1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
4 /* ---- SYMMETRIC KEY STUFF -----
6 * We put each of the ciphers scheduled keys in their own structs then we put all of
7 * the key formats in one union. This makes the function prototypes easier to use.
31 unsigned char K
[33][16];
38 ulong32 eK
[60], dK
[60];
45 ulong32 K
[32], dK
[32];
51 ulong32 KLi1
[8], KLi2
[8],
52 KOi1
[8], KOi2
[8], KOi3
[8],
53 KIi1
[8], KIi2
[8], KIi3
[8];
59 unsigned long A
[32], B
[32];
64 #ifndef LTC_TWOFISH_SMALL
66 ulong32 S
[4][256], K
[40];
71 unsigned char S
[32], start
;
77 #define LTC_SAFER_K64_DEFAULT_NOF_ROUNDS 6
78 #define LTC_SAFER_K128_DEFAULT_NOF_ROUNDS 10
79 #define LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS 8
80 #define LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS 10
81 #define LTC_SAFER_MAX_NOF_ROUNDS 13
82 #define LTC_SAFER_BLOCK_LEN 8
83 #define LTC_SAFER_KEY_LEN (1 + LTC_SAFER_BLOCK_LEN * (1 + 2 * LTC_SAFER_MAX_NOF_ROUNDS))
84 typedef unsigned char safer_block_t
[LTC_SAFER_BLOCK_LEN
];
85 typedef unsigned char safer_key_t
[LTC_SAFER_KEY_LEN
];
86 struct safer_key
{ safer_key_t key
; };
90 struct rc2_key
{ unsigned xkey
[64]; };
95 ulong32 ek
[32], dk
[32];
99 ulong32 ek
[3][32], dk
[3][32];
105 ulong32 K
[32], keylen
;
116 struct skipjack_key
{
117 unsigned char key
[10];
123 ulong64 roundKeyEnc
[8 + 1];
124 ulong64 roundKeyDec
[8 + 1];
132 ulong32 roundKeyEnc
[18 + 1][4];
133 ulong32 roundKeyDec
[18 + 1][4];
145 struct camellia_key
{
147 ulong64 kw
[4], k
[24], kl
[6];
153 #define LTC_IDEA_ROUNDS 8
154 /* key schedule length in # of unsigned shorts */
155 #define LTC_IDEA_KEYLEN 6*LTC_IDEA_ROUNDS+4
157 unsigned short int ek
[LTC_IDEA_KEYLEN
]; /* enc key */
158 unsigned short int dk
[LTC_IDEA_KEYLEN
]; /* dec key */
174 typedef union Symmetric_key
{
177 struct des3_key des3
;
183 struct safer_key safer
;
186 struct twofish_key twofish
;
189 struct blowfish_key blowfish
;
198 struct saferp_key saferp
;
201 struct rijndael_key rijndael
;
204 struct xtea_key xtea
;
207 struct cast5_key cast5
;
210 struct noekeon_key noekeon
;
213 struct skipjack_key skipjack
;
216 struct khazad_key khazad
;
219 struct anubis_key anubis
;
222 struct kseed_key kseed
;
225 struct kasumi_key kasumi
;
228 struct multi2_key multi2
;
231 struct camellia_key camellia
;
234 struct idea_key idea
;
237 struct serpent_key serpent
;
246 /** A block cipher ECB structure */
248 /** The index of the cipher chosen */
250 /** The block size of the given cipher */
252 /** The scheduled key */
258 /** A block cipher CFB structure */
260 /** The index of the cipher chosen */
262 /** The block size of the given cipher */
264 /** The padding offset */
266 /** The current IV */
267 unsigned char IV
[MAXBLOCKSIZE
],
268 /** The pad used to encrypt/decrypt */
270 /** The scheduled key */
276 /** A block cipher OFB structure */
278 /** The index of the cipher chosen */
280 /** The block size of the given cipher */
282 /** The padding offset */
284 /** The current IV */
285 unsigned char IV
[MAXBLOCKSIZE
];
286 /** The scheduled key */
292 /** A block cipher CBC structure */
294 /** The index of the cipher chosen */
296 /** The block size of the given cipher */
298 /** The current IV */
299 unsigned char IV
[MAXBLOCKSIZE
];
300 /** The scheduled key */
307 /** A block cipher CTR structure */
309 /** The index of the cipher chosen */
311 /** The block size of the given cipher */
313 /** The padding offset */
315 /** The mode (endianess) of the CTR, 0==little, 1==big */
321 unsigned char ctr
[MAXBLOCKSIZE
];
322 /** The pad used to encrypt/decrypt */
323 unsigned char pad
[MAXBLOCKSIZE
] LTC_ALIGN(16);
324 /** The scheduled key */
331 /** A LRW structure */
333 /** The index of the cipher chosen (must be a 128-bit block cipher) */
336 /** The current IV */
337 unsigned char IV
[16],
342 /** The current pad, it's the product of the first 15 bytes against the tweak key */
345 /** The scheduled symmetric key */
348 #ifdef LTC_LRW_TABLES
349 /** The pre-computed multiplication table */
350 unsigned char PC
[16][256][16];
356 /** A block cipher F8 structure */
358 /** The index of the cipher chosen */
360 /** The block size of the given cipher */
362 /** The padding offset */
364 /** The current IV */
365 unsigned char IV
[MAXBLOCKSIZE
],
367 /** Current block count */
369 /** The scheduled key */
375 /** cipher descriptor table, last entry has "name == NULL" to mark the end of table */
376 extern struct ltc_cipher_descriptor
{
377 /** name of cipher */
381 /** min keysize (octets) */
383 /** max keysize (octets) */
385 /** block size (octets) */
387 /** default number of rounds */
390 @param key The input symmetric key
391 @param keylen The length of the input key (octets)
392 @param num_rounds The requested number of rounds (0==default)
393 @param skey [out] The destination of the scheduled key
394 @return CRYPT_OK if successful
396 int (*setup
)(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
398 @param pt The plaintext
399 @param ct [out] The ciphertext
400 @param skey The scheduled key
401 @return CRYPT_OK if successful
403 int (*ecb_encrypt
)(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
405 @param ct The ciphertext
406 @param pt [out] The plaintext
407 @param skey The scheduled key
408 @return CRYPT_OK if successful
410 int (*ecb_decrypt
)(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
411 /** Test the block cipher
412 @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
416 /** Terminate the context
417 @param skey The scheduled key
419 void (*done
)(symmetric_key
*skey
);
421 /** Determine a key size
422 @param keysize [in/out] The size of the key desired and the suggested size
423 @return CRYPT_OK if successful
425 int (*keysize
)(int *keysize
);
428 /** Accelerated ECB encryption
431 @param blocks The number of complete blocks to process
432 @param skey The scheduled key context
433 @return CRYPT_OK if successful
435 int (*accel_ecb_encrypt
)(const unsigned char *pt
, unsigned char *ct
, unsigned long blocks
, symmetric_key
*skey
);
437 /** Accelerated ECB decryption
440 @param blocks The number of complete blocks to process
441 @param skey The scheduled key context
442 @return CRYPT_OK if successful
444 int (*accel_ecb_decrypt
)(const unsigned char *ct
, unsigned char *pt
, unsigned long blocks
, symmetric_key
*skey
);
446 /** Accelerated CBC encryption
449 @param blocks The number of complete blocks to process
450 @param IV The initial value (input/output)
451 @param skey The scheduled key context
452 @return CRYPT_OK if successful
454 int (*accel_cbc_encrypt
)(const unsigned char *pt
, unsigned char *ct
, unsigned long blocks
, unsigned char *IV
, symmetric_key
*skey
);
456 /** Accelerated CBC decryption
459 @param blocks The number of complete blocks to process
460 @param IV The initial value (input/output)
461 @param skey The scheduled key context
462 @return CRYPT_OK if successful
464 int (*accel_cbc_decrypt
)(const unsigned char *ct
, unsigned char *pt
, unsigned long blocks
, unsigned char *IV
, symmetric_key
*skey
);
466 /** Accelerated CTR encryption
469 @param blocks The number of complete blocks to process
470 @param IV The initial value (input/output)
471 @param mode little or big endian counter (mode=0 or mode=1)
472 @param skey The scheduled key context
473 @return CRYPT_OK if successful
475 int (*accel_ctr_encrypt
)(const unsigned char *pt
, unsigned char *ct
, unsigned long blocks
, unsigned char *IV
, int mode
, symmetric_key
*skey
);
480 @param blocks The number of complete blocks to process
481 @param IV The initial value (input/output)
482 @param tweak The LRW tweak
483 @param skey The scheduled key context
484 @return CRYPT_OK if successful
486 int (*accel_lrw_encrypt
)(const unsigned char *pt
, unsigned char *ct
, unsigned long blocks
, unsigned char *IV
, const unsigned char *tweak
, symmetric_key
*skey
);
491 @param blocks The number of complete blocks to process
492 @param IV The initial value (input/output)
493 @param tweak The LRW tweak
494 @param skey The scheduled key context
495 @return CRYPT_OK if successful
497 int (*accel_lrw_decrypt
)(const unsigned char *ct
, unsigned char *pt
, unsigned long blocks
, unsigned char *IV
, const unsigned char *tweak
, symmetric_key
*skey
);
499 /** Accelerated CCM packet (one-shot)
500 @param key The secret key to use
501 @param keylen The length of the secret key (octets)
502 @param uskey A previously scheduled key [optional can be NULL]
503 @param nonce The session nonce [use once]
504 @param noncelen The length of the nonce
505 @param header The header for the session
506 @param headerlen The length of the header (octets)
507 @param pt [out] The plaintext
508 @param ptlen The length of the plaintext (octets)
509 @param ct [out] The ciphertext
510 @param tag [out] The destination tag
511 @param taglen [in/out] The max size and resulting size of the authentication tag
512 @param direction Encrypt or Decrypt direction (0 or 1)
513 @return CRYPT_OK if successful
515 int (*accel_ccm_memory
)(
516 const unsigned char *key
, unsigned long keylen
,
517 symmetric_key
*uskey
,
518 const unsigned char *nonce
, unsigned long noncelen
,
519 const unsigned char *header
, unsigned long headerlen
,
520 unsigned char *pt
, unsigned long ptlen
,
522 unsigned char *tag
, unsigned long *taglen
,
525 /** Accelerated GCM packet (one shot)
526 @param key The secret key
527 @param keylen The length of the secret key
528 @param IV The initialization vector
529 @param IVlen The length of the initialization vector
530 @param adata The additional authentication data (header)
531 @param adatalen The length of the adata
532 @param pt The plaintext
533 @param ptlen The length of the plaintext (ciphertext length is the same)
534 @param ct The ciphertext
535 @param tag [out] The MAC tag
536 @param taglen [in/out] The MAC tag length
537 @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
538 @return CRYPT_OK on success
540 int (*accel_gcm_memory
)(
541 const unsigned char *key
, unsigned long keylen
,
542 const unsigned char *IV
, unsigned long IVlen
,
543 const unsigned char *adata
, unsigned long adatalen
,
544 unsigned char *pt
, unsigned long ptlen
,
546 unsigned char *tag
, unsigned long *taglen
,
549 /** Accelerated one shot LTC_OMAC
550 @param key The secret key
551 @param keylen The key length (octets)
552 @param in The message
553 @param inlen Length of message (octets)
554 @param out [out] Destination for tag
555 @param outlen [in/out] Initial and final size of out
556 @return CRYPT_OK on success
559 const unsigned char *key
, unsigned long keylen
,
560 const unsigned char *in
, unsigned long inlen
,
561 unsigned char *out
, unsigned long *outlen
);
563 /** Accelerated one shot XCBC
564 @param key The secret key
565 @param keylen The key length (octets)
566 @param in The message
567 @param inlen Length of message (octets)
568 @param out [out] Destination for tag
569 @param outlen [in/out] Initial and final size of out
570 @return CRYPT_OK on success
573 const unsigned char *key
, unsigned long keylen
,
574 const unsigned char *in
, unsigned long inlen
,
575 unsigned char *out
, unsigned long *outlen
);
577 /** Accelerated one shot F9
578 @param key The secret key
579 @param keylen The key length (octets)
580 @param in The message
581 @param inlen Length of message (octets)
582 @param out [out] Destination for tag
583 @param outlen [in/out] Initial and final size of out
584 @return CRYPT_OK on success
585 @remark Requires manual padding
588 const unsigned char *key
, unsigned long keylen
,
589 const unsigned char *in
, unsigned long inlen
,
590 unsigned char *out
, unsigned long *outlen
);
592 /** Accelerated XTS encryption
595 @param blocks The number of complete blocks to process
596 @param tweak The 128-bit encryption tweak (input/output).
597 The tweak should not be encrypted on input, but
598 next tweak will be copied encrypted on output.
599 @param skey1 The first scheduled key context
600 @param skey2 The second scheduled key context
601 @return CRYPT_OK if successful
603 int (*accel_xts_encrypt
)(const unsigned char *pt
, unsigned char *ct
,
604 unsigned long blocks
, unsigned char *tweak
,
605 const symmetric_key
*skey1
, const symmetric_key
*skey2
);
607 /** Accelerated XTS decryption
610 @param blocks The number of complete blocks to process
611 @param tweak The 128-bit encryption tweak (input/output).
612 The tweak should not be encrypted on input, but
613 next tweak will be copied encrypted on output.
614 @param skey1 The first scheduled key context
615 @param skey2 The second scheduled key context
616 @return CRYPT_OK if successful
618 int (*accel_xts_decrypt
)(const unsigned char *ct
, unsigned char *pt
,
619 unsigned long blocks
, unsigned char *tweak
,
620 const symmetric_key
*skey1
, const symmetric_key
*skey2
);
621 } cipher_descriptor
[];
624 int blowfish_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
625 int blowfish_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
626 int blowfish_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
627 int blowfish_test(void);
628 void blowfish_done(symmetric_key
*skey
);
629 int blowfish_keysize(int *keysize
);
630 extern const struct ltc_cipher_descriptor blowfish_desc
;
634 int rc5_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
635 int rc5_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
636 int rc5_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
638 void rc5_done(symmetric_key
*skey
);
639 int rc5_keysize(int *keysize
);
640 extern const struct ltc_cipher_descriptor rc5_desc
;
644 int rc6_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
645 int rc6_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
646 int rc6_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
648 void rc6_done(symmetric_key
*skey
);
649 int rc6_keysize(int *keysize
);
650 extern const struct ltc_cipher_descriptor rc6_desc
;
654 int rc2_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
655 int rc2_setup_ex(const unsigned char *key
, int keylen
, int bits
, int num_rounds
, symmetric_key
*skey
);
656 int rc2_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
657 int rc2_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
659 void rc2_done(symmetric_key
*skey
);
660 int rc2_keysize(int *keysize
);
661 extern const struct ltc_cipher_descriptor rc2_desc
;
665 int saferp_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
666 int saferp_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
667 int saferp_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
668 int saferp_test(void);
669 void saferp_done(symmetric_key
*skey
);
670 int saferp_keysize(int *keysize
);
671 extern const struct ltc_cipher_descriptor saferp_desc
;
675 int safer_k64_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
676 int safer_sk64_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
677 int safer_k128_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
678 int safer_sk128_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
679 int safer_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
680 int safer_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
681 int safer_k64_test(void);
682 int safer_sk64_test(void);
683 int safer_sk128_test(void);
684 void safer_done(symmetric_key
*skey
);
685 int safer_64_keysize(int *keysize
);
686 int safer_128_keysize(int *keysize
);
687 extern const struct ltc_cipher_descriptor safer_k64_desc
, safer_k128_desc
, safer_sk64_desc
, safer_sk128_desc
;
692 /* make aes an alias */
693 #define aes_setup rijndael_setup
694 #define aes_ecb_encrypt rijndael_ecb_encrypt
695 #define aes_ecb_decrypt rijndael_ecb_decrypt
696 #define aes_test rijndael_test
697 #define aes_done rijndael_done
698 #define aes_keysize rijndael_keysize
700 #define aes_enc_setup rijndael_enc_setup
701 #define aes_enc_ecb_encrypt rijndael_enc_ecb_encrypt
702 #define aes_enc_keysize rijndael_enc_keysize
704 int rijndael_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
705 int rijndael_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
706 int rijndael_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
707 int rijndael_test(void);
708 void rijndael_done(symmetric_key
*skey
);
709 int rijndael_keysize(int *keysize
);
710 int rijndael_enc_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
711 int rijndael_enc_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
712 void rijndael_enc_done(symmetric_key
*skey
);
713 int rijndael_enc_keysize(int *keysize
);
714 extern const struct ltc_cipher_descriptor rijndael_desc
, aes_desc
;
715 extern const struct ltc_cipher_descriptor rijndael_enc_desc
, aes_enc_desc
;
719 int xtea_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
720 int xtea_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
721 int xtea_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
723 void xtea_done(symmetric_key
*skey
);
724 int xtea_keysize(int *keysize
);
725 extern const struct ltc_cipher_descriptor xtea_desc
;
729 int twofish_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
730 int twofish_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
731 int twofish_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
732 int twofish_test(void);
733 void twofish_done(symmetric_key
*skey
);
734 int twofish_keysize(int *keysize
);
735 extern const struct ltc_cipher_descriptor twofish_desc
;
739 int des_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
740 int des_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
741 int des_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
743 void des_done(symmetric_key
*skey
);
744 int des_keysize(int *keysize
);
745 int des3_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
746 int des3_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
747 int des3_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
749 void des3_done(symmetric_key
*skey
);
750 int des3_keysize(int *keysize
);
751 extern const struct ltc_cipher_descriptor des_desc
, des3_desc
;
755 int cast5_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
756 int cast5_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
757 int cast5_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
758 int cast5_test(void);
759 void cast5_done(symmetric_key
*skey
);
760 int cast5_keysize(int *keysize
);
761 extern const struct ltc_cipher_descriptor cast5_desc
;
765 int noekeon_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
766 int noekeon_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
767 int noekeon_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
768 int noekeon_test(void);
769 void noekeon_done(symmetric_key
*skey
);
770 int noekeon_keysize(int *keysize
);
771 extern const struct ltc_cipher_descriptor noekeon_desc
;
775 int skipjack_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
776 int skipjack_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
777 int skipjack_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
778 int skipjack_test(void);
779 void skipjack_done(symmetric_key
*skey
);
780 int skipjack_keysize(int *keysize
);
781 extern const struct ltc_cipher_descriptor skipjack_desc
;
785 int khazad_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
786 int khazad_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
787 int khazad_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
788 int khazad_test(void);
789 void khazad_done(symmetric_key
*skey
);
790 int khazad_keysize(int *keysize
);
791 extern const struct ltc_cipher_descriptor khazad_desc
;
795 int anubis_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
796 int anubis_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
797 int anubis_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
798 int anubis_test(void);
799 void anubis_done(symmetric_key
*skey
);
800 int anubis_keysize(int *keysize
);
801 extern const struct ltc_cipher_descriptor anubis_desc
;
805 int kseed_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
806 int kseed_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
807 int kseed_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
808 int kseed_test(void);
809 void kseed_done(symmetric_key
*skey
);
810 int kseed_keysize(int *keysize
);
811 extern const struct ltc_cipher_descriptor kseed_desc
;
815 int kasumi_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
816 int kasumi_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
817 int kasumi_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
818 int kasumi_test(void);
819 void kasumi_done(symmetric_key
*skey
);
820 int kasumi_keysize(int *keysize
);
821 extern const struct ltc_cipher_descriptor kasumi_desc
;
826 int multi2_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
827 int multi2_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
828 int multi2_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
829 int multi2_test(void);
830 void multi2_done(symmetric_key
*skey
);
831 int multi2_keysize(int *keysize
);
832 extern const struct ltc_cipher_descriptor multi2_desc
;
836 int camellia_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
837 int camellia_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
838 int camellia_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
839 int camellia_test(void);
840 void camellia_done(symmetric_key
*skey
);
841 int camellia_keysize(int *keysize
);
842 extern const struct ltc_cipher_descriptor camellia_desc
;
846 int idea_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
847 int idea_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
848 int idea_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
850 void idea_done(symmetric_key
*skey
);
851 int idea_keysize(int *keysize
);
852 extern const struct ltc_cipher_descriptor idea_desc
;
856 int serpent_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
857 int serpent_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
858 int serpent_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
859 int serpent_test(void);
860 void serpent_done(symmetric_key
*skey
);
861 int serpent_keysize(int *keysize
);
862 extern const struct ltc_cipher_descriptor serpent_desc
;
866 int tea_setup(const unsigned char *key
, int keylen
, int num_rounds
, symmetric_key
*skey
);
867 int tea_ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, const symmetric_key
*skey
);
868 int tea_ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, const symmetric_key
*skey
);
870 void tea_done(symmetric_key
*skey
);
871 int tea_keysize(int *keysize
);
872 extern const struct ltc_cipher_descriptor tea_desc
;
876 int ecb_start(int cipher
, const unsigned char *key
,
877 int keylen
, int num_rounds
, symmetric_ECB
*ecb
);
878 int ecb_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_ECB
*ecb
);
879 int ecb_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_ECB
*ecb
);
880 int ecb_done(symmetric_ECB
*ecb
);
884 int cfb_start(int cipher
, const unsigned char *IV
, const unsigned char *key
,
885 int keylen
, int num_rounds
, symmetric_CFB
*cfb
);
886 int cfb_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_CFB
*cfb
);
887 int cfb_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_CFB
*cfb
);
888 int cfb_getiv(unsigned char *IV
, unsigned long *len
, const symmetric_CFB
*cfb
);
889 int cfb_setiv(const unsigned char *IV
, unsigned long len
, symmetric_CFB
*cfb
);
890 int cfb_done(symmetric_CFB
*cfb
);
894 int ofb_start(int cipher
, const unsigned char *IV
, const unsigned char *key
,
895 int keylen
, int num_rounds
, symmetric_OFB
*ofb
);
896 int ofb_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_OFB
*ofb
);
897 int ofb_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_OFB
*ofb
);
898 int ofb_getiv(unsigned char *IV
, unsigned long *len
, const symmetric_OFB
*ofb
);
899 int ofb_setiv(const unsigned char *IV
, unsigned long len
, symmetric_OFB
*ofb
);
900 int ofb_done(symmetric_OFB
*ofb
);
904 int cbc_start(int cipher
, const unsigned char *IV
, const unsigned char *key
,
905 int keylen
, int num_rounds
, symmetric_CBC
*cbc
);
906 int cbc_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_CBC
*cbc
);
907 int cbc_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_CBC
*cbc
);
908 int cbc_getiv(unsigned char *IV
, unsigned long *len
, const symmetric_CBC
*cbc
);
909 int cbc_setiv(const unsigned char *IV
, unsigned long len
, symmetric_CBC
*cbc
);
910 int cbc_done(symmetric_CBC
*cbc
);
915 #define CTR_COUNTER_LITTLE_ENDIAN 0x0000
916 #define CTR_COUNTER_BIG_ENDIAN 0x1000
917 #define LTC_CTR_RFC3686 0x2000
919 int ctr_start( int cipher
,
920 const unsigned char *IV
,
921 const unsigned char *key
, int keylen
,
922 int num_rounds
, int ctr_mode
,
924 int ctr_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_CTR
*ctr
);
925 int ctr_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_CTR
*ctr
);
926 int ctr_getiv(unsigned char *IV
, unsigned long *len
, const symmetric_CTR
*ctr
);
927 int ctr_setiv(const unsigned char *IV
, unsigned long len
, symmetric_CTR
*ctr
);
928 int ctr_done(symmetric_CTR
*ctr
);
934 #define LRW_ENCRYPT LTC_ENCRYPT
935 #define LRW_DECRYPT LTC_DECRYPT
937 int lrw_start( int cipher
,
938 const unsigned char *IV
,
939 const unsigned char *key
, int keylen
,
940 const unsigned char *tweak
,
943 int lrw_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_LRW
*lrw
);
944 int lrw_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_LRW
*lrw
);
945 int lrw_getiv(unsigned char *IV
, unsigned long *len
, const symmetric_LRW
*lrw
);
946 int lrw_setiv(const unsigned char *IV
, unsigned long len
, symmetric_LRW
*lrw
);
947 int lrw_done(symmetric_LRW
*lrw
);
951 int lrw_process(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, int mode
, symmetric_LRW
*lrw
);
955 int f8_start( int cipher
, const unsigned char *IV
,
956 const unsigned char *key
, int keylen
,
957 const unsigned char *salt_key
, int skeylen
,
958 int num_rounds
, symmetric_F8
*f8
);
959 int f8_encrypt(const unsigned char *pt
, unsigned char *ct
, unsigned long len
, symmetric_F8
*f8
);
960 int f8_decrypt(const unsigned char *ct
, unsigned char *pt
, unsigned long len
, symmetric_F8
*f8
);
961 int f8_getiv(unsigned char *IV
, unsigned long *len
, const symmetric_F8
*f8
);
962 int f8_setiv(const unsigned char *IV
, unsigned long len
, symmetric_F8
*f8
);
963 int f8_done(symmetric_F8
*f8
);
964 int f8_test_mode(void);
969 symmetric_key key1
, key2
;
973 int xts_start( int cipher
,
974 const unsigned char *key1
,
975 const unsigned char *key2
,
976 unsigned long keylen
,
981 const unsigned char *pt
, unsigned long ptlen
,
983 unsigned char *tweak
,
984 const symmetric_xts
*xts
);
986 const unsigned char *ct
, unsigned long ptlen
,
988 unsigned char *tweak
,
989 const symmetric_xts
*xts
);
991 void xts_done(symmetric_xts
*xts
);
993 void xts_mult_x(unsigned char *I
);
996 int find_cipher(const char *name
);
997 int find_cipher_any(const char *name
, int blocklen
, int keylen
);
998 int find_cipher_id(unsigned char ID
);
999 int register_cipher(const struct ltc_cipher_descriptor
*cipher
);
1000 int unregister_cipher(const struct ltc_cipher_descriptor
*cipher
);
1001 int register_all_ciphers(void);
1002 int cipher_is_valid(int idx
);
1004 LTC_MUTEX_PROTO(ltc_cipher_mutex
)
1006 /* ---- stream ciphers ---- */
1012 unsigned char kstream
[64];
1013 unsigned long ksleft
;
1014 unsigned long ivlen
;
1018 int chacha_setup(chacha_state
*st
, const unsigned char *key
, unsigned long keylen
, int rounds
);
1019 int chacha_ivctr32(chacha_state
*st
, const unsigned char *iv
, unsigned long ivlen
, ulong32 counter
);
1020 int chacha_ivctr64(chacha_state
*st
, const unsigned char *iv
, unsigned long ivlen
, ulong64 counter
);
1021 int chacha_crypt(chacha_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
1022 int chacha_keystream(chacha_state
*st
, unsigned char *out
, unsigned long outlen
);
1023 int chacha_done(chacha_state
*st
);
1024 int chacha_test(void);
1025 int chacha_memory(const unsigned char *key
, unsigned long keylen
, unsigned long rounds
,
1026 const unsigned char *iv
, unsigned long ivlen
, ulong64 counter
,
1027 const unsigned char *datain
, unsigned long datalen
, unsigned char *dataout
);
1029 #endif /* LTC_CHACHA */
1035 unsigned char kstream
[64];
1036 unsigned long ksleft
;
1037 unsigned long ivlen
;
1041 int salsa20_setup(salsa20_state
*st
, const unsigned char *key
, unsigned long keylen
, int rounds
);
1042 int salsa20_ivctr64(salsa20_state
*st
, const unsigned char *iv
, unsigned long ivlen
, ulong64 counter
);
1043 int salsa20_crypt(salsa20_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
1044 int salsa20_keystream(salsa20_state
*st
, unsigned char *out
, unsigned long outlen
);
1045 int salsa20_done(salsa20_state
*st
);
1046 int salsa20_test(void);
1047 int salsa20_memory(const unsigned char *key
, unsigned long keylen
, unsigned long rounds
,
1048 const unsigned char *iv
, unsigned long ivlen
, ulong64 counter
,
1049 const unsigned char *datain
, unsigned long datalen
, unsigned char *dataout
);
1051 #endif /* LTC_SALSA20 */
1055 int xsalsa20_setup(salsa20_state
*st
, const unsigned char *key
, unsigned long keylen
,
1056 const unsigned char *nonce
, unsigned long noncelen
,
1058 int xsalsa20_test(void);
1059 int xsalsa20_memory(const unsigned char *key
, unsigned long keylen
, unsigned long rounds
,
1060 const unsigned char *nonce
, unsigned long noncelen
,
1061 const unsigned char *datain
, unsigned long datalen
, unsigned char *dataout
);
1063 #endif /* LTC_XSALSA20 */
1065 #ifdef LTC_SOSEMANUK
1068 ulong32 kc
[100]; /* key_context */
1069 ulong32 s00
, s01
, s02
, s03
, s04
, s05
, s06
, s07
, s08
, s09
;
1072 * Buffering: the stream cipher produces output data by
1073 * blocks of 640 bits. buf[] contains such a block, and
1074 * "ptr" is the index of the next output byte.
1076 unsigned char buf
[80];
1080 int sosemanuk_setup(sosemanuk_state
*st
, const unsigned char *key
, unsigned long keylen
);
1081 int sosemanuk_setiv(sosemanuk_state
*st
, const unsigned char *iv
, unsigned long ivlen
);
1082 int sosemanuk_crypt(sosemanuk_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
1083 int sosemanuk_keystream(sosemanuk_state
*st
, unsigned char *out
, unsigned long outlen
);
1084 int sosemanuk_done(sosemanuk_state
*st
);
1085 int sosemanuk_test(void);
1086 int sosemanuk_memory(const unsigned char *key
, unsigned long keylen
,
1087 const unsigned char *iv
, unsigned long ivlen
,
1088 const unsigned char *datain
, unsigned long datalen
,
1089 unsigned char *dataout
);
1091 #endif /* LTC_SOSEMANUK */
1102 rabbit_ctx master_ctx
;
1103 rabbit_ctx work_ctx
;
1104 unsigned char block
[16]; /* last keystream block containing unused bytes */
1105 ulong32 unused
; /* count fm right */
1108 int rabbit_setup(rabbit_state
* st
, const unsigned char *key
, unsigned long keylen
);
1109 int rabbit_setiv(rabbit_state
* st
, const unsigned char *iv
, unsigned long ivlen
);
1110 int rabbit_crypt(rabbit_state
* st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
1111 int rabbit_keystream(rabbit_state
* st
, unsigned char *out
, unsigned long outlen
);
1112 int rabbit_done(rabbit_state
*st
);
1113 int rabbit_test(void);
1114 int rabbit_memory(const unsigned char *key
, unsigned long keylen
,
1115 const unsigned char *iv
, unsigned long ivlen
,
1116 const unsigned char *datain
, unsigned long datalen
,
1117 unsigned char *dataout
);
1119 #endif /* LTC_RABBIT */
1121 #ifdef LTC_RC4_STREAM
1125 unsigned char buf
[256];
1128 int rc4_stream_setup(rc4_state
*st
, const unsigned char *key
, unsigned long keylen
);
1129 int rc4_stream_crypt(rc4_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
1130 int rc4_stream_keystream(rc4_state
*st
, unsigned char *out
, unsigned long outlen
);
1131 int rc4_stream_done(rc4_state
*st
);
1132 int rc4_stream_test(void);
1133 int rc4_stream_memory(const unsigned char *key
, unsigned long keylen
,
1134 const unsigned char *datain
, unsigned long datalen
,
1135 unsigned char *dataout
);
1137 #endif /* LTC_RC4_STREAM */
1139 #ifdef LTC_SOBER128_STREAM
1142 ulong32 R
[17], /* Working storage for the shift register */
1143 initR
[17], /* saved register contents */
1144 konst
, /* key dependent constant */
1145 sbuf
; /* partial word encryption buffer */
1146 int nbuf
; /* number of part-word stream bits buffered */
1149 int sober128_stream_setup(sober128_state
*st
, const unsigned char *key
, unsigned long keylen
);
1150 int sober128_stream_setiv(sober128_state
*st
, const unsigned char *iv
, unsigned long ivlen
);
1151 int sober128_stream_crypt(sober128_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
1152 int sober128_stream_keystream(sober128_state
*st
, unsigned char *out
, unsigned long outlen
);
1153 int sober128_stream_done(sober128_state
*st
);
1154 int sober128_stream_test(void);
1155 int sober128_stream_memory(const unsigned char *key
, unsigned long keylen
,
1156 const unsigned char *iv
, unsigned long ivlen
,
1157 const unsigned char *datain
, unsigned long datalen
,
1158 unsigned char *dataout
);
1160 #endif /* LTC_SOBER128_STREAM */