1 /****************************************************************************** 2 * Filename: sw_ecrypt-sync.h 3 ******************************************************************************/ 4 /* ecrypt-sync.h */ 5 6 /* 7 * Header file for synchronous stream ciphers without authentication 8 * mechanism. 9 * 10 * *** Please only edit parts marked with "[edit]". *** 11 */ 12 13 #ifndef ECRYPT_SYNC 14 #define ECRYPT_SYNC 15 16 #include "sw_ecrypt-portable.h" 17 18 /* ------------------------------------------------------------------------- */ 19 20 /* Cipher parameters */ 21 22 /* 23 * The name of your cipher. 24 */ 25 #define ECRYPT_NAME "ChaCha8" 26 #define ECRYPT_PROFILE "_____" 27 28 /* 29 * Specify which key and IV sizes are supported by your cipher. A user 30 * should be able to enumerate the supported sizes by running the 31 * following code: 32 * 33 * for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i) 34 * { 35 * keysize = ECRYPT_KEYSIZE(i); 36 * 37 * ... 38 * } 39 * 40 * All sizes are in bits. 41 */ 42 43 #define ECRYPT_MAXKEYSIZE 256 /* [edit] */ 44 #define ECRYPT_KEYSIZE(i) (128 + (i)*128) /* [edit] */ 45 46 #define ECRYPT_MAXIVSIZE 64 /* [edit] */ 47 #define ECRYPT_IVSIZE(i) (64 + (i)*64) /* [edit] */ 48 49 /* ------------------------------------------------------------------------- */ 50 51 /* Data structures */ 52 53 /* 54 * ECRYPT_ctx is the structure containing the representation of the 55 * internal state of your cipher. 56 */ 57 58 typedef struct 59 { 60 u32 input[16]; /* could be compressed */ 61 /* 62 * [edit] 63 * 64 * Put here all state variable needed during the encryption process. 65 */ 66 } ECRYPT_ctx; 67 68 /* ------------------------------------------------------------------------- */ 69 70 /* Mandatory functions */ 71 72 /* 73 * Key and message independent initialization. This function will be 74 * called once when the program starts (e.g., to build expanded S-box 75 * tables). 76 */ 77 void ECRYPT_init(void); 78 79 /* 80 * Key setup. It is the user's responsibility to select the values of 81 * keysize and ivsize from the set of supported values specified 82 * above. 83 */ 84 void ECRYPT_keysetup( 85 ECRYPT_ctx* ctx, 86 const u8* key, 87 u32 keysize, /* Key size in bits. */ 88 u32 ivsize); /* IV size in bits. */ 89 90 /* 91 * IV setup. After having called ECRYPT_keysetup(), the user is 92 * allowed to call ECRYPT_ivsetup() different times in order to 93 * encrypt/decrypt different messages with the same key but different 94 * IV's. 95 */ 96 void ECRYPT_ivsetup( 97 ECRYPT_ctx* ctx, 98 const u8* iv); 99 100 /* 101 * Encryption/decryption of arbitrary length messages. 102 * 103 * For efficiency reasons, the API provides two types of 104 * encrypt/decrypt functions. The ECRYPT_encrypt_bytes() function 105 * (declared here) encrypts byte strings of arbitrary length, while 106 * the ECRYPT_encrypt_blocks() function (defined later) only accepts 107 * lengths which are multiples of ECRYPT_BLOCKLENGTH. 108 * 109 * The user is allowed to make multiple calls to 110 * ECRYPT_encrypt_blocks() to incrementally encrypt a long message, 111 * but he is NOT allowed to make additional encryption calls once he 112 * has called ECRYPT_encrypt_bytes() (unless he starts a new message 113 * of course). For example, this sequence of calls is acceptable: 114 * 115 * ECRYPT_keysetup(); 116 * 117 * ECRYPT_ivsetup(); 118 * ECRYPT_encrypt_blocks(); 119 * ECRYPT_encrypt_blocks(); 120 * ECRYPT_encrypt_bytes(); 121 * 122 * ECRYPT_ivsetup(); 123 * ECRYPT_encrypt_blocks(); 124 * ECRYPT_encrypt_blocks(); 125 * 126 * ECRYPT_ivsetup(); 127 * ECRYPT_encrypt_bytes(); 128 * 129 * The following sequence is not: 130 * 131 * ECRYPT_keysetup(); 132 * ECRYPT_ivsetup(); 133 * ECRYPT_encrypt_blocks(); 134 * ECRYPT_encrypt_bytes(); 135 * ECRYPT_encrypt_blocks(); 136 */ 137 138 void ECRYPT_encrypt_bytes( 139 ECRYPT_ctx* ctx, 140 const u8* plaintext, 141 u8* ciphertext, 142 u32 msglen); /* Message length in bytes. */ 143 144 void ECRYPT_decrypt_bytes( 145 ECRYPT_ctx* ctx, 146 const u8* ciphertext, 147 u8* plaintext, 148 u32 msglen); /* Message length in bytes. */ 149 150 /* ------------------------------------------------------------------------- */ 151 152 /* Optional features */ 153 154 /* 155 * For testing purposes it can sometimes be useful to have a function 156 * which immediately generates keystream without having to provide it 157 * with a zero plaintext. If your cipher cannot provide this function 158 * (e.g., because it is not strictly a synchronous cipher), please 159 * reset the ECRYPT_GENERATES_KEYSTREAM flag. 160 */ 161 162 #define ECRYPT_GENERATES_KEYSTREAM 163 #ifdef ECRYPT_GENERATES_KEYSTREAM 164 165 void ECRYPT_keystream_bytes( 166 ECRYPT_ctx* ctx, 167 u8* keystream, 168 u32 length); /* Length of keystream in bytes. */ 169 170 #endif 171 172 /* ------------------------------------------------------------------------- */ 173 174 /* Optional optimizations */ 175 176 /* 177 * By default, the functions in this section are implemented using 178 * calls to functions declared above. However, you might want to 179 * implement them differently for performance reasons. 180 */ 181 182 /* 183 * All-in-one encryption/decryption of (short) packets. 184 * 185 * The default definitions of these functions can be found in 186 * "ecrypt-sync.c". If you want to implement them differently, please 187 * undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag. 188 */ 189 #define ECRYPT_USES_DEFAULT_ALL_IN_ONE /* [edit] */ 190 191 void ECRYPT_encrypt_packet( 192 ECRYPT_ctx* ctx, 193 const u8* iv, 194 const u8* plaintext, 195 u8* ciphertext, 196 u32 msglen); 197 198 void ECRYPT_decrypt_packet( 199 ECRYPT_ctx* ctx, 200 const u8* iv, 201 const u8* ciphertext, 202 u8* plaintext, 203 u32 msglen); 204 205 /* 206 * Encryption/decryption of blocks. 207 * 208 * By default, these functions are defined as macros. If you want to 209 * provide a different implementation, please undef the 210 * ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions 211 * declared below. 212 */ 213 214 #define ECRYPT_BLOCKLENGTH 64 /* [edit] */ 215 216 #define ECRYPT_USES_DEFAULT_BLOCK_MACROS /* [edit] */ 217 #ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS 218 219 #define ECRYPT_encrypt_blocks(ctx, plaintext, ciphertext, blocks) \ 220 ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, \ 221 (blocks) * ECRYPT_BLOCKLENGTH) 222 223 #define ECRYPT_decrypt_blocks(ctx, ciphertext, plaintext, blocks) \ 224 ECRYPT_decrypt_bytes(ctx, ciphertext, plaintext, \ 225 (blocks) * ECRYPT_BLOCKLENGTH) 226 227 #ifdef ECRYPT_GENERATES_KEYSTREAM 228 229 #define ECRYPT_keystream_blocks(ctx, keystream, blocks) \ 230 ECRYPT_keystream_bytes(ctx, keystream, \ 231 (blocks) * ECRYPT_BLOCKLENGTH) 232 233 #endif 234 235 #else 236 237 void ECRYPT_encrypt_blocks( 238 ECRYPT_ctx* ctx, 239 const u8* plaintext, 240 u8* ciphertext, 241 u32 blocks); /* Message length in blocks. */ 242 243 void ECRYPT_decrypt_blocks( 244 ECRYPT_ctx* ctx, 245 const u8* ciphertext, 246 u8* plaintext, 247 u32 blocks); /* Message length in blocks. */ 248 249 #ifdef ECRYPT_GENERATES_KEYSTREAM 250 251 void ECRYPT_keystream_blocks( 252 ECRYPT_ctx* ctx, 253 const u8* keystream, 254 u32 blocks); /* Keystream length in blocks. */ 255 256 #endif 257 258 #endif 259 260 /* 261 * If your cipher can be implemented in different ways, you can use 262 * the ECRYPT_VARIANT parameter to allow the user to choose between 263 * them at compile time (e.g., gcc -DECRYPT_VARIANT=3 ...). Please 264 * only use this possibility if you really think it could make a 265 * significant difference and keep the number of variants 266 * (ECRYPT_MAXVARIANT) as small as possible (definitely not more than 267 * 10). Note also that all variants should have exactly the same 268 * external interface (i.e., the same ECRYPT_BLOCKLENGTH, etc.). 269 */ 270 #define ECRYPT_MAXVARIANT 1 /* [edit] */ 271 272 #ifndef ECRYPT_VARIANT 273 #define ECRYPT_VARIANT 1 274 #endif 275 276 #if (ECRYPT_VARIANT > ECRYPT_MAXVARIANT) 277 #error this variant does not exist 278 #endif 279 280 /* ------------------------------------------------------------------------- */ 281 282 #endif 283
