/** Add entropy to the PRNG state @param in The data to add @param inlen Length of the data to add @param prng PRNG state to update @return CRYPT_OK if successful */ int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng) { unsigned char buf[40]; unsigned long i; int err; LTC_ARGCHK(prng != NULL); LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen > 0); LTC_MUTEX_LOCK(&prng->lock); if (prng->ready) { /* chacha20_prng_ready() was already called, do "rekey" operation */ if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK; for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i]; /* key 32 bytes, 20 rounds */ if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK) goto LBL_UNLOCK; /* iv 8 bytes */ if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK; /* clear KEY + IV */ zeromem(buf, sizeof(buf)); } else { /* chacha20_prng_ready() was not called yet, add entropy to ent buffer */ while (inlen--) prng->chacha.ent[prng->chacha.idx++ % sizeof(prng->chacha.ent)] ^= *in++; } err = CRYPT_OK; LBL_UNLOCK: LTC_MUTEX_UNLOCK(&prng->lock); return err; }
/** Read from the PRNG @param out Destination @param outlen Length of output @param prng The active PRNG to read from @return Number of octets read */ unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng) { if (outlen == 0 || prng == NULL || out == NULL) return 0; LTC_MUTEX_LOCK(&prng->lock); if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; } if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0; LBL_UNLOCK: LTC_MUTEX_UNLOCK(&prng->lock); return outlen; }
/** Set IV + counter data to the ChaCha20Poly1305 state and reset the context @param st The ChaCha20Poly1305 state @param iv The IV data to add @param ivlen The length of the IV (must be 12 or 8) @return CRYPT_OK on success */ int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen) { chacha_state tmp_st; int i, err; unsigned char polykey[32]; LTC_ARGCHK(st != NULL); LTC_ARGCHK(iv != NULL); LTC_ARGCHK(ivlen == 12 || ivlen == 8); /* set IV for chacha20 */ if (ivlen == 12) { /* IV 96bit */ if ((err = chacha_ivctr32(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err; } else { /* IV 64bit */ if ((err = chacha_ivctr64(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err; } /* copy chacha20 key to temporary state */ for(i = 0; i < 12; i++) tmp_st.input[i] = st->chacha.input[i]; tmp_st.rounds = 20; /* set IV */ if (ivlen == 12) { /* IV 32bit */ if ((err = chacha_ivctr32(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err; } else { /* IV 64bit */ if ((err = chacha_ivctr64(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err; } /* (re)generate new poly1305 key */ if ((err = chacha_keystream(&tmp_st, polykey, 32)) != CRYPT_OK) return err; /* (re)initialise poly1305 */ if ((err = poly1305_init(&st->poly, polykey, 32)) != CRYPT_OK) return err; st->ctlen = 0; st->aadlen = 0; st->aadflg = 1; return CRYPT_OK; }