1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
11 typedef struct Hmac_state {
18 int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen);
19 int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen);
20 int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen);
22 int hmac_memory(int hash,
23 const unsigned char *key, unsigned long keylen,
24 const unsigned char *in, unsigned long inlen,
25 unsigned char *out, unsigned long *outlen);
26 int hmac_memory_multi(int hash,
27 const unsigned char *key, unsigned long keylen,
28 unsigned char *out, unsigned long *outlen,
29 const unsigned char *in, unsigned long inlen, ...);
30 int hmac_file(int hash, const char *fname, const unsigned char *key,
32 unsigned char *dst, unsigned long *dstlen);
41 unsigned char block[MAXBLOCKSIZE],
47 int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen);
48 int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen);
49 int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen);
50 int omac_memory(int cipher,
51 const unsigned char *key, unsigned long keylen,
52 const unsigned char *in, unsigned long inlen,
53 unsigned char *out, unsigned long *outlen);
54 int omac_memory_multi(int cipher,
55 const unsigned char *key, unsigned long keylen,
56 unsigned char *out, unsigned long *outlen,
57 const unsigned char *in, unsigned long inlen, ...);
58 int omac_file(int cipher,
59 const unsigned char *key, unsigned long keylen,
61 unsigned char *out, unsigned long *outlen);
68 unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
69 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
70 Lr[MAXBLOCKSIZE], /* L * x^-1 */
71 block[MAXBLOCKSIZE], /* currently accumulated block */
72 checksum[MAXBLOCKSIZE]; /* current checksum */
74 symmetric_key key; /* scheduled key for cipher */
75 unsigned long block_index; /* index # for current block */
76 int cipher_idx, /* cipher idx */
77 block_len, /* length of block */
78 buflen; /* number of bytes in the buffer */
81 int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen);
82 int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen);
83 int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen);
85 int pmac_memory(int cipher,
86 const unsigned char *key, unsigned long keylen,
87 const unsigned char *msg, unsigned long msglen,
88 unsigned char *out, unsigned long *outlen);
90 int pmac_memory_multi(int cipher,
91 const unsigned char *key, unsigned long keylen,
92 unsigned char *out, unsigned long *outlen,
93 const unsigned char *in, unsigned long inlen, ...);
95 int pmac_file(int cipher,
96 const unsigned char *key, unsigned long keylen,
98 unsigned char *out, unsigned long *outlen);
102 /* internal functions */
103 int pmac_ntz(unsigned long x);
104 void pmac_shift_xor(pmac_state *pmac);
113 unsigned long leftover;
114 unsigned char buffer[16];
118 int poly1305_init(poly1305_state *st, const unsigned char *key, unsigned long keylen);
119 int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long inlen);
120 int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen);
121 int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
122 int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
123 int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
124 int poly1305_test(void);
125 #endif /* LTC_POLY1305 */
127 #ifdef LTC_BLAKE2SMAC
128 typedef hash_state blake2smac_state;
129 int blake2smac_init(blake2smac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen);
130 int blake2smac_process(blake2smac_state *st, const unsigned char *in, unsigned long inlen);
131 int blake2smac_done(blake2smac_state *st, unsigned char *mac, unsigned long *maclen);
132 int blake2smac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
133 int blake2smac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
134 int blake2smac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
135 int blake2smac_test(void);
136 #endif /* LTC_BLAKE2SMAC */
138 #ifdef LTC_BLAKE2BMAC
139 typedef hash_state blake2bmac_state;
140 int blake2bmac_init(blake2bmac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen);
141 int blake2bmac_process(blake2bmac_state *st, const unsigned char *in, unsigned long inlen);
142 int blake2bmac_done(blake2bmac_state *st, unsigned char *mac, unsigned long *maclen);
143 int blake2bmac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
144 int blake2bmac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
145 int blake2bmac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
146 int blake2bmac_test(void);
147 #endif /* LTC_BLAKE2BMAC */
151 #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
152 #error LTC_EAX_MODE requires LTC_OMAC and CTR
156 unsigned char N[MAXBLOCKSIZE];
158 omac_state headeromac, ctomac;
161 int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
162 const unsigned char *nonce, unsigned long noncelen,
163 const unsigned char *header, unsigned long headerlen);
165 int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
166 int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
167 int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
168 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
170 int eax_encrypt_authenticate_memory(int cipher,
171 const unsigned char *key, unsigned long keylen,
172 const unsigned char *nonce, unsigned long noncelen,
173 const unsigned char *header, unsigned long headerlen,
174 const unsigned char *pt, unsigned long ptlen,
176 unsigned char *tag, unsigned long *taglen);
178 int eax_decrypt_verify_memory(int cipher,
179 const unsigned char *key, unsigned long keylen,
180 const unsigned char *nonce, unsigned long noncelen,
181 const unsigned char *header, unsigned long headerlen,
182 const unsigned char *ct, unsigned long ctlen,
184 unsigned char *tag, unsigned long taglen,
188 #endif /* EAX MODE */
192 unsigned char L[MAXBLOCKSIZE], /* L value */
193 Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
194 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
195 Lr[MAXBLOCKSIZE], /* L * x^-1 */
196 R[MAXBLOCKSIZE], /* R value */
197 checksum[MAXBLOCKSIZE]; /* current checksum */
199 symmetric_key key; /* scheduled key for cipher */
200 unsigned long block_index; /* index # for current block */
201 int cipher, /* cipher idx */
202 block_len; /* length of block */
205 int ocb_init(ocb_state *ocb, int cipher,
206 const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
208 int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
209 int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
211 int ocb_done_encrypt(ocb_state *ocb,
212 const unsigned char *pt, unsigned long ptlen,
214 unsigned char *tag, unsigned long *taglen);
216 int ocb_done_decrypt(ocb_state *ocb,
217 const unsigned char *ct, unsigned long ctlen,
219 const unsigned char *tag, unsigned long taglen, int *stat);
221 int ocb_encrypt_authenticate_memory(int cipher,
222 const unsigned char *key, unsigned long keylen,
223 const unsigned char *nonce,
224 const unsigned char *pt, unsigned long ptlen,
226 unsigned char *tag, unsigned long *taglen);
228 int ocb_decrypt_verify_memory(int cipher,
229 const unsigned char *key, unsigned long keylen,
230 const unsigned char *nonce,
231 const unsigned char *ct, unsigned long ctlen,
233 const unsigned char *tag, unsigned long taglen,
238 /* internal functions */
239 void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
240 int ocb_ntz(unsigned long x);
241 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
242 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
244 #endif /* LTC_OCB_MODE */
248 unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
249 Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
250 L_dollar[MAXBLOCKSIZE], /* L_$ value */
251 L_star[MAXBLOCKSIZE], /* L_* value */
252 L_[32][MAXBLOCKSIZE], /* L_{i} values */
253 tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */
254 checksum[MAXBLOCKSIZE]; /* current checksum */
256 /* AAD related members */
257 unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */
258 aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
259 adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */
260 int adata_buffer_bytes; /* bytes in AAD buffer */
261 unsigned long ablock_index; /* index # for current adata (AAD) block */
263 symmetric_key key; /* scheduled key for cipher */
264 unsigned long block_index; /* index # for current data block */
265 int cipher, /* cipher idx */
266 tag_len, /* length of tag */
267 block_len; /* length of block */
270 int ocb3_init(ocb3_state *ocb, int cipher,
271 const unsigned char *key, unsigned long keylen,
272 const unsigned char *nonce, unsigned long noncelen,
273 unsigned long taglen);
275 int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
276 int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
277 int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
278 int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
279 int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
280 int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
282 int ocb3_encrypt_authenticate_memory(int cipher,
283 const unsigned char *key, unsigned long keylen,
284 const unsigned char *nonce, unsigned long noncelen,
285 const unsigned char *adata, unsigned long adatalen,
286 const unsigned char *pt, unsigned long ptlen,
288 unsigned char *tag, unsigned long *taglen);
290 int ocb3_decrypt_verify_memory(int cipher,
291 const unsigned char *key, unsigned long keylen,
292 const unsigned char *nonce, unsigned long noncelen,
293 const unsigned char *adata, unsigned long adatalen,
294 const unsigned char *ct, unsigned long ctlen,
296 const unsigned char *tag, unsigned long taglen,
302 /* internal helper functions */
303 int ocb3_int_ntz(unsigned long x);
304 void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
305 #endif /* LTC_SOURCE */
307 #endif /* LTC_OCB3_MODE */
311 #define CCM_ENCRYPT LTC_ENCRYPT
312 #define CCM_DECRYPT LTC_DECRYPT
316 int cipher, /* which cipher */
317 taglen, /* length of the tag */
318 x; /* index in PAD */
320 unsigned long L, /* L value */
321 ptlen, /* length that will be enc / dec */
322 current_ptlen, /* current processed length */
323 aadlen, /* length of the aad */
324 current_aadlen, /* length of the currently provided add */
325 noncelen; /* length of the nonce */
327 unsigned char PAD[16],
333 int ccm_init(ccm_state *ccm, int cipher,
334 const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len);
336 int ccm_reset(ccm_state *ccm);
338 int ccm_add_nonce(ccm_state *ccm,
339 const unsigned char *nonce, unsigned long noncelen);
341 int ccm_add_aad(ccm_state *ccm,
342 const unsigned char *adata, unsigned long adatalen);
344 int ccm_process(ccm_state *ccm,
345 unsigned char *pt, unsigned long ptlen,
349 int ccm_done(ccm_state *ccm,
350 unsigned char *tag, unsigned long *taglen);
352 int ccm_memory(int cipher,
353 const unsigned char *key, unsigned long keylen,
354 symmetric_key *uskey,
355 const unsigned char *nonce, unsigned long noncelen,
356 const unsigned char *header, unsigned long headerlen,
357 unsigned char *pt, unsigned long ptlen,
359 unsigned char *tag, unsigned long *taglen,
364 #endif /* LTC_CCM_MODE */
366 #if defined(LRW_MODE) || defined(LTC_GCM_MODE)
367 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
371 /* table shared between GCM and LRW */
372 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
373 extern const unsigned char gcm_shift_table[];
378 #define GCM_ENCRYPT LTC_ENCRYPT
379 #define GCM_DECRYPT LTC_DECRYPT
381 #define LTC_GCM_MODE_IV 0
382 #define LTC_GCM_MODE_AAD 1
383 #define LTC_GCM_MODE_TEXT 2
387 unsigned char H[16], /* multiplier */
388 X[16], /* accumulator */
390 Y_0[16], /* initial counter */
391 buf[16]; /* buffer for stuff */
393 int cipher, /* which cipher */
394 ivmode, /* Which mode is the IV in? */
395 mode, /* mode the GCM code is in */
396 buflen; /* length of data in buf */
398 ulong64 totlen, /* 64-bit counter used for IV and AAD */
399 pttotlen; /* 64-bit counter for the PT */
401 #ifdef LTC_GCM_TABLES
402 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
403 #ifdef LTC_GCM_TABLES_SSE2
404 __attribute__ ((aligned (16)))
410 void gcm_mult_h(gcm_state *gcm, unsigned char *I);
412 int gcm_init(gcm_state *gcm, int cipher,
413 const unsigned char *key, int keylen);
415 int gcm_reset(gcm_state *gcm);
417 int gcm_add_iv(gcm_state *gcm,
418 const unsigned char *IV, unsigned long IVlen);
420 int gcm_add_aad(gcm_state *gcm,
421 const unsigned char *adata, unsigned long adatalen);
423 int gcm_process(gcm_state *gcm,
424 unsigned char *pt, unsigned long ptlen,
428 int gcm_done(gcm_state *gcm,
429 unsigned char *tag, unsigned long *taglen);
431 int gcm_memory( int cipher,
432 const unsigned char *key, unsigned long keylen,
433 const unsigned char *IV, unsigned long IVlen,
434 const unsigned char *adata, unsigned long adatalen,
435 unsigned char *pt, unsigned long ptlen,
437 unsigned char *tag, unsigned long *taglen,
441 #endif /* LTC_GCM_MODE */
445 typedef struct pelican_state
448 unsigned char state[16];
452 int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen);
453 int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen);
454 int pelican_done(pelican_state *pelmac, unsigned char *out);
455 int pelican_test(void);
457 int pelican_memory(const unsigned char *key, unsigned long keylen,
458 const unsigned char *in, unsigned long inlen,
465 /* add this to "keylen" to xcbc_init to use a pure three-key XCBC MAC */
466 #define LTC_XCBC_PURE 0x8000UL
469 unsigned char K[3][MAXBLOCKSIZE],
479 int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen);
480 int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen);
481 int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen);
482 int xcbc_memory(int cipher,
483 const unsigned char *key, unsigned long keylen,
484 const unsigned char *in, unsigned long inlen,
485 unsigned char *out, unsigned long *outlen);
486 int xcbc_memory_multi(int cipher,
487 const unsigned char *key, unsigned long keylen,
488 unsigned char *out, unsigned long *outlen,
489 const unsigned char *in, unsigned long inlen, ...);
490 int xcbc_file(int cipher,
491 const unsigned char *key, unsigned long keylen,
492 const char *filename,
493 unsigned char *out, unsigned long *outlen);
501 unsigned char akey[MAXBLOCKSIZE],
513 int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen);
514 int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen);
515 int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen);
516 int f9_memory(int cipher,
517 const unsigned char *key, unsigned long keylen,
518 const unsigned char *in, unsigned long inlen,
519 unsigned char *out, unsigned long *outlen);
520 int f9_memory_multi(int cipher,
521 const unsigned char *key, unsigned long keylen,
522 unsigned char *out, unsigned long *outlen,
523 const unsigned char *in, unsigned long inlen, ...);
524 int f9_file(int cipher,
525 const unsigned char *key, unsigned long keylen,
526 const char *filename,
527 unsigned char *out, unsigned long *outlen);
532 #ifdef LTC_CHACHA20POLY1305_MODE
540 } chacha20poly1305_state;
542 #define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT
543 #define CHACHA20POLY1305_DECRYPT LTC_DECRYPT
545 int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen);
546 int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen);
547 int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number);
548 int chacha20poly1305_add_aad(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen);
549 int chacha20poly1305_encrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
550 int chacha20poly1305_decrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
551 int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen);
552 int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
553 const unsigned char *iv, unsigned long ivlen,
554 const unsigned char *aad, unsigned long aadlen,
555 const unsigned char *in, unsigned long inlen,
557 unsigned char *tag, unsigned long *taglen,
559 int chacha20poly1305_test(void);
561 #endif /* LTC_CHACHA20POLY1305_MODE */
563 /* ref: $Format:%D$ */
564 /* git commit: $Format:%H$ */
565 /* commit time: $Format:%ai$ */