Replaced system SQLite with SQLCipher to support encrypted database

Sources/DataLiteC/libtomcrypt/prngs/chacha20.c

@@ -0,0 +1,218 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+ /* the idea of re-keying loosely follows the approach used in:
+  * http://bxr.su/OpenBSD/lib/libc/crypt/arc4random.c
+  */
+
+#include "tomcrypt_private.h"
+
+#ifdef LTC_CHACHA20_PRNG
+
+const struct ltc_prng_descriptor chacha20_prng_desc =
+{
+   "chacha20",
+   40,
+   &chacha20_prng_start,
+   &chacha20_prng_add_entropy,
+   &chacha20_prng_ready,
+   &chacha20_prng_read,
+   &chacha20_prng_done,
+   &chacha20_prng_export,
+   &chacha20_prng_import,
+   &chacha20_prng_test
+};
+
+/**
+  Start the PRNG
+  @param prng The PRNG state to initialize
+  @return CRYPT_OK if successful
+*/
+int chacha20_prng_start(prng_state *prng)
+{
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+   XMEMSET(&prng->u.chacha.ent, 0, sizeof(prng->u.chacha.ent));
+   prng->u.chacha.idx = 0;
+   LTC_MUTEX_INIT(&prng->lock)
+   return CRYPT_OK;
+}
+
+/**
+  Add entropy to the PRNG state
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   unsigned char buf[40];
+   unsigned long i;
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) {
+      /* chacha20_prng_ready() was already called, do "rekey" operation */
+      if ((err = chacha_keystream(&prng->u.chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
+      /* key 32 bytes, 20 rounds */
+      if ((err = chacha_setup(&prng->u.chacha.s, buf, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
+      /* iv 8 bytes */
+      if ((err = chacha_ivctr64(&prng->u.chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
+      /* clear KEY + IV */
+      zeromem(buf, sizeof(buf));
+   }
+   else {
+      /* chacha20_prng_ready() was not called yet, add entropy to ent buffer */
+      while (inlen--) prng->u.chacha.ent[prng->u.chacha.idx++ % sizeof(prng->u.chacha.ent)] ^= *in++;
+   }
+   err = CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Make the PRNG ready to read from
+  @param prng   The PRNG to make active
+  @return CRYPT_OK if successful
+*/
+int chacha20_prng_ready(prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready)                                                    { err = CRYPT_OK; goto LBL_UNLOCK; }
+   /* key 32 bytes, 20 rounds */
+   if ((err = chacha_setup(&prng->u.chacha.s, prng->u.chacha.ent, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
+   /* iv 8 bytes */
+   if ((err = chacha_ivctr64(&prng->u.chacha.s, prng->u.chacha.ent + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
+   XMEMSET(&prng->u.chacha.ent, 0, sizeof(prng->u.chacha.ent));
+   prng->u.chacha.idx = 0;
+   prng->ready = 1;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Read from the PRNG
+  @param out      Destination
+  @param outlen   Length of output
+  @param prng     The active PRNG to read from
+  @return Number of octets read
+*/
+unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
+{
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
+   if (chacha_keystream(&prng->u.chacha.s, out, outlen) != CRYPT_OK) outlen = 0;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return outlen;
+}
+
+/**
+  Terminate the PRNG
+  @param prng   The PRNG to terminate
+  @return CRYPT_OK if successful
+*/
+int chacha20_prng_done(prng_state *prng)
+{
+   int err;
+   LTC_ARGCHK(prng != NULL);
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+   err = chacha_done(&prng->u.chacha.s);
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   LTC_MUTEX_DESTROY(&prng->lock);
+   return err;
+}
+
+/**
+  Export the PRNG state
+  @param out       [out] Destination
+  @param outlen    [in/out] Max size and resulting size of the state
+  @param prng      The PRNG to export
+  @return CRYPT_OK if successful
+*/
+LTC_PRNG_EXPORT(chacha20_prng)
+
+/**
+  Import a PRNG state
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in   != NULL);
+   if (inlen < (unsigned long)chacha20_prng_desc.export_size) return CRYPT_INVALID_ARG;
+
+   if ((err = chacha20_prng_start(prng)) != CRYPT_OK)                  return err;
+   if ((err = chacha20_prng_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
+   return CRYPT_OK;
+}
+
+/**
+  PRNG self-test
+  @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
+int chacha20_prng_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   prng_state st;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
+   unsigned char dmp[300];
+   unsigned long dmplen = sizeof(dmp);
+   unsigned char out[500];
+   unsigned char t1[] = { 0x59, 0xB2, 0x26, 0x95, 0x2B, 0x01, 0x8F, 0x05, 0xBE, 0xD8 };
+   unsigned char t2[] = { 0x47, 0xC9, 0x0D, 0x03, 0xE4, 0x75, 0x34, 0x27, 0xBD, 0xDE };
+   unsigned char t3[] = { 0xBC, 0xFA, 0xEF, 0x59, 0x37, 0x7F, 0x1A, 0x91, 0x1A, 0xA6 };
+   int err;
+
+   if ((err = chacha20_prng_start(&st)) != CRYPT_OK)                       return err;
+   /* add entropy to uninitialized prng */
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1))      return CRYPT_FAIL_TESTVECTOR;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   /* add entropy to already initialized prng */
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if ((err = chacha20_prng_export(dmp, &dmplen, &st)) != CRYPT_OK)        return err;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2))      return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
+   if ((err = chacha20_prng_import(dmp, dmplen, &st)) != CRYPT_OK)         return err;
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "CHACHA-PRNG", 3))      return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif

Sources/DataLiteC/libtomcrypt/prngs/fortuna.c

@@ -0,0 +1,532 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED
+#if defined(_WIN32)
+  #include <windows.h>
+#elif defined(LTC_CLOCK_GETTIME)
+  #include <time.h> /* struct timespec + clock_gettime */
+#else
+  #include <sys/time.h> /* struct timeval + gettimeofday */
+#endif
+#endif
+
+/**
+  @file fortuna.c
+  Fortuna PRNG, Tom St Denis
+*/
+
+/* Implementation of Fortuna by Tom St Denis
+
+We deviate slightly here for reasons of simplicity [and to fit in the API].  First all "sources"
+in the AddEntropy function are fixed to 0.  Second since no reliable timer is provided
+we reseed automatically when len(pool0) >= 64 or every LTC_FORTUNA_WD calls to the read function */
+
+#ifdef LTC_FORTUNA
+
+/* requries LTC_SHA256 and AES  */
+#if !(defined(LTC_RIJNDAEL) && defined(LTC_SHA256))
+   #error LTC_FORTUNA requires LTC_SHA256 and LTC_RIJNDAEL (AES)
+#endif
+
+#ifndef LTC_FORTUNA_POOLS
+   #warning LTC_FORTUNA_POOLS was not previously defined (old headers?)
+   #define LTC_FORTUNA_POOLS 32
+#endif
+
+#if LTC_FORTUNA_POOLS < 4 || LTC_FORTUNA_POOLS > 32
+   #error LTC_FORTUNA_POOLS must be in [4..32]
+#endif
+
+#ifdef LTC_FORTUNA_USE_ENCRYPT_ONLY
+#define AES_SETUP aes_enc_setup
+#define AES_ENC   aes_enc_ecb_encrypt
+#define AES_DONE  aes_enc_done
+#define AES_TEST  aes_enc_test
+#else
+#define AES_SETUP aes_setup
+#define AES_ENC   aes_ecb_encrypt
+#define AES_DONE  aes_done
+#define AES_TEST  aes_test
+#endif
+
+const struct ltc_prng_descriptor fortuna_desc = {
+    "fortuna",
+    64,
+    &fortuna_start,
+    &fortuna_add_entropy,
+    &fortuna_ready,
+    &fortuna_read,
+    &fortuna_done,
+    &fortuna_export,
+    &fortuna_import,
+    &fortuna_test
+};
+
+/* update the IV */
+static void s_fortuna_update_iv(prng_state *prng)
+{
+   int            x;
+   unsigned char *IV;
+   /* update IV */
+   IV = prng->u.fortuna.IV;
+   for (x = 0; x < 16; x++) {
+      IV[x] = (IV[x] + 1) & 255;
+      if (IV[x] != 0) break;
+   }
+}
+
+#ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED
+/* get the current time in 100ms steps */
+static ulong64 s_fortuna_current_time(void)
+{
+   ulong64 cur_time;
+#if defined(_WIN32)
+   FILETIME CurrentTime;
+   ULARGE_INTEGER ul;
+   GetSystemTimeAsFileTime(&CurrentTime);
+   ul.LowPart  = CurrentTime.dwLowDateTime;
+   ul.HighPart = CurrentTime.dwHighDateTime;
+   cur_time = ul.QuadPart; /* now we have 100ns intervals since 1 January 1601 */
+   cur_time -= CONST64(116444736000000000); /* subtract 100ns intervals between 1601-1970 */
+   cur_time /= 10; /* 100ns intervals > microseconds */
+#elif defined(LTC_CLOCK_GETTIME)
+  struct timespec ts;
+  clock_gettime(CLOCK_MONOTONIC, &ts);
+  cur_time = (ulong64)(ts.tv_sec) * 1000000 + (ulong64)(ts.tv_nsec) / 1000; /* get microseconds */
+#else
+  struct timeval tv;
+  gettimeofday(&tv, NULL);
+  cur_time = (ulong64)(tv.tv_sec) * 1000000 + (ulong64)(tv.tv_usec); /* get microseconds */
+#endif
+   return cur_time / 100;
+}
+#endif
+
+/* reseed the PRNG */
+static int s_fortuna_reseed(prng_state *prng)
+{
+   unsigned char tmp[MAXBLOCKSIZE];
+   hash_state    md;
+   ulong64       reset_cnt;
+   int           err, x;
+
+#ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED
+   ulong64 now = s_fortuna_current_time();
+   if (now == prng->u.fortuna.wd) {
+      return CRYPT_OK;
+   }
+#else
+   if (++prng->u.fortuna.wd < LTC_FORTUNA_WD) {
+      return CRYPT_OK;
+   }
+#endif
+
+   /* new K == LTC_SHA256(K || s) where s == LTC_SHA256(P0) || LTC_SHA256(P1) ... */
+   sha256_init(&md);
+   if ((err = sha256_process(&md, prng->u.fortuna.K, 32)) != CRYPT_OK) {
+      sha256_done(&md, tmp);
+      return err;
+   }
+
+   reset_cnt = prng->u.fortuna.reset_cnt + 1;
+
+   for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
+       if (x == 0 || ((reset_cnt >> (x-1)) & 1) == 0) {
+          /* terminate this hash */
+          if ((err = sha256_done(&prng->u.fortuna.pool[x], tmp)) != CRYPT_OK) {
+             sha256_done(&md, tmp);
+             return err;
+          }
+          /* add it to the string */
+          if ((err = sha256_process(&md, tmp, 32)) != CRYPT_OK) {
+             sha256_done(&md, tmp);
+             return err;
+          }
+          /* reset this pool */
+          if ((err = sha256_init(&prng->u.fortuna.pool[x])) != CRYPT_OK) {
+             sha256_done(&md, tmp);
+             return err;
+          }
+       } else {
+          break;
+       }
+   }
+
+   /* finish key */
+   if ((err = sha256_done(&md, prng->u.fortuna.K)) != CRYPT_OK) {
+      return err;
+   }
+   if ((err = AES_SETUP(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) {
+      return err;
+   }
+   s_fortuna_update_iv(prng);
+
+   /* reset/update internals */
+   prng->u.fortuna.pool0_len = 0;
+#ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED
+   prng->u.fortuna.wd        = now;
+#else
+   prng->u.fortuna.wd        = 0;
+#endif
+   prng->u.fortuna.reset_cnt = reset_cnt;
+
+
+#ifdef LTC_CLEAN_STACK
+   zeromem(&md, sizeof(md));
+   zeromem(tmp, sizeof(tmp));
+#endif
+
+   return CRYPT_OK;
+}
+
+/**
+  "Update Seed File"-compliant update of K
+
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int fortuna_update_seed(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int           err;
+   unsigned char tmp[MAXBLOCKSIZE];
+   hash_state    md;
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   /* new K = LTC_SHA256(K || in) */
+   sha256_init(&md);
+   if ((err = sha256_process(&md, prng->u.fortuna.K, 32)) != CRYPT_OK) {
+      sha256_done(&md, tmp);
+      goto LBL_UNLOCK;
+   }
+   if ((err = sha256_process(&md, in, inlen)) != CRYPT_OK) {
+      sha256_done(&md, tmp);
+      goto LBL_UNLOCK;
+   }
+   /* finish key */
+   if ((err = sha256_done(&md, prng->u.fortuna.K)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+   s_fortuna_update_iv(prng);
+
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+#ifdef LTC_CLEAN_STACK
+   zeromem(&md, sizeof(md));
+#endif
+
+   return err;
+}
+
+/**
+  Start the PRNG
+  @param prng     [out] The PRNG state to initialize
+  @return CRYPT_OK if successful
+*/
+int fortuna_start(prng_state *prng)
+{
+   int err, x, y;
+   unsigned char tmp[MAXBLOCKSIZE];
+
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+
+   /* initialize the pools */
+   for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
+       if ((err = sha256_init(&prng->u.fortuna.pool[x])) != CRYPT_OK) {
+          for (y = 0; y < x; y++) {
+              sha256_done(&prng->u.fortuna.pool[y], tmp);
+          }
+          return err;
+       }
+   }
+   prng->u.fortuna.pool_idx = prng->u.fortuna.pool0_len = 0;
+   prng->u.fortuna.reset_cnt = prng->u.fortuna.wd = 0;
+
+   /* reset bufs */
+   zeromem(prng->u.fortuna.K, 32);
+   if ((err = AES_SETUP(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) {
+      for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
+          sha256_done(&prng->u.fortuna.pool[x], tmp);
+      }
+      return err;
+   }
+   zeromem(prng->u.fortuna.IV, 16);
+
+   LTC_MUTEX_INIT(&prng->lock)
+
+   return CRYPT_OK;
+}
+
+static int s_fortuna_add(unsigned long source, unsigned long pool, const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   unsigned char tmp[2];
+   int err;
+
+   /* ensure inlen <= 32 */
+   if (inlen > 32) {
+      inlen = 32;
+   }
+
+   /* add s || length(in) || in to pool[pool_idx] */
+   tmp[0] = (unsigned char)source;
+   tmp[1] = (unsigned char)inlen;
+
+   if ((err = sha256_process(&prng->u.fortuna.pool[pool], tmp, 2)) != CRYPT_OK) {
+      return err;
+   }
+   if ((err = sha256_process(&prng->u.fortuna.pool[pool], in, inlen)) != CRYPT_OK) {
+      return err;
+   }
+   if (pool == 0) {
+      prng->u.fortuna.pool0_len += inlen;
+   }
+   return CRYPT_OK; /* success */
+}
+
+/**
+  Add random event to the PRNG state as proposed by the original paper.
+  @param source   The source this random event comes from (0 .. 255)
+  @param pool     The pool where to add the data to (0 .. LTC_FORTUNA_POOLS)
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int fortuna_add_random_event(unsigned long source, unsigned long pool, const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int           err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+   LTC_ARGCHK(source <= 255);
+   LTC_ARGCHK(pool < LTC_FORTUNA_POOLS);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   err = s_fortuna_add(source, pool, in, inlen, prng);
+
+   LTC_MUTEX_UNLOCK(&prng->lock);
+
+   return err;
+}
+
+/**
+  Add entropy to the PRNG state
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   err = s_fortuna_add(0, prng->u.fortuna.pool_idx, in, inlen, prng);
+
+   if (err == CRYPT_OK) {
+      ++(prng->u.fortuna.pool_idx);
+      prng->u.fortuna.pool_idx %= LTC_FORTUNA_POOLS;
+   }
+
+   LTC_MUTEX_UNLOCK(&prng->lock);
+
+   return err;
+}
+
+/**
+  Make the PRNG ready to read from
+  @param prng   The PRNG to make active
+  @return CRYPT_OK if successful
+*/
+int fortuna_ready(prng_state *prng)
+{
+   int err;
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   /* make sure the reseed doesn't fail because
+    * of the chosen rate limit */
+#ifdef LTC_FORTUNA_RESEED_RATELIMIT_TIMED
+   prng->u.fortuna.wd = s_fortuna_current_time() - 1;
+#else
+   prng->u.fortuna.wd = LTC_FORTUNA_WD;
+#endif
+   err = s_fortuna_reseed(prng);
+   prng->ready = (err == CRYPT_OK) ? 1 : 0;
+
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Read from the PRNG
+  @param out      Destination
+  @param outlen   Length of output
+  @param prng     The active PRNG to read from
+  @return Number of octets read
+*/
+unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng)
+{
+   unsigned char tmp[16];
+   unsigned long tlen = 0;
+
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   if (!prng->ready) {
+      goto LBL_UNLOCK;
+   }
+
+   /* do we have to reseed? */
+   if (prng->u.fortuna.pool0_len >= 64) {
+      if (s_fortuna_reseed(prng) != CRYPT_OK) {
+         goto LBL_UNLOCK;
+      }
+   }
+
+   /* ensure that one reseed happened before allowing to read */
+   if (prng->u.fortuna.reset_cnt == 0) {
+      goto LBL_UNLOCK;
+   }
+
+   /* now generate the blocks required */
+   tlen = outlen;
+
+   /* handle whole blocks without the extra XMEMCPY */
+   while (outlen >= 16) {
+      /* encrypt the IV and store it */
+      AES_ENC(prng->u.fortuna.IV, out, &prng->u.fortuna.skey);
+      out += 16;
+      outlen -= 16;
+      s_fortuna_update_iv(prng);
+   }
+
+   /* left over bytes? */
+   if (outlen > 0) {
+      AES_ENC(prng->u.fortuna.IV, tmp, &prng->u.fortuna.skey);
+      XMEMCPY(out, tmp, outlen);
+      s_fortuna_update_iv(prng);
+   }
+
+   /* generate new key */
+   AES_ENC(prng->u.fortuna.IV, prng->u.fortuna.K   , &prng->u.fortuna.skey);
+   s_fortuna_update_iv(prng);
+
+   AES_ENC(prng->u.fortuna.IV, prng->u.fortuna.K+16, &prng->u.fortuna.skey);
+   s_fortuna_update_iv(prng);
+
+   if (AES_SETUP(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey) != CRYPT_OK) {
+      tlen = 0;
+   }
+
+LBL_UNLOCK:
+#ifdef LTC_CLEAN_STACK
+   zeromem(tmp, sizeof(tmp));
+#endif
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return tlen;
+}
+
+/**
+  Terminate the PRNG
+  @param prng   The PRNG to terminate
+  @return CRYPT_OK if successful
+*/
+int fortuna_done(prng_state *prng)
+{
+   int           err, x;
+   unsigned char tmp[32];
+
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+
+   /* terminate all the hashes */
+   for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
+       if ((err = sha256_done(&(prng->u.fortuna.pool[x]), tmp)) != CRYPT_OK) {
+          goto LBL_UNLOCK;
+       }
+   }
+   /* call cipher done when we invent one ;-) */
+   err = CRYPT_OK; /* success */
+
+LBL_UNLOCK:
+#ifdef LTC_CLEAN_STACK
+   zeromem(tmp, sizeof(tmp));
+#endif
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   LTC_MUTEX_DESTROY(&prng->lock);
+   return err;
+}
+
+/**
+  Export the PRNG state
+  @param out       [out] Destination
+  @param outlen    [in/out] Max size and resulting size of the state
+  @param prng      The PRNG to export
+  @return CRYPT_OK if successful
+*/
+LTC_PRNG_EXPORT(fortuna)
+
+/**
+  Import a PRNG state
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int           err;
+
+   LTC_ARGCHK(in    != NULL);
+   LTC_ARGCHK(prng  != NULL);
+
+   if (inlen < (unsigned long)fortuna_desc.export_size) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if ((err = fortuna_start(prng)) != CRYPT_OK) {
+      return err;
+   }
+
+   if ((err = fortuna_update_seed(in, inlen, prng)) != CRYPT_OK) {
+      return err;
+   }
+
+   return err;
+}
+
+/**
+  PRNG self-test
+  @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
+int fortuna_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   int err;
+
+   if ((err = sha256_test()) != CRYPT_OK) {
+      return err;
+   }
+   return AES_TEST();
+#endif
+}
+
+#endif
+

Sources/DataLiteC/libtomcrypt/prngs/rc4.c

@@ -0,0 +1,221 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+/**
+  @file prngs/rc4.c
+  RC4 PRNG, Tom St Denis
+*/
+
+#ifdef LTC_RC4
+
+const struct ltc_prng_descriptor rc4_desc =
+{
+   "rc4",
+   32,
+   &rc4_start,
+   &rc4_add_entropy,
+   &rc4_ready,
+   &rc4_read,
+   &rc4_done,
+   &rc4_export,
+   &rc4_import,
+   &rc4_test
+};
+
+/**
+  Start the PRNG
+  @param prng     [out] The PRNG state to initialize
+  @return CRYPT_OK if successful
+*/
+int rc4_start(prng_state *prng)
+{
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+   /* set entropy (key) size to zero */
+   prng->u.rc4.s.x = 0;
+   /* clear entropy (key) buffer */
+   XMEMSET(&prng->u.rc4.s.buf, 0, sizeof(prng->u.rc4.s.buf));
+   LTC_MUTEX_INIT(&prng->lock)
+   return CRYPT_OK;
+}
+
+/**
+  Add entropy to the PRNG state
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   unsigned char buf[256];
+   unsigned long i;
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) {
+      /* rc4_ready() was already called, do "rekey" operation */
+      if ((err = rc4_stream_keystream(&prng->u.rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
+      /* initialize RC4 */
+      if ((err = rc4_stream_setup(&prng->u.rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
+      /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
+      for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->u.rc4.s, buf, sizeof(buf));
+      zeromem(buf, sizeof(buf));
+   }
+   else {
+      /* rc4_ready() was not called yet, add entropy to the buffer */
+      while (inlen--) prng->u.rc4.s.buf[prng->u.rc4.s.x++ % sizeof(prng->u.rc4.s.buf)] ^= *in++;
+   }
+   err = CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Make the PRNG ready to read from
+  @param prng   The PRNG to make active
+  @return CRYPT_OK if successful
+*/
+int rc4_ready(prng_state *prng)
+{
+   unsigned char buf[256] = { 0 };
+   unsigned long len;
+   int err, i;
+
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
+   XMEMCPY(buf, prng->u.rc4.s.buf, sizeof(buf));
+   /* initialize RC4 */
+   len = MIN(prng->u.rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */
+   if ((err = rc4_stream_setup(&prng->u.rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK;
+   /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
+   for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->u.rc4.s, buf, sizeof(buf));
+   prng->ready = 1;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Read from the PRNG
+  @param out      Destination
+  @param outlen   Length of output
+  @param prng     The active PRNG to read from
+  @return Number of octets read
+*/
+unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng)
+{
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
+   if (rc4_stream_keystream(&prng->u.rc4.s, out, outlen) != CRYPT_OK) outlen = 0;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return outlen;
+}
+
+/**
+  Terminate the PRNG
+  @param prng   The PRNG to terminate
+  @return CRYPT_OK if successful
+*/
+int rc4_done(prng_state *prng)
+{
+   int err;
+   LTC_ARGCHK(prng != NULL);
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+   err = rc4_stream_done(&prng->u.rc4.s);
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   LTC_MUTEX_DESTROY(&prng->lock);
+   return err;
+}
+
+/**
+  Export the PRNG state
+  @param out       [out] Destination
+  @param outlen    [in/out] Max size and resulting size of the state
+  @param prng      The PRNG to export
+  @return CRYPT_OK if successful
+*/
+LTC_PRNG_EXPORT(rc4)
+
+/**
+  Import a PRNG state
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in   != NULL);
+   if (inlen < (unsigned long)rc4_desc.export_size) return CRYPT_INVALID_ARG;
+
+   if ((err = rc4_start(prng)) != CRYPT_OK)                  return err;
+   if ((err = rc4_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
+   return CRYPT_OK;
+}
+
+/**
+  PRNG self-test
+  @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
+int rc4_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   prng_state st;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
+   unsigned char dmp[500];
+   unsigned long dmplen = sizeof(dmp);
+   unsigned char out[1000];
+   unsigned char t1[] = { 0xE0, 0x4D, 0x9A, 0xF6, 0xA8, 0x9D, 0x77, 0x53, 0xAE, 0x09 };
+   unsigned char t2[] = { 0xEF, 0x80, 0xA2, 0xE6, 0x50, 0x91, 0xF3, 0x17, 0x4A, 0x8A };
+   unsigned char t3[] = { 0x4B, 0xD6, 0x5C, 0x67, 0x99, 0x03, 0x56, 0x12, 0x80, 0x48 };
+   int err;
+
+   if ((err = rc4_start(&st)) != CRYPT_OK)                         return err;
+   /* add entropy to uninitialized prng */
+   if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t1, sizeof(t1), "RC4-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   /* add entropy to already initialized prng */
+   if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if ((err = rc4_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t2, sizeof(t2), "RC4-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
+   if ((err = rc4_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
+   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
+   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "RC4-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif

Sources/DataLiteC/libtomcrypt/prngs/rng_get_bytes.c

@@ -0,0 +1,173 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wconversion"
+#pragma clang diagnostic ignored "-Wshorten-64-to-32"
+
+#ifdef LTC_RNG_GET_BYTES
+/**
+   @file rng_get_bytes.c
+   portable way to get secure random bits to feed a PRNG (Tom St Denis)
+*/
+
+#if defined(LTC_DEVRANDOM) && !defined(_WIN32)
+/* on *NIX read /dev/random */
+static unsigned long s_rng_nix(unsigned char *buf, unsigned long len,
+                             void (*callback)(void))
+{
+#ifdef LTC_NO_FILE
+    LTC_UNUSED_PARAM(callback);
+    LTC_UNUSED_PARAM(buf);
+    LTC_UNUSED_PARAM(len);
+    return 0;
+#else
+    FILE *f;
+    unsigned long x;
+    LTC_UNUSED_PARAM(callback);
+#ifdef LTC_TRY_URANDOM_FIRST
+    f = fopen("/dev/urandom", "rb");
+    if (f == NULL) {
+       f = fopen("/dev/random", "rb");
+    }
+#else
+    f = fopen("/dev/random", "rb");
+#endif /* LTC_TRY_URANDOM_FIRST */
+
+    if (f == NULL) {
+       return 0;
+    }
+
+    /* disable buffering */
+    if (setvbuf(f, NULL, _IONBF, 0) != 0) {
+       fclose(f);
+       return 0;
+    }
+
+    x = (unsigned long)fread(buf, 1, (size_t)len, f);
+    fclose(f);
+    return x;
+#endif /* LTC_NO_FILE */
+}
+
+#endif /* LTC_DEVRANDOM */
+
+#if !defined(_WIN32_WCE)
+
+#define ANSI_RNG
+
+static unsigned long s_rng_ansic(unsigned char *buf, unsigned long len,
+                               void (*callback)(void))
+{
+   clock_t t1;
+   int l, acc, bits, a, b;
+
+   l = len;
+   bits = 8;
+   acc  = a = b = 0;
+   while (len--) {
+       if (callback != NULL) callback();
+       while (bits--) {
+          do {
+             t1 = XCLOCK(); while (t1 == XCLOCK()) a ^= 1;
+             t1 = XCLOCK(); while (t1 == XCLOCK()) b ^= 1;
+          } while (a == b);
+          acc = (acc << 1) | a;
+       }
+       *buf++ = acc;
+       acc  = 0;
+       bits = 8;
+   }
+   return l;
+}
+
+#endif
+
+/* Try the Microsoft CSP */
+#if defined(_WIN32) || defined(_WIN32_WCE)
+#if defined(LTC_WIN32_BCRYPT)
+
+#include <windows.h>
+#include <bcrypt.h>
+#pragma comment(lib, "bcrypt.lib")
+
+static unsigned long s_rng_win32(unsigned char *buf, unsigned long len,
+                               void (*callback)(void))
+{
+   LTC_UNUSED_PARAM(callback);
+
+   return BCRYPT_SUCCESS(BCryptGenRandom(NULL, (PUCHAR)buf, (ULONG)len, BCRYPT_USE_SYSTEM_PREFERRED_RNG)) ? len : 0;
+}
+
+#else
+
+#ifndef _WIN32_WINNT
+  #define _WIN32_WINNT 0x0501
+#endif
+#ifndef WINVER
+  #define WINVER 0x0501
+#endif
+
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include <wincrypt.h>
+
+static unsigned long s_rng_win32(unsigned char *buf, unsigned long len,
+                               void (*callback)(void))
+{
+   static HCRYPTPROV hProv = 0;
+   LTC_UNUSED_PARAM(callback);
+
+   if (hProv == 0) {
+      HCRYPTPROV h = 0;
+      if (!CryptAcquireContextW(&h, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,
+                                (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) &&
+          !CryptAcquireContextW(&h, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,
+                                CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET)) {
+         return 0;
+      }
+      hProv = h;
+   }
+
+   return CryptGenRandom(hProv, (DWORD)len, (BYTE *)buf) == TRUE ? len : 0;
+}
+#endif /* Old WIN32 versions */
+#endif /* WIN32 */
+
+/**
+  Read the system RNG
+  @param out       Destination
+  @param outlen    Length desired (octets)
+  @param callback  Pointer to void function to act as "callback" when RNG is slow.  This can be NULL
+  @return Number of octets read
+*/
+unsigned long rng_get_bytes(unsigned char *out, unsigned long outlen,
+                            void (*callback)(void))
+{
+   unsigned long x;
+
+   LTC_ARGCHK(out != NULL);
+
+#ifdef LTC_PRNG_ENABLE_LTC_RNG
+   if (ltc_rng) {
+      x = ltc_rng(out, outlen, callback);
+      if (x != 0) {
+         return x;
+      }
+   }
+#endif
+
+#if defined(_WIN32) || defined(_WIN32_WCE)
+   x = s_rng_win32(out, outlen, callback); if (x != 0) { return x; }
+#elif defined(LTC_DEVRANDOM)
+   x = s_rng_nix(out, outlen, callback);   if (x != 0) { return x; }
+#endif
+#ifdef ANSI_RNG
+   x = s_rng_ansic(out, outlen, callback); if (x != 0) { return x; }
+#endif
+   return 0;
+}
+#endif /* #ifdef LTC_RNG_GET_BYTES */
+
+#pragma clang diagnostic pop

Sources/DataLiteC/libtomcrypt/prngs/rng_make_prng.c

@@ -0,0 +1,81 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_RNG_MAKE_PRNG
+/**
+  @file rng_make_prng.c
+  portable way to get secure random bits to feed a PRNG  (Tom St Denis)
+*/
+
+/**
+  Create a PRNG from a RNG
+
+     In case you pass bits as '-1' the PRNG will be setup
+     as if the export/import functionality has been used,
+     but the imported data comes directly from the RNG.
+
+  @param bits     Number of bits of entropy desired (-1 or 64 ... 1024)
+  @param wprng    Index of which PRNG to setup
+  @param prng     [out] PRNG state to initialize
+  @param callback A pointer to a void function for when the RNG is slow, this can be NULL
+  @return CRYPT_OK if successful
+*/
+int rng_make_prng(int bits, int wprng, prng_state *prng,
+                  void (*callback)(void))
+{
+   unsigned char* buf;
+   unsigned long bytes;
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+
+   /* check parameter */
+   if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+      return err;
+   }
+
+   if (bits == -1) {
+      bytes = prng_descriptor[wprng].export_size;
+   } else if (bits < 64 || bits > 1024) {
+      return CRYPT_INVALID_PRNGSIZE;
+   } else {
+      bytes = (unsigned long)((bits+7)/8) * 2;
+   }
+
+   if ((err = prng_descriptor[wprng].start(prng)) != CRYPT_OK) {
+      return err;
+   }
+
+   buf = XMALLOC(bytes);
+   if (buf == NULL) {
+      return CRYPT_MEM;
+   }
+
+   if (rng_get_bytes(buf, bytes, callback) != bytes) {
+      err = CRYPT_ERROR_READPRNG;
+      goto LBL_ERR;
+   }
+
+   if (bits == -1) {
+      if ((err = prng_descriptor[wprng].pimport(buf, bytes, prng)) != CRYPT_OK) {
+         goto LBL_ERR;
+      }
+   } else {
+      if ((err = prng_descriptor[wprng].add_entropy(buf, bytes, prng)) != CRYPT_OK) {
+         goto LBL_ERR;
+      }
+   }
+   if ((err = prng_descriptor[wprng].ready(prng)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+LBL_ERR:
+   #ifdef LTC_CLEAN_STACK
+   zeromem(buf, bytes);
+   #endif
+   XFREE(buf);
+   return err;
+}
+#endif /* #ifdef LTC_RNG_MAKE_PRNG */
+

Sources/DataLiteC/libtomcrypt/prngs/sober128.c

@@ -0,0 +1,220 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+#include "tomcrypt_private.h"
+
+/**
+ @file prngs/sober128.c
+ Implementation of SOBER-128 by Tom St Denis.
+ Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
+*/
+
+#ifdef LTC_SOBER128
+
+const struct ltc_prng_descriptor sober128_desc =
+{
+   "sober128",
+   40,
+   &sober128_start,
+   &sober128_add_entropy,
+   &sober128_ready,
+   &sober128_read,
+   &sober128_done,
+   &sober128_export,
+   &sober128_import,
+   &sober128_test
+};
+
+/**
+  Start the PRNG
+  @param prng     [out] The PRNG state to initialize
+  @return CRYPT_OK if successful
+*/
+int sober128_start(prng_state *prng)
+{
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+   XMEMSET(&prng->u.sober128.ent, 0, sizeof(prng->u.sober128.ent));
+   prng->u.sober128.idx = 0;
+   LTC_MUTEX_INIT(&prng->lock)
+   return CRYPT_OK;
+}
+
+/**
+  Add entropy to the PRNG state
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   unsigned char buf[40];
+   unsigned long i;
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready) {
+      /* sober128_ready() was already called, do "rekey" operation */
+      if ((err = sober128_stream_keystream(&prng->u.sober128.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
+      /* key 32 bytes, 20 rounds */
+      if ((err = sober128_stream_setup(&prng->u.sober128.s, buf, 32)) != CRYPT_OK)     goto LBL_UNLOCK;
+      /* iv 8 bytes */
+      if ((err = sober128_stream_setiv(&prng->u.sober128.s, buf + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
+      /* clear KEY + IV */
+      zeromem(buf, sizeof(buf));
+   }
+   else {
+      /* sober128_ready() was not called yet, add entropy to ent buffer */
+      while (inlen--) prng->u.sober128.ent[prng->u.sober128.idx++ % sizeof(prng->u.sober128.ent)] ^= *in++;
+   }
+   err = CRYPT_OK;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Make the PRNG ready to read from
+  @param prng   The PRNG to make active
+  @return CRYPT_OK if successful
+*/
+int sober128_ready(prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (prng->ready)                                                            { err = CRYPT_OK; goto LBL_UNLOCK; }
+   /* key 32 bytes, 20 rounds */
+   if ((err = sober128_stream_setup(&prng->u.sober128.s, prng->u.sober128.ent, 32)) != CRYPT_OK)     goto LBL_UNLOCK;
+   /* iv 8 bytes */
+   if ((err = sober128_stream_setiv(&prng->u.sober128.s, prng->u.sober128.ent + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
+   XMEMSET(&prng->u.sober128.ent, 0, sizeof(prng->u.sober128.ent));
+   prng->u.sober128.idx = 0;
+   prng->ready = 1;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Read from the PRNG
+  @param out      Destination
+  @param outlen   Length of output
+  @param prng     The active PRNG to read from
+  @return Number of octets read
+*/
+unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng)
+{
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
+   if (sober128_stream_keystream(&prng->u.sober128.s, out, outlen) != CRYPT_OK) outlen = 0;
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return outlen;
+}
+
+/**
+  Terminate the PRNG
+  @param prng   The PRNG to terminate
+  @return CRYPT_OK if successful
+*/
+int sober128_done(prng_state *prng)
+{
+   int err;
+   LTC_ARGCHK(prng != NULL);
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+   err = sober128_stream_done(&prng->u.sober128.s);
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   LTC_MUTEX_DESTROY(&prng->lock);
+   return err;
+}
+
+/**
+  Export the PRNG state
+  @param out       [out] Destination
+  @param outlen    [in/out] Max size and resulting size of the state
+  @param prng      The PRNG to export
+  @return CRYPT_OK if successful
+*/
+LTC_PRNG_EXPORT(sober128)
+
+/**
+  Import a PRNG state
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in   != NULL);
+   if (inlen < (unsigned long)sober128_desc.export_size) return CRYPT_INVALID_ARG;
+
+   if ((err = sober128_start(prng)) != CRYPT_OK) return err;
+   if ((err = sober128_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
+   return CRYPT_OK;
+}
+
+/**
+  PRNG self-test
+  @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
+int sober128_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   prng_state st;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
+   unsigned char dmp[300];
+   unsigned long dmplen = sizeof(dmp);
+   unsigned char out[500];
+   unsigned char t1[] = { 0x31, 0x82, 0xA7, 0xA5, 0x8B, 0xD7, 0xCB, 0x39, 0x86, 0x1A };
+   unsigned char t2[] = { 0x6B, 0x43, 0x9E, 0xBC, 0xE7, 0x62, 0x9B, 0xE6, 0x9B, 0x83 };
+   unsigned char t3[] = { 0x4A, 0x0E, 0x6C, 0xC1, 0xCF, 0xB4, 0x73, 0x49, 0x99, 0x05 };
+   int err;
+
+   if ((err = sober128_start(&st)) != CRYPT_OK)                         return err;
+   /* add entropy to uninitialized prng */
+   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t1, sizeof(t1), "SOBER128-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   /* add entropy to already initialized prng */
+   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if ((err = sober128_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t2, sizeof(t2), "SOBER128-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
+   if ((err = sober128_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
+   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
+   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "SOBER128-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif

Sources/DataLiteC/libtomcrypt/prngs/sprng.c

@@ -0,0 +1,152 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+/**
+   @file sprng.c
+   Secure PRNG, Tom St Denis
+*/
+
+/* A secure PRNG using the RNG functions.  Basically this is a
+ * wrapper that allows you to use a secure RNG as a PRNG
+ * in the various other functions.
+ */
+
+#ifdef LTC_SPRNG
+
+const struct ltc_prng_descriptor sprng_desc =
+{
+    "sprng", 0,
+    &sprng_start,
+    &sprng_add_entropy,
+    &sprng_ready,
+    &sprng_read,
+    &sprng_done,
+    &sprng_export,
+    &sprng_import,
+    &sprng_test
+};
+
+/**
+  Start the PRNG
+  @param prng     [out] The PRNG state to initialize
+  @return CRYPT_OK if successful
+*/
+int sprng_start(prng_state *prng)
+{
+   LTC_UNUSED_PARAM(prng);
+   return CRYPT_OK;
+}
+
+/**
+  Add entropy to the PRNG state
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   LTC_UNUSED_PARAM(in);
+   LTC_UNUSED_PARAM(inlen);
+   LTC_UNUSED_PARAM(prng);
+   return CRYPT_OK;
+}
+
+/**
+  Make the PRNG ready to read from
+  @param prng   The PRNG to make active
+  @return CRYPT_OK if successful
+*/
+int sprng_ready(prng_state *prng)
+{
+   LTC_UNUSED_PARAM(prng);
+   return CRYPT_OK;
+}
+
+/**
+  Read from the PRNG
+  @param out      Destination
+  @param outlen   Length of output
+  @param prng     The active PRNG to read from
+  @return Number of octets read
+*/
+unsigned long sprng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
+{
+   LTC_ARGCHK(out != NULL);
+   LTC_UNUSED_PARAM(prng);
+   return rng_get_bytes(out, outlen, NULL);
+}
+
+/**
+  Terminate the PRNG
+  @param prng   The PRNG to terminate
+  @return CRYPT_OK if successful
+*/
+int sprng_done(prng_state *prng)
+{
+   LTC_UNUSED_PARAM(prng);
+   return CRYPT_OK;
+}
+
+/**
+  Export the PRNG state
+  @param out       [out] Destination
+  @param outlen    [in/out] Max size and resulting size of the state
+  @param prng      The PRNG to export
+  @return CRYPT_OK if successful
+*/
+/* NOLINTNEXTLINE(readability-non-const-parameter) - silence clang-tidy warning */
+int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
+{
+   LTC_ARGCHK(outlen != NULL);
+   LTC_UNUSED_PARAM(out);
+   LTC_UNUSED_PARAM(prng);
+
+   *outlen = 0;
+   return CRYPT_OK;
+}
+
+/**
+  Import a PRNG state
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+  LTC_UNUSED_PARAM(in);
+  LTC_UNUSED_PARAM(inlen);
+  LTC_UNUSED_PARAM(prng);
+   return CRYPT_OK;
+}
+
+/**
+  PRNG self-test
+  @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
+int sprng_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   prng_state st;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04 };
+   unsigned char out[1000];
+   int err;
+
+   if ((err = sprng_start(&st)) != CRYPT_OK)                         return err;
+   if ((err = sprng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
+   if ((err = sprng_ready(&st)) != CRYPT_OK)                         return err;
+   if (sprng_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
+   if ((err = sprng_done(&st)) != CRYPT_OK)                          return err;
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif
+
+
+

Sources/DataLiteC/libtomcrypt/prngs/yarrow.c

@@ -0,0 +1,323 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+/**
+  @file yarrow.c
+  Yarrow PRNG, Tom St Denis
+*/
+
+#ifdef LTC_YARROW
+
+const struct ltc_prng_descriptor yarrow_desc =
+{
+    "yarrow", 64,
+    &yarrow_start,
+    &yarrow_add_entropy,
+    &yarrow_ready,
+    &yarrow_read,
+    &yarrow_done,
+    &yarrow_export,
+    &yarrow_import,
+    &yarrow_test
+};
+
+/**
+  Start the PRNG
+  @param prng     [out] The PRNG state to initialize
+  @return CRYPT_OK if successful
+*/
+int yarrow_start(prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   prng->ready = 0;
+
+   /* these are the default hash/cipher combo used */
+#ifdef LTC_RIJNDAEL
+#if    LTC_YARROW_AES==0
+   prng->u.yarrow.cipher = register_cipher(&rijndael_enc_desc);
+#elif  LTC_YARROW_AES==1
+   prng->u.yarrow.cipher = register_cipher(&aes_enc_desc);
+#elif  LTC_YARROW_AES==2
+   prng->u.yarrow.cipher = register_cipher(&rijndael_desc);
+#elif  LTC_YARROW_AES==3
+   prng->u.yarrow.cipher = register_cipher(&aes_desc);
+#endif
+#elif defined(LTC_BLOWFISH)
+   prng->u.yarrow.cipher = register_cipher(&blowfish_desc);
+#elif defined(LTC_TWOFISH)
+   prng->u.yarrow.cipher = register_cipher(&twofish_desc);
+#elif defined(LTC_RC6)
+   prng->u.yarrow.cipher = register_cipher(&rc6_desc);
+#elif defined(LTC_RC5)
+   prng->u.yarrow.cipher = register_cipher(&rc5_desc);
+#elif defined(LTC_SAFERP)
+   prng->u.yarrow.cipher = register_cipher(&saferp_desc);
+#elif defined(LTC_RC2)
+   prng->u.yarrow.cipher = register_cipher(&rc2_desc);
+#elif defined(LTC_NOEKEON)
+   prng->u.yarrow.cipher = register_cipher(&noekeon_desc);
+#elif defined(LTC_ANUBIS)
+   prng->u.yarrow.cipher = register_cipher(&anubis_desc);
+#elif defined(LTC_KSEED)
+   prng->u.yarrow.cipher = register_cipher(&kseed_desc);
+#elif defined(LTC_KHAZAD)
+   prng->u.yarrow.cipher = register_cipher(&khazad_desc);
+#elif defined(LTC_CAST5)
+   prng->u.yarrow.cipher = register_cipher(&cast5_desc);
+#elif defined(LTC_XTEA)
+   prng->u.yarrow.cipher = register_cipher(&xtea_desc);
+#elif defined(LTC_SAFER)
+   prng->u.yarrow.cipher = register_cipher(&safer_sk128_desc);
+#elif defined(LTC_DES)
+   prng->u.yarrow.cipher = register_cipher(&des3_desc);
+#else
+   #error LTC_YARROW needs at least one CIPHER
+#endif
+   if ((err = cipher_is_valid(prng->u.yarrow.cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+#ifdef LTC_SHA256
+   prng->u.yarrow.hash   = register_hash(&sha256_desc);
+#elif defined(LTC_SHA512)
+   prng->u.yarrow.hash   = register_hash(&sha512_desc);
+#elif defined(LTC_TIGER)
+   prng->u.yarrow.hash   = register_hash(&tiger_desc);
+#elif defined(LTC_SHA1)
+   prng->u.yarrow.hash   = register_hash(&sha1_desc);
+#elif defined(LTC_RIPEMD320)
+   prng->u.yarrow.hash   = register_hash(&rmd320_desc);
+#elif defined(LTC_RIPEMD256)
+   prng->u.yarrow.hash   = register_hash(&rmd256_desc);
+#elif defined(LTC_RIPEMD160)
+   prng->u.yarrow.hash   = register_hash(&rmd160_desc);
+#elif defined(LTC_RIPEMD128)
+   prng->u.yarrow.hash   = register_hash(&rmd128_desc);
+#elif defined(LTC_MD5)
+   prng->u.yarrow.hash   = register_hash(&md5_desc);
+#elif defined(LTC_MD4)
+   prng->u.yarrow.hash   = register_hash(&md4_desc);
+#elif defined(LTC_MD2)
+   prng->u.yarrow.hash   = register_hash(&md2_desc);
+#elif defined(LTC_WHIRLPOOL)
+   prng->u.yarrow.hash   = register_hash(&whirlpool_desc);
+#else
+   #error LTC_YARROW needs at least one HASH
+#endif
+   if ((err = hash_is_valid(prng->u.yarrow.hash)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* zero the memory used */
+   zeromem(prng->u.yarrow.pool, sizeof(prng->u.yarrow.pool));
+   LTC_MUTEX_INIT(&prng->lock)
+
+   return CRYPT_OK;
+}
+
+/**
+  Add entropy to the PRNG state
+  @param in       The data to add
+  @param inlen    Length of the data to add
+  @param prng     PRNG state to update
+  @return CRYPT_OK if successful
+*/
+int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   hash_state md;
+   int err;
+
+   LTC_ARGCHK(prng != NULL);
+   LTC_ARGCHK(in != NULL);
+   LTC_ARGCHK(inlen > 0);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   if ((err = hash_is_valid(prng->u.yarrow.hash)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   /* start the hash */
+   if ((err = hash_descriptor[prng->u.yarrow.hash].init(&md)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   /* hash the current pool */
+   if ((err = hash_descriptor[prng->u.yarrow.hash].process(&md, prng->u.yarrow.pool,
+                                                        hash_descriptor[prng->u.yarrow.hash].hashsize)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   /* add the new entropy */
+   if ((err = hash_descriptor[prng->u.yarrow.hash].process(&md, in, inlen)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   /* store result */
+   err = hash_descriptor[prng->u.yarrow.hash].done(&md, prng->u.yarrow.pool);
+
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Make the PRNG ready to read from
+  @param prng   The PRNG to make active
+  @return CRYPT_OK if successful
+*/
+int yarrow_ready(prng_state *prng)
+{
+   int ks, err;
+
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   if ((err = hash_is_valid(prng->u.yarrow.hash)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   if ((err = cipher_is_valid(prng->u.yarrow.cipher)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   /* setup CTR mode using the "pool" as the key */
+   ks = (int)hash_descriptor[prng->u.yarrow.hash].hashsize;
+   if ((err = cipher_descriptor[prng->u.yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+
+   if ((err = ctr_start(prng->u.yarrow.cipher,     /* what cipher to use */
+                        prng->u.yarrow.pool,       /* IV */
+                        prng->u.yarrow.pool, ks,   /* KEY and key size */
+                        0,                       /* number of rounds */
+                        CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
+                        &prng->u.yarrow.ctr)) != CRYPT_OK) {
+      goto LBL_UNLOCK;
+   }
+   prng->ready = 1;
+
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return err;
+}
+
+/**
+  Read from the PRNG
+  @param out      Destination
+  @param outlen   Length of output
+  @param prng     The active PRNG to read from
+  @return Number of octets read
+*/
+unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng)
+{
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
+
+   LTC_MUTEX_LOCK(&prng->lock);
+
+   if (!prng->ready) {
+      outlen = 0;
+      goto LBL_UNLOCK;
+   }
+
+   /* put out in predictable state first */
+   zeromem(out, outlen);
+
+   /* now randomize it */
+   if (ctr_encrypt(out, out, outlen, &prng->u.yarrow.ctr) != CRYPT_OK) {
+      outlen = 0;
+   }
+
+LBL_UNLOCK:
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   return outlen;
+}
+
+/**
+  Terminate the PRNG
+  @param prng   The PRNG to terminate
+  @return CRYPT_OK if successful
+*/
+int yarrow_done(prng_state *prng)
+{
+   int err;
+   LTC_ARGCHK(prng != NULL);
+
+   LTC_MUTEX_LOCK(&prng->lock);
+   prng->ready = 0;
+
+   /* call cipher done when we invent one ;-) */
+
+   /* we invented one */
+   err = ctr_done(&prng->u.yarrow.ctr);
+
+   LTC_MUTEX_UNLOCK(&prng->lock);
+   LTC_MUTEX_DESTROY(&prng->lock);
+   return err;
+}
+
+/**
+  Export the PRNG state
+  @param out       [out] Destination
+  @param outlen    [in/out] Max size and resulting size of the state
+  @param prng      The PRNG to export
+  @return CRYPT_OK if successful
+*/
+LTC_PRNG_EXPORT(yarrow)
+
+/**
+  Import a PRNG state
+  @param in       The PRNG state
+  @param inlen    Size of the state
+  @param prng     The PRNG to import
+  @return CRYPT_OK if successful
+*/
+int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
+{
+   int err;
+
+   LTC_ARGCHK(in   != NULL);
+   LTC_ARGCHK(prng != NULL);
+   if (inlen < (unsigned long)yarrow_desc.export_size) return CRYPT_INVALID_ARG;
+
+   if ((err = yarrow_start(prng)) != CRYPT_OK)                  return err;
+   if ((err = yarrow_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
+   return CRYPT_OK;
+}
+
+/**
+  PRNG self-test
+  @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+*/
+int yarrow_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   int err;
+   prng_state prng;
+
+   if ((err = yarrow_start(&prng)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* now let's test the hash/cipher that was chosen */
+   if (cipher_descriptor[prng.u.yarrow.cipher].test &&
+       ((err = cipher_descriptor[prng.u.yarrow.cipher].test()) != CRYPT_OK)) {
+      return err;
+   }
+   if (hash_descriptor[prng.u.yarrow.hash].test &&
+       ((err = hash_descriptor[prng.u.yarrow.hash].test()) != CRYPT_OK)) {
+      return err;
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif
+