Powered by ViewCVS 1.0-dev
* imported implementation of MOUSTIQUE (test suite still does not support self-synchronizing stream ciphers, though).
/* ecrypt-ssyn.h */
/*
* Header file for self-synchronising stream ciphers without
* authentication mechanism.
*
* *** Please only edit parts marked with "[edit]". ***
*
* Note: while any self-synchronising stream cipher can be implemented
* with the following API, it might not be very suitable for ciphers
* which need a lot of ciphertext to synchronise, and/or have a
* pipelined design. If this is the case, please use the more flexible
* API of 'ecrypt-sync-ae.h'.
*/
#ifndef ECRYPT_SSYN
#define ECRYPT_SSYN
#include "ecrypt-portable.h"
/* ------------------------------------------------------------------------- */
/* Cipher parameters */
/*
* The name of your cipher.
*/
#define ECRYPT_NAME "MOUSTIQUE" /* [edit] */
/*
* Specify which key and IV sizes are supported by your cipher. A user
* should be able to enumerate the supported sizes by running the
* following code:
*
* for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i)
* {
* keysize = ECRYPT_KEYSIZE(i);
*
* ...
* }
*
* All sizes are in bits.
*/
#define ECRYPT_MAXKEYSIZE 96
#define ECRYPT_KEYSIZE(i) (96 + (i)*1)
#define ECRYPT_MAXIVSIZE 104
#define ECRYPT_IVSIZE(i) (0 + (i)*8)
/*
* Specify the number of consecutive bytes of ciphertext that need to
* to be received correctly in order to synchronise the keystream.
*/
#define ECRYPT_SYNCLENGTH 14 /* actually 105 bits */
/* ------------------------------------------------------------------------- */
/* Data structures */
/*
* ECRYPT_ctx is a structure storing the (expanded) key and the internal state of the
* cipher.
*/
typedef struct
{
u32 IVsize;
u8 wrkey[96];
u8 a0[129];
u8 a1[56]; /* stage 1, 53 bits, a1[53...55] are always 0 */
u8 a2[56]; /* stage 2, 53 bits, a2[53...55] are always 0 */
u8 a3[56]; /* stage 3, 53 bits, a3[53...55] are always 0 */
u8 a4[56]; /* stage 4, 53 bits, a4[53...55] are always 0 */
u8 a5[56]; /* stage 5, 53 bits, a5[53...55] are always 0 */
u8 a6[12]; /* stage 6, 12 bits */
u8 a7[3]; /* stage 7, 3 bits */
u8 a8[1]; /* stage 8, 1 bit, to mimic additional delay */
u8 *C_0; /* a[1...96] is CCSR_0[1...96] */
u8 *C_1; /* a[97...104] is CCSR_1[89...96] */
u8 *C_2; /* a[105...108] is CCSR_2[93...96] */
u8 *C_3; /* a[109...112] is CCSR_3[93...96] */
u8 *C_4; /* a[113...114] is CCSR_4[95...96] */
u8 *C_5; /* a[115...116] is CCSR_5[95...96] */
u8 *C_6; /* a[117...118] is CCSR_6[95...96] */
u8 *C_7; /* a[119...120] is CCSR_7[95...96] */
u8 *C_8; /* a[121] is CCSR_8[96] */
u8 *C_9; /* a[122] is CCSR_9[96] */
u8 *C10; /* a[123] is CCSR_10[96] */
u8 *C11; /* a[124] is CCSR_11[96] */
u8 *C12; /* a[125] is CCSR_12[96] */
u8 *C13; /* a[126] is CCSR_13[96] */
u8 *C14; /* a[127] is CCSR_14[96] */
u8 *C15; /* a[128] is CCSR_15[96] */
} ECRYPT_ctx; /* key and internal state */
/* ------------------------------------------------------------------------- */
/* Mandatory functions */
/*
* Key and message independent initialization. This function will be
* called once when the program starts (e.g., to build expanded S-box
* tables).
*/
void ECRYPT_init();
/*
* Key setup. It is the user's responsibility to select the values of
* keysize and ivsize from the set of supported values specified
* above.
*/
void ECRYPT_keysetup(
ECRYPT_ctx* ctx,
const u8* key,
u32 keysize, /* Key size in bits. */
u32 ivsize); /* IV size in bits. */
/*
* IV setup. After having called ECRYPT_keysetup(), the user is
* allowed to call ECRYPT_ivsetup() different times in order to
* encrypt/decrypt different messages with the same key but different
* IV's. This function also initializes the block of ECRYPT_SYNCLENGTH
* bytes pointed to by 'previous', which will be passed as a parameter
* in the first call to ECRYPT_encrypt_x().
*/
void ECRYPT_ivsetup(
ECRYPT_ctx* ctx,
u8* previous,
const u8* iv);
/*
* Encryption/decryption of arbitrary length messages.
*
* For efficiency reasons, the API provides two types of
* encrypt/decrypt functions. The ECRYPT_encrypt_bytes() function
* (declared here) encrypts byte strings of arbitrary length, while
* the ECRYPT_encrypt_blocks() function (defined later) only accepts
* lengths which are multiples of ECRYPT_SYNCLENGTH.
*
* The user is allowed to make multiple calls to
* ECRYPT_encrypt_blocks() to incrementally encrypt a long message,
* but he is NOT allowed to make additional encryption calls once he
* has called ECRYPT_encrypt_bytes(), unless he starts a new
* message. Here is an example (N >= 2):
*
* u8 plaintext[N * ECRYPT_SYNCLENGTH];
* u8 ciphertext[N * ECRYPT_SYNCLENGTH];
*
* u8* previous = ciphertext + (N - 1) * ECRYPT_SYNCLENGTH;
*
* ECRYPT_keysetup(ctx, key, keysize, ...);
* ECRYPT_ivsetup(ctx, previous, iv);
*
* int rest = msglen;
*
* while (rest >= N * ECRYPT_SYNCLENGTH)
* {
* ... [import N new blocks of ECRYPT_SYNCLENGTH bytes in 'plaintext'] ...
*
* ECRYPT_encrypt_blocks(ctx, previous, plaintext, ciphertext, N);
*
* ... [export the N blocks of 'ciphertext'] ...
*
* rest -= N * ECRYPT_SYNCLENGTH;
* }
*
* if (rest > 0)
* {
* ... [import leftover] ...
*
* ECRYPT_encrypt_bytes(ctx, previous, plaintext, ciphertext, rest);
*
* ... [export leftover] ...
* }
*
* Note that the implementation cannot assume anything about the
* relative position of 'previous' and 'ciphertext', except that the
* ECRYPT_SYNCLENGTH bytes pointed to by 'previous' do not overlap
* with the first ECRYPT_SYNCLENGTH bytes of 'ciphertext'. When
* decrypting, 'previous' and 'ciphertext' cannot overlap at all (the
* user will need to switch between two ciphertext buffers).
*/
void ECRYPT_encrypt_bytes(
ECRYPT_ctx* ctx,
const u8* previous,
const u8* plaintext,
u8* ciphertext,
u32 msglen); /* Message length in bytes. */
void ECRYPT_decrypt_bytes(
ECRYPT_ctx* ctx,
const u8* previous,
const u8* ciphertext,
u8* plaintext,
u32 msglen); /* Message length in bytes. */
/* ------------------------------------------------------------------------- */
/* Optional optimizations */
/*
* By default, the functions in this section are implemented using
* calls to functions declared above. However, you might want to
* implement them differently for performance reasons.
*/
/*
* All-in-one encryption/decryption of (short) packets.
*
* The default definitions of these functions can be found in
* "ecrypt-ssyn.c". If you want to implement them differently,
* please undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag.
*/
#define ECRYPT_USES_DEFAULT_ALL_IN_ONE /* [edit] */
void ECRYPT_encrypt_packet(
ECRYPT_ctx* ctx,
const u8* iv,
const u8* plaintext,
u8* ciphertext,
u32 msglen);
void ECRYPT_decrypt_packet(
ECRYPT_ctx* ctx,
const u8* iv,
const u8* ciphertext,
u8* plaintext,
u32 msglen);
/*
* initialization of the CCSR pointers, must be executed once
* for each instance of ECRYPT_ctx
*/
void init_ctx(
ECRYPT_ctx *s);
/*
* Encryption/decryption of blocks.
*
* By default, these functions are defined as macros. If you want to
* provide a different implementation, please undef the
* ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions
* declared below.
*/
#define ECRYPT_USES_DEFAULT_BLOCK_MACROS /* [edit] */
#ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS
#define ECRYPT_encrypt_blocks(ctx, previous, plaintext, ciphertext, blocks)\
ECRYPT_encrypt_bytes(ctx, previous, plaintext, ciphertext, \
(blocks) * ECRYPT_SYNCLENGTH)
#define ECRYPT_decrypt_blocks(ctx, previous, ciphertext, plaintext, blocks)\
ECRYPT_decrypt_bytes(ctx, previous, ciphertext, plaintext, \
(blocks) * ECRYPT_SYNCLENGTH)
#else
void ECRYPT_encrypt_blocks(
const ECRYPT_ctx* ctx,
const u8* previous,
const u8* plaintext,
u8* ciphertext,
u32 blocks); /* Message length in blocks. */
void ECRYPT_decrypt_blocks(
const ECRYPT_ctx* ctx,
const u8* previous,
const u8* ciphertext,
u8* plaintext,
u32 blocks); /* Message length in blocks. */
#endif
/* ------------------------------------------------------------------------- */
#endif
|
eSTREAM Project Powered by ViewCVS 1.0-dev |
ViewCVS and CVS Help |