/**
Add entropy to the PRNG state
@param in The data to add
@param inlen Length of the data to add
@param prng PRNG state to update
@return CRYPT_OK if successful
*/
int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
{
unsigned char buf[40];
unsigned long i;
int err;
LTC_ARGCHK(prng != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(inlen > 0);
LTC_MUTEX_LOCK(&prng->lock);
if (prng->ready) {
/* chacha20_prng_ready() was already called, do "rekey" operation */
if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
/* key 32 bytes, 20 rounds */
if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK) goto LBL_UNLOCK;
/* iv 8 bytes */
if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
/* clear KEY + IV */
zeromem(buf, sizeof(buf));
}
else {
/* chacha20_prng_ready() was not called yet, add entropy to ent buffer */
while (inlen--) prng->chacha.ent[prng->chacha.idx++ % sizeof(prng->chacha.ent)] ^= *in++;
}
err = CRYPT_OK;
LBL_UNLOCK:
LTC_MUTEX_UNLOCK(&prng->lock);
return err;
}
/**
Read from the PRNG
@param out Destination
@param outlen Length of output
@param prng The active PRNG to read from
@return Number of octets read
*/
unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
{
if (outlen == 0 || prng == NULL || out == NULL) return 0;
LTC_MUTEX_LOCK(&prng->lock);
if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0;
LBL_UNLOCK:
LTC_MUTEX_UNLOCK(&prng->lock);
return outlen;
}
/**
Set IV + counter data to the ChaCha20Poly1305 state and reset the context
@param st The ChaCha20Poly1305 state
@param iv The IV data to add
@param ivlen The length of the IV (must be 12 or 8)
@return CRYPT_OK on success
*/
int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen)
{
chacha_state tmp_st;
int i, err;
unsigned char polykey[32];
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(ivlen == 12 || ivlen == 8);
/* set IV for chacha20 */
if (ivlen == 12) {
/* IV 96bit */
if ((err = chacha_ivctr32(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err;
}
else {
/* IV 64bit */
if ((err = chacha_ivctr64(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err;
}
/* copy chacha20 key to temporary state */
for(i = 0; i < 12; i++) tmp_st.input[i] = st->chacha.input[i];
tmp_st.rounds = 20;
/* set IV */
if (ivlen == 12) {
/* IV 32bit */
if ((err = chacha_ivctr32(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err;
}
else {
/* IV 64bit */
if ((err = chacha_ivctr64(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err;
}
/* (re)generate new poly1305 key */
if ((err = chacha_keystream(&tmp_st, polykey, 32)) != CRYPT_OK) return err;
/* (re)initialise poly1305 */
if ((err = poly1305_init(&st->poly, polykey, 32)) != CRYPT_OK) return err;
st->ctlen = 0;
st->aadlen = 0;
st->aadflg = 1;
return CRYPT_OK;
}
