Move RC4 + SOBER128 to src/stream/

src/headers/tomcrypt_cipher.h

@@ -939,7 +939,7 @@ LTC_MUTEX_PROTO(ltc_cipher_mutex)
 
 /* ---- stream ciphers ---- */
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 typedef struct {
    ulong32 input[16];
@@ -957,7 +957,41 @@ int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen)
 int chacha_done(chacha_state *st);
 int chacha_test(void);
 
-#endif /* LTC_CHACHA */
+#endif /* LTC_CHACHA_STREAM */
+
+#ifdef LTC_RC4_STREAM
+
+typedef struct {
+   int x, y;
+   unsigned char buf[256];
+} rc4_state;
+
+int rc4_setup(rc4_state *st, const unsigned char *key, unsigned long keylen);
+int rc4_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
+int rc4_keystream(rc4_state *st, unsigned char *out, unsigned long outlen);
+int rc4_stream_done(rc4_state *st);
+int rc4_test(void);
+
+#endif /* LTC_RC4_STREAM */
+
+#ifdef LTC_SOBER128_STREAM
+
+typedef struct {
+   ulong32 R[17],       /* Working storage for the shift register */
+           initR[17],   /* saved register contents */
+           konst,       /* key dependent constant */
+           sbuf;        /* partial word encryption buffer */
+   int     nbuf;        /* number of part-word stream bits buffered */
+} sober128_state;
+
+int sober128_setup(sober128_state *st, const unsigned char *key, unsigned long keylen);
+int sober128_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen);
+int sober128_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
+int sober128_keystream(sober128_state *st, unsigned char *out, unsigned long outlen);
+int sober128_stream_done(sober128_state *st);
+int sober128_test(void);
+
+#endif /* LTC_SOBER128_STREAM */
 
 /* $Source$ */
 /* $Revision$ */

src/headers/tomcrypt_custom.h

@@ -189,8 +189,11 @@
 #define LTC_KASUMI
 #define LTC_MULTI2
 #define LTC_CAMELLIA
-/* ChaCha is special (a stream cipher) */
-#define LTC_CHACHA
+
+/* stream ciphers */
+#define LTC_CHACHA_STREAM
+#define LTC_RC4_STREAM
+#define LTC_SOBER128_STREAM
 
 #endif /* LTC_NO_CIPHERS */
 
@@ -295,7 +298,7 @@
 /* a PRNG that simply reads from an available system source */
 #define LTC_SPRNG
 
-/* The LTC_RC4 stream cipher */
+/* The RC4 stream cipher based PRNG */
 #define LTC_RC4
 
 /* The ChaCha20 stream cipher based PRNG */
@@ -304,7 +307,7 @@
 /* Fortuna PRNG */
 #define LTC_FORTUNA
 
-/* Greg's LTC_SOBER128 PRNG ;-0 */
+/* Greg's SOBER128 stream cipher based PRNG */
 #define LTC_SOBER128
 
 /* the *nix style /dev/random device */
@@ -515,12 +518,20 @@
    #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled
 #endif
 
-#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305))
-   #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305
+#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA_STREAM) || !defined(LTC_POLY1305))
+   #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA_STREAM + LTC_POLY1305
+#endif
+
+#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA_STREAM)
+   #error LTC_CHACHA20_PRNG requires LTC_CHACHA_STREAM
+#endif
+
+#if defined(LTC_RC4) && !defined(LTC_RC4_STREAM)
+   #error LTC_RC4 requires LTC_RC4_STREAM
 #endif
 
-#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA)
-   #error LTC_CHACHA20_PRNG requires LTC_CHACHA
+#if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM)
+   #error LTC_SOBER128 requires LTC_SOBER128_STREAM
 #endif
 
 #if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S)
@@ -557,7 +568,7 @@
 
 /* Debuggers */
 
-/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and LTC_RC4 work (see the code) */
+/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */
 /* #define LTC_VALGRIND */
 
 #endif

src/headers/tomcrypt_prng.h

@@ -4,14 +4,12 @@ struct yarrow_prng {
     int                   cipher, hash;
     unsigned char         pool[MAXBLOCKSIZE];
     symmetric_CTR         ctr;
-    LTC_MUTEX_TYPE(prng_lock)
 };
 #endif
 
 #ifdef LTC_RC4
 struct rc4_prng {
-    int x, y;
-    unsigned char buf[256];
+    rc4_state s;
 };
 #endif
 
@@ -20,7 +18,6 @@ struct chacha20_prng {
     chacha_state s;        /* chacha state */
     unsigned char ent[40]; /* entropy buffer */
     unsigned long idx;     /* entropy counter */
-    short ready;           /* ready flag 0-1 */
 };
 #endif
 
@@ -38,41 +35,38 @@ struct fortuna_prng {
                   wd;
 
     ulong64       reset_cnt;  /* number of times we have reset */
-    LTC_MUTEX_TYPE(prng_lock)
 };
 #endif
 
 #ifdef LTC_SOBER128
 struct sober128_prng {
-    ulong32      R[17],          /* Working storage for the shift register */
-                 initR[17],      /* saved register contents */
-                 konst,          /* key dependent constant */
-                 sbuf;           /* partial word encryption buffer */
-
-    int          nbuf,           /* number of part-word stream bits buffered */
-                 flag,           /* first add_entropy call or not? */
-                 set;            /* did we call add_entropy to set key? */
-
+    sober128_state s;      /* sober128 state */
+    unsigned char ent[40]; /* entropy buffer */
+    unsigned long idx;     /* entropy counter */
 };
 #endif
 
-typedef union Prng_state {
-    char dummy[1];
+typedef struct {
+   union {
+      char dummy[1];
 #ifdef LTC_YARROW
-    struct yarrow_prng    yarrow;
+      struct yarrow_prng    yarrow;
 #endif
 #ifdef LTC_RC4
-    struct rc4_prng       rc4;
+      struct rc4_prng       rc4;
 #endif
 #ifdef LTC_CHACHA20_PRNG
-    struct chacha20_prng  chacha;
+      struct chacha20_prng  chacha;
 #endif
 #ifdef LTC_FORTUNA
-    struct fortuna_prng   fortuna;
+      struct fortuna_prng   fortuna;
 #endif
 #ifdef LTC_SOBER128
-    struct sober128_prng  sober128;
+      struct sober128_prng  sober128;
 #endif
+   };
+   short ready;            /* ready flag 0-1 */
+   LTC_MUTEX_TYPE(lock);   /* lock */
 } prng_state;
 
 /** PRNG descriptor */

src/misc/crypt/crypt.c

@@ -124,9 +124,16 @@ const char *crypt_build_settings =
 #if defined(LTC_CAMELLIA)
    "   Camellia\n"
 #endif
-#if defined(LTC_CHACHA)
+   "Stream ciphers built-in:\n"
+#if defined(LTC_CHACHA_STREAM)
    "   ChaCha\n"
 #endif
+#if defined(LTC_RC4_STREAM)
+   "   RC4\n"
+#endif
+#if defined(LTC_SOBER128_STREAM)
+   "   SOBER128\n"
+#endif
 
     "\nHashes built-in:\n"
 #if defined(LTC_SHA3)

src/prngs/chacha20.c

@@ -17,8 +17,8 @@
 
 const struct ltc_prng_descriptor chacha20_prng_desc =
 {
-   "chacha",
-   sizeof(chacha_state),
+   "chacha20",
+   40,
    &chacha20_prng_start,
    &chacha20_prng_add_entropy,
    &chacha20_prng_ready,
@@ -37,9 +37,10 @@ const struct ltc_prng_descriptor chacha20_prng_desc =
 int chacha20_prng_start(prng_state *prng)
 {
    LTC_ARGCHK(prng != NULL);
-   prng->chacha.ready = 0;
-   XMEMSET(&prng->chacha.ent, 0, 40);
+   prng->ready = 0;
+   XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
    prng->chacha.idx = 0;
+   LTC_MUTEX_INIT(&prng->lock)
    return CRYPT_OK;
 }
 
@@ -60,23 +61,26 @@ int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng
    LTC_ARGCHK(in != NULL);
    LTC_ARGCHK(inlen > 0);
 
-   if (prng->chacha.ready) {
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) {
       /* chacha20_prng_ready() was already called, do "rekey" operation */
-      if ((err = chacha_keystream(&prng->chacha.s, buf, 40)) != CRYPT_OK)      return err;
-      for(i = 0; i < inlen; i++) buf[i % 40] ^= in[i];
+      if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
       /* key 32 bytes, 20 rounds */
-      if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK)      return err;
+      if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
       /* iv 8 bytes */
-      if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) return err;
+      if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
       /* clear KEY + IV */
-      XMEMSET(buf, 0, 40);
+      XMEMSET(buf, 0, sizeof(buf));
    }
    else {
       /* chacha20_prng_ready() was not called yet, add entropy to ent buffer */
-      while (inlen--) prng->chacha.ent[prng->chacha.idx++ % 40] ^= *in++;
+      while (inlen--) prng->chacha.ent[prng->chacha.idx++ % sizeof(prng->chacha.ent)] ^= *in++;
    }
-
-   return CRYPT_OK;
+   err = CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -90,14 +94,18 @@ int chacha20_prng_ready(prng_state *prng)
 
    LTC_ARGCHK(prng != NULL);
 
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready)                                                    { err = CRYPT_OK; goto LBL_UNLOCK; }
    /* key 32 bytes, 20 rounds */
-   if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK)      return err;
+   if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
    /* iv 8 bytes */
-   if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) return err;
-   XMEMSET(&prng->chacha.ent, 0, 40);
-   prng->chacha.ready = 1;
+   if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
+   XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
    prng->chacha.idx = 0;
-   return CRYPT_OK;
+   prng->ready = 1;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -109,8 +117,12 @@ int chacha20_prng_ready(prng_state *prng)
 */
 unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   LTC_ARGCHK(prng != NULL);
-   if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) return 0;
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
+   if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
    return outlen;
 }
 
@@ -121,8 +133,13 @@ unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_
 */
 int chacha20_prng_done(prng_state *prng)
 {
+   int err;
    LTC_ARGCHK(prng != NULL);
-   return chacha_done(&prng->chacha.s);
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+   err = chacha_done(&prng->chacha.s);
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -134,19 +151,21 @@ int chacha20_prng_done(prng_state *prng)
 */
 int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 {
-   unsigned long len = sizeof(chacha_state);
-   LTC_ARGCHK(outlen != NULL);
-   LTC_ARGCHK(out    != NULL);
+   unsigned long len = chacha20_prng_desc.export_size;
+
    LTC_ARGCHK(prng   != NULL);
+   LTC_ARGCHK(out    != NULL);
+   LTC_ARGCHK(outlen != NULL);
 
-   if (!prng->chacha.ready) {
-      return CRYPT_ERROR;
-   }
    if (*outlen < len) {
       *outlen = len;
       return CRYPT_BUFFER_OVERFLOW;
    }
-   XMEMCPY(out, &prng->chacha.s, len);
+
+   if (chacha20_prng_read(out, len, prng) != len) {
+      return CRYPT_ERROR_READPRNG;
+   }
+
    *outlen = len;
    return CRYPT_OK;
 }
@@ -160,13 +179,14 @@ int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *
 */
 int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
-   unsigned long len = sizeof(chacha_state);
-   LTC_ARGCHK(in   != NULL);
+   int err;
+
    LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in   != NULL);
+   if (inlen < (unsigned long)chacha20_prng_desc.export_size) return CRYPT_INVALID_ARG;
 
-   if (inlen != len) return CRYPT_INVALID_ARG;
-   XMEMCPY(&prng->chacha.s, in, inlen);
-   prng->chacha.ready = 1;
+   if ((err = chacha20_prng_start(prng)) != CRYPT_OK)                  return err;
+   if ((err = chacha20_prng_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
    return CRYPT_OK;
 }
 
@@ -188,29 +208,32 @@ int chacha20_prng_test(void)
    unsigned char dmp[300];
    unsigned long dmplen = sizeof(dmp);
    unsigned char out[500];
-   unsigned char t1[] = { 0x59, 0xb2, 0x26, 0x95, 0x2b, 0x01, 0x8f, 0x05, 0xbe, 0xd8 };
-   unsigned char t2[] = { 0x30, 0x34, 0x5c, 0x6e, 0x56, 0x18, 0x8c, 0x46, 0xbe, 0x8a };
-
-   chacha20_prng_start(&st);
-   chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to uninitialized prng */
-   chacha20_prng_ready(&st);
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
-   if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
-   chacha20_prng_read(out, 500, &st);
-   chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to already initialized prng */
-   chacha20_prng_read(out, 500, &st);
-   chacha20_prng_export(dmp, &dmplen, &st);
-   chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
-   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
-   chacha20_prng_done(&st);
-
-   XMEMSET(&st, 0xFF, sizeof(st)); /* just to be sure */
-   chacha20_prng_import(dmp, dmplen, &st);
-   chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
-   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
-   chacha20_prng_done(&st);
+   unsigned char t1[] = { 0x59, 0xB2, 0x26, 0x95, 0x2B, 0x01, 0x8F, 0x05, 0xBE, 0xD8 };
+   unsigned char t2[] = { 0x47, 0xC9, 0x0D, 0x03, 0xE4, 0x75, 0x34, 0x27, 0xBD, 0xDE };
+   unsigned char t3[] = { 0xBC, 0xFA, 0xEF, 0x59, 0x37, 0x7F, 0x1A, 0x91, 0x1A, 0xA6 };
+   int err;
+
+   if ((err = chacha20_prng_start(&st)) != CRYPT_OK)                       return err;
+   /* add entropy to uninitialized prng */
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1))      return CRYPT_FAIL_TESTVECTOR;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   /* add entropy to already initialized prng */
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if ((err = chacha20_prng_export(dmp, &dmplen, &st)) != CRYPT_OK)        return err;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2))      return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
+   if ((err = chacha20_prng_import(dmp, dmplen, &st)) != CRYPT_OK)         return err;
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "CHACHA-PRNG", 3))      return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
 
    return CRYPT_OK;
 #endif

src/prngs/fortuna.c

@@ -5,8 +5,6 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 
@@ -133,6 +131,7 @@ int fortuna_start(prng_state *prng)
    unsigned char tmp[MAXBLOCKSIZE];
 
    LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
 
    /* initialize the pools */
    for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
@@ -156,7 +155,7 @@ int fortuna_start(prng_state *prng)
    }
    zeromem(prng->fortuna.IV, 16);
 
-   LTC_MUTEX_INIT(&prng->fortuna.prng_lock)
+   LTC_MUTEX_INIT(&prng->lock)
 
    return CRYPT_OK;
 }
@@ -173,27 +172,25 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
    unsigned char tmp[2];
    int           err;
 
-   LTC_ARGCHK(in  != NULL);
    LTC_ARGCHK(prng != NULL);
-
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
 
    /* ensure inlen <= 32 */
    if (inlen > 32) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-      return CRYPT_INVALID_ARG;
+      inlen = 32;
    }
 
    /* add s || length(in) || in to pool[pool_idx] */
    tmp[0] = 0;
    tmp[1] = (unsigned char)inlen;
+
+   LTC_MUTEX_LOCK(&prng->lock);
    if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], tmp, 2)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
    if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], in, inlen)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
    if (prng->fortuna.pool_idx == 0) {
       prng->fortuna.pool0_len += inlen;
@@ -201,9 +198,11 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
    if (++(prng->fortuna.pool_idx) == LTC_FORTUNA_POOLS) {
       prng->fortuna.pool_idx = 0;
    }
+   err = CRYPT_OK; /* success */
 
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-   return CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -213,7 +212,15 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
 */
 int fortuna_ready(prng_state *prng)
 {
-   return fortuna_reseed(prng);
+   int err;
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   err = fortuna_reseed(prng);
+   prng->ready = (err == CRYPT_OK) ? 1 : 0;
+
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -226,18 +233,20 @@ int fortuna_ready(prng_state *prng)
 unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
    unsigned char tmp[16];
-   unsigned long tlen;
+   unsigned long tlen = 0;
 
-   LTC_ARGCHK(out  != NULL);
-   LTC_ARGCHK(prng != NULL);
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+
+   LTC_MUTEX_LOCK(&prng->lock);
 
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+   if (!prng->ready) {
+      goto LBL_UNLOCK;
+   }
 
    /* do we have to reseed? */
    if (++prng->fortuna.wd == LTC_FORTUNA_WD || prng->fortuna.pool0_len >= 64) {
       if (fortuna_reseed(prng) != CRYPT_OK) {
-         LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-         return 0;
+         goto LBL_UNLOCK;
       }
    }
 
@@ -268,14 +277,14 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
    fortuna_update_iv(prng);
 
    if (rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-      return 0;
+      tlen = 0;
    }
 
 #ifdef LTC_CLEAN_STACK
    zeromem(tmp, sizeof(tmp));
 #endif
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
    return tlen;
 }
 
@@ -290,23 +299,25 @@ int fortuna_done(prng_state *prng)
    unsigned char tmp[32];
 
    LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
 
    /* terminate all the hashes */
    for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
        if ((err = sha256_done(&(prng->fortuna.pool[x]), tmp)) != CRYPT_OK) {
-          LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-          return err;
+          goto LBL_UNLOCK;
        }
    }
    /* call cipher done when we invent one ;-) */
+   err = CRYPT_OK; /* success */
 
 #ifdef LTC_CLEAN_STACK
    zeromem(tmp, sizeof(tmp));
 #endif
-
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-   return CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -325,19 +336,24 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
    LTC_ARGCHK(outlen != NULL);
    LTC_ARGCHK(prng   != NULL);
 
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   if (!prng->ready) {
+      err = CRYPT_ERROR;
+      goto LBL_UNLOCK;
+   }
 
    /* we'll write bytes for s&g's */
    if (*outlen < 32*LTC_FORTUNA_POOLS) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
       *outlen = 32*LTC_FORTUNA_POOLS;
-      return CRYPT_BUFFER_OVERFLOW;
+      err = CRYPT_BUFFER_OVERFLOW;
+      goto LBL_UNLOCK;
    }
 
    md = XMALLOC(sizeof(hash_state));
    if (md == NULL) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
-      return CRYPT_MEM;
+      err = CRYPT_MEM;
+      goto LBL_UNLOCK;
    }
 
    /* to emit the state we copy each pool, terminate it then hash it again so
@@ -371,7 +387,8 @@ LBL_ERR:
    zeromem(md, sizeof(*md));
 #endif
    XFREE(md);
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
    return err;
 }
 
@@ -401,7 +418,7 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn
          return err;
       }
    }
-   return err;
+   return CRYPT_OK;
 }
 
 /**

src/prngs/rc4.c

@@ -5,29 +5,28 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 
 /**
   @file rc4.c
-  LTC_RC4 PRNG, Tom St Denis
+  RC4 PRNG, Tom St Denis
 */
 
 #ifdef LTC_RC4
 
 const struct ltc_prng_descriptor rc4_desc =
 {
-   "rc4", 32,
-    &rc4_start,
-    &rc4_add_entropy,
-    &rc4_ready,
-    &rc4_read,
-    &rc4_done,
-    &rc4_export,
-    &rc4_import,
-    &rc4_test
+   "rc4",
+   32,
+   &rc4_start,
+   &rc4_add_entropy,
+   &rc4_ready,
+   &rc4_read,
+   &rc4_done,
+   &rc4_export,
+   &rc4_import,
+   &rc4_test
 };
 
 /**
@@ -37,12 +36,14 @@ const struct ltc_prng_descriptor rc4_desc =
 */
 int rc4_start(prng_state *prng)
 {
-    LTC_ARGCHK(prng != NULL);
-
-    /* set keysize to zero */
-    prng->rc4.x = 0;
-
-    return CRYPT_OK;
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+   /* set entropy (key) size to zero */
+   prng->rc4.s.x = 0;
+   /* clear entropy (key) buffer */
+   XMEMSET(&prng->rc4.s.buf, 0, sizeof(prng->rc4.s.buf));
+   LTC_MUTEX_INIT(&prng->lock)
+   return CRYPT_OK;
 }
 
 /**
@@ -54,26 +55,32 @@ int rc4_start(prng_state *prng)
 */
 int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
-    LTC_ARGCHK(in  != NULL);
-    LTC_ARGCHK(prng != NULL);
-
-    /* trim as required */
-    if (prng->rc4.x + inlen > 256) {
-       if (prng->rc4.x == 256) {
-          /* I can't possibly accept another byte, ok maybe a mint wafer... */
-          return CRYPT_OK;
-       } else {
-          /* only accept part of it */
-          inlen = 256 - prng->rc4.x;
-       }
-    }
-
-    while (inlen--) {
-       prng->rc4.buf[prng->rc4.x++] = *in++;
-    }
-
-    return CRYPT_OK;
+   unsigned char buf[256];
+   unsigned long i;
+   int err;
 
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) {
+      /* rc4_ready() was already called, do "rekey" operation */
+      if ((err = rc4_keystream(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK)    goto LBL_UNLOCK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
+      /* initialize RC4 */
+      if ((err = rc4_setup(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK)        goto LBL_UNLOCK;
+      /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
+      for (i = 0; i < 12; i++) rc4_keystream(&prng->rc4.s, buf, sizeof(buf));
+   }
+   else {
+      /* rc4_ready() was not called yet, add entropy to the buffer */
+      while (inlen--) prng->rc4.s.buf[prng->rc4.s.x++ % sizeof(prng->rc4.s.buf)] ^= *in++;
+   }
+   err = CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -83,36 +90,24 @@ int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *pr
 */
 int rc4_ready(prng_state *prng)
 {
-    unsigned char key[256], tmp, *s;
-    int keylen, x, y, j;
+   unsigned char buf[256] = { 0 };
+   unsigned long len;
+   int err, i;
 
-    LTC_ARGCHK(prng != NULL);
-
-    /* extract the key */
-    s = prng->rc4.buf;
-    XMEMCPY(key, s, 256);
-    keylen = prng->rc4.x;
-
-    /* make LTC_RC4 perm and shuffle */
-    for (x = 0; x < 256; x++) {
-        s[x] = x;
-    }
-
-    for (j = x = y = 0; x < 256; x++) {
-        y = (y + prng->rc4.buf[x] + key[j++]) & 255;
-        if (j == keylen) {
-           j = 0;
-        }
-        tmp = s[x]; s[x] = s[y]; s[y] = tmp;
-    }
-    prng->rc4.x = 0;
-    prng->rc4.y = 0;
-
-#ifdef LTC_CLEAN_STACK
-    zeromem(key, sizeof(key));
-#endif
+   LTC_ARGCHK(prng != NULL);
 
-    return CRYPT_OK;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
+   XMEMCPY(buf, prng->rc4.s.buf, sizeof(buf));
+   /* initialize RC4 */
+   len = MIN(prng->rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */
+   if ((err = rc4_setup(&prng->rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK;
+   /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
+   for (i = 0; i < 12; i++) rc4_keystream(&prng->rc4.s, buf, sizeof(buf));
+   prng->ready = 1;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -124,30 +119,13 @@ int rc4_ready(prng_state *prng)
 */
 unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   unsigned char x, y, *s, tmp;
-   unsigned long n;
-
-   LTC_ARGCHK(out != NULL);
-   LTC_ARGCHK(prng != NULL);
-
-#ifdef LTC_VALGRIND
-   zeromem(out, outlen);
-#endif
-
-   n = outlen;
-   x = prng->rc4.x;
-   y = prng->rc4.y;
-   s = prng->rc4.buf;
-   while (outlen--) {
-      x = (x + 1) & 255;
-      y = (y + s[x]) & 255;
-      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
-      tmp = (s[x] + s[y]) & 255;
-      *out++ ^= s[tmp];
-   }
-   prng->rc4.x = x;
-   prng->rc4.y = y;
-   return n;
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
+   if (rc4_keystream(&prng->rc4.s, out, outlen) != CRYPT_OK) outlen = 0;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return outlen;
 }
 
 /**
@@ -157,8 +135,13 @@ unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prn
 */
 int rc4_done(prng_state *prng)
 {
+   int err;
    LTC_ARGCHK(prng != NULL);
-   return CRYPT_OK;
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+   err = rc4_stream_done(&prng->rc4.s);
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -170,20 +153,22 @@ int rc4_done(prng_state *prng)
 */
 int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 {
-   LTC_ARGCHK(outlen != NULL);
-   LTC_ARGCHK(out    != NULL);
+   unsigned long len = rc4_desc.export_size;
+
    LTC_ARGCHK(prng   != NULL);
+   LTC_ARGCHK(out    != NULL);
+   LTC_ARGCHK(outlen != NULL);
 
-   if (*outlen < 32) {
-      *outlen = 32;
+   if (*outlen < len) {
+      *outlen = len;
       return CRYPT_BUFFER_OVERFLOW;
    }
 
-   if (rc4_read(out, 32, prng) != 32) {
+   if (rc4_read(out, len, prng) != len) {
       return CRYPT_ERROR_READPRNG;
    }
-   *outlen = 32;
 
+   *outlen = len;
    return CRYPT_OK;
 }
 
@@ -197,17 +182,14 @@ int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
    int err;
-   LTC_ARGCHK(in   != NULL);
-   LTC_ARGCHK(prng != NULL);
 
-   if (inlen != 32) {
-      return CRYPT_INVALID_ARG;
-   }
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in   != NULL);
+   if (inlen < (unsigned long)rc4_desc.export_size) return CRYPT_INVALID_ARG;
 
-   if ((err = rc4_start(prng)) != CRYPT_OK) {
-      return err;
-   }
-   return rc4_add_entropy(in, 32, prng);
+   if ((err = rc4_start(prng)) != CRYPT_OK)                  return err;
+   if ((err = rc4_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
+   return CRYPT_OK;
 }
 
 /**
@@ -216,54 +198,43 @@ int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 */
 int rc4_test(void)
 {
-#if !defined(LTC_TEST) || defined(LTC_VALGRIND)
+#ifndef LTC_TEST
    return CRYPT_NOP;
 #else
-   static const struct {
-      unsigned char key[8], pt[8], ct[8];
-   } tests[] = {
-{
-   { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
-   { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
-   { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 }
-}
-};
-   prng_state prng;
-   unsigned char dst[8];
-   int err, x;
+   prng_state st;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
+   unsigned char dmp[500];
+   unsigned long dmplen = sizeof(dmp);
+   unsigned char out[1000];
+   unsigned char t1[] = { 0xE0, 0x4D, 0x9A, 0xF6, 0xA8, 0x9D, 0x77, 0x53, 0xAE, 0x09 };
+   unsigned char t2[] = { 0x9D, 0x3C, 0xC6, 0x64, 0x36, 0xB6, 0x76, 0xD5, 0xEB, 0x93 };
+   unsigned char t3[] = { 0x6B, 0x6D, 0xF5, 0xCB, 0x84, 0x37, 0x8F, 0x02, 0xA2, 0x90 };
+   int err;
+
+   if ((err = rc4_start(&st)) != CRYPT_OK)                         return err;
+   if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t1, sizeof(t1), "RC4-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG;
+   if ((err = rc4_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t2, sizeof(t2), "RC4-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
+   if ((err = rc4_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
+   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "RC4-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
 
-   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
-       if ((err = rc4_start(&prng)) != CRYPT_OK) {
-          return err;
-       }
-       if ((err = rc4_add_entropy(tests[x].key, 8, &prng)) != CRYPT_OK) {
-          return err;
-       }
-       if ((err = rc4_ready(&prng)) != CRYPT_OK) {
-          return err;
-       }
-       XMEMCPY(dst, tests[x].pt, 8);
-       if (rc4_read(dst, 8, &prng) != 8) {
-          return CRYPT_ERROR_READPRNG;
-       }
-       rc4_done(&prng);
-       if (XMEMCMP(dst, tests[x].ct, 8)) {
-#if 0
-          int y;
-          printf("\n\nLTC_RC4 failed, I got:\n");
-          for (y = 0; y < 8; y++) printf("%02x ", dst[y]);
-          printf("\n");
-#endif
-          return CRYPT_FAIL_TESTVECTOR;
-       }
-   }
    return CRYPT_OK;
 #endif
 }
 
 #endif
-
-
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */

src/prngs/rng_get_bytes.c

@@ -5,8 +5,6 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 

src/prngs/rng_make_prng.c

@@ -5,8 +5,6 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 

src/prngs/sober128.c

@@ -5,9 +5,8 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
+
 #include "tomcrypt.h"
 
 /**
@@ -18,90 +17,20 @@
 
 #ifdef LTC_SOBER128
 
-#define __LTC_SOBER128TAB_C__
-#include "sober128tab.c"
-
 const struct ltc_prng_descriptor sober128_desc =
 {
-   "sober128", 64,
-    &sober128_start,
-    &sober128_add_entropy,
-    &sober128_ready,
-    &sober128_read,
-    &sober128_done,
-    &sober128_export,
-    &sober128_import,
-    &sober128_test
+   "sober128",
+   40,
+   &sober128_start,
+   &sober128_add_entropy,
+   &sober128_ready,
+   &sober128_read,
+   &sober128_done,
+   &sober128_export,
+   &sober128_import,
+   &sober128_test
 };
 
-/* don't change these... */
-#define N                        17
-#define FOLD                      N /* how many iterations of folding to do */
-#define INITKONST        0x6996c53a /* value of KONST to use during key loading */
-#define KEYP                     15 /* where to insert key words */
-#define FOLDP                     4 /* where to insert non-linear feedback */
-
-#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
-
-static ulong32 BYTE2WORD(unsigned char *b)
-{
-   ulong32 t;
-   LOAD32L(t, b);
-   return t;
-}
-
-#define WORD2BYTE(w, b) STORE32L(b, w)
-
-static void XORWORD(ulong32 w, unsigned char *b)
-{
-   ulong32 t;
-   LOAD32L(t, b);
-   t ^= w;
-   STORE32L(t, b);
-}
-
-/* give correct offset for the current position of the register,
- * where logically R[0] is at position "zero".
- */
-#define OFF(zero, i) (((zero)+(i)) % N)
-
-/* step the LFSR */
-/* After stepping, "zero" moves right one place */
-#define STEP(R,z) \
-    R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
-
-static void cycle(ulong32 *R)
-{
-    ulong32 t;
-    int     i;
-
-    STEP(R,0);
-    t = R[0];
-    for (i = 1; i < N; ++i) {
-        R[i-1] = R[i];
-    }
-    R[N-1] = t;
-}
-
-/* Return a non-linear function of some parts of the register.
- */
-#define NLFUNC(c,z) \
-{ \
-    t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
-    t ^= Sbox[(t >> 24) & 0xFF]; \
-    t = RORc(t, 8); \
-    t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
-    t ^= Sbox[(t >> 24) & 0xFF]; \
-    t = t + c->R[OFF(z,13)]; \
-}
-
-static ulong32 nltap(struct sober128_prng *c)
-{
-    ulong32 t;
-    NLFUNC(c, 0);
-    return t;
-}
-
 /**
   Start the PRNG
   @param prng     [out] The PRNG state to initialize
@@ -109,93 +38,12 @@ static ulong32 nltap(struct sober128_prng *c)
 */
 int sober128_start(prng_state *prng)
 {
-    int                   i;
-    struct sober128_prng *c;
-
-    LTC_ARGCHK(prng != NULL);
-
-    c = &(prng->sober128);
-
-    /* Register initialised to Fibonacci numbers */
-    c->R[0] = 1;
-    c->R[1] = 1;
-    for (i = 2; i < N; ++i) {
-       c->R[i] = c->R[i-1] + c->R[i-2];
-    }
-    c->konst = INITKONST;
-
-    /* next add_entropy will be the key */
-    c->flag  = 1;
-    c->set   = 0;
-
-    return CRYPT_OK;
-}
-
-/* Save the current register state
- */
-static void s128_savestate(struct sober128_prng *c)
-{
-    int i;
-    for (i = 0; i < N; ++i) {
-        c->initR[i] = c->R[i];
-    }
-}
-
-/* initialise to previously saved register state
- */
-static void s128_reloadstate(struct sober128_prng *c)
-{
-    int i;
-
-    for (i = 0; i < N; ++i) {
-        c->R[i] = c->initR[i];
-    }
-}
-
-/* Initialise "konst"
- */
-static void s128_genkonst(struct sober128_prng *c)
-{
-    ulong32 newkonst;
-
-    do {
-       cycle(c->R);
-       newkonst = nltap(c);
-    } while ((newkonst & 0xFF000000) == 0);
-    c->konst = newkonst;
-}
-
-/* Load key material into the register
- */
-#define ADDKEY(k) \
-   c->R[KEYP] += (k);
-
-#define XORNL(nl) \
-   c->R[FOLDP] ^= (nl);
-
-/* nonlinear diffusion of register for key */
-#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
-static void s128_diffuse(struct sober128_prng *c)
-{
-    ulong32 t;
-    /* relies on FOLD == N == 17! */
-    DROUND(0);
-    DROUND(1);
-    DROUND(2);
-    DROUND(3);
-    DROUND(4);
-    DROUND(5);
-    DROUND(6);
-    DROUND(7);
-    DROUND(8);
-    DROUND(9);
-    DROUND(10);
-    DROUND(11);
-    DROUND(12);
-    DROUND(13);
-    DROUND(14);
-    DROUND(15);
-    DROUND(16);
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+   XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
+   prng->sober128.idx = 0;
+   LTC_MUTEX_INIT(&prng->lock)
+   return CRYPT_OK;
 }
 
 /**
@@ -207,63 +55,34 @@ static void s128_diffuse(struct sober128_prng *c)
 */
 int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
-    struct sober128_prng *c;
-    ulong32               i, k;
-
-    LTC_ARGCHK(in != NULL);
-    LTC_ARGCHK(prng != NULL);
-    c = &(prng->sober128);
-
-    if (c->flag == 1) {
-       /* this is the first call to the add_entropy so this input is the key */
-       /* inlen must be multiple of 4 bytes */
-       if ((inlen & 3) != 0) {
-          return CRYPT_INVALID_KEYSIZE;
-       }
-
-       for (i = 0; i < inlen; i += 4) {
-           k = BYTE2WORD((unsigned char *)&in[i]);
-          ADDKEY(k);
-          cycle(c->R);
-          XORNL(nltap(c));
-       }
-
-       /* also fold in the length of the key */
-       ADDKEY(inlen);
-
-       /* now diffuse */
-       s128_diffuse(c);
-
-       s128_genkonst(c);
-       s128_savestate(c);
-       c->nbuf = 0;
-       c->flag = 0;
-       c->set  = 1;
-    } else {
-       /* ok we are adding an IV then... */
-       s128_reloadstate(c);
-
-       /* inlen must be multiple of 4 bytes */
-       if ((inlen & 3) != 0) {
-          return CRYPT_INVALID_KEYSIZE;
-       }
-
-       for (i = 0; i < inlen; i += 4) {
-           k = BYTE2WORD((unsigned char *)&in[i]);
-          ADDKEY(k);
-          cycle(c->R);
-          XORNL(nltap(c));
-       }
-
-       /* also fold in the length of the key */
-       ADDKEY(inlen);
-
-       /* now diffuse */
-       s128_diffuse(c);
-       c->nbuf = 0;
-    }
+   unsigned char buf[40];
+   unsigned long i;
+   int err;
 
-    return CRYPT_OK;
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) {
+      /* sober128_ready() was already called, do "rekey" operation */
+      if ((err = sober128_keystream(&prng->sober128.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
+      /* key 32 bytes, 20 rounds */
+      if ((err = sober128_setup(&prng->sober128.s, buf, 32)) != CRYPT_OK)       goto LBL_UNLOCK;
+      /* iv 8 bytes */
+      if ((err = sober128_setiv(&prng->sober128.s, buf + 32, 8)) != CRYPT_OK)   goto LBL_UNLOCK;
+      /* clear KEY + IV */
+      XMEMSET(buf, 0, sizeof(buf));
+   }
+   else {
+      /* sober128_ready() was not called yet, add entropy to ent buffer */
+      while (inlen--) prng->sober128.ent[prng->sober128.idx++ % sizeof(prng->sober128.ent)] ^= *in++;
+   }
+   err = CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -273,12 +92,23 @@ int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_stat
 */
 int sober128_ready(prng_state *prng)
 {
-   return prng->sober128.set == 1 ? CRYPT_OK : CRYPT_ERROR;
-}
+   int err;
 
-/* XOR pseudo-random bytes into buffer
- */
-#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, out+(z*4));
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready)                                                     { err = CRYPT_OK; goto LBL_UNLOCK; }
+   /* key 32 bytes, 20 rounds */
+   if ((err = sober128_setup(&prng->sober128.s, prng->sober128.ent, 32)) != CRYPT_OK)     goto LBL_UNLOCK;
+   /* iv 8 bytes */
+   if ((err = sober128_setiv(&prng->sober128.s, prng->sober128.ent + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
+   XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
+   prng->sober128.idx = 0;
+   prng->ready = 1;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
 
 /**
   Read from the PRNG
@@ -289,75 +119,13 @@ int sober128_ready(prng_state *prng)
 */
 unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   struct sober128_prng *c;
-   ulong32               t, tlen;
-
-   LTC_ARGCHK(out  != NULL);
-   LTC_ARGCHK(prng != NULL);
-
-#ifdef LTC_VALGRIND
-   zeromem(out, outlen);
-#endif
-
-   c = &(prng->sober128);
-   tlen = outlen;
-
-   /* handle any previously buffered bytes */
-   while (c->nbuf != 0 && outlen != 0) {
-      *out++ ^= c->sbuf & 0xFF;
-       c->sbuf >>= 8;
-       c->nbuf -= 8;
-       --outlen;
-   }
-
-#ifndef LTC_SMALL_CODE
-   /* do lots at a time, if there's enough to do */
-   while (outlen >= N*4) {
-      SROUND(0);
-      SROUND(1);
-      SROUND(2);
-      SROUND(3);
-      SROUND(4);
-      SROUND(5);
-      SROUND(6);
-      SROUND(7);
-      SROUND(8);
-      SROUND(9);
-      SROUND(10);
-      SROUND(11);
-      SROUND(12);
-      SROUND(13);
-      SROUND(14);
-      SROUND(15);
-      SROUND(16);
-      out    += 4*N;
-      outlen -= 4*N;
-   }
-#endif
-
-   /* do small or odd size buffers the slow way */
-   while (4 <= outlen) {
-      cycle(c->R);
-      t = nltap(c);
-      XORWORD(t, out);
-      out    += 4;
-      outlen -= 4;
-   }
-
-   /* handle any trailing bytes */
-   if (outlen != 0) {
-      cycle(c->R);
-      c->sbuf = nltap(c);
-      c->nbuf = 32;
-      while (c->nbuf != 0 && outlen != 0) {
-          *out++ ^= c->sbuf & 0xFF;
-          c->sbuf >>= 8;
-          c->nbuf -= 8;
-          --outlen;
-      }
-   }
-
-   return tlen;
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
+   if (sober128_keystream(&prng->sober128.s, out, outlen) != CRYPT_OK) outlen = 0;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return outlen;
 }
 
 /**
@@ -367,8 +135,13 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state
 */
 int sober128_done(prng_state *prng)
 {
+   int err;
    LTC_ARGCHK(prng != NULL);
-   return CRYPT_OK;
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+   err = sober128_stream_done(&prng->sober128.s);
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -380,20 +153,22 @@ int sober128_done(prng_state *prng)
 */
 int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 {
-   LTC_ARGCHK(outlen != NULL);
-   LTC_ARGCHK(out    != NULL);
+   unsigned long len = sober128_desc.export_size;
+
    LTC_ARGCHK(prng   != NULL);
+   LTC_ARGCHK(out    != NULL);
+   LTC_ARGCHK(outlen != NULL);
 
-   if (*outlen < 64) {
-      *outlen = 64;
+   if (*outlen < len) {
+      *outlen = len;
       return CRYPT_BUFFER_OVERFLOW;
    }
 
-   if (sober128_read(out, 64, prng) != 64) {
+   if (sober128_read(out, len, prng) != len) {
       return CRYPT_ERROR_READPRNG;
    }
-   *outlen = 64;
 
+   *outlen = len;
    return CRYPT_OK;
 }
 
@@ -407,20 +182,14 @@ int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
    int err;
-   LTC_ARGCHK(in   != NULL);
-   LTC_ARGCHK(prng != NULL);
 
-   if (inlen != 64) {
-      return CRYPT_INVALID_ARG;
-   }
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in   != NULL);
+   if (inlen < (unsigned long)sober128_desc.export_size) return CRYPT_INVALID_ARG;
 
-   if ((err = sober128_start(prng)) != CRYPT_OK) {
-      return err;
-   }
-   if ((err = sober128_add_entropy(in, 64, prng)) != CRYPT_OK) {
-      return err;
-   }
-   return sober128_ready(prng);
+   if ((err = sober128_start(prng)) != CRYPT_OK)                  return err;
+   if ((err = sober128_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
+   return CRYPT_OK;
 }
 
 /**
@@ -432,69 +201,44 @@ int sober128_test(void)
 #ifndef LTC_TEST
    return CRYPT_NOP;
 #else
-   static const struct {
-     int keylen, ivlen, len;
-     unsigned char key[16], iv[4], out[20];
-   } tests[] = {
-
-{
-   16, 4, 20,
-
-   /* key */
-   { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
-     0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 },
-
-   /* IV */
-   { 0x00, 0x00, 0x00, 0x00 },
-
-   /* expected output */
-   { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
-     0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
-     0x40, 0x37, 0x8b, 0xbb }
-}
-
-};
-   prng_state    prng;
-   unsigned char dst[20];
-   int           err, x;
+   prng_state st;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
+   unsigned char dmp[300];
+   unsigned long dmplen = sizeof(dmp);
+   unsigned char out[500];
+   unsigned char t1[] = { 0x31, 0x82, 0xA7, 0xA5, 0x8B, 0xD7, 0xCB, 0x39, 0x86, 0x1A };
+   unsigned char t2[] = { 0x6B, 0x43, 0x9E, 0xBC, 0xE7, 0x62, 0x9B, 0xE6, 0x9B, 0x83 };
+   unsigned char t3[] = { 0x4A, 0x0E, 0x6C, 0xC1, 0xCF, 0xB4, 0x73, 0x49, 0x99, 0x05 };
+   int err;
 
-   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
-       if ((err = sober128_start(&prng)) != CRYPT_OK) {
-          return err;
-       }
-       if ((err = sober128_add_entropy(tests[x].key, tests[x].keylen, &prng)) != CRYPT_OK) {
-          return err;
-       }
-       /* add IV */
-       if ((err = sober128_add_entropy(tests[x].iv, tests[x].ivlen, &prng)) != CRYPT_OK) {
-          return err;
-       }
+   if ((err = sober128_start(&st)) != CRYPT_OK)                         return err;
+   /* add entropy to uninitialized prng */
+   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t1, sizeof(t1), "SOBER128-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   /* add entropy to already initialized prng */
+   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if ((err = sober128_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t2, sizeof(t2), "SOBER128-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
+   if ((err = sober128_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
+   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "SOBER128-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
 
-       /* ready up */
-       if ((err = sober128_ready(&prng)) != CRYPT_OK) {
-          return err;
-       }
-       XMEMSET(dst, 0, tests[x].len);
-       if (sober128_read(dst, tests[x].len, &prng) != (unsigned long)tests[x].len) {
-          return CRYPT_ERROR_READPRNG;
-       }
-       sober128_done(&prng);
-       if (XMEMCMP(dst, tests[x].out, tests[x].len)) {
-#if 0
-          printf("\n\nLTC_SOBER128 failed, I got:\n");
-          for (y = 0; y < tests[x].len; y++) printf("%02x ", dst[y]);
-          printf("\n");
-#endif
-          return CRYPT_FAIL_TESTVECTOR;
-       }
-   }
    return CRYPT_OK;
 #endif
 }
 
 #endif
-
-
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */

src/prngs/sprng.c

@@ -5,8 +5,6 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 

src/prngs/yarrow.c

@@ -5,8 +5,6 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 
@@ -40,6 +38,7 @@ int yarrow_start(prng_state *prng)
    int err;
 
    LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
 
    /* these are the default hash/cipher combo used */
 #ifdef LTC_RIJNDAEL
@@ -120,7 +119,7 @@ int yarrow_start(prng_state *prng)
 
    /* zero the memory used */
    zeromem(prng->yarrow.pool, sizeof(prng->yarrow.pool));
-   LTC_MUTEX_INIT(&prng->yarrow.prng_lock)
+   LTC_MUTEX_INIT(&prng->lock)
 
    return CRYPT_OK;
 }
@@ -137,43 +136,38 @@ int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
    hash_state md;
    int err;
 
-   LTC_ARGCHK(in  != NULL);
    LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
 
    if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    /* start the hash */
    if ((err = hash_descriptor[prng->yarrow.hash].init(&md)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    /* hash the current pool */
    if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,
                                                         hash_descriptor[prng->yarrow.hash].hashsize)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    /* add the new entropy */
    if ((err = hash_descriptor[prng->yarrow.hash].process(&md, in, inlen)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    /* store result */
-   if ((err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
-   }
+   err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool);
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-   return CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -186,23 +180,21 @@ int yarrow_ready(prng_state *prng)
    int ks, err;
 
    LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+
+   LTC_MUTEX_LOCK(&prng->lock);
 
    if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    /* setup CTR mode using the "pool" as the key */
    ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
    if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
 
    if ((err = ctr_start(prng->yarrow.cipher,     /* what cipher to use */
@@ -211,11 +203,13 @@ int yarrow_ready(prng_state *prng)
                         0,                       /* number of rounds */
                         CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
                         &prng->yarrow.ctr)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return err;
+      goto LBL_UNLOCK;
    }
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-   return CRYPT_OK;
+   prng->ready = 1;
+
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
 }
 
 /**
@@ -227,20 +221,25 @@ int yarrow_ready(prng_state *prng)
 */
 unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   LTC_ARGCHK(out  != NULL);
-   LTC_ARGCHK(prng != NULL);
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+
+   LTC_MUTEX_LOCK(&prng->lock);
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   if (!prng->ready) {
+      outlen = 0;
+      goto LBL_UNLOCK;
+   }
 
    /* put out in predictable state first */
    zeromem(out, outlen);
 
    /* now randomize it */
    if (ctr_encrypt(out, out, outlen, &prng->yarrow.ctr) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-      return 0;
+      outlen = 0;
    }
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
    return outlen;
 }
 
@@ -254,14 +253,15 @@ int yarrow_done(prng_state *prng)
    int err;
    LTC_ARGCHK(prng != NULL);
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
 
    /* call cipher done when we invent one ;-) */
 
    /* we invented one */
    err = ctr_done(&prng->yarrow.ctr);
 
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_UNLOCK(&prng->lock);
    return err;
 }
 
@@ -277,22 +277,19 @@ int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
    LTC_ARGCHK(out    != NULL);
    LTC_ARGCHK(outlen != NULL);
    LTC_ARGCHK(prng   != NULL);
-
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   if (!prng->ready) return CRYPT_ERROR;
 
    /* we'll write 64 bytes for s&g's */
    if (*outlen < 64) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
       *outlen = 64;
       return CRYPT_BUFFER_OVERFLOW;
    }
 
    if (yarrow_read(out, 64, prng) != 64) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
       return CRYPT_ERROR_READPRNG;
    }
-   *outlen = 64;
 
+   *outlen = 64;
    return CRYPT_OK;
 }
 
@@ -310,20 +307,16 @@ int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng
    LTC_ARGCHK(in   != NULL);
    LTC_ARGCHK(prng != NULL);
 
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
-
    if (inlen != 64) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
       return CRYPT_INVALID_ARG;
    }
-
    if ((err = yarrow_start(prng)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
       return err;
    }
-   err = yarrow_add_entropy(in, 64, prng);
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
-   return err;
+   if ((err = yarrow_add_entropy(in, 64, prng)) != CRYPT_OK) {
+      return err;
+   }
+   return CRYPT_OK;
 }
 
 /**

src/stream/chacha/chacha_crypt.c

@@ -14,7 +14,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 #define QUARTERROUND(a,b,c,d) \
   x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 16); \

src/stream/chacha/chacha_done.c

@@ -9,7 +9,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 /**
   Terminate and clear ChaCha state

src/stream/chacha/chacha_ivctr32.c

@@ -14,7 +14,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 /**
   Set IV + counter data to the ChaCha state

src/stream/chacha/chacha_ivctr64.c

@@ -14,7 +14,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 /**
   Set IV + counter data to the ChaCha state

src/stream/chacha/chacha_keystream.c

@@ -14,7 +14,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 /**
   Generate a stream of random bytes via ChaCha

src/stream/chacha/chacha_setup.c

@@ -14,7 +14,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 static const char * const sigma = "expand 32-byte k";
 static const char * const tau   = "expand 16-byte k";

src/stream/chacha/chacha_test.c

@@ -14,7 +14,7 @@
 
 #include "tomcrypt.h"
 
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 
 int chacha_test(void)
 {
@@ -37,27 +37,28 @@ int chacha_test(void)
                           0x87, 0x4D };
    char pt[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
    chacha_state st;
+   int err;
 
    len = strlen(pt);
    /* crypt piece by piece */
-   chacha_setup(&st, k, sizeof(k), 20);
-   chacha_ivctr32(&st, n, sizeof(n), 1);
-   chacha_crypt(&st, (unsigned char*)pt,      35,       out);
-   chacha_crypt(&st, (unsigned char*)pt + 35, 35,       out + 35);
-   chacha_crypt(&st, (unsigned char*)pt + 70,  5,       out + 70);
-   chacha_crypt(&st, (unsigned char*)pt + 75,  5,       out + 75);
-   chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80);
-   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
+   if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK)                           return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt,      35,       out)) != CRYPT_OK)      return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 35, 35,       out + 35)) != CRYPT_OK) return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 70,  5,       out + 70)) != CRYPT_OK) return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 75,  5,       out + 75)) != CRYPT_OK) return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80)) != CRYPT_OK) return err;
+   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1))                      return CRYPT_FAIL_TESTVECTOR;
    /* crypt in one go */
-   chacha_setup(&st, k, sizeof(k), 20);
-   chacha_ivctr32(&st, n, sizeof(n), 1);
-   chacha_crypt(&st, (unsigned char*)pt, len, out);
-   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
+   if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK)                           return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK)                return err;
+   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1))                      return CRYPT_FAIL_TESTVECTOR;
    /* crypt in one go - using chacha_ivctr64() */
-   chacha_setup(&st, k, sizeof(k), 20);
-   chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1);
-   chacha_crypt(&st, (unsigned char*)pt, len, out);
-   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV3", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
+   if ((err = chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1)) != CRYPT_OK)                   return err;
+   if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK)                return err;
+   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV3", 1))                      return CRYPT_FAIL_TESTVECTOR;
 
    return CRYPT_OK;
 #endif

src/stream/rc4/rc4.c

@@ -0,0 +1,107 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_RC4_STREAM
+
+/**
+   Initialize an RC4 context (only the key)
+   @param st        [out] The destination of the RC4 state
+   @param key       The secret key
+   @param keylen    The length of the secret key (8 - 256 bytes)
+   @return CRYPT_OK if successful
+*/
+int rc4_setup(rc4_state *st, const unsigned char *key, unsigned long keylen)
+{
+   unsigned char tmp, *s;
+   int x, y;
+   unsigned long j;
+
+   LTC_ARGCHK(st  != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(keylen >= 5); /* 40-2048 bits */
+
+   s = st->buf;
+   for (x = 0; x < 256; x++) {
+      s[x] = x;
+   }
+
+   for (j = x = y = 0; x < 256; x++) {
+      y = (y + s[x] + key[j++]) & 255;
+      if (j == keylen) {
+         j = 0;
+      }
+      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
+   }
+   st->x = 0;
+   st->y = 0;
+
+   return CRYPT_OK;
+}
+
+/**
+   Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4
+   @param st      The RC4 state
+   @param in      The plaintext (or ciphertext)
+   @param inlen   The length of the input (octets)
+   @param out     [out] The ciphertext (or plaintext), length inlen
+   @return CRYPT_OK if successful
+*/
+int rc4_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
+{
+   unsigned char x, y, *s, tmp;
+
+   LTC_ARGCHK(st  != NULL);
+   LTC_ARGCHK(in  != NULL);
+   LTC_ARGCHK(out != NULL);
+
+   x = st->x;
+   y = st->y;
+   s = st->buf;
+   while (inlen--) {
+      x = (x + 1) & 255;
+      y = (y + s[x]) & 255;
+      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
+      tmp = (s[x] + s[y]) & 255;
+      *out++ = *in++ ^ s[tmp];
+   }
+   st->x = x;
+   st->y = y;
+   return CRYPT_OK;
+}
+
+/**
+  Generate a stream of random bytes via RC4
+  @param st      The RC420 state
+  @param out     [out] The output buffer
+  @param outlen  The output length
+  @return CRYPT_OK on success
+ */
+int rc4_keystream(rc4_state *st, unsigned char *out, unsigned long outlen)
+{
+   if (outlen == 0) return CRYPT_OK; /* nothing to do */
+   LTC_ARGCHK(out != NULL);
+   XMEMSET(out, 0, outlen);
+   return rc4_crypt(st, out, outlen, out);
+}
+
+/**
+  Terminate and clear RC4 state
+  @param st      The RC4 state
+  @return CRYPT_OK on success
+*/
+int rc4_stream_done(rc4_state *st)
+{
+   LTC_ARGCHK(st != NULL);
+   XMEMSET(st, 0, sizeof(rc4_state));
+   return CRYPT_OK;
+}
+
+#endif

src/stream/rc4/rc4_test.c

@@ -0,0 +1,35 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_RC4_STREAM
+
+int rc4_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   rc4_state st;
+   int err;
+   const unsigned char key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+   const unsigned char pt[]  = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+   const unsigned char ct[]  = { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 };
+   unsigned char buf[10];
+
+   if ((err = rc4_setup(&st, key, sizeof(key))) != CRYPT_OK)    return err;
+   if ((err = rc4_crypt(&st, pt, sizeof(pt), buf)) != CRYPT_OK) return err;
+   if (XMEMCMP(buf, ct, sizeof(ct)))                            return CRYPT_FAIL_TESTVECTOR;
+   if ((err = rc4_stream_done(&st)) != CRYPT_OK)                return err;
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif

src/stream/sober128/sober128.c

@@ -0,0 +1,344 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtom.org
+ */
+#include "tomcrypt.h"
+
+/**
+ @file sober128.c
+ Implementation of SOBER-128 by Tom St Denis.
+ Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
+*/
+
+#ifdef LTC_SOBER128
+
+#define __LTC_SOBER128TAB_C__
+#include "sober128tab.c"
+
+/* don't change these... */
+#define N                        17
+#define FOLD                      N /* how many iterations of folding to do */
+#define INITKONST        0x6996c53a /* value of KONST to use during key loading */
+#define KEYP                     15 /* where to insert key words */
+#define FOLDP                     4 /* where to insert non-linear feedback */
+
+#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
+
+static ulong32 BYTE2WORD(unsigned char *b)
+{
+   ulong32 t;
+   LOAD32L(t, b);
+   return t;
+}
+
+static void XORWORD(ulong32 w, const unsigned char *in, unsigned char *out)
+{
+   ulong32 t;
+   LOAD32L(t, in);
+   t ^= w;
+   STORE32L(t, out);
+}
+
+/* give correct offset for the current position of the register,
+ * where logically R[0] is at position "zero".
+ */
+#define OFF(zero, i) (((zero)+(i)) % N)
+
+/* step the LFSR */
+/* After stepping, "zero" moves right one place */
+#define STEP(R,z) \
+    R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
+
+static void cycle(ulong32 *R)
+{
+    ulong32 t;
+    int     i;
+
+    STEP(R,0);
+    t = R[0];
+    for (i = 1; i < N; ++i) {
+        R[i-1] = R[i];
+    }
+    R[N-1] = t;
+}
+
+/* Return a non-linear function of some parts of the register.
+ */
+#define NLFUNC(c,z) \
+{ \
+    t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
+    t ^= Sbox[(t >> 24) & 0xFF]; \
+    t = RORc(t, 8); \
+    t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
+    t ^= Sbox[(t >> 24) & 0xFF]; \
+    t = t + c->R[OFF(z,13)]; \
+}
+
+static ulong32 nltap(sober128_state *c)
+{
+    ulong32 t;
+    NLFUNC(c, 0);
+    return t;
+}
+
+/* Save the current register state
+ */
+static void s128_savestate(sober128_state *c)
+{
+    int i;
+    for (i = 0; i < N; ++i) {
+        c->initR[i] = c->R[i];
+    }
+}
+
+/* initialise to previously saved register state
+ */
+static void s128_reloadstate(sober128_state *c)
+{
+    int i;
+
+    for (i = 0; i < N; ++i) {
+        c->R[i] = c->initR[i];
+    }
+}
+
+/* Initialise "konst"
+ */
+static void s128_genkonst(sober128_state *c)
+{
+    ulong32 newkonst;
+
+    do {
+       cycle(c->R);
+       newkonst = nltap(c);
+    } while ((newkonst & 0xFF000000) == 0);
+    c->konst = newkonst;
+}
+
+/* Load key material into the register
+ */
+#define ADDKEY(k) \
+   c->R[KEYP] += (k);
+
+#define XORNL(nl) \
+   c->R[FOLDP] ^= (nl);
+
+/* nonlinear diffusion of register for key */
+#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
+static void s128_diffuse(sober128_state *c)
+{
+    ulong32 t;
+    /* relies on FOLD == N == 17! */
+    DROUND(0);
+    DROUND(1);
+    DROUND(2);
+    DROUND(3);
+    DROUND(4);
+    DROUND(5);
+    DROUND(6);
+    DROUND(7);
+    DROUND(8);
+    DROUND(9);
+    DROUND(10);
+    DROUND(11);
+    DROUND(12);
+    DROUND(13);
+    DROUND(14);
+    DROUND(15);
+    DROUND(16);
+}
+
+/**
+   Initialize an Sober128 context (only the key)
+   @param c         [out] The destination of the Sober128 state
+   @param key       The secret key
+   @param keylen    The length of the secret key (octets)
+   @return CRYPT_OK if successful
+*/
+int sober128_setup(sober128_state *c, const unsigned char *key, unsigned long keylen)
+{
+   ulong32 i, k;
+
+   LTC_ARGCHK(c   != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(keylen > 0);
+
+   /* keylen must be multiple of 4 bytes */
+   if ((keylen & 3) != 0) {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+
+   /* Register initialised to Fibonacci numbers */
+   c->R[0] = 1;
+   c->R[1] = 1;
+   for (i = 2; i < N; ++i) {
+      c->R[i] = c->R[i-1] + c->R[i-2];
+   }
+   c->konst = INITKONST;
+
+   for (i = 0; i < keylen; i += 4) {
+      k = BYTE2WORD((unsigned char *)&key[i]);
+      ADDKEY(k);
+      cycle(c->R);
+      XORNL(nltap(c));
+   }
+
+   /* also fold in the length of the key */
+   ADDKEY(keylen);
+
+   /* now diffuse */
+   s128_diffuse(c);
+   s128_genkonst(c);
+   s128_savestate(c);
+   c->nbuf = 0;
+
+   return CRYPT_OK;
+}
+
+/**
+  Set IV to the Sober128 state
+  @param c       The Sober12820 state
+  @param iv      The IV data to add
+  @param inlen   The length of the IV (must be 12)
+  @return CRYPT_OK on success
+ */
+int sober128_setiv(sober128_state *c, const unsigned char *iv, unsigned long ivlen)
+{
+   ulong32 i, k;
+
+   LTC_ARGCHK(c  != NULL);
+   LTC_ARGCHK(iv != NULL);
+   LTC_ARGCHK(ivlen > 0);
+
+   /* ok we are adding an IV then... */
+   s128_reloadstate(c);
+
+   /* ivlen must be multiple of 4 bytes */
+   if ((ivlen & 3) != 0) {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+
+   for (i = 0; i < ivlen; i += 4) {
+      k = BYTE2WORD((unsigned char *)&iv[i]);
+      ADDKEY(k);
+      cycle(c->R);
+      XORNL(nltap(c));
+   }
+
+   /* also fold in the length of the key */
+   ADDKEY(ivlen);
+
+   /* now diffuse */
+   s128_diffuse(c);
+   c->nbuf = 0;
+
+   return CRYPT_OK;
+}
+
+/* XOR pseudo-random bytes into buffer
+ */
+#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, in+(z*4), out+(z*4));
+
+/**
+   Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sober128
+   @param c       The Sober128 state
+   @param in      The plaintext (or ciphertext)
+   @param inlen   The length of the input (octets)
+   @param out     [out] The ciphertext (or plaintext), length inlen
+   @return CRYPT_OK if successful
+*/
+int sober128_crypt(sober128_state *c, const unsigned char *in, unsigned long inlen, unsigned char *out)
+{
+   ulong32 t;
+
+   if (inlen == 0) return CRYPT_OK; /* nothing to do */
+   LTC_ARGCHK(out != NULL);
+   LTC_ARGCHK(c   != NULL);
+
+   /* handle any previously buffered bytes */
+   while (c->nbuf != 0 && inlen != 0) {
+      *out++ = *in++ ^ (c->sbuf & 0xFF);
+      c->sbuf >>= 8;
+      c->nbuf -= 8;
+      --inlen;
+   }
+
+#ifndef LTC_SMALL_CODE
+   /* do lots at a time, if there's enough to do */
+   while (inlen >= N*4) {
+      SROUND(0);
+      SROUND(1);
+      SROUND(2);
+      SROUND(3);
+      SROUND(4);
+      SROUND(5);
+      SROUND(6);
+      SROUND(7);
+      SROUND(8);
+      SROUND(9);
+      SROUND(10);
+      SROUND(11);
+      SROUND(12);
+      SROUND(13);
+      SROUND(14);
+      SROUND(15);
+      SROUND(16);
+      out    += 4*N;
+      in     += 4*N;
+      inlen  -= 4*N;
+   }
+#endif
+
+   /* do small or odd size buffers the slow way */
+   while (4 <= inlen) {
+      cycle(c->R);
+      t = nltap(c);
+      XORWORD(t, in, out);
+      out    += 4;
+      in     += 4;
+      inlen  -= 4;
+   }
+
+   /* handle any trailing bytes */
+   if (inlen != 0) {
+      cycle(c->R);
+      c->sbuf = nltap(c);
+      c->nbuf = 32;
+      while (c->nbuf != 0 && inlen != 0) {
+          *out++ = *in++ ^ (c->sbuf & 0xFF);
+          c->sbuf >>= 8;
+          c->nbuf -= 8;
+          --inlen;
+      }
+   }
+
+   return CRYPT_OK;
+}
+
+int sober128_keystream(sober128_state *c, unsigned char *out, unsigned long outlen)
+{
+   if (outlen == 0) return CRYPT_OK; /* nothing to do */
+   LTC_ARGCHK(out != NULL);
+   XMEMSET(out, 0, outlen);
+   return sober128_crypt(c, out, outlen, out);
+}
+
+/**
+  Terminate and clear Sober128 state
+  @param c       The Sober128 state
+  @return CRYPT_OK on success
+*/
+int sober128_stream_done(sober128_state *c)
+{
+   LTC_ARGCHK(c != NULL);
+   XMEMSET(c, 0, sizeof(sober128_state));
+   return CRYPT_OK;
+}
+
+#endif

src/stream/sober128/sober128_test.c

@@ -0,0 +1,49 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_SOBER128
+
+int sober128_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   unsigned char key[16] = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
+                             0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 };
+   unsigned char iv[4]   = { 0x00, 0x00, 0x00, 0x00 };
+   unsigned char out[20] = { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
+                             0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
+                             0x40, 0x37, 0x8b, 0xbb };
+   int err, len = 20;
+   unsigned char  src[20], dst[20];
+   sober128_state st;
+
+   XMEMSET(src, 0, len); /* input */
+   if ((err = sober128_setup(&st, key, sizeof(key))) != CRYPT_OK) return err;
+   if ((err = sober128_setiv(&st, iv, sizeof(iv))) != CRYPT_OK)   return err;
+   if ((err = sober128_crypt(&st, src, len, dst)) != CRYPT_OK)    return err;
+   if ((err = sober128_stream_done(&st)) != CRYPT_OK)             return err;
+   if (XMEMCMP(dst, out, len)) {
+#if 0
+      int y;
+      printf("\nLTC_SOBER128 failed, I got:\n");
+      for (y = 0; y < len; y++) printf("%02x ", dst[y]);
+      printf("\nLTC_SOBER128 failed, expected:\n");
+      for (y = 0; y < len; y++) printf("%02x ", out[y]);
+      printf("\n");
+#endif
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+   return CRYPT_OK;
+#endif
+}
+
+#endif

testprof/cipher_hash_test.c

@@ -14,10 +14,16 @@ int cipher_hash_test(void)
       DOX(cipher_descriptor[x].test(), cipher_descriptor[x].name);
    }
 
-#ifdef LTC_CHACHA
-   /* ChaCha is a special case (stream cipher) */
+   /* stream ciphers */
+#ifdef LTC_CHACHA_STREAM
    DO(chacha_test());
 #endif
+#ifdef LTC_RC4_STREAM
+   DO(rc4_test());
+#endif
+#ifdef LTC_SOBER128_STREAM
+   DO(sober128_test());
+#endif
 
    /* test hashes */
    for (x = 0; hash_descriptor[x].name != NULL; x++) {

testprof/x86_prof.c

@@ -342,7 +342,7 @@ static void _unregister_all(void)
 #ifdef LTC_RC4
   unregister_prng(&rc4_desc);
 #endif
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_PRNG
   unregister_prng(&chacha20_prng_desc);
 #endif
 #ifdef LTC_SOBER128
@@ -524,7 +524,7 @@ register_prng(&fortuna_desc);
 #ifdef LTC_RC4
 register_prng(&rc4_desc);
 #endif
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_PRNG
 register_prng(&chacha20_prng_desc);
 #endif
 #ifdef LTC_SOBER128