summaryrefslogtreecommitdiff
path: root/src/ltc/stream
diff options
context:
space:
mode:
authorKarel Miko <karel.miko@gmail.com>2018-06-04 16:45:49 +0200
committerKarel Miko <karel.miko@gmail.com>2018-06-04 16:45:49 +0200
commit5dbccdcd3dfd5012d44c98b125089da9c64553ed (patch)
treeddafec2cf2f8778c31133b283ae2acb139ed77ff /src/ltc/stream
parent4e663d68aa094f9cbd1ac56f8ec0db5c0379a8a6 (diff)
ltc update
Diffstat (limited to 'src/ltc/stream')
-rw-r--r--src/ltc/stream/chacha/chacha_crypt.c2
-rw-r--r--src/ltc/stream/chacha/chacha_done.c2
-rw-r--r--src/ltc/stream/chacha/chacha_ivctr32.c2
-rw-r--r--src/ltc/stream/chacha/chacha_ivctr64.c2
-rw-r--r--src/ltc/stream/chacha/chacha_keystream.c2
-rw-r--r--src/ltc/stream/chacha/chacha_setup.c2
-rw-r--r--src/ltc/stream/rabbit/rabbit.c2
-rw-r--r--src/ltc/stream/rc4/rc4_stream.c2
-rw-r--r--src/ltc/stream/salsa20/salsa20_crypt.c4
-rw-r--r--src/ltc/stream/salsa20/salsa20_done.c2
-rw-r--r--src/ltc/stream/salsa20/salsa20_ivctr64.c2
-rw-r--r--src/ltc/stream/salsa20/salsa20_keystream.c2
-rw-r--r--src/ltc/stream/salsa20/salsa20_setup.c2
-rw-r--r--src/ltc/stream/salsa20/xsalsa20_setup.c137
-rw-r--r--src/ltc/stream/sober128/sober128_stream.c2
-rw-r--r--src/ltc/stream/sosemanuk/sosemanuk.c8
16 files changed, 154 insertions, 21 deletions
diff --git a/src/ltc/stream/chacha/chacha_crypt.c b/src/ltc/stream/chacha/chacha_crypt.c
index 6814058f..d72c84e7 100644
--- a/src/ltc/stream/chacha/chacha_crypt.c
+++ b/src/ltc/stream/chacha/chacha_crypt.c
@@ -12,7 +12,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_CHACHA
diff --git a/src/ltc/stream/chacha/chacha_done.c b/src/ltc/stream/chacha/chacha_done.c
index 9f0196e2..dbf6f246 100644
--- a/src/ltc/stream/chacha/chacha_done.c
+++ b/src/ltc/stream/chacha/chacha_done.c
@@ -7,7 +7,7 @@
* guarantee it works.
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_CHACHA
diff --git a/src/ltc/stream/chacha/chacha_ivctr32.c b/src/ltc/stream/chacha/chacha_ivctr32.c
index c9a6dbb5..72856a09 100644
--- a/src/ltc/stream/chacha/chacha_ivctr32.c
+++ b/src/ltc/stream/chacha/chacha_ivctr32.c
@@ -12,7 +12,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_CHACHA
diff --git a/src/ltc/stream/chacha/chacha_ivctr64.c b/src/ltc/stream/chacha/chacha_ivctr64.c
index 643d11fe..f7cf721f 100644
--- a/src/ltc/stream/chacha/chacha_ivctr64.c
+++ b/src/ltc/stream/chacha/chacha_ivctr64.c
@@ -12,7 +12,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_CHACHA
diff --git a/src/ltc/stream/chacha/chacha_keystream.c b/src/ltc/stream/chacha/chacha_keystream.c
index 25eb63ad..e399d087 100644
--- a/src/ltc/stream/chacha/chacha_keystream.c
+++ b/src/ltc/stream/chacha/chacha_keystream.c
@@ -12,7 +12,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_CHACHA
diff --git a/src/ltc/stream/chacha/chacha_setup.c b/src/ltc/stream/chacha/chacha_setup.c
index e34370b8..e997fc95 100644
--- a/src/ltc/stream/chacha/chacha_setup.c
+++ b/src/ltc/stream/chacha/chacha_setup.c
@@ -12,7 +12,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_CHACHA
diff --git a/src/ltc/stream/rabbit/rabbit.c b/src/ltc/stream/rabbit/rabbit.c
index cf6ec0b8..4607bc9e 100644
--- a/src/ltc/stream/rabbit/rabbit.c
+++ b/src/ltc/stream/rabbit/rabbit.c
@@ -62,7 +62,7 @@
******************************************************************************/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_RABBIT
diff --git a/src/ltc/stream/rc4/rc4_stream.c b/src/ltc/stream/rc4/rc4_stream.c
index 178489d7..f1c225d0 100644
--- a/src/ltc/stream/rc4/rc4_stream.c
+++ b/src/ltc/stream/rc4/rc4_stream.c
@@ -7,7 +7,7 @@
* guarantee it works.
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_RC4_STREAM
diff --git a/src/ltc/stream/salsa20/salsa20_crypt.c b/src/ltc/stream/salsa20/salsa20_crypt.c
index 9bf20532..bf1b0016 100644
--- a/src/ltc/stream/salsa20/salsa20_crypt.c
+++ b/src/ltc/stream/salsa20/salsa20_crypt.c
@@ -13,7 +13,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_SALSA20
@@ -62,7 +62,7 @@ int salsa20_crypt(salsa20_state *st, const unsigned char *in, unsigned long inle
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(st->ivlen == 8);
+ LTC_ARGCHK(st->ivlen == 8 || st->ivlen == 24);
if (st->ksleft > 0) {
j = MIN(st->ksleft, inlen);
diff --git a/src/ltc/stream/salsa20/salsa20_done.c b/src/ltc/stream/salsa20/salsa20_done.c
index 4b7a9f90..086f263a 100644
--- a/src/ltc/stream/salsa20/salsa20_done.c
+++ b/src/ltc/stream/salsa20/salsa20_done.c
@@ -7,7 +7,7 @@
* guarantee it works.
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_SALSA20
diff --git a/src/ltc/stream/salsa20/salsa20_ivctr64.c b/src/ltc/stream/salsa20/salsa20_ivctr64.c
index 06771533..9c7ac74f 100644
--- a/src/ltc/stream/salsa20/salsa20_ivctr64.c
+++ b/src/ltc/stream/salsa20/salsa20_ivctr64.c
@@ -13,7 +13,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_SALSA20
diff --git a/src/ltc/stream/salsa20/salsa20_keystream.c b/src/ltc/stream/salsa20/salsa20_keystream.c
index c443a3e4..dddfeaa1 100644
--- a/src/ltc/stream/salsa20/salsa20_keystream.c
+++ b/src/ltc/stream/salsa20/salsa20_keystream.c
@@ -13,7 +13,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_SALSA20
diff --git a/src/ltc/stream/salsa20/salsa20_setup.c b/src/ltc/stream/salsa20/salsa20_setup.c
index 6eb65e81..872bd121 100644
--- a/src/ltc/stream/salsa20/salsa20_setup.c
+++ b/src/ltc/stream/salsa20/salsa20_setup.c
@@ -13,7 +13,7 @@
* Public domain from D. J. Bernstein
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_SALSA20
diff --git a/src/ltc/stream/salsa20/xsalsa20_setup.c b/src/ltc/stream/salsa20/xsalsa20_setup.c
new file mode 100644
index 00000000..94133a7f
--- /dev/null
+++ b/src/ltc/stream/salsa20/xsalsa20_setup.c
@@ -0,0 +1,137 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* The implementation is based on:
+ * "Extending the Salsa20 nonce", https://cr.yp.to/snuffle/xsalsa-20081128.pdf
+ * "Salsa20 specification", http://cr.yp.to/snuffle/spec.pdf
+ * and salsa20-ref.c version 20051118
+ * Public domain from D. J. Bernstein
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_XSALSA20
+
+static const char * const constants = "expand 32-byte k";
+
+#define QUARTERROUND(a,b,c,d) \
+ x[b] ^= (ROL((x[a] + x[d]), 7)); \
+ x[c] ^= (ROL((x[b] + x[a]), 9)); \
+ x[d] ^= (ROL((x[c] + x[b]), 13)); \
+ x[a] ^= (ROL((x[d] + x[c]), 18));
+
+/* use modified salsa20 doubleround (no final addition as in salsa20) */
+static void _xsalsa20_doubleround(ulong32 *x, int rounds)
+{
+ int i;
+
+ for (i = rounds; i > 0; i -= 2) {
+ /* columnround */
+ QUARTERROUND( 0, 4, 8,12)
+ QUARTERROUND( 5, 9,13, 1)
+ QUARTERROUND(10,14, 2, 6)
+ QUARTERROUND(15, 3, 7,11)
+ /* rowround */
+ QUARTERROUND( 0, 1, 2, 3)
+ QUARTERROUND( 5, 6, 7, 4)
+ QUARTERROUND(10,11, 8, 9)
+ QUARTERROUND(15,12,13,14)
+ }
+}
+
+#undef QUARTERROUND
+
+/**
+ Initialize an XSalsa20 context
+ @param st [out] The destination of the XSalsa20 state
+ @param key The secret key
+ @param keylen The length of the secret key, must be 32 (octets)
+ @param nonce The nonce
+ @param noncelen The length of the nonce, must be 24 (octets)
+ @param rounds Number of rounds (must be evenly divisible by 2, default is 20)
+ @return CRYPT_OK if successful
+*/
+int xsalsa20_setup(salsa20_state *st, const unsigned char *key, unsigned long keylen,
+ const unsigned char *nonce, unsigned long noncelen,
+ int rounds)
+{
+ const int sti[] = {0, 5, 10, 15, 6, 7, 8, 9}; /* indices used to build subkey fm x */
+ ulong32 x[64]; /* input to & output fm doubleround */
+ unsigned char subkey[32];
+ int i;
+
+ LTC_ARGCHK(st != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(keylen == 32);
+ LTC_ARGCHK(nonce != NULL);
+ LTC_ARGCHK(noncelen == 24);
+ if (rounds == 0) rounds = 20;
+ LTC_ARGCHK(rounds % 2 == 0); /* number of rounds must be evenly divisible by 2 */
+
+ /* load the state to "hash" the key */
+ LOAD32L(x[ 0], constants + 0);
+ LOAD32L(x[ 5], constants + 4);
+ LOAD32L(x[10], constants + 8);
+ LOAD32L(x[15], constants + 12);
+ LOAD32L(x[ 1], key + 0);
+ LOAD32L(x[ 2], key + 4);
+ LOAD32L(x[ 3], key + 8);
+ LOAD32L(x[ 4], key + 12);
+ LOAD32L(x[11], key + 16);
+ LOAD32L(x[12], key + 20);
+ LOAD32L(x[13], key + 24);
+ LOAD32L(x[14], key + 28);
+ LOAD32L(x[ 6], nonce + 0);
+ LOAD32L(x[ 7], nonce + 4);
+ LOAD32L(x[ 8], nonce + 8);
+ LOAD32L(x[ 9], nonce + 12);
+
+ /* use modified salsa20 doubleround (no final addition) */
+ _xsalsa20_doubleround(x, rounds);
+
+ /* extract the subkey */
+ for (i = 0; i < 8; ++i) {
+ STORE32L(x[sti[i]], subkey + 4 * i);
+ }
+
+ /* load the final initial state */
+ LOAD32L(st->input[ 0], constants + 0);
+ LOAD32L(st->input[ 5], constants + 4);
+ LOAD32L(st->input[10], constants + 8);
+ LOAD32L(st->input[15], constants + 12);
+ LOAD32L(st->input[ 1], subkey + 0);
+ LOAD32L(st->input[ 2], subkey + 4);
+ LOAD32L(st->input[ 3], subkey + 8);
+ LOAD32L(st->input[ 4], subkey + 12);
+ LOAD32L(st->input[11], subkey + 16);
+ LOAD32L(st->input[12], subkey + 20);
+ LOAD32L(st->input[13], subkey + 24);
+ LOAD32L(st->input[14], subkey + 28);
+ LOAD32L(st->input[ 6], &(nonce[16]) + 0);
+ LOAD32L(st->input[ 7], &(nonce[16]) + 4);
+ st->input[ 8] = 0;
+ st->input[ 9] = 0;
+ st->rounds = rounds;
+ st->ksleft = 0;
+ st->ivlen = 24; /* set switch to say nonce/IV has been loaded */
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(x, sizeof(x));
+ zeromem(subkey, sizeof(subkey));
+#endif
+
+ return CRYPT_OK;
+}
+
+
+#endif
+
+/* ref: $Format:%D$ */
+/* git commit: $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/src/ltc/stream/sober128/sober128_stream.c b/src/ltc/stream/sober128/sober128_stream.c
index 7b21edff..44e0c327 100644
--- a/src/ltc/stream/sober128/sober128_stream.c
+++ b/src/ltc/stream/sober128/sober128_stream.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
/**
@file sober128_stream.c
diff --git a/src/ltc/stream/sosemanuk/sosemanuk.c b/src/ltc/stream/sosemanuk/sosemanuk.c
index 60ce30a6..7c5a602d 100644
--- a/src/ltc/stream/sosemanuk/sosemanuk.c
+++ b/src/ltc/stream/sosemanuk/sosemanuk.c
@@ -30,7 +30,7 @@
* <thomas.pornin@cryptolog.com>
*/
-#include "tomcrypt.h"
+#include "tomcrypt_private.h"
#ifdef LTC_SOSEMANUK
@@ -257,16 +257,12 @@ int sosemanuk_setup(sosemanuk_state *ss, const unsigned char *key, unsigned long
LTC_ARGCHK(ss != NULL);
LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(keylen > 0 && keylen <= 32);
/*
* The key is copied into the wbuf[] buffer and padded to 256 bits
* as described in the Serpent specification.
*/
- if (keylen == 0 || keylen > 32) {
- fprintf(stderr, "invalid key size: %lu\n",
- (unsigned long)keylen);
- exit(EXIT_FAILURE);
- }
XMEMCPY(wbuf, key, keylen);
if (keylen < 32) {
wbuf[keylen] = 0x01;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 15:35:30 +0000