diff --git a/src/ltc/headers/tomcrypt_prng.h b/src/ltc/headers/tomcrypt_prng.h index 5d66aaa..541f68e 100644 --- a/src/ltc/headers/tomcrypt_prng.h +++ b/src/ltc/headers/tomcrypt_prng.h @@ -13,12 +13,16 @@ int cipher, hash; unsigned char pool[MAXBLOCKSIZE]; symmetric_CTR ctr; + short ready; /* ready flag 0-1 */ + LTC_MUTEX_TYPE(lock) /* lock */ }; #endif #ifdef LTC_RC4 struct rc4_prng { rc4_state s; + short ready; /* ready flag 0-1 */ + LTC_MUTEX_TYPE(lock) /* lock */ }; #endif @@ -27,6 +31,8 @@ chacha_state s; /* chacha state */ unsigned char ent[40]; /* entropy buffer */ unsigned long idx; /* entropy counter */ + short ready; /* ready flag 0-1 */ + LTC_MUTEX_TYPE(lock) /* lock */ }; #endif @@ -44,6 +50,8 @@ wd; ulong64 reset_cnt; /* number of times we have reseeded */ + short ready; /* ready flag 0-1 */ + LTC_MUTEX_TYPE(lock) /* lock */ }; #endif @@ -52,30 +60,28 @@ sober128_state s; /* sober128 state */ unsigned char ent[40]; /* entropy buffer */ unsigned long idx; /* entropy counter */ -}; -#endif - -typedef struct { - union { - char dummy[1]; + short ready; /* ready flag 0-1 */ + LTC_MUTEX_TYPE(lock) /* lock */ +}; +#endif + +typedef union Prng_state { + char dummy[1]; #ifdef LTC_YARROW - struct yarrow_prng yarrow; + struct yarrow_prng yarrow; #endif #ifdef LTC_RC4 - struct rc4_prng rc4; + struct rc4_prng rc4; #endif #ifdef LTC_CHACHA20_PRNG - struct chacha20_prng chacha; + struct chacha20_prng chacha; #endif #ifdef LTC_FORTUNA - struct fortuna_prng fortuna; + struct fortuna_prng fortuna; #endif #ifdef LTC_SOBER128 - struct sober128_prng sober128; -#endif - }; - short ready; /* ready flag 0-1 */ - LTC_MUTEX_TYPE(lock) /* lock */ + struct sober128_prng sober128; +#endif } prng_state; /** PRNG descriptor */ diff --git a/src/ltc/prngs/chacha20.c b/src/ltc/prngs/chacha20.c index 59b2322..07290b4 100644 --- a/src/ltc/prngs/chacha20.c +++ b/src/ltc/prngs/chacha20.c @@ -37,10 +37,10 @@ int chacha20_prng_start(prng_state *prng) { LTC_ARGCHK(prng != NULL); - prng->ready = 0; + prng->chacha.ready = 0; XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent)); prng->chacha.idx = 0; - LTC_MUTEX_INIT(&prng->lock) + LTC_MUTEX_INIT(&prng->chacha.lock) return CRYPT_OK; } @@ -61,8 +61,8 @@ LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen > 0); - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { + LTC_MUTEX_LOCK(&prng->chacha.lock); + if (prng->chacha.ready) { /* chacha20_prng_ready() was already called, do "rekey" operation */ if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK; for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i]; @@ -79,7 +79,7 @@ } err = CRYPT_OK; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->chacha.lock); return err; } @@ -94,17 +94,17 @@ LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; } + LTC_MUTEX_LOCK(&prng->chacha.lock); + if (prng->chacha.ready) { err = CRYPT_OK; goto LBL_UNLOCK; } /* key 32 bytes, 20 rounds */ if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK) goto LBL_UNLOCK; /* iv 8 bytes */ if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK; XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent)); prng->chacha.idx = 0; - prng->ready = 1; + prng->chacha.ready = 1; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->chacha.lock); return err; } @@ -118,11 +118,11 @@ unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng) { if (outlen == 0 || prng == NULL || out == NULL) return 0; - LTC_MUTEX_LOCK(&prng->lock); - if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; } + LTC_MUTEX_LOCK(&prng->chacha.lock); + if (!prng->chacha.ready) { outlen = 0; goto LBL_UNLOCK; } if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->chacha.lock); return outlen; } @@ -135,11 +135,11 @@ { int err; LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - prng->ready = 0; + LTC_MUTEX_LOCK(&prng->chacha.lock); + prng->chacha.ready = 0; err = chacha_done(&prng->chacha.s); - LTC_MUTEX_UNLOCK(&prng->lock); - LTC_MUTEX_DESTROY(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->chacha.lock); + LTC_MUTEX_DESTROY(&prng->chacha.lock); return err; } diff --git a/src/ltc/prngs/fortuna.c b/src/ltc/prngs/fortuna.c index 400c732..340cd03 100644 --- a/src/ltc/prngs/fortuna.c +++ b/src/ltc/prngs/fortuna.c @@ -183,7 +183,7 @@ unsigned char tmp[MAXBLOCKSIZE]; hash_state md; - LTC_MUTEX_LOCK(&prng->lock); + LTC_MUTEX_LOCK(&prng->fortuna.lock); /* new K = LTC_SHA256(K || in) */ sha256_init(&md); if ((err = sha256_process(&md, prng->fortuna.K, 32)) != CRYPT_OK) { @@ -201,7 +201,7 @@ _fortuna_update_iv(prng); LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->fortuna.lock); #ifdef LTC_CLEAN_STACK zeromem(&md, sizeof(md)); #endif @@ -220,7 +220,7 @@ unsigned char tmp[MAXBLOCKSIZE]; LTC_ARGCHK(prng != NULL); - prng->ready = 0; + prng->fortuna.ready = 0; /* initialize the pools */ for (x = 0; x < LTC_FORTUNA_POOLS; x++) { @@ -244,7 +244,7 @@ } zeromem(prng->fortuna.IV, 16); - LTC_MUTEX_INIT(&prng->lock) + LTC_MUTEX_INIT(&prng->fortuna.lock) return CRYPT_OK; } @@ -294,11 +294,11 @@ LTC_ARGCHK(source <= 255); LTC_ARGCHK(pool < LTC_FORTUNA_POOLS); - LTC_MUTEX_LOCK(&prng->lock); + LTC_MUTEX_LOCK(&prng->fortuna.lock); err = _fortuna_add(source, pool, in, inlen, prng); - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->fortuna.lock); return err; } @@ -318,7 +318,7 @@ LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen > 0); - LTC_MUTEX_LOCK(&prng->lock); + LTC_MUTEX_LOCK(&prng->fortuna.lock); err = _fortuna_add(0, prng->fortuna.pool_idx, in, inlen, prng); @@ -327,7 +327,7 @@ prng->fortuna.pool_idx %= LTC_FORTUNA_POOLS; } - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->fortuna.lock); return err; } @@ -342,7 +342,7 @@ int err; LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); + LTC_MUTEX_LOCK(&prng->fortuna.lock); /* make sure the reseed doesn't fail because * of the chosen rate limit */ #ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED @@ -351,9 +351,9 @@ prng->fortuna.wd = LTC_FORTUNA_WD; #endif err = _fortuna_reseed(prng); - prng->ready = (err == CRYPT_OK) ? 1 : 0; - - LTC_MUTEX_UNLOCK(&prng->lock); + prng->fortuna.ready = (err == CRYPT_OK) ? 1 : 0; + + LTC_MUTEX_UNLOCK(&prng->fortuna.lock); return err; } @@ -371,9 +371,9 @@ if (outlen == 0 || prng == NULL || out == NULL) return 0; - LTC_MUTEX_LOCK(&prng->lock); - - if (!prng->ready) { + LTC_MUTEX_LOCK(&prng->fortuna.lock); + + if (!prng->fortuna.ready) { goto LBL_UNLOCK; } @@ -423,7 +423,7 @@ #ifdef LTC_CLEAN_STACK zeromem(tmp, sizeof(tmp)); #endif - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->fortuna.lock); return tlen; } @@ -439,8 +439,8 @@ LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - prng->ready = 0; + LTC_MUTEX_LOCK(&prng->fortuna.lock); + prng->fortuna.ready = 0; /* terminate all the hashes */ for (x = 0; x < LTC_FORTUNA_POOLS; x++) { @@ -455,8 +455,8 @@ #ifdef LTC_CLEAN_STACK zeromem(tmp, sizeof(tmp)); #endif - LTC_MUTEX_UNLOCK(&prng->lock); - LTC_MUTEX_DESTROY(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->fortuna.lock); + LTC_MUTEX_DESTROY(&prng->fortuna.lock); return err; } diff --git a/src/ltc/prngs/rc4.c b/src/ltc/prngs/rc4.c index 7611151..b55ad9d 100644 --- a/src/ltc/prngs/rc4.c +++ b/src/ltc/prngs/rc4.c @@ -37,12 +37,12 @@ int rc4_start(prng_state *prng) { LTC_ARGCHK(prng != NULL); - prng->ready = 0; + prng->rc4.ready = 0; /* set entropy (key) size to zero */ prng->rc4.s.x = 0; /* clear entropy (key) buffer */ XMEMSET(&prng->rc4.s.buf, 0, sizeof(prng->rc4.s.buf)); - LTC_MUTEX_INIT(&prng->lock) + LTC_MUTEX_INIT(&prng->rc4.lock) return CRYPT_OK; } @@ -63,8 +63,8 @@ LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen > 0); - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { + LTC_MUTEX_LOCK(&prng->rc4.lock); + if (prng->rc4.ready) { /* rc4_ready() was already called, do "rekey" operation */ if ((err = rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK; for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i]; @@ -80,7 +80,7 @@ } err = CRYPT_OK; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->rc4.lock); return err; } @@ -97,17 +97,17 @@ LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; } + LTC_MUTEX_LOCK(&prng->rc4.lock); + if (prng->rc4.ready) { err = CRYPT_OK; goto LBL_UNLOCK; } XMEMCPY(buf, prng->rc4.s.buf, sizeof(buf)); /* initialize RC4 */ len = MIN(prng->rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */ if ((err = rc4_stream_setup(&prng->rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK; /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */ for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf)); - prng->ready = 1; + prng->rc4.ready = 1; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->rc4.lock); return err; } @@ -121,11 +121,11 @@ unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng) { if (outlen == 0 || prng == NULL || out == NULL) return 0; - LTC_MUTEX_LOCK(&prng->lock); - if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; } + LTC_MUTEX_LOCK(&prng->rc4.lock); + if (!prng->rc4.ready) { outlen = 0; goto LBL_UNLOCK; } if (rc4_stream_keystream(&prng->rc4.s, out, outlen) != CRYPT_OK) outlen = 0; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->rc4.lock); return outlen; } @@ -138,11 +138,11 @@ { int err; LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - prng->ready = 0; + LTC_MUTEX_LOCK(&prng->rc4.lock); + prng->rc4.ready = 0; err = rc4_stream_done(&prng->rc4.s); - LTC_MUTEX_UNLOCK(&prng->lock); - LTC_MUTEX_DESTROY(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->rc4.lock); + LTC_MUTEX_DESTROY(&prng->rc4.lock); return err; } diff --git a/src/ltc/prngs/sober128.c b/src/ltc/prngs/sober128.c index 9513659..9947cac 100644 --- a/src/ltc/prngs/sober128.c +++ b/src/ltc/prngs/sober128.c @@ -39,10 +39,10 @@ int sober128_start(prng_state *prng) { LTC_ARGCHK(prng != NULL); - prng->ready = 0; + prng->sober128.ready = 0; XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent)); prng->sober128.idx = 0; - LTC_MUTEX_INIT(&prng->lock) + LTC_MUTEX_INIT(&prng->sober128.lock) return CRYPT_OK; } @@ -63,8 +63,8 @@ LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen > 0); - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { + LTC_MUTEX_LOCK(&prng->sober128.lock); + if (prng->sober128.ready) { /* sober128_ready() was already called, do "rekey" operation */ if ((err = sober128_stream_keystream(&prng->sober128.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK; for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i]; @@ -81,7 +81,7 @@ } err = CRYPT_OK; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->sober128.lock); return err; } @@ -96,17 +96,17 @@ LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; } + LTC_MUTEX_LOCK(&prng->sober128.lock); + if (prng->sober128.ready) { err = CRYPT_OK; goto LBL_UNLOCK; } /* key 32 bytes, 20 rounds */ if ((err = sober128_stream_setup(&prng->sober128.s, prng->sober128.ent, 32)) != CRYPT_OK) goto LBL_UNLOCK; /* iv 8 bytes */ if ((err = sober128_stream_setiv(&prng->sober128.s, prng->sober128.ent + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK; XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent)); prng->sober128.idx = 0; - prng->ready = 1; + prng->sober128.ready = 1; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->sober128.lock); return err; } @@ -120,11 +120,11 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng) { if (outlen == 0 || prng == NULL || out == NULL) return 0; - LTC_MUTEX_LOCK(&prng->lock); - if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; } + LTC_MUTEX_LOCK(&prng->sober128.lock); + if (!prng->sober128.ready) { outlen = 0; goto LBL_UNLOCK; } if (sober128_stream_keystream(&prng->sober128.s, out, outlen) != CRYPT_OK) outlen = 0; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->sober128.lock); return outlen; } @@ -137,11 +137,11 @@ { int err; LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - prng->ready = 0; + LTC_MUTEX_LOCK(&prng->sober128.lock); + prng->sober128.ready = 0; err = sober128_stream_done(&prng->sober128.s); - LTC_MUTEX_UNLOCK(&prng->lock); - LTC_MUTEX_DESTROY(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->sober128.lock); + LTC_MUTEX_DESTROY(&prng->sober128.lock); return err; } diff --git a/src/ltc/prngs/yarrow.c b/src/ltc/prngs/yarrow.c index 6b5057f..7d3adb5 100644 --- a/src/ltc/prngs/yarrow.c +++ b/src/ltc/prngs/yarrow.c @@ -38,7 +38,7 @@ int err; LTC_ARGCHK(prng != NULL); - prng->ready = 0; + prng->yarrow.ready = 0; /* these are the default hash/cipher combo used */ #ifdef LTC_RIJNDAEL @@ -119,7 +119,7 @@ /* zero the memory used */ zeromem(prng->yarrow.pool, sizeof(prng->yarrow.pool)); - LTC_MUTEX_INIT(&prng->lock) + LTC_MUTEX_INIT(&prng->yarrow.lock) return CRYPT_OK; } @@ -140,7 +140,7 @@ LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen > 0); - LTC_MUTEX_LOCK(&prng->lock); + LTC_MUTEX_LOCK(&prng->yarrow.lock); if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { goto LBL_UNLOCK; @@ -166,7 +166,7 @@ err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool); LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->yarrow.lock); return err; } @@ -181,7 +181,7 @@ LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); + LTC_MUTEX_LOCK(&prng->yarrow.lock); if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { goto LBL_UNLOCK; @@ -205,10 +205,10 @@ &prng->yarrow.ctr)) != CRYPT_OK) { goto LBL_UNLOCK; } - prng->ready = 1; + prng->yarrow.ready = 1; LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->yarrow.lock); return err; } @@ -223,9 +223,9 @@ { if (outlen == 0 || prng == NULL || out == NULL) return 0; - LTC_MUTEX_LOCK(&prng->lock); - - if (!prng->ready) { + LTC_MUTEX_LOCK(&prng->yarrow.lock); + + if (!prng->yarrow.ready) { outlen = 0; goto LBL_UNLOCK; } @@ -239,7 +239,7 @@ } LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->yarrow.lock); return outlen; } @@ -253,16 +253,16 @@ int err; LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - prng->ready = 0; + LTC_MUTEX_LOCK(&prng->yarrow.lock); + prng->yarrow.ready = 0; /* call cipher done when we invent one ;-) */ /* we invented one */ err = ctr_done(&prng->yarrow.ctr); - LTC_MUTEX_UNLOCK(&prng->lock); - LTC_MUTEX_DESTROY(&prng->lock); + LTC_MUTEX_UNLOCK(&prng->yarrow.lock); + LTC_MUTEX_DESTROY(&prng->yarrow.lock); return err; }