Home Explore Help
Sign In
c
/
libtom.libtomcrypt
mirror of https://github.com/libtom/libtomcrypt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #186 from libtom/pr/stream_rc4_sober128

Move rc4 + sober128 to src/stream/
karel-m 8 years ago
parent
93317a1d6a 6417f96ea9
commit
253f3c45e1
30 changed files with 1256 additions and 835 deletions
Split View Show Diff Stats
  1. 68 44
      libtomcrypt_VS2008.vcproj
  2. 3 1
      makefile
  3. 3 1
      makefile.icc
  4. 3 1
      makefile.mingw
  5. 3 1
      makefile.msvc
  6. 3 1
      makefile.shared
  7. 3 1
      makefile.unix
  8. 54 33
      src/encauth/chachapoly/chacha20poly1305_test.c
  9. 34 0
      src/headers/tomcrypt_cipher.h
  10. 15 4
      src/headers/tomcrypt_custom.h
  11. 15 21
      src/headers/tomcrypt_prng.h
  12. 15 13
      src/mac/poly1305/poly1305_test.c
  13. 7 0
      src/misc/crypt/crypt.c
  14. 79 56
      src/prngs/chacha20.c
  15. 61 42
      src/prngs/fortuna.c
  16. 123 148
      src/prngs/rc4.c
  17. 0 2
      src/prngs/rng_get_bytes.c
  18. 0 2
      src/prngs/rng_make_prng.c
  19. 121 377
      src/prngs/sober128.c
  20. 15 2
      src/prngs/sprng.c
  21. 48 61
      src/prngs/yarrow.c
  22. 8 2
      src/stream/chacha/chacha_crypt.c
  23. 17 16
      src/stream/chacha/chacha_test.c
  24. 107 0
      src/stream/rc4/rc4.c
  25. 35 0
      src/stream/rc4/rc4_test.c
  26. 344 0
      src/stream/sober128/sober128.c
  27. 49 0
      src/stream/sober128/sober128_test.c
  28. 0 0
      src/stream/sober128/sober128tab.c
  29. 18 4
      testprof/cipher_hash_test.c
  30. 5 2
      testprof/x86_prof.c

+ 68 - 44
libtomcrypt_VS2008.vcproj
View File 

@@ -2347,50 +2347,6 @@
 
 				RelativePath="src\prngs\sober128.c"

 				>

 			</File>

-			<File

-				RelativePath="src\prngs\sober128tab.c"

-				>

-				<FileConfiguration

-					Name="Debug|Win32"

-					ExcludedFromBuild="true"

-					>

-					<Tool

-						Name="VCCLCompilerTool"

-						AdditionalIncludeDirectories=""

-						PreprocessorDefinitions=""

-					/>

-				</FileConfiguration>

-				<FileConfiguration

-					Name="Release|Win32"

-					ExcludedFromBuild="true"

-					>

-					<Tool

-						Name="VCCLCompilerTool"

-						AdditionalIncludeDirectories=""

-						PreprocessorDefinitions=""

-					/>

-				</FileConfiguration>

-				<FileConfiguration

-					Name="Debug|x64"

-					ExcludedFromBuild="true"

-					>

-					<Tool

-						Name="VCCLCompilerTool"

-						AdditionalIncludeDirectories=""

-						PreprocessorDefinitions=""

-					/>

-				</FileConfiguration>

-				<FileConfiguration

-					Name="Release|x64"

-					ExcludedFromBuild="true"

-					>

-					<Tool

-						Name="VCCLCompilerTool"

-						AdditionalIncludeDirectories=""

-						PreprocessorDefinitions=""

-					/>

-				</FileConfiguration>

-			</File>

 			<File

 				RelativePath="src\prngs\sprng.c"

 				>

@@ -2435,6 +2391,74 @@
 
 					>

 				</File>

 			</Filter>

+			<Filter

+				Name="rc4"

+				>

+				<File

+					RelativePath="src\stream\rc4\rc4.c"

+					>

+				</File>

+				<File

+					RelativePath="src\stream\rc4\rc4_test.c"

+					>

+				</File>

+			</Filter>

+			<Filter

+				Name="sober128"

+				>

+				<File

+					RelativePath="src\stream\sober128\sober128.c"

+					>

+				</File>

+				<File

+					RelativePath="src\stream\sober128\sober128_test.c"

+					>

+				</File>

+				<File

+					RelativePath="src\stream\sober128\sober128tab.c"

+					>

+					<FileConfiguration

+						Name="Debug|Win32"

+						ExcludedFromBuild="true"

+						>

+						<Tool

+							Name="VCCLCompilerTool"

+							AdditionalIncludeDirectories=""

+							PreprocessorDefinitions=""

+						/>

+					</FileConfiguration>

+					<FileConfiguration

+						Name="Release|Win32"

+						ExcludedFromBuild="true"

+						>

+						<Tool

+							Name="VCCLCompilerTool"

+							AdditionalIncludeDirectories=""

+							PreprocessorDefinitions=""

+						/>

+					</FileConfiguration>

+					<FileConfiguration

+						Name="Debug|x64"

+						ExcludedFromBuild="true"

+						>

+						<Tool

+							Name="VCCLCompilerTool"

+							AdditionalIncludeDirectories=""

+							PreprocessorDefinitions=""

+						/>

+					</FileConfiguration>

+					<FileConfiguration

+						Name="Release|x64"

+						ExcludedFromBuild="true"

+						>

+						<Tool

+							Name="VCCLCompilerTool"

+							AdditionalIncludeDirectories=""

+							PreprocessorDefinitions=""

+						/>

+					</FileConfiguration>

+				</File>

+			</Filter>

 		</Filter>

 	</Files>

 	<Globals>

+ 3 - 1
makefile
View File 

@@ -191,7 +191,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
 
 src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
 
 src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 
-src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
 
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
 
+src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
 
+src/stream/sober128/sober128_test.o
 
 
 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

+ 3 - 1
makefile.icc
View File 

@@ -245,7 +245,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
 
 src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
 
 src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 
-src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
 
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
 
+src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
 
+src/stream/sober128/sober128_test.o
 
 
 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

+ 3 - 1
makefile.mingw
View File 

@@ -181,7 +181,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
 
 src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
 
 src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 
-src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
 
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
 
+src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
 
+src/stream/sober128/sober128_test.o
 
 
 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

+ 3 - 1
makefile.msvc
View File 

@@ -156,7 +156,9 @@ src/pk/rsa/rsa_verify_hash.obj src/prngs/chacha20.obj src/prngs/fortuna.obj src/
 
 src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj \
 
 src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_done.obj \
 
 src/stream/chacha/chacha_ivctr32.obj src/stream/chacha/chacha_ivctr64.obj \
 
-src/stream/chacha/chacha_keystream.obj src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj
 
+src/stream/chacha/chacha_keystream.obj src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj \
 
+src/stream/rc4/rc4.obj src/stream/rc4/rc4_test.obj src/stream/sober128/sober128.obj \
 
+src/stream/sober128/sober128_test.obj
 
 
 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

+ 3 - 1
makefile.shared
View File 

@@ -179,7 +179,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
 
 src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
 
 src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 
-src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
 
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
 
+src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
 
+src/stream/sober128/sober128_test.o
 
 
 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

+ 3 - 1
makefile.unix
View File 

@@ -186,7 +186,9 @@ src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o src/prngs/
 
 src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
 
 src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 
-src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
 
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
 
+src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
 
+src/stream/sober128/sober128_test.o
 
 
 HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
 
 src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

+ 54 - 33
src/encauth/chachapoly/chacha20poly1305_test.c
View File 

@@ -18,7 +18,8 @@ int chacha20poly1305_test(void)
 
 #else
 
    chacha20poly1305_state st1, st2;
 
    unsigned char k[]   = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f };
 
-   unsigned char iv[]  = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
 
+   unsigned char i12[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
 
+   unsigned char i8[]  = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43 };
 
    unsigned char aad[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
 
    unsigned char enc[] = { 0xD3, 0x1A, 0x8D, 0x34, 0x64, 0x8E, 0x60, 0xDB, 0x7B, 0x86, 0xAF, 0xBC, 0x53, 0xEF, 0x7E, 0xC2,
 
                            0xA4, 0xAD, 0xED, 0x51, 0x29, 0x6E, 0x08, 0xFE, 0xA9, 0xE2, 0xB5, 0xA7, 0x36, 0xEE, 0x62, 0xD6,
 
@@ -36,72 +37,92 @@ int chacha20poly1305_test(void)
 
    unsigned char rfc7905_enc[] = { 0xE4, 0x62, 0x85, 0xB4, 0x29, 0x95, 0x34, 0x96, 0xAB, 0xFB, 0x67, 0xCD, 0xAE, 0xAC, 0x94, 0x1E };
 
    unsigned char rfc7905_tag[] = { 0x16, 0x2C, 0x92, 0x48, 0x2A, 0xDB, 0xD3, 0x5D, 0x48, 0xBE, 0xC6, 0xFF, 0x10, 0x9C, 0xBA, 0xE4 };
 
    unsigned char ct[1000], pt[1000], emac[16], dmac[16];
 
+   int err;
 
 
-   /* encrypt */
 
-   chacha20poly1305_init(&st1, k, sizeof(k));
 
-   chacha20poly1305_setiv(&st1, iv, sizeof(iv));
 
-   chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
 
+   /* encrypt IV 96bit */
 
+   if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_setiv(&st1, i12, sizeof(i12))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
 
    /* encrypt piece by piece */
 
-   chacha20poly1305_encrypt(&st1, (unsigned char *)m,      25,        ct);
 
-   chacha20poly1305_encrypt(&st1, (unsigned char *)m + 25, 10,        ct + 25);
 
-   chacha20poly1305_encrypt(&st1, (unsigned char *)m + 35, 35,        ct + 35);
 
-   chacha20poly1305_encrypt(&st1, (unsigned char *)m + 70, 5,         ct + 70);
 
-   chacha20poly1305_encrypt(&st1, (unsigned char *)m + 75, 5,         ct + 75);
 
-   chacha20poly1305_encrypt(&st1, (unsigned char *)m + 80, mlen - 80, ct + 80);
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m,      25,        ct)) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 25, 10,        ct + 25)) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 35, 35,        ct + 35)) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 70, 5,         ct + 70)) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 75, 5,         ct + 75)) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 80, mlen - 80, ct + 80)) != CRYPT_OK) return err;
 
    len = sizeof(emac);
 
-   chacha20poly1305_done(&st1, emac, &len);
 
+   if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
 
 
    if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
-   /* decrypt */
 
-   chacha20poly1305_init(&st2, k, len = sizeof(k));
 
-   chacha20poly1305_setiv(&st2, iv, len = sizeof(iv));
 
-   chacha20poly1305_add_aad(&st2, aad, len = sizeof(aad));
 
-   chacha20poly1305_decrypt(&st2, ct,      21,        pt);
 
-   chacha20poly1305_decrypt(&st2, ct + 21, mlen - 21, pt + 21);
 
+   /* decrypt IV 96bit */
 
+   if ((err = chacha20poly1305_init(&st2, k, sizeof(k))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_setiv(&st2, i12, sizeof(i12))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_add_aad(&st2, aad, sizeof(aad))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_decrypt(&st2, ct,      21,        pt)) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_decrypt(&st2, ct + 21, mlen - 21, pt + 21)) != CRYPT_OK) return err;
 
    len = sizeof(dmac);
 
-   chacha20poly1305_done(&st2, dmac, &len);
 
+   if ((err = chacha20poly1305_done(&st2, dmac, &len)) != CRYPT_OK) return err;
 
 
    if (compare_testvector(pt, mlen, m, mlen, "DEC-PT", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    if (compare_testvector(dmac, len, tag, sizeof(tag), "DEC-TAG", 4) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    /* chacha20poly1305_memory - encrypt */
 
    len = sizeof(emac);
 
-   chacha20poly1305_memory(k, sizeof(k), iv, sizeof(iv), aad, sizeof(aad),
 
-                           (unsigned char *)m, mlen, ct, emac, &len, CHCHA20POLY1305_ENCRYPT);
 
+   if ((err = chacha20poly1305_memory(k, sizeof(k), i12, sizeof(i12), aad, sizeof(aad), (unsigned char *)m,
 
+                                      mlen, ct, emac, &len, CHCHA20POLY1305_ENCRYPT)) != CRYPT_OK) return err;
 
    if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG2", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    /* chacha20poly1305_memory - decrypt */
 
    len = sizeof(dmac);
 
-   chacha20poly1305_memory(k, sizeof(k), iv, sizeof(iv), aad, sizeof(aad),
 
-                           ct, mlen, pt, dmac, &len, CHCHA20POLY1305_DECRYPT);
 
+   if ((err = chacha20poly1305_memory(k, sizeof(k), i12, sizeof(i12), aad, sizeof(aad),
 
+                                      ct, mlen, pt, dmac, &len, CHCHA20POLY1305_DECRYPT)) != CRYPT_OK) return err;
 
    if (compare_testvector(pt, mlen, m, mlen, "DEC-PT2", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    if (compare_testvector(dmac, len, tag, sizeof(tag), "DEC-TAG2", 4) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    /* encrypt - rfc7905 */
 
-   chacha20poly1305_init(&st1, k, sizeof(k));
 
-   chacha20poly1305_setiv_rfc7905(&st1, iv, sizeof(iv), CONST64(0x1122334455667788));
 
-   chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
 
-   chacha20poly1305_encrypt(&st1, rfc7905_pt, 16, ct);
 
+   if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_setiv_rfc7905(&st1, i12, sizeof(i12), CONST64(0x1122334455667788))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, rfc7905_pt, 16, ct)) != CRYPT_OK) return err;
 
    len = sizeof(emac);
 
-   chacha20poly1305_done(&st1, emac, &len);
 
+   if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
 
 
    if (compare_testvector(ct, 16, rfc7905_enc, 16, "ENC-CT3", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    if (compare_testvector(emac, len, rfc7905_tag, 16, "ENC-TAG3", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    /* decrypt - rfc7905 */
 
-   chacha20poly1305_init(&st1, k, sizeof(k));
 
-   chacha20poly1305_setiv_rfc7905(&st1, iv, sizeof(iv), CONST64(0x1122334455667788));
 
-   chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
 
-   chacha20poly1305_decrypt(&st1, ct, 16, pt);
 
+   if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_setiv_rfc7905(&st1, i12, sizeof(i12), CONST64(0x1122334455667788))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_decrypt(&st1, ct, 16, pt)) != CRYPT_OK) return err;
 
    len = sizeof(dmac);
 
-   chacha20poly1305_done(&st1, dmac, &len);
 
+   if ((err = chacha20poly1305_done(&st1, dmac, &len)) != CRYPT_OK) return err;
 
 
    if (compare_testvector(pt, 16, rfc7905_pt, 16, "DEC-CT3", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    if (compare_testvector(dmac, len, rfc7905_tag, 16, "DEC-TAG3", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
+   /* encrypt IV 64bit */
 
+   if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_setiv(&st1, i8, sizeof(i8))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m, mlen, ct)) != CRYPT_OK) return err;
 
+   len = sizeof(emac);
 
+   if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
 
+
 
+   /* decrypt IV 64bit */
 
+   if ((err = chacha20poly1305_init(&st2, k, sizeof(k))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_setiv(&st2, i8, sizeof(i8))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_add_aad(&st2, aad, sizeof(aad))) != CRYPT_OK) return err;
 
+   if ((err = chacha20poly1305_decrypt(&st2, ct, mlen, pt)) != CRYPT_OK) return err;
 
+   len = sizeof(dmac);
 
+   if ((err = chacha20poly1305_done(&st2, dmac, &len)) != CRYPT_OK) return err;
 
+
 
+   if (compare_testvector(pt, mlen, m, mlen, "DEC-PT4", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
+   if (compare_testvector(dmac, len, emac, len, "DEC-TAG4", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
 
+
 
    return CRYPT_OK;
 
 #endif
 
 }

+ 34 - 0
src/headers/tomcrypt_cipher.h
View File 

@@ -959,6 +959,40 @@ int chacha_test(void);
 
 
 #endif /* LTC_CHACHA */
 
 
+#ifdef LTC_RC4_STREAM
 
+
 
+typedef struct {
 
+   int x, y;
 
+   unsigned char buf[256];
 
+} rc4_state;
 
+
 
+int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen);
 
+int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
 
+int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen);
 
+int rc4_stream_done(rc4_state *st);
 
+int rc4_stream_test(void);
 
+
 
+#endif /* LTC_RC4_STREAM */
 
+
 
+#ifdef LTC_SOBER128_STREAM
 
+
 
+typedef struct {
 
+   ulong32 R[17],       /* Working storage for the shift register */
 
+           initR[17],   /* saved register contents */
 
+           konst,       /* key dependent constant */
 
+           sbuf;        /* partial word encryption buffer */
 
+   int     nbuf;        /* number of part-word stream bits buffered */
 
+} sober128_state;
 
+
 
+int sober128_stream_setup(sober128_state *st, const unsigned char *key, unsigned long keylen);
 
+int sober128_stream_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen);
 
+int sober128_stream_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
 
+int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen);
 
+int sober128_stream_done(sober128_state *st);
 
+int sober128_stream_test(void);
 
+
 
+#endif /* LTC_SOBER128_STREAM */
 
+
 
 /* $Source$ */
 
 /* $Revision$ */
 
 /* $Date$ */

+ 15 - 4
src/headers/tomcrypt_custom.h
View File 

@@ -189,8 +189,11 @@
 
 #define LTC_KASUMI
 
 #define LTC_MULTI2
 
 #define LTC_CAMELLIA
 
-/* ChaCha is special (a stream cipher) */
 
+
 
+/* stream ciphers */
 
 #define LTC_CHACHA
 
+#define LTC_RC4_STREAM
 
+#define LTC_SOBER128_STREAM
 
 
 #endif /* LTC_NO_CIPHERS */
 
 
@@ -295,7 +298,7 @@
 
 /* a PRNG that simply reads from an available system source */
 
 #define LTC_SPRNG
 
 
-/* The LTC_RC4 stream cipher */
 
+/* The RC4 stream cipher based PRNG */
 
 #define LTC_RC4
 
 
 /* The ChaCha20 stream cipher based PRNG */
 
@@ -304,7 +307,7 @@
 
 /* Fortuna PRNG */
 
 #define LTC_FORTUNA
 
 
-/* Greg's LTC_SOBER128 PRNG ;-0 */
 
+/* Greg's SOBER128 stream cipher based PRNG */
 
 #define LTC_SOBER128
 
 
 /* the *nix style /dev/random device */
 
@@ -523,6 +526,14 @@
 
    #error LTC_CHACHA20_PRNG requires LTC_CHACHA
 
 #endif
 
 
+#if defined(LTC_RC4) && !defined(LTC_RC4_STREAM)
 
+   #error LTC_RC4 requires LTC_RC4_STREAM
 
+#endif
 
+
 
+#if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM)
 
+   #error LTC_SOBER128 requires LTC_SOBER128_STREAM
 
+#endif
 
+
 
 #if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S)
 
    #error LTC_BLAKE2SMAC requires LTC_BLAKE2S
 
 #endif
 
@@ -557,7 +568,7 @@
 
 
 /* Debuggers */
 
 
-/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and LTC_RC4 work (see the code) */
 
+/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */
 
 /* #define LTC_VALGRIND */
 
 
 #endif

+ 15 - 21
src/headers/tomcrypt_prng.h
View File 

@@ -4,14 +4,12 @@ struct yarrow_prng {
 
     int                   cipher, hash;
 
     unsigned char         pool[MAXBLOCKSIZE];
 
     symmetric_CTR         ctr;
 
-    LTC_MUTEX_TYPE(prng_lock)
 
 };
 
 #endif
 
 
 #ifdef LTC_RC4
 
 struct rc4_prng {
 
-    int x, y;
 
-    unsigned char buf[256];
 
+    rc4_state s;
 
 };
 
 #endif
 
 
@@ -20,7 +18,6 @@ struct chacha20_prng {
 
     chacha_state s;        /* chacha state */
 
     unsigned char ent[40]; /* entropy buffer */
 
     unsigned long idx;     /* entropy counter */
 
-    short ready;           /* ready flag 0-1 */
 
 };
 
 #endif
 
 
@@ -38,41 +35,38 @@ struct fortuna_prng {
 
                   wd;
 
 
     ulong64       reset_cnt;  /* number of times we have reset */
 
-    LTC_MUTEX_TYPE(prng_lock)
 
 };
 
 #endif
 
 
 #ifdef LTC_SOBER128
 
 struct sober128_prng {
 
-    ulong32      R[17],          /* Working storage for the shift register */
 
-                 initR[17],      /* saved register contents */
 
-                 konst,          /* key dependent constant */
 
-                 sbuf;           /* partial word encryption buffer */
 
-
 
-    int          nbuf,           /* number of part-word stream bits buffered */
 
-                 flag,           /* first add_entropy call or not? */
 
-                 set;            /* did we call add_entropy to set key? */
 
-
 
+    sober128_state s;      /* sober128 state */
 
+    unsigned char ent[40]; /* entropy buffer */
 
+    unsigned long idx;     /* entropy counter */
 
 };
 
 #endif
 
 
-typedef union Prng_state {
 
-    char dummy[1];
 
+typedef struct {
 
+   union {
 
+      char dummy[1];
 
 #ifdef LTC_YARROW
 
-    struct yarrow_prng    yarrow;
 
+      struct yarrow_prng    yarrow;
 
 #endif
 
 #ifdef LTC_RC4
 
-    struct rc4_prng       rc4;
 
+      struct rc4_prng       rc4;
 
 #endif
 
 #ifdef LTC_CHACHA20_PRNG
 
-    struct chacha20_prng  chacha;
 
+      struct chacha20_prng  chacha;
 
 #endif
 
 #ifdef LTC_FORTUNA
 
-    struct fortuna_prng   fortuna;
 
+      struct fortuna_prng   fortuna;
 
 #endif
 
 #ifdef LTC_SOBER128
 
-    struct sober128_prng  sober128;
 
+      struct sober128_prng  sober128;
 
 #endif
 
+   };
 
+   short ready;            /* ready flag 0-1 */
 
+   LTC_MUTEX_TYPE(lock);   /* lock */
 
 } prng_state;
 
 
 /** PRNG descriptor */

+ 15 - 13
src/mac/poly1305/poly1305_test.c
View File 

@@ -28,21 +28,23 @@ int poly1305_test(void)
 
    unsigned long len = 16, mlen = strlen(m);
 
    unsigned char out[1000];
 
    poly1305_state st;
 
+   int err;
 
+
 
    /* process piece by piece */
 
-   poly1305_init(&st, k, 32);
 
-   poly1305_process(&st, (unsigned char*)m,      5);
 
-   poly1305_process(&st, (unsigned char*)m + 5,  4);
 
-   poly1305_process(&st, (unsigned char*)m + 9,  3);
 
-   poly1305_process(&st, (unsigned char*)m + 12, 2);
 
-   poly1305_process(&st, (unsigned char*)m + 14, 1);
 
-   poly1305_process(&st, (unsigned char*)m + 15, mlen - 15);
 
-   poly1305_done(&st, out, &len);
 
-   if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV1", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = poly1305_init(&st, k, 32)) != CRYPT_OK)                                return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m,      5)) != CRYPT_OK)         return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m + 5,  4)) != CRYPT_OK)         return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m + 9,  3)) != CRYPT_OK)         return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m + 12, 2)) != CRYPT_OK)         return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m + 14, 1)) != CRYPT_OK)         return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m + 15, mlen - 15)) != CRYPT_OK) return err;
 
+   if ((err = poly1305_done(&st, out, &len)) != CRYPT_OK)                            return err;
 
+   if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV1", 1) != 0)       return CRYPT_FAIL_TESTVECTOR;
 
    /* process in one go */
 
-   poly1305_init(&st, k, 32);
 
-   poly1305_process(&st, (unsigned char*)m, mlen);
 
-   poly1305_done(&st, out, &len);
 
-   if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = poly1305_init(&st, k, 32)) != CRYPT_OK)                                return err;
 
+   if ((err = poly1305_process(&st, (unsigned char*)m, mlen)) != CRYPT_OK)           return err;
 
+   if ((err = poly1305_done(&st, out, &len)) != CRYPT_OK)                            return err;
 
+   if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV2", 1) != 0)       return CRYPT_FAIL_TESTVECTOR;
 
    return CRYPT_OK;
 
 #endif
 
 }

+ 7 - 0
src/misc/crypt/crypt.c
View File 

@@ -124,9 +124,16 @@ const char *crypt_build_settings =
 
 #if defined(LTC_CAMELLIA)
 
    "   Camellia\n"
 
 #endif
 
+   "Stream ciphers built-in:\n"
 
 #if defined(LTC_CHACHA)
 
    "   ChaCha\n"
 
 #endif
 
+#if defined(LTC_RC4_STREAM)
 
+   "   RC4\n"
 
+#endif
 
+#if defined(LTC_SOBER128_STREAM)
 
+   "   SOBER128\n"
 
+#endif
 
 
     "\nHashes built-in:\n"
 
 #if defined(LTC_SHA3)

+ 79 - 56
src/prngs/chacha20.c
View File 

@@ -17,8 +17,8 @@
 
 
 const struct ltc_prng_descriptor chacha20_prng_desc =
 
 {
 
-   "chacha",
 
-   sizeof(chacha_state),
 
+   "chacha20",
 
+   40,
 
    &chacha20_prng_start,
 
    &chacha20_prng_add_entropy,
 
    &chacha20_prng_ready,
 
@@ -37,9 +37,10 @@ const struct ltc_prng_descriptor chacha20_prng_desc =
 
 int chacha20_prng_start(prng_state *prng)
 
 {
 
    LTC_ARGCHK(prng != NULL);
 
-   prng->chacha.ready = 0;
 
-   XMEMSET(&prng->chacha.ent, 0, 40);
 
+   prng->ready = 0;
 
+   XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
 
    prng->chacha.idx = 0;
 
+   LTC_MUTEX_INIT(&prng->lock)
 
    return CRYPT_OK;
 
 }
 
 
@@ -60,23 +61,26 @@ int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng
 
    LTC_ARGCHK(in != NULL);
 
    LTC_ARGCHK(inlen > 0);
 
 
-   if (prng->chacha.ready) {
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (prng->ready) {
 
       /* chacha20_prng_ready() was already called, do "rekey" operation */
 
-      if ((err = chacha_keystream(&prng->chacha.s, buf, 40)) != CRYPT_OK)      return err;
 
-      for(i = 0; i < inlen; i++) buf[i % 40] ^= in[i];
 
+      if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
 
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
 
       /* key 32 bytes, 20 rounds */
 
-      if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK)      return err;
 
+      if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
 
       /* iv 8 bytes */
 
-      if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) return err;
 
+      if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
 
       /* clear KEY + IV */
 
-      XMEMSET(buf, 0, 40);
 
+      XMEMSET(buf, 0, sizeof(buf));
 
    }
 
    else {
 
       /* chacha20_prng_ready() was not called yet, add entropy to ent buffer */
 
-      while (inlen--) prng->chacha.ent[prng->chacha.idx++ % 40] ^= *in++;
 
+      while (inlen--) prng->chacha.ent[prng->chacha.idx++ % sizeof(prng->chacha.ent)] ^= *in++;
 
    }
 
-
 
-   return CRYPT_OK;
 
+   err = CRYPT_OK;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -90,14 +94,18 @@ int chacha20_prng_ready(prng_state *prng)
 
 
    LTC_ARGCHK(prng != NULL);
 
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (prng->ready)                                                    { err = CRYPT_OK; goto LBL_UNLOCK; }
 
    /* key 32 bytes, 20 rounds */
 
-   if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK)      return err;
 
+   if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
 
    /* iv 8 bytes */
 
-   if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) return err;
 
-   XMEMSET(&prng->chacha.ent, 0, 40);
 
-   prng->chacha.ready = 1;
 
+   if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
 
+   XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
 
    prng->chacha.idx = 0;
 
-   return CRYPT_OK;
 
+   prng->ready = 1;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -109,8 +117,12 @@ int chacha20_prng_ready(prng_state *prng)
 
 */
 
 unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 
 {
 
-   LTC_ARGCHK(prng != NULL);
 
-   if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) return 0;
 
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
 
+   if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
    return outlen;
 
 }
 
 
@@ -121,8 +133,13 @@ unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_
 
 */
 
 int chacha20_prng_done(prng_state *prng)
 
 {
 
+   int err;
 
    LTC_ARGCHK(prng != NULL);
 
-   return chacha_done(&prng->chacha.s);
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   prng->ready = 0;
 
+   err = chacha_done(&prng->chacha.s);
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -134,19 +151,21 @@ int chacha20_prng_done(prng_state *prng)
 
 */
 
 int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 {
 
-   unsigned long len = sizeof(chacha_state);
 
-   LTC_ARGCHK(outlen != NULL);
 
-   LTC_ARGCHK(out    != NULL);
 
+   unsigned long len = chacha20_prng_desc.export_size;
 
+
 
    LTC_ARGCHK(prng   != NULL);
 
+   LTC_ARGCHK(out    != NULL);
 
+   LTC_ARGCHK(outlen != NULL);
 
 
-   if (!prng->chacha.ready) {
 
-      return CRYPT_ERROR;
 
-   }
 
    if (*outlen < len) {
 
       *outlen = len;
 
       return CRYPT_BUFFER_OVERFLOW;
 
    }
 
-   XMEMCPY(out, &prng->chacha.s, len);
 
+
 
+   if (chacha20_prng_read(out, len, prng) != len) {
 
+      return CRYPT_ERROR_READPRNG;
 
+   }
 
+
 
    *outlen = len;
 
    return CRYPT_OK;
 
 }
 
@@ -160,13 +179,14 @@ int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *
 
 */
 
 int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 {
 
-   unsigned long len = sizeof(chacha_state);
 
-   LTC_ARGCHK(in   != NULL);
 
+   int err;
 
+
 
    LTC_ARGCHK(prng != NULL);
 
+   LTC_ARGCHK(in   != NULL);
 
+   if (inlen < (unsigned long)chacha20_prng_desc.export_size) return CRYPT_INVALID_ARG;
 
 
-   if (inlen != len) return CRYPT_INVALID_ARG;
 
-   XMEMCPY(&prng->chacha.s, in, inlen);
 
-   prng->chacha.ready = 1;
 
+   if ((err = chacha20_prng_start(prng)) != CRYPT_OK)                  return err;
 
+   if ((err = chacha20_prng_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
 
    return CRYPT_OK;
 
 }
 
 
@@ -188,29 +208,32 @@ int chacha20_prng_test(void)
 
    unsigned char dmp[300];
 
    unsigned long dmplen = sizeof(dmp);
 
    unsigned char out[500];
 
-   unsigned char t1[] = { 0x59, 0xb2, 0x26, 0x95, 0x2b, 0x01, 0x8f, 0x05, 0xbe, 0xd8 };
 
-   unsigned char t2[] = { 0x30, 0x34, 0x5c, 0x6e, 0x56, 0x18, 0x8c, 0x46, 0xbe, 0x8a };
 
-
 
-   chacha20_prng_start(&st);
 
-   chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to uninitialized prng */
 
-   chacha20_prng_ready(&st);
 
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
 
-   if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
 
-   chacha20_prng_read(out, 500, &st);
 
-   chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to already initialized prng */
 
-   chacha20_prng_read(out, 500, &st);
 
-   chacha20_prng_export(dmp, &dmplen, &st);
 
-   chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
 
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
 
-   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
 
-   chacha20_prng_done(&st);
 
-
 
-   XMEMSET(&st, 0xFF, sizeof(st)); /* just to be sure */
 
-   chacha20_prng_import(dmp, dmplen, &st);
 
-   chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
 
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
 
-   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
 
-   chacha20_prng_done(&st);
 
+   unsigned char t1[] = { 0x59, 0xB2, 0x26, 0x95, 0x2B, 0x01, 0x8F, 0x05, 0xBE, 0xD8 };
 
+   unsigned char t2[] = { 0x47, 0xC9, 0x0D, 0x03, 0xE4, 0x75, 0x34, 0x27, 0xBD, 0xDE };
 
+   unsigned char t3[] = { 0xBC, 0xFA, 0xEF, 0x59, 0x37, 0x7F, 0x1A, 0x91, 0x1A, 0xA6 };
 
+   int err;
 
+
 
+   if ((err = chacha20_prng_start(&st)) != CRYPT_OK)                       return err;
 
+   /* add entropy to uninitialized prng */
 
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
 
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
 
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1))      return CRYPT_FAIL_TESTVECTOR;
 
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   /* add entropy to already initialized prng */
 
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
 
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if ((err = chacha20_prng_export(dmp, &dmplen, &st)) != CRYPT_OK)        return err;
 
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2))      return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
 
+   if ((err = chacha20_prng_import(dmp, dmplen, &st)) != CRYPT_OK)         return err;
 
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
 
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t3, sizeof(t3), "CHACHA-PRNG", 3))      return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
 
 
    return CRYPT_OK;
 
 #endif

+ 61 - 42
src/prngs/fortuna.c
View File 

@@ -5,8 +5,6 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
 #include "tomcrypt.h"
 
 
@@ -38,7 +36,8 @@ we reseed automatically when len(pool0) >= 64 or every LTC_FORTUNA_WD calls to t
 
 #endif
 
 
 const struct ltc_prng_descriptor fortuna_desc = {
 
-    "fortuna", 1024,
 
+    "fortuna",
 
+    (32 * LTC_FORTUNA_POOLS), /* default: 1024 */
 
     &fortuna_start,
 
     &fortuna_add_entropy,
 
     &fortuna_ready,
 
@@ -133,6 +132,7 @@ int fortuna_start(prng_state *prng)
 
    unsigned char tmp[MAXBLOCKSIZE];
 
 
    LTC_ARGCHK(prng != NULL);
 
+   prng->ready = 0;
 
 
    /* initialize the pools */
 
    for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
 
@@ -156,7 +156,7 @@ int fortuna_start(prng_state *prng)
 
    }
 
    zeromem(prng->fortuna.IV, 16);
 
 
-   LTC_MUTEX_INIT(&prng->fortuna.prng_lock)
 
+   LTC_MUTEX_INIT(&prng->lock)
 
 
    return CRYPT_OK;
 
 }
 
@@ -173,27 +173,25 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
 
    unsigned char tmp[2];
 
    int           err;
 
 
-   LTC_ARGCHK(in  != NULL);
 
    LTC_ARGCHK(prng != NULL);
 
-
 
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
 
+   LTC_ARGCHK(in != NULL);
 
+   LTC_ARGCHK(inlen > 0);
 
 
    /* ensure inlen <= 32 */
 
    if (inlen > 32) {
 
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-      return CRYPT_INVALID_ARG;
 
+      inlen = 32;
 
    }
 
 
    /* add s || length(in) || in to pool[pool_idx] */
 
    tmp[0] = 0;
 
    tmp[1] = (unsigned char)inlen;
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
    if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], tmp, 2)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
    if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], in, inlen)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
    if (prng->fortuna.pool_idx == 0) {
 
       prng->fortuna.pool0_len += inlen;
 
@@ -201,9 +199,11 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
 
    if (++(prng->fortuna.pool_idx) == LTC_FORTUNA_POOLS) {
 
       prng->fortuna.pool_idx = 0;
 
    }
 
+   err = CRYPT_OK; /* success */
 
 
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-   return CRYPT_OK;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -213,7 +213,15 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
 
 */
 
 int fortuna_ready(prng_state *prng)
 
 {
 
-   return fortuna_reseed(prng);
 
+   int err;
 
+   LTC_ARGCHK(prng != NULL);
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   err = fortuna_reseed(prng);
 
+   prng->ready = (err == CRYPT_OK) ? 1 : 0;
 
+
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -226,18 +234,20 @@ int fortuna_ready(prng_state *prng)
 
 unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 
 {
 
    unsigned char tmp[16];
 
-   unsigned long tlen;
 
+   unsigned long tlen = 0;
 
 
-   LTC_ARGCHK(out  != NULL);
 
-   LTC_ARGCHK(prng != NULL);
 
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
 
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
 
+   if (!prng->ready) {
 
+      goto LBL_UNLOCK;
 
+   }
 
 
    /* do we have to reseed? */
 
    if (++prng->fortuna.wd == LTC_FORTUNA_WD || prng->fortuna.pool0_len >= 64) {
 
       if (fortuna_reseed(prng) != CRYPT_OK) {
 
-         LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-         return 0;
 
+         goto LBL_UNLOCK;
 
       }
 
    }
 
 
@@ -268,14 +278,14 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
 
    fortuna_update_iv(prng);
 
 
    if (rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-      return 0;
 
+      tlen = 0;
 
    }
 
 
+LBL_UNLOCK:
 
 #ifdef LTC_CLEAN_STACK
 
    zeromem(tmp, sizeof(tmp));
 
 #endif
 
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
    return tlen;
 
 }
 
 
@@ -290,23 +300,25 @@ int fortuna_done(prng_state *prng)
 
    unsigned char tmp[32];
 
 
    LTC_ARGCHK(prng != NULL);
 
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   prng->ready = 0;
 
 
    /* terminate all the hashes */
 
    for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
 
        if ((err = sha256_done(&(prng->fortuna.pool[x]), tmp)) != CRYPT_OK) {
 
-          LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-          return err;
 
+          goto LBL_UNLOCK;
 
        }
 
    }
 
    /* call cipher done when we invent one ;-) */
 
+   err = CRYPT_OK; /* success */
 
 
+LBL_UNLOCK:
 
 #ifdef LTC_CLEAN_STACK
 
    zeromem(tmp, sizeof(tmp));
 
 #endif
 
-
 
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-   return CRYPT_OK;
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -320,24 +332,30 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 {
 
    int         x, err;
 
    hash_state *md;
 
+   unsigned long len = fortuna_desc.export_size;
 
 
    LTC_ARGCHK(out    != NULL);
 
    LTC_ARGCHK(outlen != NULL);
 
    LTC_ARGCHK(prng   != NULL);
 
 
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+
 
+   if (!prng->ready) {
 
+      err = CRYPT_ERROR;
 
+      goto LBL_UNLOCK;
 
+   }
 
 
    /* we'll write bytes for s&g's */
 
-   if (*outlen < 32*LTC_FORTUNA_POOLS) {
 
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-      *outlen = 32*LTC_FORTUNA_POOLS;
 
-      return CRYPT_BUFFER_OVERFLOW;
 
+   if (*outlen < len) {
 
+      *outlen = len;
 
+      err = CRYPT_BUFFER_OVERFLOW;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    md = XMALLOC(sizeof(hash_state));
 
    if (md == NULL) {
 
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
-      return CRYPT_MEM;
 
+      err = CRYPT_MEM;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    /* to emit the state we copy each pool, terminate it then hash it again so
 
@@ -363,7 +381,7 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
          goto LBL_ERR;
 
       }
 
    }
 
-   *outlen = 32*LTC_FORTUNA_POOLS;
 
+   *outlen = len;
 
    err = CRYPT_OK;
 
 
 LBL_ERR:
 
@@ -371,7 +389,8 @@ LBL_ERR:
 
    zeromem(md, sizeof(*md));
 
 #endif
 
    XFREE(md);
 
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
    return err;
 
 }
 
 
@@ -389,7 +408,7 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn
 
    LTC_ARGCHK(in   != NULL);
 
    LTC_ARGCHK(prng != NULL);
 
 
-   if (inlen != 32*LTC_FORTUNA_POOLS) {
 
+   if (inlen < (unsigned long)fortuna_desc.export_size) {
 
       return CRYPT_INVALID_ARG;
 
    }
 
 
@@ -401,7 +420,7 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn
 
          return err;
 
       }
 
    }
 
-   return err;
 
+   return CRYPT_OK;
 
 }
 
 
 /**

+ 123 - 148
src/prngs/rc4.c
View File 

@@ -5,29 +5,28 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
 #include "tomcrypt.h"
 
 
 /**
 
   @file rc4.c
 
-  LTC_RC4 PRNG, Tom St Denis
 
+  RC4 PRNG, Tom St Denis
 
 */
 
 
 #ifdef LTC_RC4
 
 
 const struct ltc_prng_descriptor rc4_desc =
 
 {
 
-   "rc4", 32,
 
-    &rc4_start,
 
-    &rc4_add_entropy,
 
-    &rc4_ready,
 
-    &rc4_read,
 
-    &rc4_done,
 
-    &rc4_export,
 
-    &rc4_import,
 
-    &rc4_test
 
+   "rc4",
 
+   32,
 
+   &rc4_start,
 
+   &rc4_add_entropy,
 
+   &rc4_ready,
 
+   &rc4_read,
 
+   &rc4_done,
 
+   &rc4_export,
 
+   &rc4_import,
 
+   &rc4_test
 
 };
 
 
 /**
 
@@ -37,12 +36,14 @@ const struct ltc_prng_descriptor rc4_desc =
 
 */
 
 int rc4_start(prng_state *prng)
 
 {
 
-    LTC_ARGCHK(prng != NULL);
 
-
 
-    /* set keysize to zero */
 
-    prng->rc4.x = 0;
 
-
 
-    return CRYPT_OK;
 
+   LTC_ARGCHK(prng != NULL);
 
+   prng->ready = 0;
 
+   /* set entropy (key) size to zero */
 
+   prng->rc4.s.x = 0;
 
+   /* clear entropy (key) buffer */
 
+   XMEMSET(&prng->rc4.s.buf, 0, sizeof(prng->rc4.s.buf));
 
+   LTC_MUTEX_INIT(&prng->lock)
 
+   return CRYPT_OK;
 
 }
 
 
 /**
 
@@ -54,26 +55,32 @@ int rc4_start(prng_state *prng)
 
 */
 
 int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 {
 
-    LTC_ARGCHK(in  != NULL);
 
-    LTC_ARGCHK(prng != NULL);
 
-
 
-    /* trim as required */
 
-    if (prng->rc4.x + inlen > 256) {
 
-       if (prng->rc4.x == 256) {
 
-          /* I can't possibly accept another byte, ok maybe a mint wafer... */
 
-          return CRYPT_OK;
 
-       } else {
 
-          /* only accept part of it */
 
-          inlen = 256 - prng->rc4.x;
 
-       }
 
-    }
 
-
 
-    while (inlen--) {
 
-       prng->rc4.buf[prng->rc4.x++] = *in++;
 
-    }
 
-
 
-    return CRYPT_OK;
 
+   unsigned char buf[256];
 
+   unsigned long i;
 
+   int err;
 
 
+   LTC_ARGCHK(prng != NULL);
 
+   LTC_ARGCHK(in != NULL);
 
+   LTC_ARGCHK(inlen > 0);
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (prng->ready) {
 
+      /* rc4_ready() was already called, do "rekey" operation */
 
+      if ((err = rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
 
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
 
+      /* initialize RC4 */
 
+      if ((err = rc4_stream_setup(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
 
+      /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
 
+      for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf));
 
+   }
 
+   else {
 
+      /* rc4_ready() was not called yet, add entropy to the buffer */
 
+      while (inlen--) prng->rc4.s.buf[prng->rc4.s.x++ % sizeof(prng->rc4.s.buf)] ^= *in++;
 
+   }
 
+   err = CRYPT_OK;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -83,36 +90,24 @@ int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *pr
 
 */
 
 int rc4_ready(prng_state *prng)
 
 {
 
-    unsigned char key[256], tmp, *s;
 
-    int keylen, x, y, j;
 
+   unsigned char buf[256] = { 0 };
 
+   unsigned long len;
 
+   int err, i;
 
 
-    LTC_ARGCHK(prng != NULL);
 
-
 
-    /* extract the key */
 
-    s = prng->rc4.buf;
 
-    XMEMCPY(key, s, 256);
 
-    keylen = prng->rc4.x;
 
-
 
-    /* make LTC_RC4 perm and shuffle */
 
-    for (x = 0; x < 256; x++) {
 
-        s[x] = x;
 
-    }
 
-
 
-    for (j = x = y = 0; x < 256; x++) {
 
-        y = (y + prng->rc4.buf[x] + key[j++]) & 255;
 
-        if (j == keylen) {
 
-           j = 0;
 
-        }
 
-        tmp = s[x]; s[x] = s[y]; s[y] = tmp;
 
-    }
 
-    prng->rc4.x = 0;
 
-    prng->rc4.y = 0;
 
-
 
-#ifdef LTC_CLEAN_STACK
 
-    zeromem(key, sizeof(key));
 
-#endif
 
+   LTC_ARGCHK(prng != NULL);
 
 
-    return CRYPT_OK;
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
 
+   XMEMCPY(buf, prng->rc4.s.buf, sizeof(buf));
 
+   /* initialize RC4 */
 
+   len = MIN(prng->rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */
 
+   if ((err = rc4_stream_setup(&prng->rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK;
 
+   /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
 
+   for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf));
 
+   prng->ready = 1;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -124,30 +119,13 @@ int rc4_ready(prng_state *prng)
 
 */
 
 unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 
 {
 
-   unsigned char x, y, *s, tmp;
 
-   unsigned long n;
 
-
 
-   LTC_ARGCHK(out != NULL);
 
-   LTC_ARGCHK(prng != NULL);
 
-
 
-#ifdef LTC_VALGRIND
 
-   zeromem(out, outlen);
 
-#endif
 
-
 
-   n = outlen;
 
-   x = prng->rc4.x;
 
-   y = prng->rc4.y;
 
-   s = prng->rc4.buf;
 
-   while (outlen--) {
 
-      x = (x + 1) & 255;
 
-      y = (y + s[x]) & 255;
 
-      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
 
-      tmp = (s[x] + s[y]) & 255;
 
-      *out++ ^= s[tmp];
 
-   }
 
-   prng->rc4.x = x;
 
-   prng->rc4.y = y;
 
-   return n;
 
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
 
+   if (rc4_stream_keystream(&prng->rc4.s, out, outlen) != CRYPT_OK) outlen = 0;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return outlen;
 
 }
 
 
 /**
 
@@ -157,8 +135,13 @@ unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prn
 
 */
 
 int rc4_done(prng_state *prng)
 
 {
 
+   int err;
 
    LTC_ARGCHK(prng != NULL);
 
-   return CRYPT_OK;
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   prng->ready = 0;
 
+   err = rc4_stream_done(&prng->rc4.s);
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -170,20 +153,22 @@ int rc4_done(prng_state *prng)
 
 */
 
 int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 {
 
-   LTC_ARGCHK(outlen != NULL);
 
-   LTC_ARGCHK(out    != NULL);
 
+   unsigned long len = rc4_desc.export_size;
 
+
 
    LTC_ARGCHK(prng   != NULL);
 
+   LTC_ARGCHK(out    != NULL);
 
+   LTC_ARGCHK(outlen != NULL);
 
 
-   if (*outlen < 32) {
 
-      *outlen = 32;
 
+   if (*outlen < len) {
 
+      *outlen = len;
 
       return CRYPT_BUFFER_OVERFLOW;
 
    }
 
 
-   if (rc4_read(out, 32, prng) != 32) {
 
+   if (rc4_read(out, len, prng) != len) {
 
       return CRYPT_ERROR_READPRNG;
 
    }
 
-   *outlen = 32;
 
 
+   *outlen = len;
 
    return CRYPT_OK;
 
 }
 
 
@@ -197,17 +182,14 @@ int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 {
 
    int err;
 
-   LTC_ARGCHK(in   != NULL);
 
-   LTC_ARGCHK(prng != NULL);
 
 
-   if (inlen != 32) {
 
-      return CRYPT_INVALID_ARG;
 
-   }
 
+   LTC_ARGCHK(prng != NULL);
 
+   LTC_ARGCHK(in   != NULL);
 
+   if (inlen < (unsigned long)rc4_desc.export_size) return CRYPT_INVALID_ARG;
 
 
-   if ((err = rc4_start(prng)) != CRYPT_OK) {
 
-      return err;
 
-   }
 
-   return rc4_add_entropy(in, 32, prng);
 
+   if ((err = rc4_start(prng)) != CRYPT_OK)                  return err;
 
+   if ((err = rc4_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
 
+   return CRYPT_OK;
 
 }
 
 
 /**
 
@@ -216,54 +198,47 @@ int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 */
 
 int rc4_test(void)
 
 {
 
-#if !defined(LTC_TEST) || defined(LTC_VALGRIND)
 
+#ifndef LTC_TEST
 
    return CRYPT_NOP;
 
 #else
 
-   static const struct {
 
-      unsigned char key[8], pt[8], ct[8];
 
-   } tests[] = {
 
-{
 
-   { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
 
-   { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
 
-   { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 }
 
-}
 
-};
 
-   prng_state prng;
 
-   unsigned char dst[8];
 
-   int err, x;
 
+   prng_state st;
 
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
 
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
 
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
 
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
 
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
 
+   unsigned char dmp[500];
 
+   unsigned long dmplen = sizeof(dmp);
 
+   unsigned char out[1000];
 
+   unsigned char t1[] = { 0xE0, 0x4D, 0x9A, 0xF6, 0xA8, 0x9D, 0x77, 0x53, 0xAE, 0x09 };
 
+   unsigned char t2[] = { 0xEF, 0x80, 0xA2, 0xE6, 0x50, 0x91, 0xF3, 0x17, 0x4A, 0x8A };
 
+   unsigned char t3[] = { 0x4B, 0xD6, 0x5C, 0x67, 0x99, 0x03, 0x56, 0x12, 0x80, 0x48 };
 
+   int err;
 
+
 
+   if ((err = rc4_start(&st)) != CRYPT_OK)                         return err;
 
+   /* add entropy to uninitialized prng */
 
+   if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
 
+   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
 
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t1, sizeof(t1), "RC4-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
 
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   /* add entropy to already initialized prng */
 
+   if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
 
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if ((err = rc4_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
 
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t2, sizeof(t2), "RC4-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
 
+   if ((err = rc4_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
 
+   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
 
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t3, sizeof(t3), "RC4-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
 
 
-   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
 
-       if ((err = rc4_start(&prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
-       if ((err = rc4_add_entropy(tests[x].key, 8, &prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
-       if ((err = rc4_ready(&prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
-       XMEMCPY(dst, tests[x].pt, 8);
 
-       if (rc4_read(dst, 8, &prng) != 8) {
 
-          return CRYPT_ERROR_READPRNG;
 
-       }
 
-       rc4_done(&prng);
 
-       if (XMEMCMP(dst, tests[x].ct, 8)) {
 
-#if 0
 
-          int y;
 
-          printf("\n\nLTC_RC4 failed, I got:\n");
 
-          for (y = 0; y < 8; y++) printf("%02x ", dst[y]);
 
-          printf("\n");
 
-#endif
 
-          return CRYPT_FAIL_TESTVECTOR;
 
-       }
 
-   }
 
    return CRYPT_OK;
 
 #endif
 
 }
 
 
 #endif
 
-
 
-
 
-/* $Source$ */
 
-/* $Revision$ */
 
-/* $Date$ */

+ 0 - 2
src/prngs/rng_get_bytes.c
View File 

@@ -5,8 +5,6 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
 #include "tomcrypt.h"

+ 0 - 2
src/prngs/rng_make_prng.c
View File 

@@ -5,8 +5,6 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
 #include "tomcrypt.h"

+ 121 - 377
src/prngs/sober128.c
View File 

@@ -5,9 +5,8 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
+
 
 #include "tomcrypt.h"
 
 
 /**
 
@@ -18,90 +17,20 @@
 
 
 #ifdef LTC_SOBER128
 
 
-#define __LTC_SOBER128TAB_C__
 
-#include "sober128tab.c"
 
-
 
 const struct ltc_prng_descriptor sober128_desc =
 
 {
 
-   "sober128", 64,
 
-    &sober128_start,
 
-    &sober128_add_entropy,
 
-    &sober128_ready,
 
-    &sober128_read,
 
-    &sober128_done,
 
-    &sober128_export,
 
-    &sober128_import,
 
-    &sober128_test
 
+   "sober128",
 
+   40,
 
+   &sober128_start,
 
+   &sober128_add_entropy,
 
+   &sober128_ready,
 
+   &sober128_read,
 
+   &sober128_done,
 
+   &sober128_export,
 
+   &sober128_import,
 
+   &sober128_test
 
 };
 
 
-/* don't change these... */
 
-#define N                        17
 
-#define FOLD                      N /* how many iterations of folding to do */
 
-#define INITKONST        0x6996c53a /* value of KONST to use during key loading */
 
-#define KEYP                     15 /* where to insert key words */
 
-#define FOLDP                     4 /* where to insert non-linear feedback */
 
-
 
-#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
 
-
 
-static ulong32 BYTE2WORD(unsigned char *b)
 
-{
 
-   ulong32 t;
 
-   LOAD32L(t, b);
 
-   return t;
 
-}
 
-
 
-#define WORD2BYTE(w, b) STORE32L(b, w)
 
-
 
-static void XORWORD(ulong32 w, unsigned char *b)
 
-{
 
-   ulong32 t;
 
-   LOAD32L(t, b);
 
-   t ^= w;
 
-   STORE32L(t, b);
 
-}
 
-
 
-/* give correct offset for the current position of the register,
 
- * where logically R[0] is at position "zero".
 
- */
 
-#define OFF(zero, i) (((zero)+(i)) % N)
 
-
 
-/* step the LFSR */
 
-/* After stepping, "zero" moves right one place */
 
-#define STEP(R,z) \
 
-    R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
 
-
 
-static void cycle(ulong32 *R)
 
-{
 
-    ulong32 t;
 
-    int     i;
 
-
 
-    STEP(R,0);
 
-    t = R[0];
 
-    for (i = 1; i < N; ++i) {
 
-        R[i-1] = R[i];
 
-    }
 
-    R[N-1] = t;
 
-}
 
-
 
-/* Return a non-linear function of some parts of the register.
 
- */
 
-#define NLFUNC(c,z) \
 
-{ \
 
-    t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
 
-    t ^= Sbox[(t >> 24) & 0xFF]; \
 
-    t = RORc(t, 8); \
 
-    t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
 
-    t ^= Sbox[(t >> 24) & 0xFF]; \
 
-    t = t + c->R[OFF(z,13)]; \
 
-}
 
-
 
-static ulong32 nltap(struct sober128_prng *c)
 
-{
 
-    ulong32 t;
 
-    NLFUNC(c, 0);
 
-    return t;
 
-}
 
-
 
 /**
 
   Start the PRNG
 
   @param prng     [out] The PRNG state to initialize
 
@@ -109,93 +38,12 @@ static ulong32 nltap(struct sober128_prng *c)
 
 */
 
 int sober128_start(prng_state *prng)
 
 {
 
-    int                   i;
 
-    struct sober128_prng *c;
 
-
 
-    LTC_ARGCHK(prng != NULL);
 
-
 
-    c = &(prng->sober128);
 
-
 
-    /* Register initialised to Fibonacci numbers */
 
-    c->R[0] = 1;
 
-    c->R[1] = 1;
 
-    for (i = 2; i < N; ++i) {
 
-       c->R[i] = c->R[i-1] + c->R[i-2];
 
-    }
 
-    c->konst = INITKONST;
 
-
 
-    /* next add_entropy will be the key */
 
-    c->flag  = 1;
 
-    c->set   = 0;
 
-
 
-    return CRYPT_OK;
 
-}
 
-
 
-/* Save the current register state
 
- */
 
-static void s128_savestate(struct sober128_prng *c)
 
-{
 
-    int i;
 
-    for (i = 0; i < N; ++i) {
 
-        c->initR[i] = c->R[i];
 
-    }
 
-}
 
-
 
-/* initialise to previously saved register state
 
- */
 
-static void s128_reloadstate(struct sober128_prng *c)
 
-{
 
-    int i;
 
-
 
-    for (i = 0; i < N; ++i) {
 
-        c->R[i] = c->initR[i];
 
-    }
 
-}
 
-
 
-/* Initialise "konst"
 
- */
 
-static void s128_genkonst(struct sober128_prng *c)
 
-{
 
-    ulong32 newkonst;
 
-
 
-    do {
 
-       cycle(c->R);
 
-       newkonst = nltap(c);
 
-    } while ((newkonst & 0xFF000000) == 0);
 
-    c->konst = newkonst;
 
-}
 
-
 
-/* Load key material into the register
 
- */
 
-#define ADDKEY(k) \
 
-   c->R[KEYP] += (k);
 
-
 
-#define XORNL(nl) \
 
-   c->R[FOLDP] ^= (nl);
 
-
 
-/* nonlinear diffusion of register for key */
 
-#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
 
-static void s128_diffuse(struct sober128_prng *c)
 
-{
 
-    ulong32 t;
 
-    /* relies on FOLD == N == 17! */
 
-    DROUND(0);
 
-    DROUND(1);
 
-    DROUND(2);
 
-    DROUND(3);
 
-    DROUND(4);
 
-    DROUND(5);
 
-    DROUND(6);
 
-    DROUND(7);
 
-    DROUND(8);
 
-    DROUND(9);
 
-    DROUND(10);
 
-    DROUND(11);
 
-    DROUND(12);
 
-    DROUND(13);
 
-    DROUND(14);
 
-    DROUND(15);
 
-    DROUND(16);
 
+   LTC_ARGCHK(prng != NULL);
 
+   prng->ready = 0;
 
+   XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
 
+   prng->sober128.idx = 0;
 
+   LTC_MUTEX_INIT(&prng->lock)
 
+   return CRYPT_OK;
 
 }
 
 
 /**
 
@@ -207,63 +55,34 @@ static void s128_diffuse(struct sober128_prng *c)
 
 */
 
 int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 {
 
-    struct sober128_prng *c;
 
-    ulong32               i, k;
 
-
 
-    LTC_ARGCHK(in != NULL);
 
-    LTC_ARGCHK(prng != NULL);
 
-    c = &(prng->sober128);
 
-
 
-    if (c->flag == 1) {
 
-       /* this is the first call to the add_entropy so this input is the key */
 
-       /* inlen must be multiple of 4 bytes */
 
-       if ((inlen & 3) != 0) {
 
-          return CRYPT_INVALID_KEYSIZE;
 
-       }
 
-
 
-       for (i = 0; i < inlen; i += 4) {
 
-           k = BYTE2WORD((unsigned char *)&in[i]);
 
-          ADDKEY(k);
 
-          cycle(c->R);
 
-          XORNL(nltap(c));
 
-       }
 
-
 
-       /* also fold in the length of the key */
 
-       ADDKEY(inlen);
 
-
 
-       /* now diffuse */
 
-       s128_diffuse(c);
 
-
 
-       s128_genkonst(c);
 
-       s128_savestate(c);
 
-       c->nbuf = 0;
 
-       c->flag = 0;
 
-       c->set  = 1;
 
-    } else {
 
-       /* ok we are adding an IV then... */
 
-       s128_reloadstate(c);
 
-
 
-       /* inlen must be multiple of 4 bytes */
 
-       if ((inlen & 3) != 0) {
 
-          return CRYPT_INVALID_KEYSIZE;
 
-       }
 
-
 
-       for (i = 0; i < inlen; i += 4) {
 
-           k = BYTE2WORD((unsigned char *)&in[i]);
 
-          ADDKEY(k);
 
-          cycle(c->R);
 
-          XORNL(nltap(c));
 
-       }
 
-
 
-       /* also fold in the length of the key */
 
-       ADDKEY(inlen);
 
-
 
-       /* now diffuse */
 
-       s128_diffuse(c);
 
-       c->nbuf = 0;
 
-    }
 
+   unsigned char buf[40];
 
+   unsigned long i;
 
+   int err;
 
 
-    return CRYPT_OK;
 
+   LTC_ARGCHK(prng != NULL);
 
+   LTC_ARGCHK(in != NULL);
 
+   LTC_ARGCHK(inlen > 0);
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (prng->ready) {
 
+      /* sober128_ready() was already called, do "rekey" operation */
 
+      if ((err = sober128_stream_keystream(&prng->sober128.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
 
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
 
+      /* key 32 bytes, 20 rounds */
 
+      if ((err = sober128_stream_setup(&prng->sober128.s, buf, 32)) != CRYPT_OK)     goto LBL_UNLOCK;
 
+      /* iv 8 bytes */
 
+      if ((err = sober128_stream_setiv(&prng->sober128.s, buf + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
 
+      /* clear KEY + IV */
 
+      XMEMSET(buf, 0, sizeof(buf));
 
+   }
 
+   else {
 
+      /* sober128_ready() was not called yet, add entropy to ent buffer */
 
+      while (inlen--) prng->sober128.ent[prng->sober128.idx++ % sizeof(prng->sober128.ent)] ^= *in++;
 
+   }
 
+   err = CRYPT_OK;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -273,12 +92,23 @@ int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_stat
 
 */
 
 int sober128_ready(prng_state *prng)
 
 {
 
-   return prng->sober128.set == 1 ? CRYPT_OK : CRYPT_ERROR;
 
-}
 
+   int err;
 
 
-/* XOR pseudo-random bytes into buffer
 
- */
 
-#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, out+(z*4));
 
+   LTC_ARGCHK(prng != NULL);
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (prng->ready)                                                            { err = CRYPT_OK; goto LBL_UNLOCK; }
 
+   /* key 32 bytes, 20 rounds */
 
+   if ((err = sober128_stream_setup(&prng->sober128.s, prng->sober128.ent, 32)) != CRYPT_OK)     goto LBL_UNLOCK;
 
+   /* iv 8 bytes */
 
+   if ((err = sober128_stream_setiv(&prng->sober128.s, prng->sober128.ent + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
 
+   XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
 
+   prng->sober128.idx = 0;
 
+   prng->ready = 1;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
+}
 
 
 /**
 
   Read from the PRNG
 
@@ -289,75 +119,13 @@ int sober128_ready(prng_state *prng)
 
 */
 
 unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 
 {
 
-   struct sober128_prng *c;
 
-   ulong32               t, tlen;
 
-
 
-   LTC_ARGCHK(out  != NULL);
 
-   LTC_ARGCHK(prng != NULL);
 
-
 
-#ifdef LTC_VALGRIND
 
-   zeromem(out, outlen);
 
-#endif
 
-
 
-   c = &(prng->sober128);
 
-   tlen = outlen;
 
-
 
-   /* handle any previously buffered bytes */
 
-   while (c->nbuf != 0 && outlen != 0) {
 
-      *out++ ^= c->sbuf & 0xFF;
 
-       c->sbuf >>= 8;
 
-       c->nbuf -= 8;
 
-       --outlen;
 
-   }
 
-
 
-#ifndef LTC_SMALL_CODE
 
-   /* do lots at a time, if there's enough to do */
 
-   while (outlen >= N*4) {
 
-      SROUND(0);
 
-      SROUND(1);
 
-      SROUND(2);
 
-      SROUND(3);
 
-      SROUND(4);
 
-      SROUND(5);
 
-      SROUND(6);
 
-      SROUND(7);
 
-      SROUND(8);
 
-      SROUND(9);
 
-      SROUND(10);
 
-      SROUND(11);
 
-      SROUND(12);
 
-      SROUND(13);
 
-      SROUND(14);
 
-      SROUND(15);
 
-      SROUND(16);
 
-      out    += 4*N;
 
-      outlen -= 4*N;
 
-   }
 
-#endif
 
-
 
-   /* do small or odd size buffers the slow way */
 
-   while (4 <= outlen) {
 
-      cycle(c->R);
 
-      t = nltap(c);
 
-      XORWORD(t, out);
 
-      out    += 4;
 
-      outlen -= 4;
 
-   }
 
-
 
-   /* handle any trailing bytes */
 
-   if (outlen != 0) {
 
-      cycle(c->R);
 
-      c->sbuf = nltap(c);
 
-      c->nbuf = 32;
 
-      while (c->nbuf != 0 && outlen != 0) {
 
-          *out++ ^= c->sbuf & 0xFF;
 
-          c->sbuf >>= 8;
 
-          c->nbuf -= 8;
 
-          --outlen;
 
-      }
 
-   }
 
-
 
-   return tlen;
 
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
 
+   if (sober128_stream_keystream(&prng->sober128.s, out, outlen) != CRYPT_OK) outlen = 0;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return outlen;
 
 }
 
 
 /**
 
@@ -367,8 +135,13 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state
 
 */
 
 int sober128_done(prng_state *prng)
 
 {
 
+   int err;
 
    LTC_ARGCHK(prng != NULL);
 
-   return CRYPT_OK;
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   prng->ready = 0;
 
+   err = sober128_stream_done(&prng->sober128.s);
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -380,20 +153,22 @@ int sober128_done(prng_state *prng)
 
 */
 
 int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 {
 
-   LTC_ARGCHK(outlen != NULL);
 
-   LTC_ARGCHK(out    != NULL);
 
+   unsigned long len = sober128_desc.export_size;
 
+
 
    LTC_ARGCHK(prng   != NULL);
 
+   LTC_ARGCHK(out    != NULL);
 
+   LTC_ARGCHK(outlen != NULL);
 
 
-   if (*outlen < 64) {
 
-      *outlen = 64;
 
+   if (*outlen < len) {
 
+      *outlen = len;
 
       return CRYPT_BUFFER_OVERFLOW;
 
    }
 
 
-   if (sober128_read(out, 64, prng) != 64) {
 
+   if (sober128_read(out, len, prng) != len) {
 
       return CRYPT_ERROR_READPRNG;
 
    }
 
-   *outlen = 64;
 
 
+   *outlen = len;
 
    return CRYPT_OK;
 
 }
 
 
@@ -407,20 +182,14 @@ int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 {
 
    int err;
 
-   LTC_ARGCHK(in   != NULL);
 
-   LTC_ARGCHK(prng != NULL);
 
 
-   if (inlen != 64) {
 
-      return CRYPT_INVALID_ARG;
 
-   }
 
+   LTC_ARGCHK(prng != NULL);
 
+   LTC_ARGCHK(in   != NULL);
 
+   if (inlen < (unsigned long)sober128_desc.export_size) return CRYPT_INVALID_ARG;
 
 
-   if ((err = sober128_start(prng)) != CRYPT_OK) {
 
-      return err;
 
-   }
 
-   if ((err = sober128_add_entropy(in, 64, prng)) != CRYPT_OK) {
 
-      return err;
 
-   }
 
-   return sober128_ready(prng);
 
+   if ((err = sober128_start(prng)) != CRYPT_OK) return err;
 
+   if ((err = sober128_add_entropy(in, sober128_desc.export_size, prng)) != CRYPT_OK) return err;
 
+   return CRYPT_OK;
 
 }
 
 
 /**
 
@@ -432,69 +201,44 @@ int sober128_test(void)
 
 #ifndef LTC_TEST
 
    return CRYPT_NOP;
 
 #else
 
-   static const struct {
 
-     int keylen, ivlen, len;
 
-     unsigned char key[16], iv[4], out[20];
 
-   } tests[] = {
 
-
 
-{
 
-   16, 4, 20,
 
-
 
-   /* key */
 
-   { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
 
-     0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 },
 
-
 
-   /* IV */
 
-   { 0x00, 0x00, 0x00, 0x00 },
 
-
 
-   /* expected output */
 
-   { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
 
-     0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
 
-     0x40, 0x37, 0x8b, 0xbb }
 
-}
 
-
 
-};
 
-   prng_state    prng;
 
-   unsigned char dst[20];
 
-   int           err, x;
 
+   prng_state st;
 
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
 
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
 
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
 
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
 
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
 
+   unsigned char dmp[300];
 
+   unsigned long dmplen = sizeof(dmp);
 
+   unsigned char out[500];
 
+   unsigned char t1[] = { 0x31, 0x82, 0xA7, 0xA5, 0x8B, 0xD7, 0xCB, 0x39, 0x86, 0x1A };
 
+   unsigned char t2[] = { 0x6B, 0x43, 0x9E, 0xBC, 0xE7, 0x62, 0x9B, 0xE6, 0x9B, 0x83 };
 
+   unsigned char t3[] = { 0x4A, 0x0E, 0x6C, 0xC1, 0xCF, 0xB4, 0x73, 0x49, 0x99, 0x05 };
 
+   int err;
 
 
-   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
 
-       if ((err = sober128_start(&prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
-       if ((err = sober128_add_entropy(tests[x].key, tests[x].keylen, &prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
-       /* add IV */
 
-       if ((err = sober128_add_entropy(tests[x].iv, tests[x].ivlen, &prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
+   if ((err = sober128_start(&st)) != CRYPT_OK)                         return err;
 
+   /* add entropy to uninitialized prng */
 
+   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
 
+   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
 
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t1, sizeof(t1), "SOBER128-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
 
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   /* add entropy to already initialized prng */
 
+   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
 
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if ((err = sober128_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
 
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t2, sizeof(t2), "SOBER128-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
 
+   if ((err = sober128_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
 
+   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
 
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
 
+   if (compare_testvector(out, 10, t3, sizeof(t3), "SOBER128-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
 
 
-       /* ready up */
 
-       if ((err = sober128_ready(&prng)) != CRYPT_OK) {
 
-          return err;
 
-       }
 
-       XMEMSET(dst, 0, tests[x].len);
 
-       if (sober128_read(dst, tests[x].len, &prng) != (unsigned long)tests[x].len) {
 
-          return CRYPT_ERROR_READPRNG;
 
-       }
 
-       sober128_done(&prng);
 
-       if (XMEMCMP(dst, tests[x].out, tests[x].len)) {
 
-#if 0
 
-          printf("\n\nLTC_SOBER128 failed, I got:\n");
 
-          for (y = 0; y < tests[x].len; y++) printf("%02x ", dst[y]);
 
-          printf("\n");
 
-#endif
 
-          return CRYPT_FAIL_TESTVECTOR;
 
-       }
 
-   }
 
    return CRYPT_OK;
 
 #endif
 
 }
 
 
 #endif
 
-
 
-
 
-/* $Source$ */
 
-/* $Revision$ */
 
-/* $Date$ */

+ 15 - 2
src/prngs/sprng.c
View File 

@@ -5,8 +5,6 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
 #include "tomcrypt.h"
 
 
@@ -135,7 +133,22 @@ int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 
 */
 
 int sprng_test(void)
 
 {
 
+#ifndef LTC_TEST
 
+   return CRYPT_NOP;
 
+#else
 
+   prng_state st;
 
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04 };
 
+   unsigned char out[1000];
 
+   int err;
 
+
 
+   if ((err = sprng_start(&st)) != CRYPT_OK)                         return err;
 
+   if ((err = sprng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
 
+   if ((err = sprng_ready(&st)) != CRYPT_OK)                         return err;
 
+   if (sprng_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
 
+   if ((err = sprng_done(&st)) != CRYPT_OK)                          return err;
 
+
 
    return CRYPT_OK;
 
+#endif
 
 }
 
 
 #endif

+ 48 - 61
src/prngs/yarrow.c
View File 

@@ -5,8 +5,6 @@
 
  *
 
  * The library is free for all purposes without any express
 
  * guarantee it works.
 
- *
 
- * Tom St Denis, [email protected], http://libtom.org
 
  */
 
 #include "tomcrypt.h"
 
 
@@ -40,6 +38,7 @@ int yarrow_start(prng_state *prng)
 
    int err;
 
 
    LTC_ARGCHK(prng != NULL);
 
+   prng->ready = 0;
 
 
    /* these are the default hash/cipher combo used */
 
 #ifdef LTC_RIJNDAEL
 
@@ -120,7 +119,7 @@ int yarrow_start(prng_state *prng)
 
 
    /* zero the memory used */
 
    zeromem(prng->yarrow.pool, sizeof(prng->yarrow.pool));
 
-   LTC_MUTEX_INIT(&prng->yarrow.prng_lock)
 
+   LTC_MUTEX_INIT(&prng->lock)
 
 
    return CRYPT_OK;
 
 }
 
@@ -137,43 +136,38 @@ int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
 
    hash_state md;
 
    int err;
 
 
-   LTC_ARGCHK(in  != NULL);
 
    LTC_ARGCHK(prng != NULL);
 
+   LTC_ARGCHK(in != NULL);
 
+   LTC_ARGCHK(inlen > 0);
 
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
 
    if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    /* start the hash */
 
    if ((err = hash_descriptor[prng->yarrow.hash].init(&md)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    /* hash the current pool */
 
    if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,
 
                                                         hash_descriptor[prng->yarrow.hash].hashsize)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    /* add the new entropy */
 
    if ((err = hash_descriptor[prng->yarrow.hash].process(&md, in, inlen)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    /* store result */
 
-   if ((err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
-   }
 
+   err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool);
 
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-   return CRYPT_OK;
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -186,23 +180,21 @@ int yarrow_ready(prng_state *prng)
 
    int ks, err;
 
 
    LTC_ARGCHK(prng != NULL);
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
 
    if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    /* setup CTR mode using the "pool" as the key */
 
    ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
 
    if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
 
    if ((err = ctr_start(prng->yarrow.cipher,     /* what cipher to use */
 
@@ -211,11 +203,13 @@ int yarrow_ready(prng_state *prng)
 
                         0,                       /* number of rounds */
 
                         CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
 
                         &prng->yarrow.ctr)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
+      goto LBL_UNLOCK;
 
    }
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-   return CRYPT_OK;
 
+   prng->ready = 1;
 
+
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
+   return err;
 
 }
 
 
 /**
 
@@ -227,20 +221,25 @@ int yarrow_ready(prng_state *prng)
 
 */
 
 unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 
 {
 
-   LTC_ARGCHK(out  != NULL);
 
-   LTC_ARGCHK(prng != NULL);
 
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
 
+
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
 
+   if (!prng->ready) {
 
+      outlen = 0;
 
+      goto LBL_UNLOCK;
 
+   }
 
 
    /* put out in predictable state first */
 
    zeromem(out, outlen);
 
 
    /* now randomize it */
 
    if (ctr_encrypt(out, out, outlen, &prng->yarrow.ctr) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return 0;
 
+      outlen = 0;
 
    }
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
+
 
+LBL_UNLOCK:
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
    return outlen;
 
 }
 
 
@@ -254,14 +253,15 @@ int yarrow_done(prng_state *prng)
 
    int err;
 
    LTC_ARGCHK(prng != NULL);
 
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
 
+   LTC_MUTEX_LOCK(&prng->lock);
 
+   prng->ready = 0;
 
 
    /* call cipher done when we invent one ;-) */
 
 
    /* we invented one */
 
    err = ctr_done(&prng->yarrow.ctr);
 
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
+   LTC_MUTEX_UNLOCK(&prng->lock);
 
    return err;
 
 }
 
 
@@ -274,25 +274,22 @@ int yarrow_done(prng_state *prng)
 
 */
 
 int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 
 {
 
+   unsigned long len = yarrow_desc.export_size;
 
+
 
    LTC_ARGCHK(out    != NULL);
 
    LTC_ARGCHK(outlen != NULL);
 
    LTC_ARGCHK(prng   != NULL);
 
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
 
-
 
-   /* we'll write 64 bytes for s&g's */
 
-   if (*outlen < 64) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      *outlen = 64;
 
+   if (*outlen < len) {
 
+      *outlen = len;
 
       return CRYPT_BUFFER_OVERFLOW;
 
    }
 
 
-   if (yarrow_read(out, 64, prng) != 64) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
+   if (yarrow_read(out, len, prng) != len) {
 
       return CRYPT_ERROR_READPRNG;
 
    }
 
-   *outlen = 64;
 
 
+   *outlen = len;
 
    return CRYPT_OK;
 
 }
 
 
@@ -309,21 +306,11 @@ int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng
 
 
    LTC_ARGCHK(in   != NULL);
 
    LTC_ARGCHK(prng != NULL);
 
+   if (inlen < (unsigned long)yarrow_desc.export_size) return CRYPT_INVALID_ARG;
 
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
 
-
 
-   if (inlen != 64) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return CRYPT_INVALID_ARG;
 
-   }
 
-
 
-   if ((err = yarrow_start(prng)) != CRYPT_OK) {
 
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-      return err;
 
-   }
 
-   err = yarrow_add_entropy(in, 64, prng);
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
 
-   return err;
 
+   if ((err = yarrow_start(prng)) != CRYPT_OK)                  return err;
 
+   if ((err = yarrow_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
 
+   return CRYPT_OK;
 
 }
 
 
 /**

+ 8 - 2
src/stream/chacha/chacha_crypt.c
View File 

@@ -71,8 +71,14 @@ int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen,
 
    }
 
    for (;;) {
 
      _chacha_block(buf, st->input, st->rounds);
 
-     /* increment the counter */
 
-     if (!++st->input[12] && !++st->input[13] && !++st->input[14]) { ++st->input[15]; }
 
+     if (st->ivlen == 8) {
 
+       /* IV-64bit, increment 64bit counter */
 
+       if (0 == ++st->input[12] && 0 == ++st->input[13]) return CRYPT_OVERFLOW;
 
+     }
 
+     else {
 
+       /* IV-96bit, increment 32bit counter */
 
+       if (0 == ++st->input[12]) return CRYPT_OVERFLOW;
 
+     }
 
      if (inlen <= 64) {
 
        for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i];
 
        st->ksleft = 64 - inlen;

+ 17 - 16
src/stream/chacha/chacha_test.c
View File 

@@ -37,27 +37,28 @@ int chacha_test(void)
 
                           0x87, 0x4D };
 
    char pt[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
 
    chacha_state st;
 
+   int err;
 
 
    len = strlen(pt);
 
    /* crypt piece by piece */
 
-   chacha_setup(&st, k, sizeof(k), 20);
 
-   chacha_ivctr32(&st, n, sizeof(n), 1);
 
-   chacha_crypt(&st, (unsigned char*)pt,      35,       out);
 
-   chacha_crypt(&st, (unsigned char*)pt + 35, 35,       out + 35);
 
-   chacha_crypt(&st, (unsigned char*)pt + 70,  5,       out + 70);
 
-   chacha_crypt(&st, (unsigned char*)pt + 75,  5,       out + 75);
 
-   chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80);
 
-   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
 
+   if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK)                           return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt,      35,       out)) != CRYPT_OK)      return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 35, 35,       out + 35)) != CRYPT_OK) return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 70,  5,       out + 70)) != CRYPT_OK) return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 75,  5,       out + 75)) != CRYPT_OK) return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80)) != CRYPT_OK) return err;
 
+   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1))                      return CRYPT_FAIL_TESTVECTOR;
 
    /* crypt in one go */
 
-   chacha_setup(&st, k, sizeof(k), 20);
 
-   chacha_ivctr32(&st, n, sizeof(n), 1);
 
-   chacha_crypt(&st, (unsigned char*)pt, len, out);
 
-   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
 
+   if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK)                           return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK)                return err;
 
+   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1))                      return CRYPT_FAIL_TESTVECTOR;
 
    /* crypt in one go - using chacha_ivctr64() */
 
-   chacha_setup(&st, k, sizeof(k), 20);
 
-   chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1);
 
-   chacha_crypt(&st, (unsigned char*)pt, len, out);
 
-   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV3", 1)) return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
 
+   if ((err = chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1)) != CRYPT_OK)                   return err;
 
+   if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK)                return err;
 
+   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV3", 1))                      return CRYPT_FAIL_TESTVECTOR;
 
 
    return CRYPT_OK;
 
 #endif

+ 107 - 0
src/stream/rc4/rc4.c
View File 

@@ -0,0 +1,107 @@
 
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 
+ *
 
+ * LibTomCrypt is a library that provides various cryptographic
 
+ * algorithms in a highly modular and flexible manner.
 
+ *
 
+ * The library is free for all purposes without any express
 
+ * guarantee it works.
 
+ */
 
+
 
+#include "tomcrypt.h"
 
+
 
+#ifdef LTC_RC4_STREAM
 
+
 
+/**
 
+   Initialize an RC4 context (only the key)
 
+   @param st        [out] The destination of the RC4 state
 
+   @param key       The secret key
 
+   @param keylen    The length of the secret key (8 - 256 bytes)
 
+   @return CRYPT_OK if successful
 
+*/
 
+int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen)
 
+{
 
+   unsigned char tmp, *s;
 
+   int x, y;
 
+   unsigned long j;
 
+
 
+   LTC_ARGCHK(st  != NULL);
 
+   LTC_ARGCHK(key != NULL);
 
+   LTC_ARGCHK(keylen >= 5); /* 40-2048 bits */
 
+
 
+   s = st->buf;
 
+   for (x = 0; x < 256; x++) {
 
+      s[x] = x;
 
+   }
 
+
 
+   for (j = x = y = 0; x < 256; x++) {
 
+      y = (y + s[x] + key[j++]) & 255;
 
+      if (j == keylen) {
 
+         j = 0;
 
+      }
 
+      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
 
+   }
 
+   st->x = 0;
 
+   st->y = 0;
 
+
 
+   return CRYPT_OK;
 
+}
 
+
 
+/**
 
+   Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4
 
+   @param st      The RC4 state
 
+   @param in      The plaintext (or ciphertext)
 
+   @param inlen   The length of the input (octets)
 
+   @param out     [out] The ciphertext (or plaintext), length inlen
 
+   @return CRYPT_OK if successful
 
+*/
 
+int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
 
+{
 
+   unsigned char x, y, *s, tmp;
 
+
 
+   LTC_ARGCHK(st  != NULL);
 
+   LTC_ARGCHK(in  != NULL);
 
+   LTC_ARGCHK(out != NULL);
 
+
 
+   x = st->x;
 
+   y = st->y;
 
+   s = st->buf;
 
+   while (inlen--) {
 
+      x = (x + 1) & 255;
 
+      y = (y + s[x]) & 255;
 
+      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
 
+      tmp = (s[x] + s[y]) & 255;
 
+      *out++ = *in++ ^ s[tmp];
 
+   }
 
+   st->x = x;
 
+   st->y = y;
 
+   return CRYPT_OK;
 
+}
 
+
 
+/**
 
+  Generate a stream of random bytes via RC4
 
+  @param st      The RC420 state
 
+  @param out     [out] The output buffer
 
+  @param outlen  The output length
 
+  @return CRYPT_OK on success
 
+ */
 
+int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen)
 
+{
 
+   if (outlen == 0) return CRYPT_OK; /* nothing to do */
 
+   LTC_ARGCHK(out != NULL);
 
+   XMEMSET(out, 0, outlen);
 
+   return rc4_stream_crypt(st, out, outlen, out);
 
+}
 
+
 
+/**
 
+  Terminate and clear RC4 state
 
+  @param st      The RC4 state
 
+  @return CRYPT_OK on success
 
+*/
 
+int rc4_stream_done(rc4_state *st)
 
+{
 
+   LTC_ARGCHK(st != NULL);
 
+   XMEMSET(st, 0, sizeof(rc4_state));
 
+   return CRYPT_OK;
 
+}
 
+
 
+#endif

+ 35 - 0
src/stream/rc4/rc4_test.c
View File 

@@ -0,0 +1,35 @@
 
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 
+ *
 
+ * LibTomCrypt is a library that provides various cryptographic
 
+ * algorithms in a highly modular and flexible manner.
 
+ *
 
+ * The library is free for all purposes without any express
 
+ * guarantee it works.
 
+ */
 
+
 
+#include "tomcrypt.h"
 
+
 
+#ifdef LTC_RC4_STREAM
 
+
 
+int rc4_stream_test(void)
 
+{
 
+#ifndef LTC_TEST
 
+   return CRYPT_NOP;
 
+#else
 
+   rc4_state st;
 
+   int err;
 
+   const unsigned char key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
 
+   const unsigned char pt[]  = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
 
+   const unsigned char ct[]  = { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 };
 
+   unsigned char buf[10];
 
+
 
+   if ((err = rc4_stream_setup(&st, key, sizeof(key))) != CRYPT_OK)    return err;
 
+   if ((err = rc4_stream_crypt(&st, pt, sizeof(pt), buf)) != CRYPT_OK) return err;
 
+   if (XMEMCMP(buf, ct, sizeof(ct)))                                   return CRYPT_FAIL_TESTVECTOR;
 
+   if ((err = rc4_stream_done(&st)) != CRYPT_OK)                       return err;
 
+
 
+   return CRYPT_OK;
 
+#endif
 
+}
 
+
 
+#endif

+ 344 - 0
src/stream/sober128/sober128.c
View File 

@@ -0,0 +1,344 @@
 
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 
+ *
 
+ * LibTomCrypt is a library that provides various cryptographic
 
+ * algorithms in a highly modular and flexible manner.
 
+ *
 
+ * The library is free for all purposes without any express
 
+ * guarantee it works.
 
+ *
 
+ * Tom St Denis, [email protected], http://libtom.org
 
+ */
 
+#include "tomcrypt.h"
 
+
 
+/**
 
+ @file sober128.c
 
+ Implementation of SOBER-128 by Tom St Denis.
 
+ Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
 
+*/
 
+
 
+#ifdef LTC_SOBER128
 
+
 
+#define __LTC_SOBER128TAB_C__
 
+#include "sober128tab.c"
 
+
 
+/* don't change these... */
 
+#define N                        17
 
+#define FOLD                      N /* how many iterations of folding to do */
 
+#define INITKONST        0x6996c53a /* value of KONST to use during key loading */
 
+#define KEYP                     15 /* where to insert key words */
 
+#define FOLDP                     4 /* where to insert non-linear feedback */
 
+
 
+#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
 
+
 
+static ulong32 BYTE2WORD(unsigned char *b)
 
+{
 
+   ulong32 t;
 
+   LOAD32L(t, b);
 
+   return t;
 
+}
 
+
 
+static void XORWORD(ulong32 w, const unsigned char *in, unsigned char *out)
 
+{
 
+   ulong32 t;
 
+   LOAD32L(t, in);
 
+   t ^= w;
 
+   STORE32L(t, out);
 
+}
 
+
 
+/* give correct offset for the current position of the register,
 
+ * where logically R[0] is at position "zero".
 
+ */
 
+#define OFF(zero, i) (((zero)+(i)) % N)
 
+
 
+/* step the LFSR */
 
+/* After stepping, "zero" moves right one place */
 
+#define STEP(R,z) \
 
+    R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
 
+
 
+static void cycle(ulong32 *R)
 
+{
 
+    ulong32 t;
 
+    int     i;
 
+
 
+    STEP(R,0);
 
+    t = R[0];
 
+    for (i = 1; i < N; ++i) {
 
+        R[i-1] = R[i];
 
+    }
 
+    R[N-1] = t;
 
+}
 
+
 
+/* Return a non-linear function of some parts of the register.
 
+ */
 
+#define NLFUNC(c,z) \
 
+{ \
 
+    t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
 
+    t ^= Sbox[(t >> 24) & 0xFF]; \
 
+    t = RORc(t, 8); \
 
+    t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
 
+    t ^= Sbox[(t >> 24) & 0xFF]; \
 
+    t = t + c->R[OFF(z,13)]; \
 
+}
 
+
 
+static ulong32 nltap(sober128_state *c)
 
+{
 
+    ulong32 t;
 
+    NLFUNC(c, 0);
 
+    return t;
 
+}
 
+
 
+/* Save the current register state
 
+ */
 
+static void s128_savestate(sober128_state *c)
 
+{
 
+    int i;
 
+    for (i = 0; i < N; ++i) {
 
+        c->initR[i] = c->R[i];
 
+    }
 
+}
 
+
 
+/* initialise to previously saved register state
 
+ */
 
+static void s128_reloadstate(sober128_state *c)
 
+{
 
+    int i;
 
+
 
+    for (i = 0; i < N; ++i) {
 
+        c->R[i] = c->initR[i];
 
+    }
 
+}
 
+
 
+/* Initialise "konst"
 
+ */
 
+static void s128_genkonst(sober128_state *c)
 
+{
 
+    ulong32 newkonst;
 
+
 
+    do {
 
+       cycle(c->R);
 
+       newkonst = nltap(c);
 
+    } while ((newkonst & 0xFF000000) == 0);
 
+    c->konst = newkonst;
 
+}
 
+
 
+/* Load key material into the register
 
+ */
 
+#define ADDKEY(k) \
 
+   c->R[KEYP] += (k);
 
+
 
+#define XORNL(nl) \
 
+   c->R[FOLDP] ^= (nl);
 
+
 
+/* nonlinear diffusion of register for key */
 
+#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
 
+static void s128_diffuse(sober128_state *c)
 
+{
 
+    ulong32 t;
 
+    /* relies on FOLD == N == 17! */
 
+    DROUND(0);
 
+    DROUND(1);
 
+    DROUND(2);
 
+    DROUND(3);
 
+    DROUND(4);
 
+    DROUND(5);
 
+    DROUND(6);
 
+    DROUND(7);
 
+    DROUND(8);
 
+    DROUND(9);
 
+    DROUND(10);
 
+    DROUND(11);
 
+    DROUND(12);
 
+    DROUND(13);
 
+    DROUND(14);
 
+    DROUND(15);
 
+    DROUND(16);
 
+}
 
+
 
+/**
 
+   Initialize an Sober128 context (only the key)
 
+   @param c         [out] The destination of the Sober128 state
 
+   @param key       The secret key
 
+   @param keylen    The length of the secret key (octets)
 
+   @return CRYPT_OK if successful
 
+*/
 
+int sober128_stream_setup(sober128_state *c, const unsigned char *key, unsigned long keylen)
 
+{
 
+   ulong32 i, k;
 
+
 
+   LTC_ARGCHK(c   != NULL);
 
+   LTC_ARGCHK(key != NULL);
 
+   LTC_ARGCHK(keylen > 0);
 
+
 
+   /* keylen must be multiple of 4 bytes */
 
+   if ((keylen & 3) != 0) {
 
+      return CRYPT_INVALID_KEYSIZE;
 
+   }
 
+
 
+   /* Register initialised to Fibonacci numbers */
 
+   c->R[0] = 1;
 
+   c->R[1] = 1;
 
+   for (i = 2; i < N; ++i) {
 
+      c->R[i] = c->R[i-1] + c->R[i-2];
 
+   }
 
+   c->konst = INITKONST;
 
+
 
+   for (i = 0; i < keylen; i += 4) {
 
+      k = BYTE2WORD((unsigned char *)&key[i]);
 
+      ADDKEY(k);
 
+      cycle(c->R);
 
+      XORNL(nltap(c));
 
+   }
 
+
 
+   /* also fold in the length of the key */
 
+   ADDKEY(keylen);
 
+
 
+   /* now diffuse */
 
+   s128_diffuse(c);
 
+   s128_genkonst(c);
 
+   s128_savestate(c);
 
+   c->nbuf = 0;
 
+
 
+   return CRYPT_OK;
 
+}
 
+
 
+/**
 
+  Set IV to the Sober128 state
 
+  @param c       The Sober12820 state
 
+  @param iv      The IV data to add
 
+  @param inlen   The length of the IV (must be 12)
 
+  @return CRYPT_OK on success
 
+ */
 
+int sober128_stream_setiv(sober128_state *c, const unsigned char *iv, unsigned long ivlen)
 
+{
 
+   ulong32 i, k;
 
+
 
+   LTC_ARGCHK(c  != NULL);
 
+   LTC_ARGCHK(iv != NULL);
 
+   LTC_ARGCHK(ivlen > 0);
 
+
 
+   /* ok we are adding an IV then... */
 
+   s128_reloadstate(c);
 
+
 
+   /* ivlen must be multiple of 4 bytes */
 
+   if ((ivlen & 3) != 0) {
 
+      return CRYPT_INVALID_KEYSIZE;
 
+   }
 
+
 
+   for (i = 0; i < ivlen; i += 4) {
 
+      k = BYTE2WORD((unsigned char *)&iv[i]);
 
+      ADDKEY(k);
 
+      cycle(c->R);
 
+      XORNL(nltap(c));
 
+   }
 
+
 
+   /* also fold in the length of the key */
 
+   ADDKEY(ivlen);
 
+
 
+   /* now diffuse */
 
+   s128_diffuse(c);
 
+   c->nbuf = 0;
 
+
 
+   return CRYPT_OK;
 
+}
 
+
 
+/* XOR pseudo-random bytes into buffer
 
+ */
 
+#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, in+(z*4), out+(z*4));
 
+
 
+/**
 
+   Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sober128
 
+   @param c       The Sober128 state
 
+   @param in      The plaintext (or ciphertext)
 
+   @param inlen   The length of the input (octets)
 
+   @param out     [out] The ciphertext (or plaintext), length inlen
 
+   @return CRYPT_OK if successful
 
+*/
 
+int sober128_stream_crypt(sober128_state *c, const unsigned char *in, unsigned long inlen, unsigned char *out)
 
+{
 
+   ulong32 t;
 
+
 
+   if (inlen == 0) return CRYPT_OK; /* nothing to do */
 
+   LTC_ARGCHK(out != NULL);
 
+   LTC_ARGCHK(c   != NULL);
 
+
 
+   /* handle any previously buffered bytes */
 
+   while (c->nbuf != 0 && inlen != 0) {
 
+      *out++ = *in++ ^ (c->sbuf & 0xFF);
 
+      c->sbuf >>= 8;
 
+      c->nbuf -= 8;
 
+      --inlen;
 
+   }
 
+
 
+#ifndef LTC_SMALL_CODE
 
+   /* do lots at a time, if there's enough to do */
 
+   while (inlen >= N*4) {
 
+      SROUND(0);
 
+      SROUND(1);
 
+      SROUND(2);
 
+      SROUND(3);
 
+      SROUND(4);
 
+      SROUND(5);
 
+      SROUND(6);
 
+      SROUND(7);
 
+      SROUND(8);
 
+      SROUND(9);
 
+      SROUND(10);
 
+      SROUND(11);
 
+      SROUND(12);
 
+      SROUND(13);
 
+      SROUND(14);
 
+      SROUND(15);
 
+      SROUND(16);
 
+      out    += 4*N;
 
+      in     += 4*N;
 
+      inlen  -= 4*N;
 
+   }
 
+#endif
 
+
 
+   /* do small or odd size buffers the slow way */
 
+   while (4 <= inlen) {
 
+      cycle(c->R);
 
+      t = nltap(c);
 
+      XORWORD(t, in, out);
 
+      out    += 4;
 
+      in     += 4;
 
+      inlen  -= 4;
 
+   }
 
+
 
+   /* handle any trailing bytes */
 
+   if (inlen != 0) {
 
+      cycle(c->R);
 
+      c->sbuf = nltap(c);
 
+      c->nbuf = 32;
 
+      while (c->nbuf != 0 && inlen != 0) {
 
+          *out++ = *in++ ^ (c->sbuf & 0xFF);
 
+          c->sbuf >>= 8;
 
+          c->nbuf -= 8;
 
+          --inlen;
 
+      }
 
+   }
 
+
 
+   return CRYPT_OK;
 
+}
 
+
 
+int sober128_stream_keystream(sober128_state *c, unsigned char *out, unsigned long outlen)
 
+{
 
+   if (outlen == 0) return CRYPT_OK; /* nothing to do */
 
+   LTC_ARGCHK(out != NULL);
 
+   XMEMSET(out, 0, outlen);
 
+   return sober128_stream_crypt(c, out, outlen, out);
 
+}
 
+
 
+/**
 
+  Terminate and clear Sober128 state
 
+  @param c       The Sober128 state
 
+  @return CRYPT_OK on success
 
+*/
 
+int sober128_stream_done(sober128_state *c)
 
+{
 
+   LTC_ARGCHK(c != NULL);
 
+   XMEMSET(c, 0, sizeof(sober128_state));
 
+   return CRYPT_OK;
 
+}
 
+
 
+#endif

+ 49 - 0
src/stream/sober128/sober128_test.c
View File 

@@ -0,0 +1,49 @@
 
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 
+ *
 
+ * LibTomCrypt is a library that provides various cryptographic
 
+ * algorithms in a highly modular and flexible manner.
 
+ *
 
+ * The library is free for all purposes without any express
 
+ * guarantee it works.
 
+ */
 
+
 
+#include "tomcrypt.h"
 
+
 
+#ifdef LTC_SOBER128
 
+
 
+int sober128_stream_test(void)
 
+{
 
+#ifndef LTC_TEST
 
+   return CRYPT_NOP;
 
+#else
 
+   unsigned char key[16] = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
 
+                             0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 };
 
+   unsigned char iv[4]   = { 0x00, 0x00, 0x00, 0x00 };
 
+   unsigned char out[20] = { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
 
+                             0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
 
+                             0x40, 0x37, 0x8b, 0xbb };
 
+   int err, len = 20;
 
+   unsigned char  src[20], dst[20];
 
+   sober128_state st;
 
+
 
+   XMEMSET(src, 0, len); /* input */
 
+   if ((err = sober128_stream_setup(&st, key, sizeof(key))) != CRYPT_OK) return err;
 
+   if ((err = sober128_stream_setiv(&st, iv, sizeof(iv))) != CRYPT_OK)   return err;
 
+   if ((err = sober128_stream_crypt(&st, src, len, dst)) != CRYPT_OK)    return err;
 
+   if ((err = sober128_stream_done(&st)) != CRYPT_OK)                    return err;
 
+   if (XMEMCMP(dst, out, len)) {
 
+#if 0
 
+      int y;
 
+      printf("\nLTC_SOBER128 failed, I got:\n");
 
+      for (y = 0; y < len; y++) printf("%02x ", dst[y]);
 
+      printf("\nLTC_SOBER128 failed, expected:\n");
 
+      for (y = 0; y < len; y++) printf("%02x ", out[y]);
 
+      printf("\n");
 
+#endif
 
+      return CRYPT_FAIL_TESTVECTOR;
 
+   }
 
+   return CRYPT_OK;
 
+#endif
 
+}
 
+
 
+#endif

+ 0 - 0
src/prngs/sober128tab.c → src/stream/sober128/sober128tab.c
View File


+ 18 - 4
testprof/cipher_hash_test.c
View File 

@@ -6,7 +6,7 @@ int cipher_hash_test(void)
 
 {
 
    int           x;
 
    unsigned char buf[4096];
 
-   unsigned long n;
 
+   unsigned long n, one;
 
    prng_state    nprng;
 
 
    /* test ciphers */
 
@@ -14,10 +14,16 @@ int cipher_hash_test(void)
 
       DOX(cipher_descriptor[x].test(), cipher_descriptor[x].name);
 
    }
 
 
+   /* stream ciphers */
 
 #ifdef LTC_CHACHA
 
-   /* ChaCha is a special case (stream cipher) */
 
    DO(chacha_test());
 
 #endif
 
+#ifdef LTC_RC4_STREAM
 
+   DO(rc4_stream_test());
 
+#endif
 
+#ifdef LTC_SOBER128_STREAM
 
+   DO(sober128_stream_test());
 
+#endif
 
 
    /* test hashes */
 
    for (x = 0; hash_descriptor[x].name != NULL; x++) {
 
@@ -34,13 +40,21 @@ int cipher_hash_test(void)
 
       DOX(prng_descriptor[x].add_entropy((unsigned char *)"helloworld12", 12, &nprng), prng_descriptor[x].name);
 
       DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name);
 
       n = sizeof(buf);
 
+      if (strcmp(prng_descriptor[x].name, "sprng")) {
 
+         one = 1;
 
+         if (prng_descriptor[x].pexport(buf, &one, &nprng) != CRYPT_BUFFER_OVERFLOW) {
 
+            fprintf(stderr, "Error testing pexport with a short buffer (%s)\n", prng_descriptor[x].name);
 
+            return CRYPT_ERROR;
 
+         }
 
+      }
 
       DOX(prng_descriptor[x].pexport(buf, &n, &nprng), prng_descriptor[x].name);
 
       prng_descriptor[x].done(&nprng);
 
       DOX(prng_descriptor[x].pimport(buf, n, &nprng), prng_descriptor[x].name);
 
+      DOX(prng_descriptor[x].pimport(buf, 4096, &nprng), prng_descriptor[x].name); /* try to import larger data */
 
       DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name);
 
       if (prng_descriptor[x].read(buf, 100, &nprng) != 100) {
 
-         fprintf(stderr, "Error reading from imported PRNG!\n");
 
-         exit(EXIT_FAILURE);
 
+         fprintf(stderr, "Error reading from imported PRNG (%s)!\n", prng_descriptor[x].name);
 
+         return CRYPT_ERROR;
 
       }
 
       prng_descriptor[x].done(&nprng);
 
    }

+ 5 - 2
testprof/x86_prof.c
View File 

@@ -342,7 +342,7 @@ static void _unregister_all(void)
 
 #ifdef LTC_RC4
 
   unregister_prng(&rc4_desc);
 
 #endif
 
-#ifdef LTC_CHACHA
 
+#ifdef LTC_CHACHA20_PRNG
 
   unregister_prng(&chacha20_prng_desc);
 
 #endif
 
 #ifdef LTC_SOBER128
 
@@ -524,12 +524,15 @@ register_prng(&fortuna_desc);
 
 #ifdef LTC_RC4
 
 register_prng(&rc4_desc);
 
 #endif
 
-#ifdef LTC_CHACHA
 
+#ifdef LTC_CHACHA20_PRNG
 
 register_prng(&chacha20_prng_desc);
 
 #endif
 
 #ifdef LTC_SOBER128
 
 register_prng(&sober128_desc);
 
 #endif
 
+#ifdef LTC_SPRNG
 
+register_prng(&sprng_desc);
 
+#endif
 
 
 #ifdef LTC_PRNG_ENABLE_LTC_RNG
 
    ltc_rng = my_test_rng;