1 /******************************************************************************
2 *  Filename:       sw_ecrypt-sync.h
3 *  Revised:        2016-10-05 12:42:03 +0200 (Wed, 05 Oct 2016)
4 *  Revision:       47308
5 ******************************************************************************/
6 /* ecrypt-sync.h */
7 
8 /*
9  * Header file for synchronous stream ciphers without authentication
10  * mechanism.
11  *
12  * *** Please only edit parts marked with "[edit]". ***
13  */
14 
15 #ifndef ECRYPT_SYNC
16 #define ECRYPT_SYNC
17 
18 #include "sw_ecrypt-portable.h"
19 
20 /* ------------------------------------------------------------------------- */
21 
22 /* Cipher parameters */
23 
24 /*
25  * The name of your cipher.
26  */
27 #define ECRYPT_NAME "ChaCha8"
28 #define ECRYPT_PROFILE "_____"
29 
30 /*
31  * Specify which key and IV sizes are supported by your cipher. A user
32  * should be able to enumerate the supported sizes by running the
33  * following code:
34  *
35  * for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i)
36  *   {
37  *     keysize = ECRYPT_KEYSIZE(i);
38  *
39  *     ...
40  *   }
41  *
42  * All sizes are in bits.
43  */
44 
45 #define ECRYPT_MAXKEYSIZE 256                 /* [edit] */
46 #define ECRYPT_KEYSIZE(i) (128 + (i)*128)     /* [edit] */
47 
48 #define ECRYPT_MAXIVSIZE 64                   /* [edit] */
49 #define ECRYPT_IVSIZE(i) (64 + (i)*64)        /* [edit] */
50 
51 /* ------------------------------------------------------------------------- */
52 
53 /* Data structures */
54 
55 /*
56  * ECRYPT_ctx is the structure containing the representation of the
57  * internal state of your cipher.
58  */
59 
60 typedef struct
61 {
62   u32 input[16]; /* could be compressed */
63   /*
64    * [edit]
65    *
66    * Put here all state variable needed during the encryption process.
67    */
68 } ECRYPT_ctx;
69 
70 /* ------------------------------------------------------------------------- */
71 
72 /* Mandatory functions */
73 
74 /*
75  * Key and message independent initialization. This function will be
76  * called once when the program starts (e.g., to build expanded S-box
77  * tables).
78  */
79 void ECRYPT_init(void);
80 
81 /*
82  * Key setup. It is the user's responsibility to select the values of
83  * keysize and ivsize from the set of supported values specified
84  * above.
85  */
86 void ECRYPT_keysetup(
87   ECRYPT_ctx* ctx,
88   const u8* key,
89   u32 keysize,                /* Key size in bits. */
90   u32 ivsize);                /* IV size in bits. */
91 
92 /*
93  * IV setup. After having called ECRYPT_keysetup(), the user is
94  * allowed to call ECRYPT_ivsetup() different times in order to
95  * encrypt/decrypt different messages with the same key but different
96  * IV's.
97  */
98 void ECRYPT_ivsetup(
99   ECRYPT_ctx* ctx,
100   const u8* iv);
101 
102 /*
103  * Encryption/decryption of arbitrary length messages.
104  *
105  * For efficiency reasons, the API provides two types of
106  * encrypt/decrypt functions. The ECRYPT_encrypt_bytes() function
107  * (declared here) encrypts byte strings of arbitrary length, while
108  * the ECRYPT_encrypt_blocks() function (defined later) only accepts
109  * lengths which are multiples of ECRYPT_BLOCKLENGTH.
110  *
111  * The user is allowed to make multiple calls to
112  * ECRYPT_encrypt_blocks() to incrementally encrypt a long message,
113  * but he is NOT allowed to make additional encryption calls once he
114  * has called ECRYPT_encrypt_bytes() (unless he starts a new message
115  * of course). For example, this sequence of calls is acceptable:
116  *
117  * ECRYPT_keysetup();
118  *
119  * ECRYPT_ivsetup();
120  * ECRYPT_encrypt_blocks();
121  * ECRYPT_encrypt_blocks();
122  * ECRYPT_encrypt_bytes();
123  *
124  * ECRYPT_ivsetup();
125  * ECRYPT_encrypt_blocks();
126  * ECRYPT_encrypt_blocks();
127  *
128  * ECRYPT_ivsetup();
129  * ECRYPT_encrypt_bytes();
130  *
131  * The following sequence is not:
132  *
133  * ECRYPT_keysetup();
134  * ECRYPT_ivsetup();
135  * ECRYPT_encrypt_blocks();
136  * ECRYPT_encrypt_bytes();
137  * ECRYPT_encrypt_blocks();
138  */
139 
140 void ECRYPT_encrypt_bytes(
141   ECRYPT_ctx* ctx,
142   const u8* plaintext,
143   u8* ciphertext,
144   u32 msglen);                /* Message length in bytes. */
145 
146 void ECRYPT_decrypt_bytes(
147   ECRYPT_ctx* ctx,
148   const u8* ciphertext,
149   u8* plaintext,
150   u32 msglen);                /* Message length in bytes. */
151 
152 /* ------------------------------------------------------------------------- */
153 
154 /* Optional features */
155 
156 /*
157  * For testing purposes it can sometimes be useful to have a function
158  * which immediately generates keystream without having to provide it
159  * with a zero plaintext. If your cipher cannot provide this function
160  * (e.g., because it is not strictly a synchronous cipher), please
161  * reset the ECRYPT_GENERATES_KEYSTREAM flag.
162  */
163 
164 #define ECRYPT_GENERATES_KEYSTREAM
165 #ifdef ECRYPT_GENERATES_KEYSTREAM
166 
167 void ECRYPT_keystream_bytes(
168   ECRYPT_ctx* ctx,
169   u8* keystream,
170   u32 length);                /* Length of keystream in bytes. */
171 
172 #endif
173 
174 /* ------------------------------------------------------------------------- */
175 
176 /* Optional optimizations */
177 
178 /*
179  * By default, the functions in this section are implemented using
180  * calls to functions declared above. However, you might want to
181  * implement them differently for performance reasons.
182  */
183 
184 /*
185  * All-in-one encryption/decryption of (short) packets.
186  *
187  * The default definitions of these functions can be found in
188  * "ecrypt-sync.c". If you want to implement them differently, please
189  * undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag.
190  */
191 #define ECRYPT_USES_DEFAULT_ALL_IN_ONE        /* [edit] */
192 
193 void ECRYPT_encrypt_packet(
194   ECRYPT_ctx* ctx,
195   const u8* iv,
196   const u8* plaintext,
197   u8* ciphertext,
198   u32 msglen);
199 
200 void ECRYPT_decrypt_packet(
201   ECRYPT_ctx* ctx,
202   const u8* iv,
203   const u8* ciphertext,
204   u8* plaintext,
205   u32 msglen);
206 
207 /*
208  * Encryption/decryption of blocks.
209  *
210  * By default, these functions are defined as macros. If you want to
211  * provide a different implementation, please undef the
212  * ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions
213  * declared below.
214  */
215 
216 #define ECRYPT_BLOCKLENGTH 64                  /* [edit] */
217 
218 #define ECRYPT_USES_DEFAULT_BLOCK_MACROS      /* [edit] */
219 #ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS
220 
221 #define ECRYPT_encrypt_blocks(ctx, plaintext, ciphertext, blocks)  \
222   ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext,                 \
223     (blocks) * ECRYPT_BLOCKLENGTH)
224 
225 #define ECRYPT_decrypt_blocks(ctx, ciphertext, plaintext, blocks)  \
226   ECRYPT_decrypt_bytes(ctx, ciphertext, plaintext,                 \
227     (blocks) * ECRYPT_BLOCKLENGTH)
228 
229 #ifdef ECRYPT_GENERATES_KEYSTREAM
230 
231 #define ECRYPT_keystream_blocks(ctx, keystream, blocks)            \
232   ECRYPT_keystream_bytes(ctx, keystream,                        \
233     (blocks) * ECRYPT_BLOCKLENGTH)
234 
235 #endif
236 
237 #else
238 
239 void ECRYPT_encrypt_blocks(
240   ECRYPT_ctx* ctx,
241   const u8* plaintext,
242   u8* ciphertext,
243   u32 blocks);                /* Message length in blocks. */
244 
245 void ECRYPT_decrypt_blocks(
246   ECRYPT_ctx* ctx,
247   const u8* ciphertext,
248   u8* plaintext,
249   u32 blocks);                /* Message length in blocks. */
250 
251 #ifdef ECRYPT_GENERATES_KEYSTREAM
252 
253 void ECRYPT_keystream_blocks(
254   ECRYPT_ctx* ctx,
255   const u8* keystream,
256   u32 blocks);                /* Keystream length in blocks. */
257 
258 #endif
259 
260 #endif
261 
262 /*
263  * If your cipher can be implemented in different ways, you can use
264  * the ECRYPT_VARIANT parameter to allow the user to choose between
265  * them at compile time (e.g., gcc -DECRYPT_VARIANT=3 ...). Please
266  * only use this possibility if you really think it could make a
267  * significant difference and keep the number of variants
268  * (ECRYPT_MAXVARIANT) as small as possible (definitely not more than
269  * 10). Note also that all variants should have exactly the same
270  * external interface (i.e., the same ECRYPT_BLOCKLENGTH, etc.).
271  */
272 #define ECRYPT_MAXVARIANT 1                   /* [edit] */
273 
274 #ifndef ECRYPT_VARIANT
275 #define ECRYPT_VARIANT 1
276 #endif
277 
278 #if (ECRYPT_VARIANT > ECRYPT_MAXVARIANT)
279 #error this variant does not exist
280 #endif
281 
282 /* ------------------------------------------------------------------------- */
283 
284 #endif
285