AuroraMiddleware/libtomcrypt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

RFC 7539 - ChaCha20 and Poly1305 + chacha based PRNG

Browse Source
This commit is contained in:
Karel Miko 2017-03-21 19:42:54 +01:00
parent 6844275e82
commit ff6abc776c
37 changed files with 1831 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
libtomcrypt_VS2008.vcproj
View File

@ -591,6 +591,46 @@
>
</File>
</Filter>
<Filter
Name="chachapoly"
>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_add_aad.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_decrypt.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_done.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_encrypt.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_init.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_memory.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_setiv.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_setiv_rfc7905.c"
>
</File>
<File
RelativePath="src\encauth\chachapoly\chacha20poly1305_test.c"
>
</File>
</Filter>
<Filter
Name="eax"
>
@ -1147,6 +1187,30 @@
>
</File>
</Filter>
<Filter
Name="poly1305"
>
<File
RelativePath="src\mac\poly1305\poly1305.c"
>
</File>
<File
RelativePath="src\mac\poly1305\poly1305_file.c"
>
</File>
<File
RelativePath="src\mac\poly1305\poly1305_memory.c"
>
</File>
<File
RelativePath="src\mac\poly1305\poly1305_memory_multi.c"
>
</File>
<File
RelativePath="src\mac\poly1305\poly1305_test.c"
>
</File>
</Filter>
<Filter
Name="xcbc"
>
@ -2207,6 +2271,10 @@
<Filter
Name="prngs"
>
<File
RelativePath="src\prngs\chacha.c"
>
</File>
<File
RelativePath="src\prngs\fortuna.c"
>
@ -2280,6 +2348,38 @@
>
</File>
</Filter>
<Filter
Name="stream"
>
<Filter
Name="chacha"
>
<File
RelativePath="src\stream\chacha\chacha_crypt.c"
>
</File>
<File
RelativePath="src\stream\chacha\chacha_ivctr32.c"
>
</File>
<File
RelativePath="src\stream\chacha\chacha_ivctr64.c"
>
</File>
<File
RelativePath="src\stream\chacha\chacha_keystream.c"
>
</File>
<File
RelativePath="src\stream\chacha\chacha_setup.c"
>
</File>
<File
RelativePath="src\stream\chacha\chacha_test.c"
>
</File>
</Filter>
</Filter>
</Files>
<Globals>
</Globals>

34
makefile
View File

@ -49,15 +49,20 @@ src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphe
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
@ -81,7 +86,9 @@ src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
@ -173,8 +180,11 @@ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_en
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
src/pk/rsa/rsa_verify_hash.o src/prngs/chacha.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_ivctr32.o \
src/stream/chacha/chacha_ivctr64.o src/stream/chacha/chacha_keystream.o \
src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

34
makefile.icc
View File

@ -106,15 +106,20 @@ src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphe
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
@ -138,7 +143,9 @@ src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
@ -230,8 +237,11 @@ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_en
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
src/pk/rsa/rsa_verify_hash.o src/prngs/chacha.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_ivctr32.o \
src/stream/chacha/chacha_ivctr64.o src/stream/chacha/chacha_keystream.o \
src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

34
makefile.mingw
View File

@ -42,15 +42,20 @@ src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphe
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
@ -74,7 +79,9 @@ src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
@ -166,8 +173,11 @@ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_en
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
src/pk/rsa/rsa_verify_hash.o src/prngs/chacha.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_ivctr32.o \
src/stream/chacha/chacha_ivctr64.o src/stream/chacha/chacha_keystream.o \
src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

34
makefile.msvc
View File

@ -16,15 +16,20 @@ src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/saferp.obj src
src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_add_aad.obj \
src/encauth/ccm/ccm_add_nonce.obj src/encauth/ccm/ccm_done.obj src/encauth/ccm/ccm_init.obj \
src/encauth/ccm/ccm_memory.obj src/encauth/ccm/ccm_process.obj src/encauth/ccm/ccm_reset.obj \
src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj src/encauth/eax/eax_encrypt.obj \
src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_init.obj \
src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj src/encauth/gcm/gcm_add_iv.obj \
src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj src/encauth/gcm/gcm_init.obj \
src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj src/encauth/gcm/gcm_process.obj \
src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj \
src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \
src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
src/encauth/ccm/ccm_test.obj src/encauth/chachapoly/chacha20poly1305_add_aad.obj \
src/encauth/chachapoly/chacha20poly1305_decrypt.obj src/encauth/chachapoly/chacha20poly1305_done.obj \
src/encauth/chachapoly/chacha20poly1305_encrypt.obj src/encauth/chachapoly/chacha20poly1305_init.obj \
src/encauth/chachapoly/chacha20poly1305_memory.obj src/encauth/chachapoly/chacha20poly1305_setiv.obj \
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.obj \
src/encauth/chachapoly/chacha20poly1305_test.obj src/encauth/eax/eax_addheader.obj \
src/encauth/eax/eax_decrypt.obj src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \
src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj \
src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \
@ -48,7 +53,9 @@ src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj src/mac/pelican/pelican
src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj src/mac/pmac/pmac_done.obj \
src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \
src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/mac/xcbc/xcbc_done.obj \
src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/mac/poly1305/poly1305.obj \
src/mac/poly1305/poly1305_file.obj src/mac/poly1305/poly1305_memory.obj \
src/mac/poly1305/poly1305_memory_multi.obj src/mac/poly1305/poly1305_test.obj src/mac/xcbc/xcbc_done.obj \
src/mac/xcbc/xcbc_file.obj src/mac/xcbc/xcbc_init.obj src/mac/xcbc/xcbc_memory.obj \
src/mac/xcbc/xcbc_memory_multi.obj src/mac/xcbc/xcbc_process.obj src/mac/xcbc/xcbc_test.obj \
src/math/fp/ltc_ecc_fp_mulmod.obj src/math/gmp_desc.obj src/math/ltm_desc.obj src/math/multi.obj \
@ -140,8 +147,11 @@ src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rs
src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_get_size.obj \
src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_radix.obj src/pk/rsa/rsa_import_x509.obj \
src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_sign_saltlen_get.obj \
src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj \
src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj
src/pk/rsa/rsa_verify_hash.obj src/prngs/chacha.obj src/prngs/fortuna.obj src/prngs/rc4.obj \
src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj \
src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_ivctr32.obj \
src/stream/chacha/chacha_ivctr64.obj src/stream/chacha/chacha_keystream.obj \
src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

34
makefile.shared
View File

@ -39,15 +39,20 @@ src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphe
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
@ -71,7 +76,9 @@ src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
@ -163,8 +170,11 @@ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_en
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
src/pk/rsa/rsa_verify_hash.o src/prngs/chacha.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_ivctr32.o \
src/stream/chacha/chacha_ivctr64.o src/stream/chacha/chacha_keystream.o \
src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

34
makefile.unix
View File

@ -47,15 +47,20 @@ src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphe
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
@ -79,7 +84,9 @@ src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
@ -171,8 +178,11 @@ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_en
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_radix.o src/pk/rsa/rsa_import_x509.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_sign_saltlen_get.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
src/pk/rsa/rsa_verify_hash.o src/prngs/chacha.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o \
src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_ivctr32.o \
src/stream/chacha/chacha_ivctr64.o src/stream/chacha/chacha_keystream.o \
src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o
HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \

34
src/encauth/chachapoly/chacha20poly1305_add_aad.c Normal file
View File

@ -0,0 +1,34 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Add AAD to the ChaCha20Poly1305 state
@param st The ChaCha20Poly1305 state
@param in The additional authentication data to add to the ChaCha20Poly1305 state
@param inlen The length of the ChaCha20Poly1305 data.
@return CRYPT_OK on success
*/
int chacha20poly1305_add_aad(chachapoly_state *st, const unsigned char *in, unsigned long inlen)
{
int err;
if (inlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(st != NULL);
if (st->aadflg == 0) return CRYPT_ERROR;
if ((err = poly1305_process(&st->poly, in, inlen)) != CRYPT_OK) return err;
st->aadlen += (ulong64)inlen;
return CRYPT_OK;
}
#endif

44
src/encauth/chachapoly/chacha20poly1305_decrypt.c Normal file
View File

@ -0,0 +1,44 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Decrypt bytes of ciphertext with ChaCha20Poly1305
@param st The ChaCha20Poly1305 state
@param in The ciphertext
@param inlen The length of the input (octets)
@param out [out] The plaintext (length inlen)
@return CRYPT_OK if successful
*/
int chacha20poly1305_decrypt(chachapoly_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
int err;
if (inlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(st != NULL);
if (st->aadflg) {
if ((padlen = 16 - (st->aadlen % 16)) < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
st->aadflg = 0; /* no more AAD */
}
if (st->aadflg) st->aadflg = 0; /* no more AAD */
if ((err = poly1305_process(&st->poly, in, inlen)) != CRYPT_OK) return err;
if ((err = chacha_crypt(&st->chacha, in, inlen, out)) != CRYPT_OK) return err;
st->ctlen += (ulong64)inlen;
return CRYPT_OK;
}
#endif

41
src/encauth/chachapoly/chacha20poly1305_done.c Normal file
View File

@ -0,0 +1,41 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Terminate a ChaCha20Poly1305 stream
@param st The ChaCha20Poly1305 state
@param tag [out] The destination for the MAC tag
@param taglen [in/out] The length of the MAC tag
@return CRYPT_OK on success
*/
int chacha20poly1305_done(chachapoly_state *st, unsigned char *tag, unsigned long *taglen)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
unsigned char buf[16];
int err;
LTC_ARGCHK(st != NULL);
padlen = 16 - (st->ctlen % 16);
if (padlen < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
STORE64L(st->aadlen, buf);
STORE64L(st->ctlen, buf + 8);
if ((err = poly1305_process(&st->poly, buf, 16)) != CRYPT_OK) return err;
if ((err = poly1305_done(&st->poly, tag, taglen)) != CRYPT_OK) return err;
return CRYPT_OK;
}
#endif

44
src/encauth/chachapoly/chacha20poly1305_encrypt.c Normal file
View File

@ -0,0 +1,44 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Encrypt bytes of ciphertext with ChaCha20Poly1305
@param st The ChaCha20Poly1305 state
@param in The plaintext
@param inlen The length of the input (octets)
@param out [out] The ciphertext (length inlen)
@return CRYPT_OK if successful
*/
int chacha20poly1305_encrypt(chachapoly_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
int err;
if (inlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(st != NULL);
if ((err = chacha_crypt(&st->chacha, in, inlen, out)) != CRYPT_OK) return err;
if (st->aadflg) {
padlen = 16 - (st->aadlen % 16);
if (padlen < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
st->aadflg = 0; /* no more AAD */
}
if ((err = poly1305_process(&st->poly, out, inlen)) != CRYPT_OK) return err;
st->ctlen += (ulong64)inlen;
return CRYPT_OK;
}
#endif

26
src/encauth/chachapoly/chacha20poly1305_init.c Normal file
View File

@ -0,0 +1,26 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Initialize an ChaCha20Poly1305 context (only the key)
@param st [out] The destination of the ChaCha20Poly1305 state
@param key The secret key
@param keylen The length of the secret key (octets)
@return CRYPT_OK if successful
*/
int chacha20poly1305_init(chachapoly_state *st, const unsigned char *key, unsigned long keylen)
{
return chacha_setup(&st->chacha, key, keylen, 20);
}
#endif

70
src/encauth/chachapoly/chacha20poly1305_memory.c Normal file
View File

@ -0,0 +1,70 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Process an entire GCM packet in one call.
@param key The secret key
@param keylen The length of the secret key
@param iv The initial vector
@param ivlen The length of the initial vector
@param aad The additional authentication data (header)
@param aadlen The length of the aad
@param in The plaintext
@param inlen The length of the plaintext (ciphertext length is the same)
@param out The ciphertext
@param tag [out] The MAC tag
@param taglen [in/out] The MAC tag length
@param direction Encrypt or Decrypt mode (CHCHA20POLY1305_ENCRYPT or CHCHA20POLY1305_DECRYPT)
@return CRYPT_OK on success
*/
int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
const unsigned char *iv, unsigned long ivlen,
const unsigned char *aad, unsigned long aadlen,
const unsigned char *in, unsigned long inlen,
unsigned char *out,
unsigned char *tag, unsigned long *taglen,
int direction)
{
chachapoly_state st;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(tag != NULL);
if ((err = chacha20poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = chacha20poly1305_setiv(&st, iv, ivlen)) != CRYPT_OK) { goto LBL_ERR; }
if (aad && aadlen > 0) {
if ((err = chacha20poly1305_add_aad(&st, aad, aadlen)) != CRYPT_OK) { goto LBL_ERR; }
}
if (direction == CHCHA20POLY1305_ENCRYPT) {
if ((err = chacha20poly1305_encrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
}
else if (direction == CHCHA20POLY1305_DECRYPT) {
if ((err = chacha20poly1305_decrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
}
else {
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
}
err = chacha20poly1305_done(&st, tag, taglen);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(&st, sizeof(chachapoly_state));
#endif
return err;
}
#endif

64
src/encauth/chachapoly/chacha20poly1305_setiv.c Normal file
View File

@ -0,0 +1,64 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Set IV + counter data to the ChaCha20Poly1305 state and reset the context
@param st The ChaCha20Poly1305 state
@param iv The IV data to add
@param inlen The length of the IV (must be 12 or 8)
@return CRYPT_OK on success
*/
int chacha20poly1305_setiv(chachapoly_state *st, const unsigned char *iv, unsigned long ivlen)
{
chacha_state tmp_st;
int i, err;
unsigned char polykey[32];
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(ivlen == 12 || ivlen == 8);
/* set IV for chacha20 */
if (ivlen == 12) {
/* IV 96bit */
if ((err = chacha_ivctr32(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err;
}
else {
/* IV 64bit */
if ((err = chacha_ivctr64(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err;
}
/* copy chacha20 key to temporary state */
for(i = 0; i < 12; i++) tmp_st.input[i] = st->chacha.input[i];
tmp_st.rounds = 20;
/* set IV */
if (ivlen == 12) {
/* IV 32bit */
if ((err = chacha_ivctr32(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err;
}
else {
/* IV 64bit */
if ((err = chacha_ivctr64(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err;
}
/* (re)generate new poly1305 key */
if ((err = chacha_keystream(&tmp_st, polykey, 32)) != CRYPT_OK) return err;
/* (re)initialise poly1305 */
if ((err = poly1305_init(&st->poly, polykey, 32)) != CRYPT_OK) return err;
st->ctlen = 0;
st->aadlen = 0;
st->aadflg = 1;
return CRYPT_OK;
}
#endif

36
src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.c Normal file
View File

@ -0,0 +1,36 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Set IV + counter data (with RFC7905-magic) to the ChaCha20Poly1305 state and reset the context
@param st The ChaCha20Poly1305 state
@param iv The IV data to add
@param inlen The length of the IV (must be 12 or 8)
@param sequence_number 64bit sequence number which is incorporated into IV as described in RFC7905
@return CRYPT_OK on success
*/
int chacha20poly1305_setiv_rfc7905(chachapoly_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number)
{
int i;
unsigned char combined_iv[12] = { 0 };
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(ivlen == 12);
STORE64L(sequence_number, combined_iv + 4);
for (i = 0; i < 12; i++) combined_iv[i] = iv[i] ^ combined_iv[i];
return chacha20poly1305_setiv(st, combined_iv, 12);
}
#endif

70
src/encauth/chachapoly/chacha20poly1305_test.c Normal file
View File

@ -0,0 +1,70 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA20POLY1305_MODE
int chacha20poly1305_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
chachapoly_state st1, st2;
unsigned char k[] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f };
unsigned char iv[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
unsigned char aad[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
unsigned char enc[] = { 0xD3, 0x1A, 0x8D, 0x34, 0x64, 0x8E, 0x60, 0xDB, 0x7B, 0x86, 0xAF, 0xBC, 0x53, 0xEF, 0x7E, 0xC2,
0xA4, 0xAD, 0xED, 0x51, 0x29, 0x6E, 0x08, 0xFE, 0xA9, 0xE2, 0xB5, 0xA7, 0x36, 0xEE, 0x62, 0xD6,
0x3D, 0xBE, 0xA4, 0x5E, 0x8C, 0xA9, 0x67, 0x12, 0x82, 0xFA, 0xFB, 0x69, 0xDA, 0x92, 0x72, 0x8B,
0x1A, 0x71, 0xDE, 0x0A, 0x9E, 0x06, 0x0B, 0x29, 0x05, 0xD6, 0xA5, 0xB6, 0x7E, 0xCD, 0x3B, 0x36,
0x92, 0xDD, 0xBD, 0x7F, 0x2D, 0x77, 0x8B, 0x8C, 0x98, 0x03, 0xAE, 0xE3, 0x28, 0x09, 0x1B, 0x58,
0xFA, 0xB3, 0x24, 0xE4, 0xFA, 0xD6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8B, 0x48, 0x31, 0xD7, 0xBC,
0x3F, 0xF4, 0xDE, 0xF0, 0x8E, 0x4B, 0x7A, 0x9D, 0xE5, 0x76, 0xD2, 0x65, 0x86, 0xCE, 0xC6, 0x4B,
0x61, 0x16 };
unsigned char tag[] = { 0x1A, 0xE1, 0x0B, 0x59, 0x4F, 0x09, 0xE2, 0x6A, 0x7E, 0x90, 0x2E, 0xCB, 0xD0, 0x60, 0x06, 0x91 };
char m[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
unsigned long mlen = strlen(m);
unsigned long len;
unsigned char ct[1000], pt[1000], emac[16], dmac[16];
/* encrypt */
chacha20poly1305_init(&st1, k, sizeof(k));
chacha20poly1305_setiv(&st1, iv, sizeof(iv));
chacha20poly1305_add_aad(&st1, aad, sizeof(aad));
/* encrypt piece by piece */
chacha20poly1305_encrypt(&st1, (unsigned char *)m, 25, ct);
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 25, 10, ct + 25);
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 35, 35, ct + 35);
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 70, 5, ct + 70);
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 75, 5, ct + 75);
chacha20poly1305_encrypt(&st1, (unsigned char *)m + 80, mlen - 80, ct + 80);
len = sizeof(emac);
chacha20poly1305_done(&st1, emac, &len);
if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
/* decrypt */
chacha20poly1305_init(&st2, k, len = sizeof(k));
chacha20poly1305_setiv(&st2, iv, len = sizeof(iv));
chacha20poly1305_add_aad(&st2, aad, len = sizeof(aad));
chacha20poly1305_decrypt(&st2, ct, 21, pt);
chacha20poly1305_decrypt(&st2, ct + 21, mlen - 21, pt + 21);
len = sizeof(dmac);
chacha20poly1305_done(&st2, dmac, &len);
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(dmac, len, tag, sizeof(tag), "DEC-TAG", 4) != 0) return CRYPT_FAIL_TESTVECTOR;
return CRYPT_OK;
#endif
};
#endif

21
src/headers/tomcrypt_cipher.h
View File

@ -937,6 +937,27 @@ int cipher_is_valid(int idx);
LTC_MUTEX_PROTO(ltc_cipher_mutex)
/* ---- stream ciphers ---- */
#ifdef LTC_CHACHA
typedef struct {
ulong32 input[16];
unsigned char kstream[64];
unsigned long ksleft;
unsigned long ivlen;
int rounds;
} chacha_state;
int chacha_setup(chacha_state *st, const unsigned char *key, unsigned long keylen, int rounds);
int chacha_ivctr32(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong32 counter);
int chacha_ivctr64(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 counter);
int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen);
int chacha_test(void);
#endif /* LTC_CHACHA */
/* $Source$ */
/* $Revision$ */
/* $Date$ */

8
src/headers/tomcrypt_custom.h
View File

@ -189,6 +189,8 @@
#define LTC_KASUMI
#define LTC_MULTI2
#define LTC_CAMELLIA
/* ChaCha is special (a stream cipher) */
#define LTC_CHACHA
#endif /* LTC_NO_CIPHERS */
@ -255,6 +257,7 @@
#define LTC_XCBC
#define LTC_F9_MODE
#define LTC_PELICAN
#define LTC_POLY1305
/* ---> Encrypt + Authenticate Modes <--- */
@ -264,6 +267,7 @@
#define LTC_OCB3_MODE
#define LTC_CCM_MODE
#define LTC_GCM_MODE
#define LTC_CHACHA20POLY1305_MODE
/* Use 64KiB tables */
#ifndef LTC_NO_TABLES
@ -504,6 +508,10 @@
#error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled
#endif
#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305))
#error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305
#endif
/* THREAD management */
#ifdef LTC_PTHREAD

50
src/headers/tomcrypt_mac.h
View File

@ -96,6 +96,26 @@ void pmac_shift_xor(pmac_state *pmac);
#endif /* PMAC */
#ifdef LTC_POLY1305
typedef struct {
ulong32 r[5];
ulong32 h[5];
ulong32 pad[4];
unsigned long leftover;
unsigned char buffer[16];
int final;
} poly_state;
int poly1305_init(poly_state *st, const unsigned char *key, unsigned long keylen);
int poly1305_process(poly_state *st, const unsigned char *in, unsigned long inlen);
int poly1305_done(poly_state *st, unsigned char *mac, unsigned long *maclen);
int poly1305_test(void);
int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
int poly1305_test(void);
#endif /* LTC_POLY1305 */
#ifdef LTC_EAX_MODE
#if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
@ -477,6 +497,36 @@ int f9_test(void);
#endif
#ifdef LTC_CHACHA20POLY1305_MODE
typedef struct {
poly_state poly;
chacha_state chacha;
ulong64 aadlen;
ulong64 ctlen;
int aadflg;
} chachapoly_state;
#define CHCHA20POLY1305_ENCRYPT 0
#define CHCHA20POLY1305_DECRYPT 1
int chacha20poly1305_init(chachapoly_state *st, const unsigned char *key, unsigned long keylen);
int chacha20poly1305_setiv(chachapoly_state *st, const unsigned char *iv, unsigned long ivlen);
int chacha20poly1305_setiv_rfc7905(chachapoly_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number);
int chacha20poly1305_add_aad(chachapoly_state *st, const unsigned char *in, unsigned long inlen);
int chacha20poly1305_encrypt(chachapoly_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
int chacha20poly1305_decrypt(chachapoly_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
int chacha20poly1305_done(chachapoly_state *st, unsigned char *tag, unsigned long *taglen);
int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
const unsigned char *iv, unsigned long ivlen,
const unsigned char *aad, unsigned long aadlen,
const unsigned char *in, unsigned long inlen,
unsigned char *out,
unsigned char *tag, unsigned long *taglen,
int direction);
int chacha20poly1305_test(void);
#endif /* LTC_CHACHA20POLY1305_MODE */
/* $Source$ */
/* $Revision$ */

24
src/headers/tomcrypt_prng.h
View File

@ -15,6 +15,15 @@ struct rc4_prng {
};
#endif
#ifdef LTC_CHACHA
struct chacha_prng {
chacha_state s; /* chacha state */
unsigned char ent[40]; /* entropy buffer */
unsigned long idx; /* entropy counter */
short ready; /* ready flag 0-1 */
};
#endif
#ifdef LTC_FORTUNA
struct fortuna_prng {
hash_state pool[LTC_FORTUNA_POOLS]; /* the pools */
@ -55,6 +64,9 @@ typedef union Prng_state {
#ifdef LTC_RC4
struct rc4_prng rc4;
#endif
#ifdef LTC_CHACHA
struct chacha_prng chacha;
#endif
#ifdef LTC_FORTUNA
struct fortuna_prng fortuna;
#endif
@ -154,6 +166,18 @@ int rc4_test(void);
extern const struct ltc_prng_descriptor rc4_desc;
#endif
#ifdef LTC_CHACHA
int chacha_prng_start(prng_state *prng);
int chacha_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
int chacha_prng_ready(prng_state *prng);
unsigned long chacha_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng);
int chacha_prng_done(prng_state *prng);
int chacha_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int chacha_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int chacha_prng_test(void);
extern const struct ltc_prng_descriptor chacha_prng_desc;
#endif
#ifdef LTC_SPRNG
int sprng_start(prng_state *prng);
int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);

264
src/mac/poly1305/poly1305.c Normal file
View File

@ -0,0 +1,264 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* Public Domain poly1305 from Andrew Moon
* https://github.com/floodyberry/poly1305-donna
*/
#include "tomcrypt.h"
#ifdef LTC_POLY1305
/* internal only */
static void _poly1305_block(poly_state *st, const unsigned char *in, unsigned long inlen)
{
const unsigned long hibit = (st->final) ? 0 : (1UL << 24); /* 1 << 128 */
ulong32 r0,r1,r2,r3,r4;
ulong32 s1,s2,s3,s4;
ulong32 h0,h1,h2,h3,h4;
ulong32 tmp;
ulong64 d0,d1,d2,d3,d4;
ulong32 c;
r0 = st->r[0];
r1 = st->r[1];
r2 = st->r[2];
r3 = st->r[3];
r4 = st->r[4];
s1 = r1 * 5;
s2 = r2 * 5;
s3 = r3 * 5;
s4 = r4 * 5;
h0 = st->h[0];
h1 = st->h[1];
h2 = st->h[2];
h3 = st->h[3];
h4 = st->h[4];
while (inlen >= 16) {
/* h += in[i] */
LOAD32L(tmp, in+ 0); h0 += (tmp ) & 0x3ffffff;
LOAD32L(tmp, in+ 3); h1 += (tmp >> 2) & 0x3ffffff;
LOAD32L(tmp, in+ 6); h2 += (tmp >> 4) & 0x3ffffff;
LOAD32L(tmp, in+ 9); h3 += (tmp >> 6) & 0x3ffffff;
LOAD32L(tmp, in+12); h4 += (tmp >> 8) | hibit;
/* h *= r */
d0 = ((ulong64)h0 * r0) + ((ulong64)h1 * s4) + ((ulong64)h2 * s3) + ((ulong64)h3 * s2) + ((ulong64)h4 * s1);
d1 = ((ulong64)h0 * r1) + ((ulong64)h1 * r0) + ((ulong64)h2 * s4) + ((ulong64)h3 * s3) + ((ulong64)h4 * s2);
d2 = ((ulong64)h0 * r2) + ((ulong64)h1 * r1) + ((ulong64)h2 * r0) + ((ulong64)h3 * s4) + ((ulong64)h4 * s3);
d3 = ((ulong64)h0 * r3) + ((ulong64)h1 * r2) + ((ulong64)h2 * r1) + ((ulong64)h3 * r0) + ((ulong64)h4 * s4);
d4 = ((ulong64)h0 * r4) + ((ulong64)h1 * r3) + ((ulong64)h2 * r2) + ((ulong64)h3 * r1) + ((ulong64)h4 * r0);
/* (partial) h %= p */
c = (ulong32)(d0 >> 26); h0 = (ulong32)d0 & 0x3ffffff;
d1 += c; c = (ulong32)(d1 >> 26); h1 = (ulong32)d1 & 0x3ffffff;
d2 += c; c = (ulong32)(d2 >> 26); h2 = (ulong32)d2 & 0x3ffffff;
d3 += c; c = (ulong32)(d3 >> 26); h3 = (ulong32)d3 & 0x3ffffff;
d4 += c; c = (ulong32)(d4 >> 26); h4 = (ulong32)d4 & 0x3ffffff;
h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff;
h1 += c;
in += 16;
inlen -= 16;
}
st->h[0] = h0;
st->h[1] = h1;
st->h[2] = h2;
st->h[3] = h3;
st->h[4] = h4;
}
/**
Initialize an POLY1305 context.
@param st The POLY1305 state
@param key The secret key
@param keylen The length of the secret key (octets)
@return CRYPT_OK if successful
*/
int poly1305_init(poly_state *st, const unsigned char *key, unsigned long keylen)
{
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(keylen == 32);
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
LOAD32L(st->r[0], key + 0); st->r[0] = (st->r[0] ) & 0x3ffffff;
LOAD32L(st->r[1], key + 3); st->r[1] = (st->r[1] >> 2) & 0x3ffff03;
LOAD32L(st->r[2], key + 6); st->r[2] = (st->r[2] >> 4) & 0x3ffc0ff;
LOAD32L(st->r[3], key + 9); st->r[3] = (st->r[3] >> 6) & 0x3f03fff;
LOAD32L(st->r[4], key + 12); st->r[4] = (st->r[4] >> 8) & 0x00fffff;
/* h = 0 */
st->h[0] = 0;
st->h[1] = 0;
st->h[2] = 0;
st->h[3] = 0;
st->h[4] = 0;
/* save pad for later */
LOAD32L(st->pad[0], key + 16);
LOAD32L(st->pad[1], key + 20);
LOAD32L(st->pad[2], key + 24);
LOAD32L(st->pad[3], key + 28);
st->leftover = 0;
st->final = 0;
return CRYPT_OK;
}
/**
Process data through POLY1305
@param st The POLY1305 state
@param in The data to send through HMAC
@param inlen The length of the data to HMAC (octets)
@return CRYPT_OK if successful
*/
int poly1305_process(poly_state *st, const unsigned char *in, unsigned long inlen)
{
unsigned long i;
if (inlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(in != NULL);
/* handle leftover */
if (st->leftover) {
unsigned long want = (16 - st->leftover);
if (want > inlen) want = inlen;
for (i = 0; i < want; i++) st->buffer[st->leftover + i] = in[i];
inlen -= want;
in += want;
st->leftover += want;
if (st->leftover < 16) return CRYPT_OK;
_poly1305_block(st, st->buffer, 16);
st->leftover = 0;
}
/* process full blocks */
if (inlen >= 16) {
unsigned long want = (inlen & ~(16 - 1));
_poly1305_block(st, in, want);
in += want;
inlen -= want;
}
/* store leftover */
if (inlen) {
for (i = 0; i < inlen; i++) st->buffer[st->leftover + i] = in[i];
st->leftover += inlen;
}
return CRYPT_OK;
}
/**
Terminate a POLY1305 session
@param st The POLY1305 state
@param out [out] The destination of the POLY1305 authentication tag
@param outlen [in/out] The max size and resulting size of the POLY1305 authentication tag
@return CRYPT_OK if successful
*/
int poly1305_done(poly_state *st, unsigned char *mac, unsigned long *maclen)
{
ulong32 h0,h1,h2,h3,h4,c;
ulong32 g0,g1,g2,g3,g4;
ulong64 f;
ulong32 mask;
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(mac != NULL);
LTC_ARGCHK(maclen != NULL);
LTC_ARGCHK(*maclen >= 16);
/* process the remaining block */
if (st->leftover) {
unsigned long i = st->leftover;
st->buffer[i++] = 1;
for (; i < 16; i++) st->buffer[i] = 0;
st->final = 1;
_poly1305_block(st, st->buffer, 16);
}
/* fully carry h */
h0 = st->h[0];
h1 = st->h[1];
h2 = st->h[2];
h3 = st->h[3];
h4 = st->h[4];
c = h1 >> 26; h1 = h1 & 0x3ffffff;
h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff;
h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff;
h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff;
h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff;
h1 += c;
/* compute h + -p */
g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff;
g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff;
g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff;
g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff;
g4 = h4 + c - (1UL << 26);
/* select h if h < p, or h + -p if h >= p */
mask = (g4 >> 31) - 1;
g0 &= mask;
g1 &= mask;
g2 &= mask;
g3 &= mask;
g4 &= mask;
mask = ~mask;
h0 = (h0 & mask) | g0;
h1 = (h1 & mask) | g1;
h2 = (h2 & mask) | g2;
h3 = (h3 & mask) | g3;
h4 = (h4 & mask) | g4;
/* h = h % (2^128) */
h0 = ((h0 ) | (h1 << 26)) & 0xffffffff;
h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff;
h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff;
/* mac = (h + pad) % (2^128) */
f = (ulong64)h0 + st->pad[0] ; h0 = (ulong32)f;
f = (ulong64)h1 + st->pad[1] + (f >> 32); h1 = (ulong32)f;
f = (ulong64)h2 + st->pad[2] + (f >> 32); h2 = (ulong32)f;
f = (ulong64)h3 + st->pad[3] + (f >> 32); h3 = (ulong32)f;
STORE32L(h0, mac + 0);
STORE32L(h1, mac + 4);
STORE32L(h2, mac + 8);
STORE32L(h3, mac + 12);
/* zero out the state */
st->h[0] = 0;
st->h[1] = 0;
st->h[2] = 0;
st->h[3] = 0;
st->h[4] = 0;
st->r[0] = 0;
st->r[1] = 0;
st->r[2] = 0;
st->r[3] = 0;
st->r[4] = 0;
st->pad[0] = 0;
st->pad[1] = 0;
st->pad[2] = 0;
st->pad[3] = 0;
*maclen = 16;
return CRYPT_OK;
}
#endif

70
src/mac/poly1305/poly1305_file.c Normal file
View File

@ -0,0 +1,70 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* Public Domain poly1305 from Andrew Moon
* https://github.com/floodyberry/poly1305-donna
*/
#include "tomcrypt.h"
#ifdef LTC_POLY1305
/**
POLY1305 a file
@param fname The name of the file you wish to POLY1305
@param key The secret key
@param keylen The length of the secret key
@param out [out] The POLY1305 authentication tag
@param outlen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled
*/
int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen)
{
#ifdef LTC_NO_FILE
return CRYPT_NOP;
#else
poly_state st;
FILE *in;
unsigned char *buf;
size_t x;
int err;
LTC_ARGCHK(fname != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(mac != NULL);
LTC_ARGCHK(maclen != NULL);
if ((in = fopen(fname, "rb")) == NULL) { return CRYPT_FILE_NOTFOUND; }
if ((buf = XMALLOC(8196)) == NULL) { return CRYPT_MEM; }
if ((err = poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; }
do {
x = fread(buf, 1, sizeof(buf), in);
if ((err = poly1305_process(&st, buf, (unsigned long)x)) != CRYPT_OK) {
fclose(in);
goto LBL_ERR;
}
} while (x == sizeof(buf));
if (fclose(in) != 0) {
err = CRYPT_ERROR;
goto LBL_ERR;
}
err = poly1305_done(&st, mac, maclen);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(&st, sizeof(poly_state));
#endif
XFREE(buf);
return err;
#endif
};
#endif

49
src/mac/poly1305/poly1305_memory.c Normal file
View File

@ -0,0 +1,49 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* Public Domain poly1305 from Andrew Moon
* https://github.com/floodyberry/poly1305-donna
*/
#include "tomcrypt.h"
#ifdef LTC_POLY1305
/**
POLY1305 a block of memory to produce the authentication tag
@param key The secret key
@param keylen The length of the secret key (octets)
@param in The data to POLY1305
@param inlen The length of the data to POLY1305 (octets)
@param mac [out] Destination of the authentication tag
@param maclen [in/out] Max size and resulting size of authentication tag
@return CRYPT_OK if successful
*/
int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen)
{
poly_state st;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(mac != NULL);
LTC_ARGCHK(maclen != NULL);
if ((err = poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = poly1305_process(&st, in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
err = poly1305_done(&st, mac, maclen);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(&st, sizeof(poly_state));
#endif
return err;
};
#endif

63
src/mac/poly1305/poly1305_memory_multi.c Normal file
View File

@ -0,0 +1,63 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* Public Domain poly1305 from Andrew Moon
* https://github.com/floodyberry/poly1305-donna
*/
#include "tomcrypt.h"
#include <stdarg.h>
#ifdef LTC_POLY1305
/**
POLY1305 multiple blocks of memory to produce the authentication tag
@param key The secret key
@param keylen The length of the secret key (octets)
@param out [out] Destination of the authentication tag
@param outlen [in/out] Max size and resulting size of authentication tag
@param in The data to POLY1305
@param inlen The length of the data to POLY1305 (octets)
@param ... tuples of (data,len) pairs to POLY1305, terminated with a (NULL,x) (x=don't care)
@return CRYPT_OK if successful
*/
int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...)
{
poly_state st;
int err;
va_list args;
const unsigned char *curptr;
unsigned long curlen;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(mac != NULL);
LTC_ARGCHK(maclen != NULL);
va_start(args, inlen);
curptr = in;
curlen = inlen;
if ((err = poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; }
for (;;) {
if ((err = poly1305_process(&st, curptr, curlen)) != CRYPT_OK) { goto LBL_ERR; }
curptr = va_arg(args, const unsigned char*);
if (curptr == NULL) break;
curlen = va_arg(args, unsigned long);
}
err = poly1305_done(&st, mac, maclen);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(&st, sizeof(poly_state));
#endif
va_end(args);
return err;
};
#endif

50
src/mac/poly1305/poly1305_test.c Normal file
View File

@ -0,0 +1,50 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* Public Domain poly1305 from Andrew Moon
* https://github.com/floodyberry/poly1305-donna
*/
#include "tomcrypt.h"
#ifdef LTC_POLY1305
int poly1305_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
/* https://tools.ietf.org/html/rfc7539#section-2.5.2 */
unsigned char k[] = { 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b };
unsigned char tag[] = { 0xA8, 0x06, 0x1D, 0xC1, 0x30, 0x51, 0x36, 0xC6, 0xC2, 0x2B, 0x8B, 0xAF, 0x0C, 0x01, 0x27, 0xA9 };
char m[] = "Cryptographic Forum Research Group";
unsigned long len = 16, mlen = strlen(m);
unsigned char out[1000];
poly_state st;
/* process piece by piece */
poly1305_init(&st, k, 32);
poly1305_process(&st, (unsigned char*)m, 5);
poly1305_process(&st, (unsigned char*)m + 5, 4);
poly1305_process(&st, (unsigned char*)m + 9, 3);
poly1305_process(&st, (unsigned char*)m + 12, 2);
poly1305_process(&st, (unsigned char*)m + 14, 1);
poly1305_process(&st, (unsigned char*)m + 15, mlen - 15);
poly1305_done(&st, out, &len);
if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV1", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
/* process in one go */
poly1305_init(&st, k, 32);
poly1305_process(&st, (unsigned char*)m, mlen);
poly1305_done(&st, out, &len);
if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
return CRYPT_OK;
#endif
};
#endif

9
src/misc/crypt/crypt.c
View File

@ -124,6 +124,9 @@ const char *crypt_build_settings =
#if defined(LTC_CAMELLIA)
" Camellia\n"
#endif
#if defined(LTC_CHACHA)
" ChaCha\n"
#endif
"\nHashes built-in:\n"
#if defined(LTC_SHA3)
@ -230,6 +233,9 @@ const char *crypt_build_settings =
#if defined(LTC_F9_MODE)
" F9\n"
#endif
#if defined(LTC_POLY1305)
" POLY1305\n"
#endif
"\nENC + AUTH modes:\n"
#if defined(LTC_EAX_MODE)
@ -254,6 +260,9 @@ const char *crypt_build_settings =
#endif
"\n"
#endif
#if defined(LTC_CHACHA20POLY1305_MODE)
" CHACHA20POLY1305\n"
#endif
"\nPRNG:\n"
#if defined(LTC_YARROW)

3
src/misc/crypt/crypt_sizes.c
View File

@ -223,6 +223,9 @@ static const crypt_size _crypt_sizes[] = {
#ifdef LTC_FORTUNA
_SZ_STRINGIFY_S(fortuna_prng),
#endif
#ifdef LTC_CHACHA
_SZ_STRINGIFY_S(chacha_prng),
#endif
#ifdef LTC_RC4
_SZ_STRINGIFY_S(rc4_prng),
#endif

214
src/prngs/chacha.c Normal file
View File

@ -0,0 +1,214 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
const struct ltc_prng_descriptor chacha_prng_desc =
{
"chacha",
sizeof(chacha_state),
&chacha_prng_start,
&chacha_prng_add_entropy,
&chacha_prng_ready,
&chacha_prng_read,
&chacha_prng_done,
&chacha_prng_export,
&chacha_prng_import,
&chacha_prng_test
};
/**
Start the PRNG
@param prng[out] The PRNG state to initialize
@return CRYPT_OK if successful
*/
int chacha_prng_start(prng_state *prng)
{
LTC_ARGCHK(prng != NULL);
prng->chacha.ready = 0;
XMEMSET(&prng->chacha.ent, 0, 40);
prng->chacha.idx = 0;
return CRYPT_OK;
}
/**
Add entropy to the PRNG state
@param in The data to add
@param inlen Length of the data to add
@param prng PRNG state to update
@return CRYPT_OK if successful
*/
int chacha_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
{
unsigned char buf[40];
unsigned long i;
int err;
LTC_ARGCHK(prng != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(inlen > 0);
if (prng->chacha.ready) {
/* chacha_prng_ready() was already called, do "rekey" operation */
if ((err = chacha_keystream(&prng->chacha.s, buf, 40)) != CRYPT_OK) return err;
for(i = 0; i < inlen; i++) buf[i % 40] ^= in[i];
/* key 32 bytes, 20 rounds */
if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK) return err;
/* iv 8 bytes */
if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) return err;
}
else {
/* chacha_prng_ready() was not called yet, add entropy to ent buffer */
while (inlen--) prng->chacha.ent[prng->chacha.idx++ % 40] ^= *in++;
}
return CRYPT_OK;
}
/**
Make the PRNG ready to read from
@param prng The PRNG to make active
@return CRYPT_OK if successful
*/
int chacha_prng_ready(prng_state *prng)
{
int err;
LTC_ARGCHK(prng != NULL);
/* key 32 bytes, 20 rounds */
if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK) return err;
/* iv 8 bytes */
if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) return err;
XMEMSET(&prng->chacha.ent, 0, 40);
prng->chacha.ready = 1;
prng->chacha.idx = 0;
return CRYPT_OK;
}
/**
Read from the PRNG
@param out Destination
@param outlen Length of output
@param prng The active PRNG to read from
@return Number of octets read
*/
unsigned long chacha_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
{
if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) return 0;
return outlen;
}
/**
Terminate the PRNG
@param prng The PRNG to terminate
@return CRYPT_OK if successful
*/
int chacha_prng_done(prng_state *prng)
{
LTC_UNUSED_PARAM(prng);
prng->chacha.ready = 0;
XMEMSET(&prng->chacha.s, 0, sizeof(chacha_state));
return CRYPT_OK;
}
/**
Export the PRNG state
@param out [out] Destination
@param outlen [in/out] Max size and resulting size of the state
@param prng The PRNG to export
@return CRYPT_OK if successful
*/
int chacha_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
{
unsigned long len = sizeof(chacha_state);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(prng != NULL);
if (!prng->chacha.ready) {
return CRYPT_ERROR;
}
if (*outlen < len) {
*outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(out, &prng->chacha.s, len);
*outlen = len;
return CRYPT_OK;
}
/**
Import a PRNG state
@param in The PRNG state
@param inlen Size of the state
@param prng The PRNG to import
@return CRYPT_OK if successful
*/
int chacha_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
{
unsigned long len = sizeof(chacha_state);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(prng != NULL);
if (inlen != len) return CRYPT_INVALID_ARG;
XMEMCPY(&prng->chacha.s, in, inlen);
prng->chacha.ready = 1;
return CRYPT_OK;
}
/**
PRNG self-test
@return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
*/
int chacha_prng_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
prng_state st;
unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
unsigned char dmp[300];
unsigned long dmplen = sizeof(dmp);
unsigned char out[500];
unsigned char t1[] = { 0x59, 0xb2, 0x26, 0x95, 0x2b, 0x01, 0x8f, 0x05, 0xbe, 0xd8 };
unsigned char t2[] = { 0x30, 0x34, 0x5c, 0x6e, 0x56, 0x18, 0x8c, 0x46, 0xbe, 0x8a };
chacha_prng_start(&st);
chacha_prng_add_entropy(en, sizeof(en), &st); /* add entropy to uninitialized prng */
chacha_prng_ready(&st);
chacha_prng_read(out, 10, &st); /* 10 bytes for testing */
if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
chacha_prng_read(out, 500, &st);
chacha_prng_add_entropy(en, sizeof(en), &st); /* add entropy to already initialized prng */
chacha_prng_read(out, 500, &st);
chacha_prng_export(dmp, &dmplen, &st);
chacha_prng_read(out, 500, &st); /* skip 500 bytes */
chacha_prng_read(out, 10, &st); /* 10 bytes for testing */
if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
chacha_prng_done(&st);
XMEMSET(&st, 0xFF, sizeof(st)); /* just to be sure */
chacha_prng_import(dmp, dmplen, &st);
chacha_prng_read(out, 500, &st); /* skip 500 bytes */
chacha_prng_read(out, 10, &st); /* 10 bytes for testing */
if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
chacha_prng_done(&st);
return CRYPT_OK;
#endif
}
#endif

90
src/stream/chacha/chacha_crypt.c Normal file
View File

@ -0,0 +1,90 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* chacha-ref.c version 20080118
* Public domain from D. J. Bernstein
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
#define QUARTERROUND(a,b,c,d) \
x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 16); \
x[c] += x[d]; x[b] = ROL(x[b] ^ x[c], 12); \
x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 8); \
x[c] += x[d]; x[b] = ROL(x[b] ^ x[c], 7);
static void _chacha_block(unsigned char *output, const ulong32 *input, int rounds)
{
ulong32 x[16];
int i;
XMEMCPY(x, input, sizeof(x));
for (i = rounds; i > 0; i -= 2) {
QUARTERROUND(0, 4, 8,12)
QUARTERROUND(1, 5, 9,13)
QUARTERROUND(2, 6,10,14)
QUARTERROUND(3, 7,11,15)
QUARTERROUND(0, 5,10,15)
QUARTERROUND(1, 6,11,12)
QUARTERROUND(2, 7, 8,13)
QUARTERROUND(3, 4, 9,14)
}
for (i = 0; i < 16; ++i) {
x[i] += input[i];
STORE32L(x[i], output + 4 * i);
}
}
/**
Encrypt (or decrypt) bytes of ciphertext (or plaintext) with ChaCha
@param st The ChaCha state
@param in The plaintext (or ciphertext)
@param inlen The length of the input (octets)
@param out [out] The ciphertext (or plaintext), length inlen
@return CRYPT_OK if successful
*/
int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
{
unsigned char buf[64];
unsigned long i, j;
if (inlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
if (st->ksleft > 0) {
j = MIN(st->ksleft, inlen);
for (i = 0; i < j; ++i, st->ksleft--) out[i] = in[i] ^ st->kstream[64 - st->ksleft];
inlen -= j;
if (inlen == 0) return CRYPT_OK;
out += j;
in += j;
}
for (;;) {
_chacha_block(buf, st->input, st->rounds);
/* increment the counter */
if (!++st->input[12] && !++st->input[13] && !++st->input[14]) { ++st->input[15]; }
if (inlen <= 64) {
for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i];
st->ksleft = 64 - inlen;
for (i = inlen; i < 64; ++i) st->kstream[i] = buf[i];
return CRYPT_OK;
}
for (i = 0; i < 64; ++i) out[i] = in[i] ^ buf[i];
inlen -= 64;
out += 64;
in += 64;
}
return CRYPT_OK;
};
#endif

42
src/stream/chacha/chacha_ivctr32.c Normal file
View File

@ -0,0 +1,42 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* chacha-ref.c version 20080118
* Public domain from D. J. Bernstein
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
/**
Set IV + counter data to the ChaCha state
@param st The ChaCha20 state
@param iv The IV data to add
@param inlen The length of the IV (must be 12)
@param counter 32bit (unsigned) initial counter value
@return CRYPT_OK on success
*/
int chacha_ivctr32(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong32 counter)
{
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
/* 96bit IV + 32bit counter */
LTC_ARGCHK(ivlen == 12);
st->input[12] = counter;
LOAD32L(st->input[13], iv + 0);
LOAD32L(st->input[14], iv + 4);
LOAD32L(st->input[15], iv + 8);
st->ksleft = 0;
return CRYPT_OK;
};
#endif

42
src/stream/chacha/chacha_ivctr64.c Normal file
View File

@ -0,0 +1,42 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* chacha-ref.c version 20080118
* Public domain from D. J. Bernstein
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
/**
Set IV + counter data to the ChaCha state
@param st The ChaCha20 state
@param iv The IV data to add
@param inlen The length of the IV (must be 8)
@param counter 64bit (unsigned) initial counter value
@return CRYPT_OK on success
*/
int chacha_ivctr64(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 counter)
{
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
/* 64bit IV + 64bit counter */
LTC_ARGCHK(ivlen == 8);
st->input[12] = (ulong32)(counter & 0xFFFFFFFF);
st->input[13] = (ulong32)(counter >> 32);
LOAD32L(st->input[14], iv + 0);
LOAD32L(st->input[15], iv + 4);
st->ksleft = 0;
return CRYPT_OK;
};
#endif

34
src/stream/chacha/chacha_keystream.c Normal file
View File

@ -0,0 +1,34 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* chacha-ref.c version 20080118
* Public domain from D. J. Bernstein
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
/**
Generate a stream of random bytes via ChaCha
@param st The ChaCha20 state
@param out [out] The output buffer
@param outlen The output length
@return CRYPT_OK on success
*/
int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen)
{
if (outlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(out != NULL);
XMEMSET(out, 0, outlen);
return chacha_crypt(st, out, outlen, out);
}
#endif

60
src/stream/chacha/chacha_setup.c Normal file
View File

@ -0,0 +1,60 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* chacha-ref.c version 20080118
* Public domain from D. J. Bernstein
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
static const char sigma[16] = "expand 32-byte k";
static const char tau[16] = "expand 16-byte k";
/**
Initialize an ChaCha context (only the key)
@param st [out] The destination of the ChaCha state
@param key The secret key
@param keylen The length of the secret key (octets)
@param rounds Number of rounds (e.g. 20 for ChaCha20)
@return CRYPT_OK if successful
*/
int chacha_setup(chacha_state *st, const unsigned char *key, unsigned long keylen, int rounds)
{
const char *constants;
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(keylen == 32 || keylen == 16);
LOAD32L(st->input[4], key + 0);
LOAD32L(st->input[5], key + 4);
LOAD32L(st->input[6], key + 8);
LOAD32L(st->input[7], key + 12);
if (keylen == 32) { /* 256bit */
key += 16;
constants = sigma;
} else { /* 128bit */
constants = tau;
}
LOAD32L(st->input[8], key + 0);
LOAD32L(st->input[9], key + 4);
LOAD32L(st->input[10], key + 8);
LOAD32L(st->input[11], key + 12);
LOAD32L(st->input[0], constants + 0);
LOAD32L(st->input[1], constants + 4);
LOAD32L(st->input[2], constants + 8);
LOAD32L(st->input[3], constants + 12);
st->rounds = rounds; /* e.g. 20 for chacha20 */
return CRYPT_OK;
};
#endif

60
src/stream/chacha/chacha_test.c Normal file
View File

@ -0,0 +1,60 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
/* The implementation is based on:
* chacha-ref.c version 20080118
* Public domain from D. J. Bernstein
*/
#include "tomcrypt.h"
#ifdef LTC_CHACHA
int chacha_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
unsigned long len;
unsigned char out[1000];
/* https://tools.ietf.org/html/rfc7539#section-2.4.2 */
unsigned char k[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f };
unsigned char n[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x00 };
unsigned char ct[] = { 0x6E, 0x2E, 0x35, 0x9A, 0x25, 0x68, 0xF9, 0x80, 0x41, 0xBA, 0x07, 0x28, 0xDD, 0x0D, 0x69, 0x81,
0xE9, 0x7E, 0x7A, 0xEC, 0x1D, 0x43, 0x60, 0xC2, 0x0A, 0x27, 0xAF, 0xCC, 0xFD, 0x9F, 0xAE, 0x0B,
0xF9, 0x1B, 0x65, 0xC5, 0x52, 0x47, 0x33, 0xAB, 0x8F, 0x59, 0x3D, 0xAB, 0xCD, 0x62, 0xB3, 0x57,
0x16, 0x39, 0xD6, 0x24, 0xE6, 0x51, 0x52, 0xAB, 0x8F, 0x53, 0x0C, 0x35, 0x9F, 0x08, 0x61, 0xD8,
0x07, 0xCA, 0x0D, 0xBF, 0x50, 0x0D, 0x6A, 0x61, 0x56, 0xA3, 0x8E, 0x08, 0x8A, 0x22, 0xB6, 0x5E,
0x52, 0xBC, 0x51, 0x4D, 0x16, 0xCC, 0xF8, 0x06, 0x81, 0x8C, 0xE9, 0x1A, 0xB7, 0x79, 0x37, 0x36,
0x5A, 0xF9, 0x0B, 0xBF, 0x74, 0xA3, 0x5B, 0xE6, 0xB4, 0x0B, 0x8E, 0xED, 0xF2, 0x78, 0x5E, 0x42,
0x87, 0x4D };
char pt[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
chacha_state st;
len = strlen(pt);
/* crypt piece by piece */
chacha_setup(&st, k, sizeof(k), 20);
chacha_ivctr32(&st, n, sizeof(n), 1);
chacha_crypt(&st, (unsigned char*)pt, 35, out);
chacha_crypt(&st, (unsigned char*)pt + 35, 35, out + 35);
chacha_crypt(&st, (unsigned char*)pt + 70, 5, out + 70);
chacha_crypt(&st, (unsigned char*)pt + 75, 5, out + 75);
chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80);
if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
/* crypt in one go */
chacha_setup(&st, k, sizeof(k), 20);
chacha_ivctr32(&st, n, sizeof(n), 1);
chacha_crypt(&st, (unsigned char*)pt, len, out);
if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
return CRYPT_OK;
#endif
}
#endif

5
testprof/cipher_hash_test.c
View File

@ -14,6 +14,11 @@ int cipher_hash_test(void)
DOX(cipher_descriptor[x].test(), cipher_descriptor[x].name);
}
#ifdef LTC_CHACHA
/* ChaCha is a special case (stream cipher) */
DO(chacha_test());
#endif
/* test hashes */
for (x = 0; hash_descriptor[x].name != NULL; x++) {
DOX(hash_descriptor[x].test(), hash_descriptor[x].name);

6
testprof/mac_test.c
View File

@ -35,6 +35,12 @@ int mac_test(void)
#endif
#ifdef LTC_PELICAN
DO(pelican_test());
#endif
#ifdef LTC_POLY1305
DO(poly1305_test());
#endif
#ifdef LTC_CHACHA20POLY1305_MODE
DO(chacha20poly1305_test());
#endif
return 0;
}

6
testprof/x86_prof.c
View File

@ -330,6 +330,9 @@ static void _unregister_all(void)
#ifdef LTC_RC4
unregister_prng(&rc4_desc);
#endif
#ifdef LTC_CHACHA
unregister_prng(&chacha_prng_desc);
#endif
#ifdef LTC_SOBER128
unregister_prng(&sober128_desc);
#endif
@ -497,6 +500,9 @@ register_prng(&fortuna_desc);
#ifdef LTC_RC4
register_prng(&rc4_desc);
#endif
#ifdef LTC_CHACHA
register_prng(&chacha_prng_desc);
#endif
#ifdef LTC_SOBER128
register_prng(&sober128_desc);
#endif