
|
||||
if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if ((err = rc4_export(dmp, &dmplen, &st)) != CRYPT_OK) return err;
|
||||
if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if (rc4_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t2, sizeof(t2), "RC4-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if ((err = rc4_done(&st)) != CRYPT_OK) return err;
|
||||
if ((err = rc4_import(dmp, dmplen, &st)) != CRYPT_OK) return err;
|
||||
if ((err = rc4_ready(&st)) != CRYPT_OK) return err;
|
||||
if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if (rc4_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t3, sizeof(t3), "RC4-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if ((err = rc4_done(&st)) != CRYPT_OK) return err;
|
||||
|
||||
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
|
||||
if ((err = rc4_start(&prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = rc4_add_entropy(tests[x].key, 8, &prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = rc4_ready(&prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
XMEMCPY(dst, tests[x].pt, 8);
|
||||
if (rc4_read(dst, 8, &prng) != 8) {
|
||||
return CRYPT_ERROR_READPRNG;
|
||||
}
|
||||
rc4_done(&prng);
|
||||
if (XMEMCMP(dst, tests[x].ct, 8)) {
|
||||
#if 0
|
||||
int y;
|
||||
printf("\n\nLTC_RC4 failed, I got:\n");
|
||||
for (y = 0; y < 8; y++) printf("%02x ", dst[y]);
|
||||
printf("\n");
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
||||
|
@ -5,8 +5,6 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
|
@ -5,8 +5,6 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
|
@ -5,9 +5,8 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -18,12 +17,10 @@
|
||||
|
||||
#ifdef LTC_SOBER128
|
||||
|
||||
#define __LTC_SOBER128TAB_C__
|
||||
#include "sober128tab.c"
|
||||
|
||||
const struct ltc_prng_descriptor sober128_desc =
|
||||
{
|
||||
"sober128", 64,
|
||||
"sober128",
|
||||
40,
|
||||
&sober128_start,
|
||||
&sober128_add_entropy,
|
||||
&sober128_ready,
|
||||
@ -34,74 +31,6 @@ const struct ltc_prng_descriptor sober128_desc =
|
||||
&sober128_test
|
||||
};
|
||||
|
||||
/* don't change these... */
|
||||
#define N 17
|
||||
#define FOLD N /* how many iterations of folding to do */
|
||||
#define INITKONST 0x6996c53a /* value of KONST to use during key loading */
|
||||
#define KEYP 15 /* where to insert key words */
|
||||
#define FOLDP 4 /* where to insert non-linear feedback */
|
||||
|
||||
#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
|
||||
|
||||
static ulong32 BYTE2WORD(unsigned char *b)
|
||||
{
|
||||
ulong32 t;
|
||||
LOAD32L(t, b);
|
||||
return t;
|
||||
}
|
||||
|
||||
#define WORD2BYTE(w, b) STORE32L(b, w)
|
||||
|
||||
static void XORWORD(ulong32 w, unsigned char *b)
|
||||
{
|
||||
ulong32 t;
|
||||
LOAD32L(t, b);
|
||||
t ^= w;
|
||||
STORE32L(t, b);
|
||||
}
|
||||
|
||||
/* give correct offset for the current position of the register,
|
||||
* where logically R[0] is at position "zero".
|
||||
*/
|
||||
#define OFF(zero, i) (((zero)+(i)) % N)
|
||||
|
||||
/* step the LFSR */
|
||||
/* After stepping, "zero" moves right one place */
|
||||
#define STEP(R,z) \
|
||||
R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
|
||||
|
||||
static void cycle(ulong32 *R)
|
||||
{
|
||||
ulong32 t;
|
||||
int i;
|
||||
|
||||
STEP(R,0);
|
||||
t = R[0];
|
||||
for (i = 1; i < N; ++i) {
|
||||
R[i-1] = R[i];
|
||||
}
|
||||
R[N-1] = t;
|
||||
}
|
||||
|
||||
/* Return a non-linear function of some parts of the register.
|
||||
*/
|
||||
#define NLFUNC(c,z) \
|
||||
{ \
|
||||
t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
|
||||
t ^= Sbox[(t >> 24) & 0xFF]; \
|
||||
t = RORc(t, 8); \
|
||||
t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
|
||||
t ^= Sbox[(t >> 24) & 0xFF]; \
|
||||
t = t + c->R[OFF(z,13)]; \
|
||||
}
|
||||
|
||||
static ulong32 nltap(struct sober128_prng *c)
|
||||
{
|
||||
ulong32 t;
|
||||
NLFUNC(c, 0);
|
||||
return t;
|
||||
}
|
||||
|
||||
/**
|
||||
Start the PRNG
|
||||
@param prng [out] The PRNG state to initialize
|
||||
@ -109,95 +38,14 @@ static ulong32 nltap(struct sober128_prng *c)
|
||||
*/
|
||||
int sober128_start(prng_state *prng)
|
||||
{
|
||||
int i;
|
||||
struct sober128_prng *c;
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
c = &(prng->sober128);
|
||||
|
||||
/* Register initialised to Fibonacci numbers */
|
||||
c->R[0] = 1;
|
||||
c->R[1] = 1;
|
||||
for (i = 2; i < N; ++i) {
|
||||
c->R[i] = c->R[i-1] + c->R[i-2];
|
||||
}
|
||||
c->konst = INITKONST;
|
||||
|
||||
/* next add_entropy will be the key */
|
||||
c->flag = 1;
|
||||
c->set = 0;
|
||||
|
||||
prng->ready = 0;
|
||||
XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
|
||||
prng->sober128.idx = 0;
|
||||
LTC_MUTEX_INIT(&prng->lock)
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* Save the current register state
|
||||
*/
|
||||
static void s128_savestate(struct sober128_prng *c)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < N; ++i) {
|
||||
c->initR[i] = c->R[i];
|
||||
}
|
||||
}
|
||||
|
||||
/* initialise to previously saved register state
|
||||
*/
|
||||
static void s128_reloadstate(struct sober128_prng *c)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < N; ++i) {
|
||||
c->R[i] = c->initR[i];
|
||||
}
|
||||
}
|
||||
|
||||
/* Initialise "konst"
|
||||
*/
|
||||
static void s128_genkonst(struct sober128_prng *c)
|
||||
{
|
||||
ulong32 newkonst;
|
||||
|
||||
do {
|
||||
cycle(c->R);
|
||||
newkonst = nltap(c);
|
||||
} while ((newkonst & 0xFF000000) == 0);
|
||||
c->konst = newkonst;
|
||||
}
|
||||
|
||||
/* Load key material into the register
|
||||
*/
|
||||
#define ADDKEY(k) \
|
||||
c->R[KEYP] += (k);
|
||||
|
||||
#define XORNL(nl) \
|
||||
c->R[FOLDP] ^= (nl);
|
||||
|
||||
/* nonlinear diffusion of register for key */
|
||||
#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
|
||||
static void s128_diffuse(struct sober128_prng *c)
|
||||
{
|
||||
ulong32 t;
|
||||
/* relies on FOLD == N == 17! */
|
||||
DROUND(0);
|
||||
DROUND(1);
|
||||
DROUND(2);
|
||||
DROUND(3);
|
||||
DROUND(4);
|
||||
DROUND(5);
|
||||
DROUND(6);
|
||||
DROUND(7);
|
||||
DROUND(8);
|
||||
DROUND(9);
|
||||
DROUND(10);
|
||||
DROUND(11);
|
||||
DROUND(12);
|
||||
DROUND(13);
|
||||
DROUND(14);
|
||||
DROUND(15);
|
||||
DROUND(16);
|
||||
}
|
||||
|
||||
/**
|
||||
Add entropy to the PRNG state
|
||||
@param in The data to add
|
||||
@ -207,63 +55,34 @@ static void s128_diffuse(struct sober128_prng *c)
|
||||
*/
|
||||
int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
{
|
||||
struct sober128_prng *c;
|
||||
ulong32 i, k;
|
||||
unsigned char buf[40];
|
||||
unsigned long i;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
c = &(prng->sober128);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(inlen > 0);
|
||||
|
||||
if (c->flag == 1) {
|
||||
/* this is the first call to the add_entropy so this input is the key */
|
||||
/* inlen must be multiple of 4 bytes */
|
||||
if ((inlen & 3) != 0) {
|
||||
return CRYPT_INVALID_KEYSIZE;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (prng->ready) {
|
||||
/* sober128_ready() was already called, do "rekey" operation */
|
||||
if ((err = sober128_stream_keystream(&prng->sober128.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
|
||||
/* key 32 bytes, 20 rounds */
|
||||
if ((err = sober128_stream_setup(&prng->sober128.s, buf, 32)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* iv 8 bytes */
|
||||
if ((err = sober128_stream_setiv(&prng->sober128.s, buf + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* clear KEY + IV */
|
||||
XMEMSET(buf, 0, sizeof(buf));
|
||||
}
|
||||
|
||||
for (i = 0; i < inlen; i += 4) {
|
||||
k = BYTE2WORD((unsigned char *)&in[i]);
|
||||
ADDKEY(k);
|
||||
cycle(c->R);
|
||||
XORNL(nltap(c));
|
||||
else {
|
||||
/* sober128_ready() was not called yet, add entropy to ent buffer */
|
||||
while (inlen--) prng->sober128.ent[prng->sober128.idx++ % sizeof(prng->sober128.ent)] ^= *in++;
|
||||
}
|
||||
|
||||
/* also fold in the length of the key */
|
||||
ADDKEY(inlen);
|
||||
|
||||
/* now diffuse */
|
||||
s128_diffuse(c);
|
||||
|
||||
s128_genkonst(c);
|
||||
s128_savestate(c);
|
||||
c->nbuf = 0;
|
||||
c->flag = 0;
|
||||
c->set = 1;
|
||||
} else {
|
||||
/* ok we are adding an IV then... */
|
||||
s128_reloadstate(c);
|
||||
|
||||
/* inlen must be multiple of 4 bytes */
|
||||
if ((inlen & 3) != 0) {
|
||||
return CRYPT_INVALID_KEYSIZE;
|
||||
}
|
||||
|
||||
for (i = 0; i < inlen; i += 4) {
|
||||
k = BYTE2WORD((unsigned char *)&in[i]);
|
||||
ADDKEY(k);
|
||||
cycle(c->R);
|
||||
XORNL(nltap(c));
|
||||
}
|
||||
|
||||
/* also fold in the length of the key */
|
||||
ADDKEY(inlen);
|
||||
|
||||
/* now diffuse */
|
||||
s128_diffuse(c);
|
||||
c->nbuf = 0;
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
err = CRYPT_OK;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -273,12 +92,23 @@ int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_stat
|
||||
*/
|
||||
int sober128_ready(prng_state *prng)
|
||||
{
|
||||
return prng->sober128.set == 1 ? CRYPT_OK : CRYPT_ERROR;
|
||||
}
|
||||
int err;
|
||||
|
||||
/* XOR pseudo-random bytes into buffer
|
||||
*/
|
||||
#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, out+(z*4));
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
|
||||
/* key 32 bytes, 20 rounds */
|
||||
if ((err = sober128_stream_setup(&prng->sober128.s, prng->sober128.ent, 32)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
/* iv 8 bytes */
|
||||
if ((err = sober128_stream_setiv(&prng->sober128.s, prng->sober128.ent + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
|
||||
XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
|
||||
prng->sober128.idx = 0;
|
||||
prng->ready = 1;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Read from the PRNG
|
||||
@ -289,75 +119,13 @@ int sober128_ready(prng_state *prng)
|
||||
*/
|
||||
unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng)
|
||||
{
|
||||
struct sober128_prng *c;
|
||||
ulong32 t, tlen;
|
||||
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
#ifdef LTC_VALGRIND
|
||||
zeromem(out, outlen);
|
||||
#endif
|
||||
|
||||
c = &(prng->sober128);
|
||||
tlen = outlen;
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
while (c->nbuf != 0 && outlen != 0) {
|
||||
*out++ ^= c->sbuf & 0xFF;
|
||||
c->sbuf >>= 8;
|
||||
c->nbuf -= 8;
|
||||
--outlen;
|
||||
}
|
||||
|
||||
#ifndef LTC_SMALL_CODE
|
||||
/* do lots at a time, if there's enough to do */
|
||||
while (outlen >= N*4) {
|
||||
SROUND(0);
|
||||
SROUND(1);
|
||||
SROUND(2);
|
||||
SROUND(3);
|
||||
SROUND(4);
|
||||
SROUND(5);
|
||||
SROUND(6);
|
||||
SROUND(7);
|
||||
SROUND(8);
|
||||
SROUND(9);
|
||||
SROUND(10);
|
||||
SROUND(11);
|
||||
SROUND(12);
|
||||
SROUND(13);
|
||||
SROUND(14);
|
||||
SROUND(15);
|
||||
SROUND(16);
|
||||
out += 4*N;
|
||||
outlen -= 4*N;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* do small or odd size buffers the slow way */
|
||||
while (4 <= outlen) {
|
||||
cycle(c->R);
|
||||
t = nltap(c);
|
||||
XORWORD(t, out);
|
||||
out += 4;
|
||||
outlen -= 4;
|
||||
}
|
||||
|
||||
/* handle any trailing bytes */
|
||||
if (outlen != 0) {
|
||||
cycle(c->R);
|
||||
c->sbuf = nltap(c);
|
||||
c->nbuf = 32;
|
||||
while (c->nbuf != 0 && outlen != 0) {
|
||||
*out++ ^= c->sbuf & 0xFF;
|
||||
c->sbuf >>= 8;
|
||||
c->nbuf -= 8;
|
||||
--outlen;
|
||||
}
|
||||
}
|
||||
|
||||
return tlen;
|
||||
if (outlen == 0 || prng == NULL || out == NULL) return 0;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
|
||||
if (sober128_stream_keystream(&prng->sober128.s, out, outlen) != CRYPT_OK) outlen = 0;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return outlen;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -367,8 +135,13 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state
|
||||
*/
|
||||
int sober128_done(prng_state *prng)
|
||||
{
|
||||
int err;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
return CRYPT_OK;
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
prng->ready = 0;
|
||||
err = sober128_stream_done(&prng->sober128.s);
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -380,20 +153,22 @@ int sober128_done(prng_state *prng)
|
||||
*/
|
||||
int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
unsigned long len = sober128_desc.export_size;
|
||||
|
||||
if (*outlen < 64) {
|
||||
*outlen = 64;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
|
||||
if (*outlen < len) {
|
||||
*outlen = len;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
|
||||
if (sober128_read(out, 64, prng) != 64) {
|
||||
if (sober128_read(out, len, prng) != len) {
|
||||
return CRYPT_ERROR_READPRNG;
|
||||
}
|
||||
*outlen = 64;
|
||||
|
||||
*outlen = len;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
@ -407,20 +182,14 @@ int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
{
|
||||
int err;
|
||||
LTC_ARGCHK(in != NULL);
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
if (inlen < (unsigned long)sober128_desc.export_size) return CRYPT_INVALID_ARG;
|
||||
|
||||
if (inlen != 64) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
if ((err = sober128_start(prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = sober128_add_entropy(in, 64, prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
return sober128_ready(prng);
|
||||
if ((err = sober128_start(prng)) != CRYPT_OK) return err;
|
||||
if ((err = sober128_add_entropy(in, sober128_desc.export_size, prng)) != CRYPT_OK) return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -432,69 +201,44 @@ int sober128_test(void)
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
static const struct {
|
||||
int keylen, ivlen, len;
|
||||
unsigned char key[16], iv[4], out[20];
|
||||
} tests[] = {
|
||||
prng_state st;
|
||||
unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
|
||||
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
|
||||
0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
|
||||
0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
|
||||
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
|
||||
unsigned char dmp[300];
|
||||
unsigned long dmplen = sizeof(dmp);
|
||||
unsigned char out[500];
|
||||
unsigned char t1[] = { 0x31, 0x82, 0xA7, 0xA5, 0x8B, 0xD7, 0xCB, 0x39, 0x86, 0x1A };
|
||||
unsigned char t2[] = { 0x6B, 0x43, 0x9E, 0xBC, 0xE7, 0x62, 0x9B, 0xE6, 0x9B, 0x83 };
|
||||
unsigned char t3[] = { 0x4A, 0x0E, 0x6C, 0xC1, 0xCF, 0xB4, 0x73, 0x49, 0x99, 0x05 };
|
||||
int err;
|
||||
|
||||
{
|
||||
16, 4, 20,
|
||||
if ((err = sober128_start(&st)) != CRYPT_OK) return err;
|
||||
/* add entropy to uninitialized prng */
|
||||
if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if ((err = sober128_ready(&st)) != CRYPT_OK) return err;
|
||||
if (sober128_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t1, sizeof(t1), "SOBER128-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (sober128_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
/* add entropy to already initialized prng */
|
||||
if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if (sober128_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if ((err = sober128_export(dmp, &dmplen, &st)) != CRYPT_OK) return err;
|
||||
if (sober128_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if (sober128_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t2, sizeof(t2), "SOBER128-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if ((err = sober128_done(&st)) != CRYPT_OK) return err;
|
||||
if ((err = sober128_import(dmp, dmplen, &st)) != CRYPT_OK) return err;
|
||||
if ((err = sober128_ready(&st)) != CRYPT_OK) return err;
|
||||
if (sober128_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if (sober128_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
|
||||
if (compare_testvector(out, 10, t3, sizeof(t3), "SOBER128-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
|
||||
if ((err = sober128_done(&st)) != CRYPT_OK) return err;
|
||||
|
||||
/* key */
|
||||
{ 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
|
||||
0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 },
|
||||
|
||||
/* IV */
|
||||
{ 0x00, 0x00, 0x00, 0x00 },
|
||||
|
||||
/* expected output */
|
||||
{ 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
|
||||
0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
|
||||
0x40, 0x37, 0x8b, 0xbb }
|
||||
}
|
||||
|
||||
};
|
||||
prng_state prng;
|
||||
unsigned char dst[20];
|
||||
int err, x;
|
||||
|
||||
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
|
||||
if ((err = sober128_start(&prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = sober128_add_entropy(tests[x].key, tests[x].keylen, &prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
/* add IV */
|
||||
if ((err = sober128_add_entropy(tests[x].iv, tests[x].ivlen, &prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* ready up */
|
||||
if ((err = sober128_ready(&prng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
XMEMSET(dst, 0, tests[x].len);
|
||||
if (sober128_read(dst, tests[x].len, &prng) != (unsigned long)tests[x].len) {
|
||||
return CRYPT_ERROR_READPRNG;
|
||||
}
|
||||
sober128_done(&prng);
|
||||
if (XMEMCMP(dst, tests[x].out, tests[x].len)) {
|
||||
#if 0
|
||||
printf("\n\nLTC_SOBER128 failed, I got:\n");
|
||||
for (y = 0; y < tests[x].len; y++) printf("%02x ", dst[y]);
|
||||
printf("\n");
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
||||
|
@ -5,8 +5,6 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
@ -135,7 +133,22 @@ int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
|
||||
*/
|
||||
int sprng_test(void)
|
||||
{
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
prng_state st;
|
||||
unsigned char en[] = { 0x01, 0x02, 0x03, 0x04 };
|
||||
unsigned char out[1000];
|
||||
int err;
|
||||
|
||||
if ((err = sprng_start(&st)) != CRYPT_OK) return err;
|
||||
if ((err = sprng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
|
||||
if ((err = sprng_ready(&st)) != CRYPT_OK) return err;
|
||||
if (sprng_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
|
||||
if ((err = sprng_done(&st)) != CRYPT_OK) return err;
|
||||
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -5,8 +5,6 @@
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
@ -40,6 +38,7 @@ int yarrow_start(prng_state *prng)
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
prng->ready = 0;
|
||||
|
||||
/* these are the default hash/cipher combo used */
|
||||
#ifdef LTC_RIJNDAEL
|
||||
@ -120,7 +119,7 @@ int yarrow_start(prng_state *prng)
|
||||
|
||||
/* zero the memory used */
|
||||
zeromem(prng->yarrow.pool, sizeof(prng->yarrow.pool));
|
||||
LTC_MUTEX_INIT(&prng->yarrow.prng_lock)
|
||||
LTC_MUTEX_INIT(&prng->lock)
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
@ -137,43 +136,38 @@ int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
|
||||
hash_state md;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(inlen > 0);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
|
||||
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* start the hash */
|
||||
if ((err = hash_descriptor[prng->yarrow.hash].init(&md)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* hash the current pool */
|
||||
if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,
|
||||
hash_descriptor[prng->yarrow.hash].hashsize)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* add the new entropy */
|
||||
if ((err = hash_descriptor[prng->yarrow.hash].process(&md, in, inlen)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* store result */
|
||||
if ((err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
}
|
||||
err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool);
|
||||
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return CRYPT_OK;
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -186,23 +180,21 @@ int yarrow_ready(prng_state *prng)
|
||||
int ks, err;
|
||||
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
|
||||
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* setup CTR mode using the "pool" as the key */
|
||||
ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
|
||||
if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
if ((err = ctr_start(prng->yarrow.cipher, /* what cipher to use */
|
||||
@ -211,11 +203,13 @@ int yarrow_ready(prng_state *prng)
|
||||
0, /* number of rounds */
|
||||
CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
|
||||
&prng->yarrow.ctr)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return CRYPT_OK;
|
||||
prng->ready = 1;
|
||||
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -227,20 +221,25 @@ int yarrow_ready(prng_state *prng)
|
||||
*/
|
||||
unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng)
|
||||
{
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
if (outlen == 0 || prng == NULL || out == NULL) return 0;
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
|
||||
if (!prng->ready) {
|
||||
outlen = 0;
|
||||
goto LBL_UNLOCK;
|
||||
}
|
||||
|
||||
/* put out in predictable state first */
|
||||
zeromem(out, outlen);
|
||||
|
||||
/* now randomize it */
|
||||
if (ctr_encrypt(out, out, outlen, &prng->yarrow.ctr) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return 0;
|
||||
outlen = 0;
|
||||
}
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
|
||||
LBL_UNLOCK:
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return outlen;
|
||||
}
|
||||
|
||||
@ -254,14 +253,15 @@ int yarrow_done(prng_state *prng)
|
||||
int err;
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
|
||||
LTC_MUTEX_LOCK(&prng->lock);
|
||||
prng->ready = 0;
|
||||
|
||||
/* call cipher done when we invent one ;-) */
|
||||
|
||||
/* we invented one */
|
||||
err = ctr_done(&prng->yarrow.ctr);
|
||||
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
LTC_MUTEX_UNLOCK(&prng->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -274,25 +274,22 @@ int yarrow_done(prng_state *prng)
|
||||
*/
|
||||
int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
|
||||
{
|
||||
unsigned long len = yarrow_desc.export_size;
|
||||
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
|
||||
|
||||
/* we'll write 64 bytes for s&g's */
|
||||
if (*outlen < 64) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
*outlen = 64;
|
||||
if (*outlen < len) {
|
||||
*outlen = len;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
|
||||
if (yarrow_read(out, 64, prng) != 64) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
if (yarrow_read(out, len, prng) != len) {
|
||||
return CRYPT_ERROR_READPRNG;
|
||||
}
|
||||
*outlen = 64;
|
||||
|
||||
*outlen = len;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
@ -309,21 +306,11 @@ int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng
|
||||
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
if (inlen < (unsigned long)yarrow_desc.export_size) return CRYPT_INVALID_ARG;
|
||||
|
||||
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
|
||||
|
||||
if (inlen != 64) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
if ((err = yarrow_start(prng)) != CRYPT_OK) {
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
}
|
||||
err = yarrow_add_entropy(in, 64, prng);
|
||||
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
|
||||
return err;
|
||||
if ((err = yarrow_start(prng)) != CRYPT_OK) return err;
|
||||
if ((err = yarrow_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -71,8 +71,14 @@ int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen,
|
||||
}
|
||||
for (;;) {
|
||||
_chacha_block(buf, st->input, st->rounds);
|
||||
/* increment the counter */
|
||||
if (!++st->input[12] && !++st->input[13] && !++st->input[14]) { ++st->input[15]; }
|
||||
if (st->ivlen == 8) {
|
||||
/* IV-64bit, increment 64bit counter */
|
||||
if (0 == ++st->input[12] && 0 == ++st->input[13]) return CRYPT_OVERFLOW;
|
||||
}
|
||||
else {
|
||||
/* IV-96bit, increment 32bit counter */
|
||||
if (0 == ++st->input[12]) return CRYPT_OVERFLOW;
|
||||
}
|
||||
if (inlen <= 64) {
|
||||
for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i];
|
||||
st->ksleft = 64 - inlen;
|
||||
|
@ -37,26 +37,27 @@ int chacha_test(void)
|
||||
0x87, 0x4D };
|
||||
char pt[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
|
||||
chacha_state st;
|
||||
int err;
|
||||
|
||||
len = strlen(pt);
|
||||
/* crypt piece by piece */
|
||||
chacha_setup(&st, k, sizeof(k), 20);
|
||||
chacha_ivctr32(&st, n, sizeof(n), 1);
|
||||
chacha_crypt(&st, (unsigned char*)pt, 35, out);
|
||||
chacha_crypt(&st, (unsigned char*)pt + 35, 35, out + 35);
|
||||
chacha_crypt(&st, (unsigned char*)pt + 70, 5, out + 70);
|
||||
chacha_crypt(&st, (unsigned char*)pt + 75, 5, out + 75);
|
||||
chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80);
|
||||
if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt, 35, out)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt + 35, 35, out + 35)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt + 70, 5, out + 70)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt + 75, 5, out + 75)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1)) return CRYPT_FAIL_TESTVECTOR;
|
||||
/* crypt in one go */
|
||||
chacha_setup(&st, k, sizeof(k), 20);
|
||||
chacha_ivctr32(&st, n, sizeof(n), 1);
|
||||
chacha_crypt(&st, (unsigned char*)pt, len, out);
|
||||
if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1)) return CRYPT_FAIL_TESTVECTOR;
|
||||
/* crypt in one go - using chacha_ivctr64() */
|
||||
chacha_setup(&st, k, sizeof(k), 20);
|
||||
chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1);
|
||||
chacha_crypt(&st, (unsigned char*)pt, len, out);
|
||||
if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1)) != CRYPT_OK) return err;
|
||||
if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK) return err;
|
||||
if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV3", 1)) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
return CRYPT_OK;
|
||||
|
107
src/stream/rc4/rc4.c
Normal file
107
src/stream/rc4/rc4.c
Normal file
@ -0,0 +1,107 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_RC4_STREAM
|
||||
|
||||
/**
|
||||
Initialize an RC4 context (only the key)
|
||||
@param st [out] The destination of the RC4 state
|
||||
@param key The secret key
|
||||
@param keylen The length of the secret key (8 - 256 bytes)
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen)
|
||||
{
|
||||
unsigned char tmp, *s;
|
||||
int x, y;
|
||||
unsigned long j;
|
||||
|
||||
LTC_ARGCHK(st != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(keylen >= 5); /* 40-2048 bits */
|
||||
|
||||
s = st->buf;
|
||||
for (x = 0; x < 256; x++) {
|
||||
s[x] = x;
|
||||
}
|
||||
|
||||
for (j = x = y = 0; x < 256; x++) {
|
||||
y = (y + s[x] + key[j++]) & 255;
|
||||
if (j == keylen) {
|
||||
j = 0;
|
||||
}
|
||||
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
|
||||
}
|
||||
st->x = 0;
|
||||
st->y = 0;
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4
|
||||
@param st The RC4 state
|
||||
@param in The plaintext (or ciphertext)
|
||||
@param inlen The length of the input (octets)
|
||||
@param out [out] The ciphertext (or plaintext), length inlen
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
|
||||
{
|
||||
unsigned char x, y, *s, tmp;
|
||||
|
||||
LTC_ARGCHK(st != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
|
||||
x = st->x;
|
||||
y = st->y;
|
||||
s = st->buf;
|
||||
while (inlen--) {
|
||||
x = (x + 1) & 255;
|
||||
y = (y + s[x]) & 255;
|
||||
tmp = s[x]; s[x] = s[y]; s[y] = tmp;
|
||||
tmp = (s[x] + s[y]) & 255;
|
||||
*out++ = *in++ ^ s[tmp];
|
||||
}
|
||||
st->x = x;
|
||||
st->y = y;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
Generate a stream of random bytes via RC4
|
||||
@param st The RC420 state
|
||||
@param out [out] The output buffer
|
||||
@param outlen The output length
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen)
|
||||
{
|
||||
if (outlen == 0) return CRYPT_OK; /* nothing to do */
|
||||
LTC_ARGCHK(out != NULL);
|
||||
XMEMSET(out, 0, outlen);
|
||||
return rc4_stream_crypt(st, out, outlen, out);
|
||||
}
|
||||
|
||||
/**
|
||||
Terminate and clear RC4 state
|
||||
@param st The RC4 state
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int rc4_stream_done(rc4_state *st)
|
||||
{
|
||||
LTC_ARGCHK(st != NULL);
|
||||
XMEMSET(st, 0, sizeof(rc4_state));
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
35
src/stream/rc4/rc4_test.c
Normal file
35
src/stream/rc4/rc4_test.c
Normal file
@ -0,0 +1,35 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_RC4_STREAM
|
||||
|
||||
int rc4_stream_test(void)
|
||||
{
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
rc4_state st;
|
||||
int err;
|
||||
const unsigned char key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
const unsigned char pt[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
|
||||
const unsigned char ct[] = { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 };
|
||||
unsigned char buf[10];
|
||||
|
||||
if ((err = rc4_stream_setup(&st, key, sizeof(key))) != CRYPT_OK) return err;
|
||||
if ((err = rc4_stream_crypt(&st, pt, sizeof(pt), buf)) != CRYPT_OK) return err;
|
||||
if (XMEMCMP(buf, ct, sizeof(ct))) return CRYPT_FAIL_TESTVECTOR;
|
||||
if ((err = rc4_stream_done(&st)) != CRYPT_OK) return err;
|
||||
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
344
src/stream/sober128/sober128.c
Normal file
344
src/stream/sober128/sober128.c
Normal file
@ -0,0 +1,344 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@file sober128.c
|
||||
Implementation of SOBER-128 by Tom St Denis.
|
||||
Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
|
||||
*/
|
||||
|
||||
#ifdef LTC_SOBER128
|
||||
|
||||
#define __LTC_SOBER128TAB_C__
|
||||
#include "sober128tab.c"
|
||||
|
||||
/* don't change these... */
|
||||
#define N 17
|
||||
#define FOLD N /* how many iterations of folding to do */
|
||||
#define INITKONST 0x6996c53a /* value of KONST to use during key loading */
|
||||
#define KEYP 15 /* where to insert key words */
|
||||
#define FOLDP 4 /* where to insert non-linear feedback */
|
||||
|
||||
#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
|
||||
|
||||
static ulong32 BYTE2WORD(unsigned char *b)
|
||||
{
|
||||
ulong32 t;
|
||||
LOAD32L(t, b);
|
||||
return t;
|
||||
}
|
||||
|
||||
static void XORWORD(ulong32 w, const unsigned char *in, unsigned char *out)
|
||||
{
|
||||
ulong32 t;
|
||||
LOAD32L(t, in);
|
||||
t ^= w;
|
||||
STORE32L(t, out);
|
||||
}
|
||||
|
||||
/* give correct offset for the current position of the register,
|
||||
* where logically R[0] is at position "zero".
|
||||
*/
|
||||
#define OFF(zero, i) (((zero)+(i)) % N)
|
||||
|
||||
/* step the LFSR */
|
||||
/* After stepping, "zero" moves right one place */
|
||||
#define STEP(R,z) \
|
||||
R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
|
||||
|
||||
static void cycle(ulong32 *R)
|
||||
{
|
||||
ulong32 t;
|
||||
int i;
|
||||
|
||||
STEP(R,0);
|
||||
t = R[0];
|
||||
for (i = 1; i < N; ++i) {
|
||||
R[i-1] = R[i];
|
||||
}
|
||||
R[N-1] = t;
|
||||
}
|
||||
|
||||
/* Return a non-linear function of some parts of the register.
|
||||
*/
|
||||
#define NLFUNC(c,z) \
|
||||
{ \
|
||||
t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
|
||||
t ^= Sbox[(t >> 24) & 0xFF]; \
|
||||
t = RORc(t, 8); \
|
||||
t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
|
||||
t ^= Sbox[(t >> 24) & 0xFF]; \
|
||||
t = t + c->R[OFF(z,13)]; \
|
||||
}
|
||||
|
||||
static ulong32 nltap(sober128_state *c)
|
||||
{
|
||||
ulong32 t;
|
||||
NLFUNC(c, 0);
|
||||
return t;
|
||||
}
|
||||
|
||||
/* Save the current register state
|
||||
*/
|
||||
static void s128_savestate(sober128_state *c)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < N; ++i) {
|
||||
c->initR[i] = c->R[i];
|
||||
}
|
||||
}
|
||||
|
||||
/* initialise to previously saved register state
|
||||
*/
|
||||
static void s128_reloadstate(sober128_state *c)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < N; ++i) {
|
||||
c->R[i] = c->initR[i];
|
||||
}
|
||||
}
|
||||
|
||||
/* Initialise "konst"
|
||||
*/
|
||||
static void s128_genkonst(sober128_state *c)
|
||||
{
|
||||
ulong32 newkonst;
|
||||
|
||||
do {
|
||||
cycle(c->R);
|
||||
newkonst = nltap(c);
|
||||
} while ((newkonst & 0xFF000000) == 0);
|
||||
c->konst = newkonst;
|
||||
}
|
||||
|
||||
/* Load key material into the register
|
||||
*/
|
||||
#define ADDKEY(k) \
|
||||
c->R[KEYP] += (k);
|
||||
|
||||
#define XORNL(nl) \
|
||||
c->R[FOLDP] ^= (nl);
|
||||
|
||||
/* nonlinear diffusion of register for key */
|
||||
#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
|
||||
static void s128_diffuse(sober128_state *c)
|
||||
{
|
||||
ulong32 t;
|
||||
/* relies on FOLD == N == 17! */
|
||||
DROUND(0);
|
||||
DROUND(1);
|
||||
DROUND(2);
|
||||
DROUND(3);
|
||||
DROUND(4);
|
||||
DROUND(5);
|
||||
DROUND(6);
|
||||
DROUND(7);
|
||||
DROUND(8);
|
||||
DROUND(9);
|
||||
DROUND(10);
|
||||
DROUND(11);
|
||||
DROUND(12);
|
||||
DROUND(13);
|
||||
DROUND(14);
|
||||
DROUND(15);
|
||||
DROUND(16);
|
||||
}
|
||||
|
||||
/**
|
||||
Initialize an Sober128 context (only the key)
|
||||
@param c [out] The destination of the Sober128 state
|
||||
@param key The secret key
|
||||
@param keylen The length of the secret key (octets)
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int sober128_stream_setup(sober128_state *c, const unsigned char *key, unsigned long keylen)
|
||||
{
|
||||
ulong32 i, k;
|
||||
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(keylen > 0);
|
||||
|
||||
/* keylen must be multiple of 4 bytes */
|
||||
if ((keylen & 3) != 0) {
|
||||
return CRYPT_INVALID_KEYSIZE;
|
||||
}
|
||||
|
||||
/* Register initialised to Fibonacci numbers */
|
||||
c->R[0] = 1;
|
||||
c->R[1] = 1;
|
||||
for (i = 2; i < N; ++i) {
|
||||
c->R[i] = c->R[i-1] + c->R[i-2];
|
||||
}
|
||||
c->konst = INITKONST;
|
||||
|
||||
for (i = 0; i < keylen; i += 4) {
|
||||
k = BYTE2WORD((unsigned char *)&key[i]);
|
||||
ADDKEY(k);
|
||||
cycle(c->R);
|
||||
XORNL(nltap(c));
|
||||
}
|
||||
|
||||
/* also fold in the length of the key */
|
||||
ADDKEY(keylen);
|
||||
|
||||
/* now diffuse */
|
||||
s128_diffuse(c);
|
||||
s128_genkonst(c);
|
||||
s128_savestate(c);
|
||||
c->nbuf = 0;
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
Set IV to the Sober128 state
|
||||
@param c The Sober12820 state
|
||||
@param iv The IV data to add
|
||||
@param inlen The length of the IV (must be 12)
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int sober128_stream_setiv(sober128_state *c, const unsigned char *iv, unsigned long ivlen)
|
||||
{
|
||||
ulong32 i, k;
|
||||
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(iv != NULL);
|
||||
LTC_ARGCHK(ivlen > 0);
|
||||
|
||||
/* ok we are adding an IV then... */
|
||||
s128_reloadstate(c);
|
||||
|
||||
/* ivlen must be multiple of 4 bytes */
|
||||
if ((ivlen & 3) != 0) {
|
||||
return CRYPT_INVALID_KEYSIZE;
|
||||
}
|
||||
|
||||
for (i = 0; i < ivlen; i += 4) {
|
||||
k = BYTE2WORD((unsigned char *)&iv[i]);
|
||||
ADDKEY(k);
|
||||
cycle(c->R);
|
||||
XORNL(nltap(c));
|
||||
}
|
||||
|
||||
/* also fold in the length of the key */
|
||||
ADDKEY(ivlen);
|
||||
|
||||
/* now diffuse */
|
||||
s128_diffuse(c);
|
||||
c->nbuf = 0;
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* XOR pseudo-random bytes into buffer
|
||||
*/
|
||||
#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, in+(z*4), out+(z*4));
|
||||
|
||||
/**
|
||||
Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sober128
|
||||
@param c The Sober128 state
|
||||
@param in The plaintext (or ciphertext)
|
||||
@param inlen The length of the input (octets)
|
||||
@param out [out] The ciphertext (or plaintext), length inlen
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int sober128_stream_crypt(sober128_state *c, const unsigned char *in, unsigned long inlen, unsigned char *out)
|
||||
{
|
||||
ulong32 t;
|
||||
|
||||
if (inlen == 0) return CRYPT_OK; /* nothing to do */
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(c != NULL);
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
while (c->nbuf != 0 && inlen != 0) {
|
||||
*out++ = *in++ ^ (c->sbuf & 0xFF);
|
||||
c->sbuf >>= 8;
|
||||
c->nbuf -= 8;
|
||||
--inlen;
|
||||
}
|
||||
|
||||
#ifndef LTC_SMALL_CODE
|
||||
/* do lots at a time, if there's enough to do */
|
||||
while (inlen >= N*4) {
|
||||
SROUND(0);
|
||||
SROUND(1);
|
||||
SROUND(2);
|
||||
SROUND(3);
|
||||
SROUND(4);
|
||||
SROUND(5);
|
||||
SROUND(6);
|
||||
SROUND(7);
|
||||
SROUND(8);
|
||||
SROUND(9);
|
||||
SROUND(10);
|
||||
SROUND(11);
|
||||
SROUND(12);
|
||||
SROUND(13);
|
||||
SROUND(14);
|
||||
SROUND(15);
|
||||
SROUND(16);
|
||||
out += 4*N;
|
||||
in += 4*N;
|
||||
inlen -= 4*N;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* do small or odd size buffers the slow way */
|
||||
while (4 <= inlen) {
|
||||
cycle(c->R);
|
||||
t = nltap(c);
|
||||
XORWORD(t, in, out);
|
||||
out += 4;
|
||||
in += 4;
|
||||
inlen -= 4;
|
||||
}
|
||||
|
||||
/* handle any trailing bytes */
|
||||
if (inlen != 0) {
|
||||
cycle(c->R);
|
||||
c->sbuf = nltap(c);
|
||||
c->nbuf = 32;
|
||||
while (c->nbuf != 0 && inlen != 0) {
|
||||
*out++ = *in++ ^ (c->sbuf & 0xFF);
|
||||
c->sbuf >>= 8;
|
||||
c->nbuf -= 8;
|
||||
--inlen;
|
||||
}
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int sober128_stream_keystream(sober128_state *c, unsigned char *out, unsigned long outlen)
|
||||
{
|
||||
if (outlen == 0) return CRYPT_OK; /* nothing to do */
|
||||
LTC_ARGCHK(out != NULL);
|
||||
XMEMSET(out, 0, outlen);
|
||||
return sober128_stream_crypt(c, out, outlen, out);
|
||||
}
|
||||
|
||||
/**
|
||||
Terminate and clear Sober128 state
|
||||
@param c The Sober128 state
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int sober128_stream_done(sober128_state *c)
|
||||
{
|
||||
LTC_ARGCHK(c != NULL);
|
||||
XMEMSET(c, 0, sizeof(sober128_state));
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
49
src/stream/sober128/sober128_test.c
Normal file
49
src/stream/sober128/sober128_test.c
Normal file
@ -0,0 +1,49 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_SOBER128
|
||||
|
||||
int sober128_stream_test(void)
|
||||
{
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
unsigned char key[16] = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
|
||||
0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 };
|
||||
unsigned char iv[4] = { 0x00, 0x00, 0x00, 0x00 };
|
||||
unsigned char out[20] = { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
|
||||
0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
|
||||
0x40, 0x37, 0x8b, 0xbb };
|
||||
int err, len = 20;
|
||||
unsigned char src[20], dst[20];
|
||||
sober128_state st;
|
||||
|
||||
XMEMSET(src, 0, len); /* input */
|
||||
if ((err = sober128_stream_setup(&st, key, sizeof(key))) != CRYPT_OK) return err;
|
||||
if ((err = sober128_stream_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err;
|
||||
if ((err = sober128_stream_crypt(&st, src, len, dst)) != CRYPT_OK) return err;
|
||||
if ((err = sober128_stream_done(&st)) != CRYPT_OK) return err;
|
||||
if (XMEMCMP(dst, out, len)) {
|
||||
#if 0
|
||||
int y;
|
||||
printf("\nLTC_SOBER128 failed, I got:\n");
|
||||
for (y = 0; y < len; y++) printf("%02x ", dst[y]);
|
||||
printf("\nLTC_SOBER128 failed, expected:\n");
|
||||
for (y = 0; y < len; y++) printf("%02x ", out[y]);
|
||||
printf("\n");
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
@ -6,7 +6,7 @@ int cipher_hash_test(void)
|
||||
{
|
||||
int x;
|
||||
unsigned char buf[4096];
|
||||
unsigned long n;
|
||||
unsigned long n, one;
|
||||
prng_state nprng;
|
||||
|
||||
/* test ciphers */
|
||||
@ -14,10 +14,16 @@ int cipher_hash_test(void)
|
||||
DOX(cipher_descriptor[x].test(), cipher_descriptor[x].name);
|
||||
}
|
||||
|
||||
/* stream ciphers */
|
||||
#ifdef LTC_CHACHA
|
||||
/* ChaCha is a special case (stream cipher) */
|
||||
DO(chacha_test());
|
||||
#endif
|
||||
#ifdef LTC_RC4_STREAM
|
||||
DO(rc4_stream_test());
|
||||
#endif
|
||||
#ifdef LTC_SOBER128_STREAM
|
||||
DO(sober128_stream_test());
|
||||
#endif
|
||||
|
||||
/* test hashes */
|
||||
for (x = 0; hash_descriptor[x].name != NULL; x++) {
|
||||
@ -34,13 +40,21 @@ int cipher_hash_test(void)
|
||||
DOX(prng_descriptor[x].add_entropy((unsigned char *)"helloworld12", 12, &nprng), prng_descriptor[x].name);
|
||||
DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name);
|
||||
n = sizeof(buf);
|
||||
if (strcmp(prng_descriptor[x].name, "sprng")) {
|
||||
one = 1;
|
||||
if (prng_descriptor[x].pexport(buf, &one, &nprng) != CRYPT_BUFFER_OVERFLOW) {
|
||||
fprintf(stderr, "Error testing pexport with a short buffer (%s)\n", prng_descriptor[x].name);
|
||||
return CRYPT_ERROR;
|
||||
}
|
||||
}
|
||||
DOX(prng_descriptor[x].pexport(buf, &n, &nprng), prng_descriptor[x].name);
|
||||
prng_descriptor[x].done(&nprng);
|
||||
DOX(prng_descriptor[x].pimport(buf, n, &nprng), prng_descriptor[x].name);
|
||||
DOX(prng_descriptor[x].pimport(buf, 4096, &nprng), prng_descriptor[x].name); /* try to import larger data */
|
||||
DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name);
|
||||
if (prng_descriptor[x].read(buf, 100, &nprng) != 100) {
|
||||
fprintf(stderr, "Error reading from imported PRNG!\n");
|
||||
exit(EXIT_FAILURE);
|
||||
fprintf(stderr, "Error reading from imported PRNG (%s)!\n", prng_descriptor[x].name);
|
||||
return CRYPT_ERROR;
|
||||
}
|
||||
prng_descriptor[x].done(&nprng);
|
||||
}
|
||||
|
@ -342,7 +342,7 @@ static void _unregister_all(void)
|
||||
#ifdef LTC_RC4
|
||||
unregister_prng(&rc4_desc);
|
||||
#endif
|
||||
#ifdef LTC_CHACHA
|
||||
#ifdef LTC_CHACHA20_PRNG
|
||||
unregister_prng(&chacha20_prng_desc);
|
||||
#endif
|
||||
#ifdef LTC_SOBER128
|
||||
@ -524,12 +524,15 @@ register_prng(&fortuna_desc);
|
||||
#ifdef LTC_RC4
|
||||
register_prng(&rc4_desc);
|
||||
#endif
|
||||
#ifdef LTC_CHACHA
|
||||
#ifdef LTC_CHACHA20_PRNG
|
||||
register_prng(&chacha20_prng_desc);
|
||||
#endif
|
||||
#ifdef LTC_SOBER128
|
||||
register_prng(&sober128_desc);
|
||||
#endif
|
||||
#ifdef LTC_SPRNG
|
||||
register_prng(&sprng_desc);
|
||||
#endif
|
||||
|
||||
#ifdef LTC_PRNG_ENABLE_LTC_RNG
|
||||
ltc_rng = my_test_rng;
|
||||
|
Loading…
Reference in New Issue
Block a user