1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
5 typedef struct Hmac_state
{
8 unsigned char key
[MAXBLOCKSIZE
];
11 int hmac_init(hmac_state
*hmac
, int hash
, const unsigned char *key
, unsigned long keylen
);
12 int hmac_process(hmac_state
*hmac
, const unsigned char *in
, unsigned long inlen
);
13 int hmac_done(hmac_state
*hmac
, unsigned char *out
, unsigned long *outlen
);
15 int hmac_memory(int hash
,
16 const unsigned char *key
, unsigned long keylen
,
17 const unsigned char *in
, unsigned long inlen
,
18 unsigned char *out
, unsigned long *outlen
);
19 int hmac_memory_multi(int hash
,
20 const unsigned char *key
, unsigned long keylen
,
21 unsigned char *out
, unsigned long *outlen
,
22 const unsigned char *in
, unsigned long inlen
, ...);
23 int hmac_file(int hash
, const char *fname
, const unsigned char *key
,
25 unsigned char *out
, unsigned long *outlen
);
34 unsigned char block
[MAXBLOCKSIZE
],
40 int omac_init(omac_state
*omac
, int cipher
, const unsigned char *key
, unsigned long keylen
);
41 int omac_process(omac_state
*omac
, const unsigned char *in
, unsigned long inlen
);
42 int omac_done(omac_state
*omac
, unsigned char *out
, unsigned long *outlen
);
43 int omac_memory(int cipher
,
44 const unsigned char *key
, unsigned long keylen
,
45 const unsigned char *in
, unsigned long inlen
,
46 unsigned char *out
, unsigned long *outlen
);
47 int omac_memory_multi(int cipher
,
48 const unsigned char *key
, unsigned long keylen
,
49 unsigned char *out
, unsigned long *outlen
,
50 const unsigned char *in
, unsigned long inlen
, ...);
51 int omac_file(int cipher
,
52 const unsigned char *key
, unsigned long keylen
,
54 unsigned char *out
, unsigned long *outlen
);
61 unsigned char Ls
[32][MAXBLOCKSIZE
], /* L shifted by i bits to the left */
62 Li
[MAXBLOCKSIZE
], /* value of Li [current value, we calc from previous recall] */
63 Lr
[MAXBLOCKSIZE
], /* L * x^-1 */
64 block
[MAXBLOCKSIZE
], /* currently accumulated block */
65 checksum
[MAXBLOCKSIZE
]; /* current checksum */
67 symmetric_key key
; /* scheduled key for cipher */
68 unsigned long block_index
; /* index # for current block */
69 int cipher_idx
, /* cipher idx */
70 block_len
, /* length of block */
71 buflen
; /* number of bytes in the buffer */
74 int pmac_init(pmac_state
*pmac
, int cipher
, const unsigned char *key
, unsigned long keylen
);
75 int pmac_process(pmac_state
*pmac
, const unsigned char *in
, unsigned long inlen
);
76 int pmac_done(pmac_state
*pmac
, unsigned char *out
, unsigned long *outlen
);
78 int pmac_memory(int cipher
,
79 const unsigned char *key
, unsigned long keylen
,
80 const unsigned char *in
, unsigned long inlen
,
81 unsigned char *out
, unsigned long *outlen
);
83 int pmac_memory_multi(int cipher
,
84 const unsigned char *key
, unsigned long keylen
,
85 unsigned char *out
, unsigned long *outlen
,
86 const unsigned char *in
, unsigned long inlen
, ...);
88 int pmac_file(int cipher
,
89 const unsigned char *key
, unsigned long keylen
,
91 unsigned char *out
, unsigned long *outlen
);
95 /* internal functions */
96 int pmac_ntz(unsigned long x
);
97 void pmac_shift_xor(pmac_state
*pmac
);
106 unsigned long leftover
;
107 unsigned char buffer
[16];
111 int poly1305_init(poly1305_state
*st
, const unsigned char *key
, unsigned long keylen
);
112 int poly1305_process(poly1305_state
*st
, const unsigned char *in
, unsigned long inlen
);
113 int poly1305_done(poly1305_state
*st
, unsigned char *mac
, unsigned long *maclen
);
114 int poly1305_memory(const unsigned char *key
, unsigned long keylen
, const unsigned char *in
, unsigned long inlen
, unsigned char *mac
, unsigned long *maclen
);
115 int poly1305_memory_multi(const unsigned char *key
, unsigned long keylen
, unsigned char *mac
, unsigned long *maclen
, const unsigned char *in
, unsigned long inlen
, ...);
116 int poly1305_file(const char *fname
, const unsigned char *key
, unsigned long keylen
, unsigned char *mac
, unsigned long *maclen
);
117 int poly1305_test(void);
118 #endif /* LTC_POLY1305 */
120 #ifdef LTC_BLAKE2SMAC
121 typedef hash_state blake2smac_state
;
122 int blake2smac_init(blake2smac_state
*st
, unsigned long outlen
, const unsigned char *key
, unsigned long keylen
);
123 int blake2smac_process(blake2smac_state
*st
, const unsigned char *in
, unsigned long inlen
);
124 int blake2smac_done(blake2smac_state
*st
, unsigned char *mac
, unsigned long *maclen
);
125 int blake2smac_memory(const unsigned char *key
, unsigned long keylen
, const unsigned char *in
, unsigned long inlen
, unsigned char *mac
, unsigned long *maclen
);
126 int blake2smac_memory_multi(const unsigned char *key
, unsigned long keylen
, unsigned char *mac
, unsigned long *maclen
, const unsigned char *in
, unsigned long inlen
, ...);
127 int blake2smac_file(const char *fname
, const unsigned char *key
, unsigned long keylen
, unsigned char *mac
, unsigned long *maclen
);
128 int blake2smac_test(void);
129 #endif /* LTC_BLAKE2SMAC */
131 #ifdef LTC_BLAKE2BMAC
132 typedef hash_state blake2bmac_state
;
133 int blake2bmac_init(blake2bmac_state
*st
, unsigned long outlen
, const unsigned char *key
, unsigned long keylen
);
134 int blake2bmac_process(blake2bmac_state
*st
, const unsigned char *in
, unsigned long inlen
);
135 int blake2bmac_done(blake2bmac_state
*st
, unsigned char *mac
, unsigned long *maclen
);
136 int blake2bmac_memory(const unsigned char *key
, unsigned long keylen
, const unsigned char *in
, unsigned long inlen
, unsigned char *mac
, unsigned long *maclen
);
137 int blake2bmac_memory_multi(const unsigned char *key
, unsigned long keylen
, unsigned char *mac
, unsigned long *maclen
, const unsigned char *in
, unsigned long inlen
, ...);
138 int blake2bmac_file(const char *fname
, const unsigned char *key
, unsigned long keylen
, unsigned char *mac
, unsigned long *maclen
);
139 int blake2bmac_test(void);
140 #endif /* LTC_BLAKE2BMAC */
145 typedef struct pelican_state
148 unsigned char state
[16];
152 int pelican_init(pelican_state
*pelmac
, const unsigned char *key
, unsigned long keylen
);
153 int pelican_process(pelican_state
*pelmac
, const unsigned char *in
, unsigned long inlen
);
154 int pelican_done(pelican_state
*pelmac
, unsigned char *out
);
155 int pelican_test(void);
157 int pelican_memory(const unsigned char *key
, unsigned long keylen
,
158 const unsigned char *in
, unsigned long inlen
,
165 /* add this to "keylen" to xcbc_init to use a pure three-key XCBC MAC */
166 #define LTC_XCBC_PURE 0x8000UL
169 unsigned char K
[3][MAXBLOCKSIZE
],
179 int xcbc_init(xcbc_state
*xcbc
, int cipher
, const unsigned char *key
, unsigned long keylen
);
180 int xcbc_process(xcbc_state
*xcbc
, const unsigned char *in
, unsigned long inlen
);
181 int xcbc_done(xcbc_state
*xcbc
, unsigned char *out
, unsigned long *outlen
);
182 int xcbc_memory(int cipher
,
183 const unsigned char *key
, unsigned long keylen
,
184 const unsigned char *in
, unsigned long inlen
,
185 unsigned char *out
, unsigned long *outlen
);
186 int xcbc_memory_multi(int cipher
,
187 const unsigned char *key
, unsigned long keylen
,
188 unsigned char *out
, unsigned long *outlen
,
189 const unsigned char *in
, unsigned long inlen
, ...);
190 int xcbc_file(int cipher
,
191 const unsigned char *key
, unsigned long keylen
,
192 const char *filename
,
193 unsigned char *out
, unsigned long *outlen
);
201 unsigned char akey
[MAXBLOCKSIZE
],
213 int f9_init(f9_state
*f9
, int cipher
, const unsigned char *key
, unsigned long keylen
);
214 int f9_process(f9_state
*f9
, const unsigned char *in
, unsigned long inlen
);
215 int f9_done(f9_state
*f9
, unsigned char *out
, unsigned long *outlen
);
216 int f9_memory(int cipher
,
217 const unsigned char *key
, unsigned long keylen
,
218 const unsigned char *in
, unsigned long inlen
,
219 unsigned char *out
, unsigned long *outlen
);
220 int f9_memory_multi(int cipher
,
221 const unsigned char *key
, unsigned long keylen
,
222 unsigned char *out
, unsigned long *outlen
,
223 const unsigned char *in
, unsigned long inlen
, ...);
224 int f9_file(int cipher
,
225 const unsigned char *key
, unsigned long keylen
,
227 unsigned char *out
, unsigned long *outlen
);
238 #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
239 #error LTC_EAX_MODE requires LTC_OMAC and CTR
243 unsigned char N
[MAXBLOCKSIZE
];
245 omac_state headeromac
, ctomac
;
248 int eax_init(eax_state
*eax
, int cipher
, const unsigned char *key
, unsigned long keylen
,
249 const unsigned char *nonce
, unsigned long noncelen
,
250 const unsigned char *header
, unsigned long headerlen
);
252 int eax_encrypt(eax_state
*eax
, const unsigned char *pt
, unsigned char *ct
, unsigned long length
);
253 int eax_decrypt(eax_state
*eax
, const unsigned char *ct
, unsigned char *pt
, unsigned long length
);
254 int eax_addheader(eax_state
*eax
, const unsigned char *header
, unsigned long length
);
255 int eax_done(eax_state
*eax
, unsigned char *tag
, unsigned long *taglen
);
257 int eax_encrypt_authenticate_memory(int cipher
,
258 const unsigned char *key
, unsigned long keylen
,
259 const unsigned char *nonce
, unsigned long noncelen
,
260 const unsigned char *header
, unsigned long headerlen
,
261 const unsigned char *pt
, unsigned long ptlen
,
263 unsigned char *tag
, unsigned long *taglen
);
265 int eax_decrypt_verify_memory(int cipher
,
266 const unsigned char *key
, unsigned long keylen
,
267 const unsigned char *nonce
, unsigned long noncelen
,
268 const unsigned char *header
, unsigned long headerlen
,
269 const unsigned char *ct
, unsigned long ctlen
,
271 const unsigned char *tag
, unsigned long taglen
,
275 #endif /* EAX MODE */
279 unsigned char L
[MAXBLOCKSIZE
], /* L value */
280 Ls
[32][MAXBLOCKSIZE
], /* L shifted by i bits to the left */
281 Li
[MAXBLOCKSIZE
], /* value of Li [current value, we calc from previous recall] */
282 Lr
[MAXBLOCKSIZE
], /* L * x^-1 */
283 R
[MAXBLOCKSIZE
], /* R value */
284 checksum
[MAXBLOCKSIZE
]; /* current checksum */
286 symmetric_key key
; /* scheduled key for cipher */
287 unsigned long block_index
; /* index # for current block */
288 int cipher
, /* cipher idx */
289 block_len
; /* length of block */
292 int ocb_init(ocb_state
*ocb
, int cipher
,
293 const unsigned char *key
, unsigned long keylen
, const unsigned char *nonce
);
295 int ocb_encrypt(ocb_state
*ocb
, const unsigned char *pt
, unsigned char *ct
);
296 int ocb_decrypt(ocb_state
*ocb
, const unsigned char *ct
, unsigned char *pt
);
298 int ocb_done_encrypt(ocb_state
*ocb
,
299 const unsigned char *pt
, unsigned long ptlen
,
301 unsigned char *tag
, unsigned long *taglen
);
303 int ocb_done_decrypt(ocb_state
*ocb
,
304 const unsigned char *ct
, unsigned long ctlen
,
306 const unsigned char *tag
, unsigned long taglen
, int *stat
);
308 int ocb_encrypt_authenticate_memory(int cipher
,
309 const unsigned char *key
, unsigned long keylen
,
310 const unsigned char *nonce
,
311 const unsigned char *pt
, unsigned long ptlen
,
313 unsigned char *tag
, unsigned long *taglen
);
315 int ocb_decrypt_verify_memory(int cipher
,
316 const unsigned char *key
, unsigned long keylen
,
317 const unsigned char *nonce
,
318 const unsigned char *ct
, unsigned long ctlen
,
320 const unsigned char *tag
, unsigned long taglen
,
325 /* internal functions */
326 void ocb_shift_xor(ocb_state
*ocb
, unsigned char *Z
);
327 int ocb_ntz(unsigned long x
);
328 int s_ocb_done(ocb_state
*ocb
, const unsigned char *pt
, unsigned long ptlen
,
329 unsigned char *ct
, unsigned char *tag
, unsigned long *taglen
, int mode
);
331 #endif /* LTC_OCB_MODE */
335 unsigned char Offset_0
[MAXBLOCKSIZE
], /* Offset_0 value */
336 Offset_current
[MAXBLOCKSIZE
], /* Offset_{current_block_index} value */
337 L_dollar
[MAXBLOCKSIZE
], /* L_$ value */
338 L_star
[MAXBLOCKSIZE
], /* L_* value */
339 L_
[32][MAXBLOCKSIZE
], /* L_{i} values */
340 tag_part
[MAXBLOCKSIZE
], /* intermediate result of tag calculation */
341 checksum
[MAXBLOCKSIZE
]; /* current checksum */
343 /* AAD related members */
344 unsigned char aSum_current
[MAXBLOCKSIZE
], /* AAD related helper variable */
345 aOffset_current
[MAXBLOCKSIZE
], /* AAD related helper variable */
346 adata_buffer
[MAXBLOCKSIZE
]; /* AAD buffer */
347 int adata_buffer_bytes
; /* bytes in AAD buffer */
348 unsigned long ablock_index
; /* index # for current adata (AAD) block */
350 symmetric_key key
; /* scheduled key for cipher */
351 unsigned long block_index
; /* index # for current data block */
352 int cipher
, /* cipher idx */
353 tag_len
, /* length of tag */
354 block_len
; /* length of block */
357 int ocb3_init(ocb3_state
*ocb
, int cipher
,
358 const unsigned char *key
, unsigned long keylen
,
359 const unsigned char *nonce
, unsigned long noncelen
,
360 unsigned long taglen
);
362 int ocb3_encrypt(ocb3_state
*ocb
, const unsigned char *pt
, unsigned long ptlen
, unsigned char *ct
);
363 int ocb3_decrypt(ocb3_state
*ocb
, const unsigned char *ct
, unsigned long ctlen
, unsigned char *pt
);
364 int ocb3_encrypt_last(ocb3_state
*ocb
, const unsigned char *pt
, unsigned long ptlen
, unsigned char *ct
);
365 int ocb3_decrypt_last(ocb3_state
*ocb
, const unsigned char *ct
, unsigned long ctlen
, unsigned char *pt
);
366 int ocb3_add_aad(ocb3_state
*ocb
, const unsigned char *aad
, unsigned long aadlen
);
367 int ocb3_done(ocb3_state
*ocb
, unsigned char *tag
, unsigned long *taglen
);
369 int ocb3_encrypt_authenticate_memory(int cipher
,
370 const unsigned char *key
, unsigned long keylen
,
371 const unsigned char *nonce
, unsigned long noncelen
,
372 const unsigned char *adata
, unsigned long adatalen
,
373 const unsigned char *pt
, unsigned long ptlen
,
375 unsigned char *tag
, unsigned long *taglen
);
377 int ocb3_decrypt_verify_memory(int cipher
,
378 const unsigned char *key
, unsigned long keylen
,
379 const unsigned char *nonce
, unsigned long noncelen
,
380 const unsigned char *adata
, unsigned long adatalen
,
381 const unsigned char *ct
, unsigned long ctlen
,
383 const unsigned char *tag
, unsigned long taglen
,
388 #endif /* LTC_OCB3_MODE */
392 #define CCM_ENCRYPT LTC_ENCRYPT
393 #define CCM_DECRYPT LTC_DECRYPT
397 int cipher
, /* which cipher */
398 taglen
, /* length of the tag (encoded in M value) */
399 x
; /* index in PAD */
401 unsigned long L
, /* L value */
402 ptlen
, /* length that will be enc / dec */
403 current_ptlen
, /* current processed length */
404 aadlen
, /* length of the aad */
405 current_aadlen
, /* length of the currently provided add */
406 noncelen
; /* length of the nonce */
408 unsigned char PAD
[16], /* flags | Nonce N | l(m) */
414 int ccm_init(ccm_state
*ccm
, int cipher
,
415 const unsigned char *key
, int keylen
, int ptlen
, int taglen
, int aadlen
);
417 int ccm_reset(ccm_state
*ccm
);
419 int ccm_add_nonce(ccm_state
*ccm
,
420 const unsigned char *nonce
, unsigned long noncelen
);
422 int ccm_add_aad(ccm_state
*ccm
,
423 const unsigned char *adata
, unsigned long adatalen
);
425 int ccm_process(ccm_state
*ccm
,
426 unsigned char *pt
, unsigned long ptlen
,
430 int ccm_done(ccm_state
*ccm
,
431 unsigned char *tag
, unsigned long *taglen
);
433 int ccm_memory(int cipher
,
434 const unsigned char *key
, unsigned long keylen
,
435 symmetric_key
*uskey
,
436 const unsigned char *nonce
, unsigned long noncelen
,
437 const unsigned char *header
, unsigned long headerlen
,
438 unsigned char *pt
, unsigned long ptlen
,
440 unsigned char *tag
, unsigned long *taglen
,
445 #endif /* LTC_CCM_MODE */
447 #if defined(LRW_MODE) || defined(LTC_GCM_MODE)
448 void gcm_gf_mult(const unsigned char *a
, const unsigned char *b
, unsigned char *c
);
452 /* table shared between GCM and LRW */
453 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
454 extern const unsigned char gcm_shift_table
[];
459 #define GCM_ENCRYPT LTC_ENCRYPT
460 #define GCM_DECRYPT LTC_DECRYPT
462 #define LTC_GCM_MODE_IV 0
463 #define LTC_GCM_MODE_AAD 1
464 #define LTC_GCM_MODE_TEXT 2
468 unsigned char H
[16], /* multiplier */
469 X
[16], /* accumulator */
471 Y_0
[16], /* initial counter */
472 buf
[16]; /* buffer for stuff */
474 int cipher
, /* which cipher */
475 ivmode
, /* Which mode is the IV in? */
476 mode
, /* mode the GCM code is in */
477 buflen
; /* length of data in buf */
479 ulong64 totlen
, /* 64-bit counter used for IV and AAD */
480 pttotlen
; /* 64-bit counter for the PT */
482 #ifdef LTC_GCM_TABLES
483 unsigned char PC
[16][256][16] /* 16 tables of 8x128 */
484 #ifdef LTC_GCM_TABLES_SSE2
491 void gcm_mult_h(const gcm_state
*gcm
, unsigned char *I
);
493 int gcm_init(gcm_state
*gcm
, int cipher
,
494 const unsigned char *key
, int keylen
);
496 int gcm_reset(gcm_state
*gcm
);
498 int gcm_add_iv(gcm_state
*gcm
,
499 const unsigned char *IV
, unsigned long IVlen
);
501 int gcm_add_aad(gcm_state
*gcm
,
502 const unsigned char *adata
, unsigned long adatalen
);
504 int gcm_process(gcm_state
*gcm
,
505 unsigned char *pt
, unsigned long ptlen
,
509 int gcm_done(gcm_state
*gcm
,
510 unsigned char *tag
, unsigned long *taglen
);
512 int gcm_memory( int cipher
,
513 const unsigned char *key
, unsigned long keylen
,
514 const unsigned char *IV
, unsigned long IVlen
,
515 const unsigned char *adata
, unsigned long adatalen
,
516 unsigned char *pt
, unsigned long ptlen
,
518 unsigned char *tag
, unsigned long *taglen
,
522 #endif /* LTC_GCM_MODE */
524 #ifdef LTC_CHACHA20POLY1305_MODE
532 } chacha20poly1305_state
;
534 #define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT
535 #define CHACHA20POLY1305_DECRYPT LTC_DECRYPT
537 int chacha20poly1305_init(chacha20poly1305_state
*st
, const unsigned char *key
, unsigned long keylen
);
538 int chacha20poly1305_setiv(chacha20poly1305_state
*st
, const unsigned char *iv
, unsigned long ivlen
);
539 int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state
*st
, const unsigned char *iv
, unsigned long ivlen
, ulong64 sequence_number
);
540 int chacha20poly1305_add_aad(chacha20poly1305_state
*st
, const unsigned char *in
, unsigned long inlen
);
541 int chacha20poly1305_encrypt(chacha20poly1305_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
542 int chacha20poly1305_decrypt(chacha20poly1305_state
*st
, const unsigned char *in
, unsigned long inlen
, unsigned char *out
);
543 int chacha20poly1305_done(chacha20poly1305_state
*st
, unsigned char *tag
, unsigned long *taglen
);
544 int chacha20poly1305_memory(const unsigned char *key
, unsigned long keylen
,
545 const unsigned char *iv
, unsigned long ivlen
,
546 const unsigned char *aad
, unsigned long aadlen
,
547 const unsigned char *in
, unsigned long inlen
,
549 unsigned char *tag
, unsigned long *taglen
,
551 int chacha20poly1305_test(void);
553 #endif /* LTC_CHACHA20POLY1305_MODE */