1 /****************************************************************************** 2 * Filename: sw_ecrypt-sync.h 3 ******************************************************************************/ 4 /* ecrypt-sync.h */ 5 6 /* 7 * Header file for synchronous stream ciphers without authentication 8 * mechanism. 9 * 10 * *** Please only edit parts marked with "[edit]". *** 11 */ 12 13 #ifndef ECRYPT_SYNC 14 #define ECRYPT_SYNC 15 16 #include "sw_ecrypt-portable.h" 17 18 /* ------------------------------------------------------------------------- */ 19 20 /* Cipher parameters */ 21 22 /* 23 * The name of your cipher. 24 */ 25 #define ECRYPT_NAME "ChaCha8" 26 #define ECRYPT_PROFILE "_____" 27 28 /* 29 * Specify which key and IV sizes are supported by your cipher. A user 30 * should be able to enumerate the supported sizes by running the 31 * following code: 32 * 33 * for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i) 34 * { 35 * keysize = ECRYPT_KEYSIZE(i); 36 * 37 * ... 38 * } 39 * 40 * All sizes are in bits. 41 */ 42 43 #define ECRYPT_MAXKEYSIZE 256 /* [edit] */ 44 #define ECRYPT_KEYSIZE(i) (128 + (i)*128) /* [edit] */ 45 46 #define ECRYPT_MAXIVSIZE 64 /* [edit] */ 47 #define ECRYPT_IVSIZE(i) (64 + (i)*64) /* [edit] */ 48 49 /* ------------------------------------------------------------------------- */ 50 51 /* Data structures */ 52 53 /* 54 * ECRYPT_ctx is the structure containing the representation of the 55 * internal state of your cipher. 56 */ 57 58 typedef struct 59 { 60 u32 input[16]; /* could be compressed */ 61 /* 62 * [edit] 63 * 64 * Put here all state variable needed during the encryption process. 65 */ 66 } ECRYPT_ctx; 67 68 /* ------------------------------------------------------------------------- */ 69 70 /* Mandatory functions */ 71 72 /* 73 * Key and message independent initialization. This function will be 74 * called once when the program starts (e.g., to build expanded S-box 75 * tables). 76 */ 77 void ECRYPT_init(void); 78 79 /* 80 * Key setup. It is the user's responsibility to select the values of 81 * keysize and ivsize from the set of supported values specified 82 * above. 83 */ 84 void ECRYPT_keysetup(ECRYPT_ctx *ctx, 85 const u8 *key, 86 u32 keysize, /* Key size in bits. */ 87 u32 ivsize); /* IV size in bits. */ 88 89 /* 90 * IV setup. After having called ECRYPT_keysetup(), the user is 91 * allowed to call ECRYPT_ivsetup() different times in order to 92 * encrypt/decrypt different messages with the same key but different 93 * IV's. 94 */ 95 void ECRYPT_ivsetup(ECRYPT_ctx *ctx, const u8 *iv); 96 97 /* 98 * Encryption/decryption of arbitrary length messages. 99 * 100 * For efficiency reasons, the API provides two types of 101 * encrypt/decrypt functions. The ECRYPT_encrypt_bytes() function 102 * (declared here) encrypts byte strings of arbitrary length, while 103 * the ECRYPT_encrypt_blocks() function (defined later) only accepts 104 * lengths which are multiples of ECRYPT_BLOCKLENGTH. 105 * 106 * The user is allowed to make multiple calls to 107 * ECRYPT_encrypt_blocks() to incrementally encrypt a long message, 108 * but he is NOT allowed to make additional encryption calls once he 109 * has called ECRYPT_encrypt_bytes() (unless he starts a new message 110 * of course). For example, this sequence of calls is acceptable: 111 * 112 * ECRYPT_keysetup(); 113 * 114 * ECRYPT_ivsetup(); 115 * ECRYPT_encrypt_blocks(); 116 * ECRYPT_encrypt_blocks(); 117 * ECRYPT_encrypt_bytes(); 118 * 119 * ECRYPT_ivsetup(); 120 * ECRYPT_encrypt_blocks(); 121 * ECRYPT_encrypt_blocks(); 122 * 123 * ECRYPT_ivsetup(); 124 * ECRYPT_encrypt_bytes(); 125 * 126 * The following sequence is not: 127 * 128 * ECRYPT_keysetup(); 129 * ECRYPT_ivsetup(); 130 * ECRYPT_encrypt_blocks(); 131 * ECRYPT_encrypt_bytes(); 132 * ECRYPT_encrypt_blocks(); 133 */ 134 135 void ECRYPT_encrypt_bytes(ECRYPT_ctx *ctx, const u8 *plaintext, u8 *ciphertext, u32 msglen); /* Message length in bytes. 136 */ 137 138 void ECRYPT_decrypt_bytes(ECRYPT_ctx *ctx, const u8 *ciphertext, u8 *plaintext, u32 msglen); /* Message length in bytes. 139 */ 140 141 /* ------------------------------------------------------------------------- */ 142 143 /* Optional features */ 144 145 /* 146 * For testing purposes it can sometimes be useful to have a function 147 * which immediately generates keystream without having to provide it 148 * with a zero plaintext. If your cipher cannot provide this function 149 * (e.g., because it is not strictly a synchronous cipher), please 150 * reset the ECRYPT_GENERATES_KEYSTREAM flag. 151 */ 152 153 #define ECRYPT_GENERATES_KEYSTREAM 154 #ifdef ECRYPT_GENERATES_KEYSTREAM 155 156 void ECRYPT_keystream_bytes(ECRYPT_ctx *ctx, u8 *keystream, u32 length); /* Length of keystream in bytes. */ 157 158 #endif 159 160 /* ------------------------------------------------------------------------- */ 161 162 /* Optional optimizations */ 163 164 /* 165 * By default, the functions in this section are implemented using 166 * calls to functions declared above. However, you might want to 167 * implement them differently for performance reasons. 168 */ 169 170 /* 171 * All-in-one encryption/decryption of (short) packets. 172 * 173 * The default definitions of these functions can be found in 174 * "ecrypt-sync.c". If you want to implement them differently, please 175 * undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag. 176 */ 177 #define ECRYPT_USES_DEFAULT_ALL_IN_ONE /* [edit] */ 178 179 void ECRYPT_encrypt_packet(ECRYPT_ctx *ctx, const u8 *iv, const u8 *plaintext, u8 *ciphertext, u32 msglen); 180 181 void ECRYPT_decrypt_packet(ECRYPT_ctx *ctx, const u8 *iv, const u8 *ciphertext, u8 *plaintext, u32 msglen); 182 183 /* 184 * Encryption/decryption of blocks. 185 * 186 * By default, these functions are defined as macros. If you want to 187 * provide a different implementation, please undef the 188 * ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions 189 * declared below. 190 */ 191 192 #define ECRYPT_BLOCKLENGTH 64 /* [edit] */ 193 194 #define ECRYPT_USES_DEFAULT_BLOCK_MACROS /* [edit] */ 195 #ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS 196 197 #define ECRYPT_encrypt_blocks(ctx, plaintext, ciphertext, blocks) \ 198 ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, (blocks)*ECRYPT_BLOCKLENGTH) 199 200 #define ECRYPT_decrypt_blocks(ctx, ciphertext, plaintext, blocks) \ 201 ECRYPT_decrypt_bytes(ctx, ciphertext, plaintext, (blocks)*ECRYPT_BLOCKLENGTH) 202 203 #ifdef ECRYPT_GENERATES_KEYSTREAM 204 205 #define ECRYPT_keystream_blocks(ctx, keystream, blocks) \ 206 ECRYPT_keystream_bytes(ctx, keystream, (blocks)*ECRYPT_BLOCKLENGTH) 207 208 #endif 209 210 #else 211 212 void ECRYPT_encrypt_blocks(ECRYPT_ctx *ctx, const u8 *plaintext, u8 *ciphertext, u32 blocks); /* Message length in 213 blocks. */ 214 215 void ECRYPT_decrypt_blocks(ECRYPT_ctx *ctx, const u8 *ciphertext, u8 *plaintext, u32 blocks); /* Message length in 216 blocks. */ 217 218 #ifdef ECRYPT_GENERATES_KEYSTREAM 219 220 void ECRYPT_keystream_blocks(ECRYPT_ctx *ctx, const u8 *keystream, u32 blocks); /* Keystream length in blocks. */ 221 222 #endif 223 224 #endif 225 226 /* 227 * If your cipher can be implemented in different ways, you can use 228 * the ECRYPT_VARIANT parameter to allow the user to choose between 229 * them at compile time (e.g., gcc -DECRYPT_VARIANT=3 ...). Please 230 * only use this possibility if you really think it could make a 231 * significant difference and keep the number of variants 232 * (ECRYPT_MAXVARIANT) as small as possible (definitely not more than 233 * 10). Note also that all variants should have exactly the same 234 * external interface (i.e., the same ECRYPT_BLOCKLENGTH, etc.). 235 */ 236 #define ECRYPT_MAXVARIANT 1 /* [edit] */ 237 238 #ifndef ECRYPT_VARIANT 239 #define ECRYPT_VARIANT 1 240 #endif 241 242 #if (ECRYPT_VARIANT > ECRYPT_MAXVARIANT) 243 #error this variant does not exist 244 #endif 245 246 /* ------------------------------------------------------------------------- */ 247 248 #endif 249
