From 5dbccdcd3dfd5012d44c98b125089da9c64553ed Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Mon, 4 Jun 2018 16:45:49 +0200 Subject: ltc update --- src/ltc/stream/chacha/chacha_crypt.c | 2 +- src/ltc/stream/chacha/chacha_done.c | 2 +- src/ltc/stream/chacha/chacha_ivctr32.c | 2 +- src/ltc/stream/chacha/chacha_ivctr64.c | 2 +- src/ltc/stream/chacha/chacha_keystream.c | 2 +- src/ltc/stream/chacha/chacha_setup.c | 2 +- src/ltc/stream/rabbit/rabbit.c | 2 +- src/ltc/stream/rc4/rc4_stream.c | 2 +- src/ltc/stream/salsa20/salsa20_crypt.c | 4 +- src/ltc/stream/salsa20/salsa20_done.c | 2 +- src/ltc/stream/salsa20/salsa20_ivctr64.c | 2 +- src/ltc/stream/salsa20/salsa20_keystream.c | 2 +- src/ltc/stream/salsa20/salsa20_setup.c | 2 +- src/ltc/stream/salsa20/xsalsa20_setup.c | 137 +++++++++++++++++++++++++++++ src/ltc/stream/sober128/sober128_stream.c | 2 +- src/ltc/stream/sosemanuk/sosemanuk.c | 8 +- 16 files changed, 154 insertions(+), 21 deletions(-) create mode 100644 src/ltc/stream/salsa20/xsalsa20_setup.c (limited to 'src/ltc/stream') diff --git a/src/ltc/stream/chacha/chacha_crypt.c b/src/ltc/stream/chacha/chacha_crypt.c index 6814058f..d72c84e7 100644 --- a/src/ltc/stream/chacha/chacha_crypt.c +++ b/src/ltc/stream/chacha/chacha_crypt.c @@ -12,7 +12,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_CHACHA diff --git a/src/ltc/stream/chacha/chacha_done.c b/src/ltc/stream/chacha/chacha_done.c index 9f0196e2..dbf6f246 100644 --- a/src/ltc/stream/chacha/chacha_done.c +++ b/src/ltc/stream/chacha/chacha_done.c @@ -7,7 +7,7 @@ * guarantee it works. */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_CHACHA diff --git a/src/ltc/stream/chacha/chacha_ivctr32.c b/src/ltc/stream/chacha/chacha_ivctr32.c index c9a6dbb5..72856a09 100644 --- a/src/ltc/stream/chacha/chacha_ivctr32.c +++ b/src/ltc/stream/chacha/chacha_ivctr32.c @@ -12,7 +12,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_CHACHA diff --git a/src/ltc/stream/chacha/chacha_ivctr64.c b/src/ltc/stream/chacha/chacha_ivctr64.c index 643d11fe..f7cf721f 100644 --- a/src/ltc/stream/chacha/chacha_ivctr64.c +++ b/src/ltc/stream/chacha/chacha_ivctr64.c @@ -12,7 +12,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_CHACHA diff --git a/src/ltc/stream/chacha/chacha_keystream.c b/src/ltc/stream/chacha/chacha_keystream.c index 25eb63ad..e399d087 100644 --- a/src/ltc/stream/chacha/chacha_keystream.c +++ b/src/ltc/stream/chacha/chacha_keystream.c @@ -12,7 +12,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_CHACHA diff --git a/src/ltc/stream/chacha/chacha_setup.c b/src/ltc/stream/chacha/chacha_setup.c index e34370b8..e997fc95 100644 --- a/src/ltc/stream/chacha/chacha_setup.c +++ b/src/ltc/stream/chacha/chacha_setup.c @@ -12,7 +12,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_CHACHA diff --git a/src/ltc/stream/rabbit/rabbit.c b/src/ltc/stream/rabbit/rabbit.c index cf6ec0b8..4607bc9e 100644 --- a/src/ltc/stream/rabbit/rabbit.c +++ b/src/ltc/stream/rabbit/rabbit.c @@ -62,7 +62,7 @@ ******************************************************************************/ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_RABBIT diff --git a/src/ltc/stream/rc4/rc4_stream.c b/src/ltc/stream/rc4/rc4_stream.c index 178489d7..f1c225d0 100644 --- a/src/ltc/stream/rc4/rc4_stream.c +++ b/src/ltc/stream/rc4/rc4_stream.c @@ -7,7 +7,7 @@ * guarantee it works. */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_RC4_STREAM diff --git a/src/ltc/stream/salsa20/salsa20_crypt.c b/src/ltc/stream/salsa20/salsa20_crypt.c index 9bf20532..bf1b0016 100644 --- a/src/ltc/stream/salsa20/salsa20_crypt.c +++ b/src/ltc/stream/salsa20/salsa20_crypt.c @@ -13,7 +13,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_SALSA20 @@ -62,7 +62,7 @@ int salsa20_crypt(salsa20_state *st, const unsigned char *in, unsigned long inle LTC_ARGCHK(st != NULL); LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); - LTC_ARGCHK(st->ivlen == 8); + LTC_ARGCHK(st->ivlen == 8 || st->ivlen == 24); if (st->ksleft > 0) { j = MIN(st->ksleft, inlen); diff --git a/src/ltc/stream/salsa20/salsa20_done.c b/src/ltc/stream/salsa20/salsa20_done.c index 4b7a9f90..086f263a 100644 --- a/src/ltc/stream/salsa20/salsa20_done.c +++ b/src/ltc/stream/salsa20/salsa20_done.c @@ -7,7 +7,7 @@ * guarantee it works. */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_SALSA20 diff --git a/src/ltc/stream/salsa20/salsa20_ivctr64.c b/src/ltc/stream/salsa20/salsa20_ivctr64.c index 06771533..9c7ac74f 100644 --- a/src/ltc/stream/salsa20/salsa20_ivctr64.c +++ b/src/ltc/stream/salsa20/salsa20_ivctr64.c @@ -13,7 +13,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_SALSA20 diff --git a/src/ltc/stream/salsa20/salsa20_keystream.c b/src/ltc/stream/salsa20/salsa20_keystream.c index c443a3e4..dddfeaa1 100644 --- a/src/ltc/stream/salsa20/salsa20_keystream.c +++ b/src/ltc/stream/salsa20/salsa20_keystream.c @@ -13,7 +13,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_SALSA20 diff --git a/src/ltc/stream/salsa20/salsa20_setup.c b/src/ltc/stream/salsa20/salsa20_setup.c index 6eb65e81..872bd121 100644 --- a/src/ltc/stream/salsa20/salsa20_setup.c +++ b/src/ltc/stream/salsa20/salsa20_setup.c @@ -13,7 +13,7 @@ * Public domain from D. J. Bernstein */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_SALSA20 diff --git a/src/ltc/stream/salsa20/xsalsa20_setup.c b/src/ltc/stream/salsa20/xsalsa20_setup.c new file mode 100644 index 00000000..94133a7f --- /dev/null +++ b/src/ltc/stream/salsa20/xsalsa20_setup.c @@ -0,0 +1,137 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +/* The implementation is based on: + * "Extending the Salsa20 nonce", https://cr.yp.to/snuffle/xsalsa-20081128.pdf + * "Salsa20 specification", http://cr.yp.to/snuffle/spec.pdf + * and salsa20-ref.c version 20051118 + * Public domain from D. J. Bernstein + */ + +#include "tomcrypt.h" + +#ifdef LTC_XSALSA20 + +static const char * const constants = "expand 32-byte k"; + +#define QUARTERROUND(a,b,c,d) \ + x[b] ^= (ROL((x[a] + x[d]), 7)); \ + x[c] ^= (ROL((x[b] + x[a]), 9)); \ + x[d] ^= (ROL((x[c] + x[b]), 13)); \ + x[a] ^= (ROL((x[d] + x[c]), 18)); + +/* use modified salsa20 doubleround (no final addition as in salsa20) */ +static void _xsalsa20_doubleround(ulong32 *x, int rounds) +{ + int i; + + for (i = rounds; i > 0; i -= 2) { + /* columnround */ + QUARTERROUND( 0, 4, 8,12) + QUARTERROUND( 5, 9,13, 1) + QUARTERROUND(10,14, 2, 6) + QUARTERROUND(15, 3, 7,11) + /* rowround */ + QUARTERROUND( 0, 1, 2, 3) + QUARTERROUND( 5, 6, 7, 4) + QUARTERROUND(10,11, 8, 9) + QUARTERROUND(15,12,13,14) + } +} + +#undef QUARTERROUND + +/** + Initialize an XSalsa20 context + @param st [out] The destination of the XSalsa20 state + @param key The secret key + @param keylen The length of the secret key, must be 32 (octets) + @param nonce The nonce + @param noncelen The length of the nonce, must be 24 (octets) + @param rounds Number of rounds (must be evenly divisible by 2, default is 20) + @return CRYPT_OK if successful +*/ +int xsalsa20_setup(salsa20_state *st, const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + int rounds) +{ + const int sti[] = {0, 5, 10, 15, 6, 7, 8, 9}; /* indices used to build subkey fm x */ + ulong32 x[64]; /* input to & output fm doubleround */ + unsigned char subkey[32]; + int i; + + LTC_ARGCHK(st != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(keylen == 32); + LTC_ARGCHK(nonce != NULL); + LTC_ARGCHK(noncelen == 24); + if (rounds == 0) rounds = 20; + LTC_ARGCHK(rounds % 2 == 0); /* number of rounds must be evenly divisible by 2 */ + + /* load the state to "hash" the key */ + LOAD32L(x[ 0], constants + 0); + LOAD32L(x[ 5], constants + 4); + LOAD32L(x[10], constants + 8); + LOAD32L(x[15], constants + 12); + LOAD32L(x[ 1], key + 0); + LOAD32L(x[ 2], key + 4); + LOAD32L(x[ 3], key + 8); + LOAD32L(x[ 4], key + 12); + LOAD32L(x[11], key + 16); + LOAD32L(x[12], key + 20); + LOAD32L(x[13], key + 24); + LOAD32L(x[14], key + 28); + LOAD32L(x[ 6], nonce + 0); + LOAD32L(x[ 7], nonce + 4); + LOAD32L(x[ 8], nonce + 8); + LOAD32L(x[ 9], nonce + 12); + + /* use modified salsa20 doubleround (no final addition) */ + _xsalsa20_doubleround(x, rounds); + + /* extract the subkey */ + for (i = 0; i < 8; ++i) { + STORE32L(x[sti[i]], subkey + 4 * i); + } + + /* load the final initial state */ + LOAD32L(st->input[ 0], constants + 0); + LOAD32L(st->input[ 5], constants + 4); + LOAD32L(st->input[10], constants + 8); + LOAD32L(st->input[15], constants + 12); + LOAD32L(st->input[ 1], subkey + 0); + LOAD32L(st->input[ 2], subkey + 4); + LOAD32L(st->input[ 3], subkey + 8); + LOAD32L(st->input[ 4], subkey + 12); + LOAD32L(st->input[11], subkey + 16); + LOAD32L(st->input[12], subkey + 20); + LOAD32L(st->input[13], subkey + 24); + LOAD32L(st->input[14], subkey + 28); + LOAD32L(st->input[ 6], &(nonce[16]) + 0); + LOAD32L(st->input[ 7], &(nonce[16]) + 4); + st->input[ 8] = 0; + st->input[ 9] = 0; + st->rounds = rounds; + st->ksleft = 0; + st->ivlen = 24; /* set switch to say nonce/IV has been loaded */ + +#ifdef LTC_CLEAN_STACK + zeromem(x, sizeof(x)); + zeromem(subkey, sizeof(subkey)); +#endif + + return CRYPT_OK; +} + + +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/src/ltc/stream/sober128/sober128_stream.c b/src/ltc/stream/sober128/sober128_stream.c index 7b21edff..44e0c327 100644 --- a/src/ltc/stream/sober128/sober128_stream.c +++ b/src/ltc/stream/sober128/sober128_stream.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" /** @file sober128_stream.c diff --git a/src/ltc/stream/sosemanuk/sosemanuk.c b/src/ltc/stream/sosemanuk/sosemanuk.c index 60ce30a6..7c5a602d 100644 --- a/src/ltc/stream/sosemanuk/sosemanuk.c +++ b/src/ltc/stream/sosemanuk/sosemanuk.c @@ -30,7 +30,7 @@ * */ -#include "tomcrypt.h" +#include "tomcrypt_private.h" #ifdef LTC_SOSEMANUK @@ -257,16 +257,12 @@ int sosemanuk_setup(sosemanuk_state *ss, const unsigned char *key, unsigned long LTC_ARGCHK(ss != NULL); LTC_ARGCHK(key != NULL); + LTC_ARGCHK(keylen > 0 && keylen <= 32); /* * The key is copied into the wbuf[] buffer and padded to 256 bits * as described in the Serpent specification. */ - if (keylen == 0 || keylen > 32) { - fprintf(stderr, "invalid key size: %lu\n", - (unsigned long)keylen); - exit(EXIT_FAILURE); - } XMEMCPY(wbuf, key, keylen); if (keylen < 32) { wbuf[keylen] = 0x01; -- cgit v1.2.3