1 #define ECRYPT_VARIANT 1 2 #define ECRYPT_API 3 /* ecrypt-sync.h */ 4 5 /* 6 * Header file for synchronous stream ciphers without authentication 7 * mechanism. 8 * 9 * *** Please only edit parts marked with "[edit]". *** 10 */ 11 12 #ifndef ECRYPT_SYNC 13 #define ECRYPT_SYNC 14 15 #include "ecrypt-portable.h" 16 17 /* ------------------------------------------------------------------------- */ 18 19 /* Cipher parameters */ 20 21 /* 22 * The name of your cipher. 23 */ 24 #define ECRYPT_NAME "Salsa20" /* [edit] */ 25 #define ECRYPT_PROFILE "S3___" 26 27 /* 28 * Specify which key and IV sizes are supported by your cipher. A user 29 * should be able to enumerate the supported sizes by running the 30 * following code: 31 * 32 * for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i) 33 * { 34 * keysize = ECRYPT_KEYSIZE(i); 35 * 36 * ... 37 * } 38 * 39 * All sizes are in bits. 40 */ 41 42 #define ECRYPT_MAXKEYSIZE 256 /* [edit] */ 43 #define ECRYPT_KEYSIZE(i) (128 + (i)*128) /* [edit] */ 44 45 #define ECRYPT_MAXIVSIZE 64 /* [edit] */ 46 #define ECRYPT_IVSIZE(i) (64 + (i)*64) /* [edit] */ 47 48 /* ------------------------------------------------------------------------- */ 49 50 /* Data structures */ 51 52 /* 53 * ECRYPT_ctx is the structure containing the representation of the 54 * internal state of your cipher. 55 */ 56 57 typedef struct 58 { 59 u32 input[16]; /* could be compressed */ 60 /* 61 * [edit] 62 * 63 * Put here all state variable needed during the encryption process. 64 */ 65 } ECRYPT_ctx; 66 67 /* ------------------------------------------------------------------------- */ 68 69 /* Mandatory functions */ 70 71 /* 72 * Key and message independent initialization. This function will be 73 * called once when the program starts (e.g., to build expanded S-box 74 * tables). 75 */ 76 void ECRYPT_init(); 77 78 /* 79 * Key setup. It is the user's responsibility to select the values of 80 * keysize and ivsize from the set of supported values specified 81 * above. 82 */ 83 void ECRYPT_keysetup( 84 ECRYPT_ctx* ctx, 85 const u8* key, 86 u32 keysize, /* Key size in bits. */ 87 u32 ivsize); /* IV size in bits. */ 88 89 /* 90 * IV setup. After having called ECRYPT_keysetup(), the user is 91 * allowed to call ECRYPT_ivsetup() different times in order to 92 * encrypt/decrypt different messages with the same key but different 93 * IV's. 94 */ 95 void ECRYPT_ivsetup( 96 ECRYPT_ctx* ctx, 97 const u8* iv); 98 99 /* 100 * Encryption/decryption of arbitrary length messages. 101 * 102 * For efficiency reasons, the API provides two types of 103 * encrypt/decrypt functions. The ECRYPT_encrypt_bytes() function 104 * (declared here) encrypts byte strings of arbitrary length, while 105 * the ECRYPT_encrypt_blocks() function (defined later) only accepts 106 * lengths which are multiples of ECRYPT_BLOCKLENGTH. 107 * 108 * The user is allowed to make multiple calls to 109 * ECRYPT_encrypt_blocks() to incrementally encrypt a long message, 110 * but he is NOT allowed to make additional encryption calls once he 111 * has called ECRYPT_encrypt_bytes() (unless he starts a new message 112 * of course). For example, this sequence of calls is acceptable: 113 * 114 * ECRYPT_keysetup(); 115 * 116 * ECRYPT_ivsetup(); 117 * ECRYPT_encrypt_blocks(); 118 * ECRYPT_encrypt_blocks(); 119 * ECRYPT_encrypt_bytes(); 120 * 121 * ECRYPT_ivsetup(); 122 * ECRYPT_encrypt_blocks(); 123 * ECRYPT_encrypt_blocks(); 124 * 125 * ECRYPT_ivsetup(); 126 * ECRYPT_encrypt_bytes(); 127 * 128 * The following sequence is not: 129 * 130 * ECRYPT_keysetup(); 131 * ECRYPT_ivsetup(); 132 * ECRYPT_encrypt_blocks(); 133 * ECRYPT_encrypt_bytes(); 134 * ECRYPT_encrypt_blocks(); 135 */ 136 137 void ECRYPT_encrypt_bytes( 138 ECRYPT_ctx* ctx, 139 const u8* plaintext, 140 u8* ciphertext, 141 u32 msglen); /* Message length in bytes. */ 142 143 void ECRYPT_decrypt_bytes( 144 ECRYPT_ctx* ctx, 145 const u8* ciphertext, 146 u8* plaintext, 147 u32 msglen); /* Message length in bytes. */ 148 149 /* ------------------------------------------------------------------------- */ 150 151 /* Optional features */ 152 153 /* 154 * For testing purposes it can sometimes be useful to have a function 155 * which immediately generates keystream without having to provide it 156 * with a zero plaintext. If your cipher cannot provide this function 157 * (e.g., because it is not strictly a synchronous cipher), please 158 * reset the ECRYPT_GENERATES_KEYSTREAM flag. 159 */ 160 161 #define ECRYPT_GENERATES_KEYSTREAM 162 #ifdef ECRYPT_GENERATES_KEYSTREAM 163 164 void ECRYPT_keystream_bytes( 165 ECRYPT_ctx* ctx, 166 u8* keystream, 167 u32 length); /* Length of keystream in bytes. */ 168 169 #endif 170 171 /* ------------------------------------------------------------------------- */ 172 173 /* Optional optimizations */ 174 175 /* 176 * By default, the functions in this section are implemented using 177 * calls to functions declared above. However, you might want to 178 * implement them differently for performance reasons. 179 */ 180 181 /* 182 * All-in-one encryption/decryption of (short) packets. 183 * 184 * The default definitions of these functions can be found in 185 * "ecrypt-sync.c". If you want to implement them differently, please 186 * undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag. 187 */ 188 #define ECRYPT_USES_DEFAULT_ALL_IN_ONE /* [edit] */ 189 190 void ECRYPT_encrypt_packet( 191 ECRYPT_ctx* ctx, 192 const u8* iv, 193 const u8* plaintext, 194 u8* ciphertext, 195 u32 msglen); 196 197 void ECRYPT_decrypt_packet( 198 ECRYPT_ctx* ctx, 199 const u8* iv, 200 const u8* ciphertext, 201 u8* plaintext, 202 u32 msglen); 203 204 /* 205 * Encryption/decryption of blocks. 206 * 207 * By default, these functions are defined as macros. If you want to 208 * provide a different implementation, please undef the 209 * ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions 210 * declared below. 211 */ 212 213 #define ECRYPT_BLOCKLENGTH 64 /* [edit] */ 214 215 #define ECRYPT_USES_DEFAULT_BLOCK_MACROS /* [edit] */ 216 #ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS 217 218 #define ECRYPT_encrypt_blocks(ctx, plaintext, ciphertext, blocks) \ 219 ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, \ 220 (blocks) * ECRYPT_BLOCKLENGTH) 221 222 #define ECRYPT_decrypt_blocks(ctx, ciphertext, plaintext, blocks) \ 223 ECRYPT_decrypt_bytes(ctx, ciphertext, plaintext, \ 224 (blocks) * ECRYPT_BLOCKLENGTH) 225 226 #ifdef ECRYPT_GENERATES_KEYSTREAM 227 228 #define ECRYPT_keystream_blocks(ctx, keystream, blocks) \ 229 ECRYPT_keystream_bytes(ctx, keystream, \ 230 (blocks) * ECRYPT_BLOCKLENGTH) 231 232 #endif 233 234 #else 235 236 void ECRYPT_encrypt_blocks( 237 ECRYPT_ctx* ctx, 238 const u8* plaintext, 239 u8* ciphertext, 240 u32 blocks); /* Message length in blocks. */ 241 242 void ECRYPT_decrypt_blocks( 243 ECRYPT_ctx* ctx, 244 const u8* ciphertext, 245 u8* plaintext, 246 u32 blocks); /* Message length in blocks. */ 247 248 #ifdef ECRYPT_GENERATES_KEYSTREAM 249 250 void ECRYPT_keystream_blocks( 251 ECRYPT_ctx* ctx, 252 const u8* keystream, 253 u32 blocks); /* Keystream length in blocks. */ 254 255 #endif 256 257 #endif 258 259 /* 260 * If your cipher can be implemented in different ways, you can use 261 * the ECRYPT_VARIANT parameter to allow the user to choose between 262 * them at compile time (e.g., gcc -DECRYPT_VARIANT=3 ...). Please 263 * only use this possibility if you really think it could make a 264 * significant difference and keep the number of variants 265 * (ECRYPT_MAXVARIANT) as small as possible (definitely not more than 266 * 10). Note also that all variants should have exactly the same 267 * external interface (i.e., the same ECRYPT_BLOCKLENGTH, etc.). 268 */ 269 #define ECRYPT_MAXVARIANT 1 /* [edit] */ 270 271 #ifndef ECRYPT_VARIANT 272 #define ECRYPT_VARIANT 1 273 #endif 274 275 #if (ECRYPT_VARIANT > ECRYPT_MAXVARIANT) 276 #error this variant does not exist 277 #endif 278 279 /* ------------------------------------------------------------------------- */ 280 281 #endif 282