ecrypt-sync-ae.h

phelix加密算法源代码,是一个开源的加密算法

/* ecrypt-sync-ae.h */

/* 
 * Header file for synchronous stream ciphers with authentication
 * mechanism. 
 * 
 * *** Please only edit parts marked with "[edit]". ***
 */

#ifndef ECRYPT_SYNC_AE
#define ECRYPT_SYNC_AE

#include "ecrypt-portable.h"

/* ------------------------------------------------------------------------- */

/* Cipher parameters */

/* 
 * The name of your cipher.
 */
#define ECRYPT_NAME "Phelix"    /* [edit] */ 
#define ECRYPT_PROFILE "SW"

/*
 * Specify which key, IV, and MAC sizes are supported by your
 * cipher. A user should be able to enumerate the supported sizes by
 * running the following code:
 *
 * for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i)
 *   {
 *     keysize = ECRYPT_KEYSIZE(i);
 *
 *     ...
 *   }
 *
 * All sizes are in bits.
 */

#define ECRYPT_MAXKEYSIZE 256                 /* [edit] */
#define ECRYPT_KEYSIZE(i) (128 + (i)*64)      /* [edit] */

#define ECRYPT_MAXIVSIZE  128                 /* [edit] */
#define ECRYPT_IVSIZE(i)  (128 + (i)*32)      /* [edit] */

#define ECRYPT_MAXMACSIZE 128                 /* [edit] */
#define ECRYPT_MACSIZE(i) (64 + (i)*16)       /* [edit] */

/* ------------------------------------------------------------------------- */

/* Data structures */

/* 
 * ECRYPT_AE_ctx is the structure containing the representation of the
 * internal state of your cipher. 
 *
 * If your cipher also supports unauthenticated encryption, and you
 * want to allow the user to call the unauthenticated functions
 * declared in "ecrypt-sync.h" as well, you might want to set the
 * ECRYPT_SUPPORTS_UAE flag and define the ECRYPT_AE_ctx context as an
 * extension of the ECRYPT_ctx structure defined in "ecrypt-sync.h".
 */

#undef ECRYPT_SUPPORTS_UAE                    /* [edit] */
#ifndef ECRYPT_SUPPORTS_UAE

typedef struct
{
  /* 
   * [edit]
   *
   * In case your implementation does NOT support unauthenticated
   * encryption, put here all state variable needed during the
   * authenticated encryption process. If it does, use the structure
   * below.
   */
    struct          /* key schedule (no change after SetupNonce)    */
        {
        u32 keySize;        /* initial key size, in bits: 0..256    */
        u32 macSize;        /* mac tag     size, in bits: 0..128    */
        u32 X_1_bump;       /* 4*(keySize/8)+256*(macSize mod 128)  */
        u32 X_0[8];         /* processed working key material       */
        u32 X_1[8];
        } ks;               /* ks --> "key schedule" */

    struct          /* internal cipher state (varies during block) */
        {
        u32 oldZ[4];        /* previous four Z_4 values for output  */
        u32 Z[5];           /* 5 internal state words (160 bits)    */
        u32 i;              /* block number                         */
        u32 aadLen[2];      /* 64-bit aadLen counter (LSW first)    */
        u32 msgLen;         /* low 32 bits of msgLen                */
        u32 aadXor;         /* aadXor constant                      */
        } cs;               /* cs --> "cipher state"                */

} ECRYPT_AE_ctx;

#else

#include "ecrypt-sync.h"

typedef struct
{
  /*
   * [edit]
   *
   * In case your implementation does support unauthenticated
   * encryption, put here all additional state variables (if any)
   * needed to generate the MAC.
   */
} ECRYPT_macctx;

typedef struct
{
  ECRYPT_ctx ctx;
  ECRYPT_macctx macctx;
} ECRYPT_AE_ctx;

#endif

/* ------------------------------------------------------------------------- */

/* Mandatory functions */

/*
 * Key and message independent initialization. This function will be
 * called once when the program starts (e.g., to build expanded S-box
 * tables).
 */
void ECRYPT_init(void);

/*
 * Key setup. It is the user's responsibility to select the values of
 * keysize, ivsize, and macsize from the set of supported values
 * specified above.
 */
void ECRYPT_AE_keysetup(
  ECRYPT_AE_ctx* ctx, 
  const u8* key, 
  u32 keysize,                /* Key size in bits. */ 
  u32 ivsize,                 /* IV size in bits. */ 
  u32 macsize);               /* MAC size in bits. */ 

/*
 * IV setup. After having called ECRYPT_AE_keysetup(), the user is
 * allowed to call ECRYPT_AE_ivsetup() different times in order to
 * encrypt/decrypt different messages with the same key but different
 * IV's.
 */
void ECRYPT_AE_ivsetup(
  ECRYPT_AE_ctx* ctx, 
  const u8* iv);

/*
 * Authenticated encryption/decryption of arbitrary length messages.
 *
 * For efficiency reasons, the API provides two types of authenticated
 * encrypt/decrypt functions. The ECRYPT_AE_encrypt_bytes() function
 * (declared here) encrypts byte strings of arbitrary length, while
 * the ECRYPT_AE_encrypt_blocks() function (defined later) only
 * accepts lengths which are multiples of ECRYPT_BLOCKLENGTH.
 * 
 * The user is allowed to make multiple calls to
 * ECRYPT_AE_encrypt_blocks() to incrementally encrypt a long message,
 * but he is NOT allowed to make additional encryption calls once he
 * has called ECRYPT_AE_encrypt_bytes() (unless he starts a new
 * message of course). For example, this sequence of calls is
 * acceptable:
 *
 * ECRYPT_AE_keysetup();
 *
 * ECRYPT_AE_ivsetup();
 * ECRYPT_AE_encrypt_blocks();
 * ECRYPT_AE_encrypt_blocks();
 * ECRYPT_AE_encrypt_bytes();
 * ECRYPT_AE_finalize();
 *
 * ECRYPT_AE_ivsetup();
 * ECRYPT_AE_encrypt_blocks();
 * ECRYPT_AE_encrypt_blocks();
 * ECRYPT_AE_finalize();
 *
 * ECRYPT_AE_ivsetup();
 * ECRYPT_AE_encrypt_bytes();
 * ECRYPT_AE_finalize();
 * 
 * The following sequence is not:
 *
 * ECRYPT_AE_keysetup();
 * ECRYPT_AE_ivsetup();
 * ECRYPT_AE_encrypt_blocks();
 * ECRYPT_AE_encrypt_bytes();
 * ECRYPT_AE_encrypt_blocks();
 * ECRYPT_AE_finalize();
 */

/*
 * By default ECRYPT_AE_encrypt_bytes() and ECRYPT_AE_decrypt_bytes()
 * are defined as macros which redirect the call to a single function
 * ECRYPT_AE_process_bytes(). If you want to provide separate
 * encryption and decryption functions, please undef
 * ECRYPT_HAS_SINGLE_BYTE_FUNCTION.
 */
#undef ECRYPT_HAS_SINGLE_BYTE_FUNCTION       /* [edit] */
#ifdef ECRYPT_HAS_SINGLE_BYTE_FUNCTION

#define ECRYPT_AE_encrypt_bytes(ctx, plaintext, ciphertext, msglen)   \
  ECRYPT_AE_process_bytes(0, ctx, plaintext, ciphertext, msglen)

#define ECRYPT_AE_decrypt_bytes(ctx, ciphertext, plaintext, msglen)   \
  ECRYPT_AE_process_bytes(1, ctx, ciphertext, plaintext, msglen)

void ECRYPT_AE_process_bytes(
  int action,                 /* 0 = encrypt; 1 = decrypt; */
  ECRYPT_AE_ctx* ctx, 
  const u8* input, 
  u8* output, 
  u32 msglen);                /* Message length in bytes. */ 

#else

void ECRYPT_AE_encrypt_bytes(
  ECRYPT_AE_ctx* ctx, 
  const u8* plaintext, 
  u8* ciphertext, 
  u32 msglen);                /* Message length in bytes. */ 

void ECRYPT_AE_decrypt_bytes(
  ECRYPT_AE_ctx* ctx, 
  const u8* ciphertext, 
  u8* plaintext, 
  u32 msglen);                /* Message length in bytes. */ 

#endif

/*
 * MAC output. The ECRYPT_AE_finalize() function produces a MAC, and
 * is to be called both after the encryption and the decryption of a
 * message. The user is supposed to check whether both MAC's are
 * identical and to delete all decrypted text if they are not.
 */
void ECRYPT_AE_finalize(
  ECRYPT_AE_ctx* ctx,
  u8* mac);

/* ------------------------------------------------------------------------- */

/* Optional features */

/* 
 * Please set the ECRYPT_SUPPORTS_AAD flag if your cipher can
 * authenticate associated data (without encrypting it). The function
 * ECRYPT_AE_authenticate_x() will be called (possibly multiple times)
 * before any call to ECRYPT_AE_encrypt_x(). The function has both a
 * byte and a block version (defined later), which are intended to be
 * used in the same way as the encryption function above.
 */

#define ECRYPT_SUPPORTS_AAD                    /* [edit] */
#ifdef ECRYPT_SUPPORTS_AAD

/*
 * If ECRYPT_SUPPORTS_INCREMENTAL_AAD flag is NOT set, the user is
 * only allowed to call ECRYPT_AE_authenticate_x() once. This
 * restriction is important for schemes which need to know the length
 * of the complete AAD in advance.
 */
#define ECRYPT_SUPPORTS_INCREMENTAL_AAD       /* [edit] */

void ECRYPT_AE_authenticate_bytes(
  ECRYPT_AE_ctx* ctx,
  const u8* aad,
  u32 aadlen);                /* Length of associated data in bytes. */

#endif

/* ------------------------------------------------------------------------- */

/* Optional optimizations */

/* 
 * By default, the functions in this section are implemented using
 * calls to functions declared above. However, you might want to
 * implement them differently for performance reasons.
 */

/*
 * All-in-one authenticated encryption/decryption of (short) packets.
 *
 * The default definitions of these functions can be found in
 * "ecrypt-sync-ae.c". If you want to implement them differently,
 * please undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag.
 */
#undef ECRYPT_USES_DEFAULT_ALL_IN_ONE        /* [edit] */

/*
 * Undef ECRYPT_HAS_SINGLE_PACKET_FUNCTION if you want to provide
 * separate packet encryption and decryption functions.
 */
#undef ECRYPT_HAS_SINGLE_PACKET_FUNCTION     /* [edit] */
#ifdef ECRYPT_HAS_SINGLE_PACKET_FUNCTION

#define ECRYPT_AE_encrypt_packet(                                     \
    ctx, iv, aad, aadlen, plaintext, ciphertext, mglen, mac)          \
  ECRYPT_AE_process_packet(0,                                         \
    ctx, iv, aad, aadlen, plaintext, ciphertext, mglen, mac)

#define ECRYPT_AE_decrypt_packet(                                     \
    ctx, iv, aad, aadlen, ciphertext, plaintext, mglen, mac)          \
  ECRYPT_AE_process_packet(1,                                         \
    ctx, iv, aad, aadlen, ciphertext, plaintext, mglen, mac)

void ECRYPT_AE_process_packet(
  int action,                 /* 0 = encrypt; 1 = decrypt; */
  ECRYPT_AE_ctx* ctx, 
  const u8* iv,
  const u8* aad,
  u32 aadlen,
  const u8* input, 
  u8* output, 
  u32 msglen,
  u8* mac);

#else

void ECRYPT_AE_encrypt_packet(
  ECRYPT_AE_ctx* ctx, 
  const u8* iv,
  const u8* aad,
  u32 aadlen,
  const u8* plaintext, 
  u8* ciphertext, 
  u32 msglen,
  u8* mac);

void ECRYPT_AE_decrypt_packet(
  ECRYPT_AE_ctx* ctx, 
  const u8* iv,
  const u8* aad,
  u32 aadlen,
  const u8* ciphertext, 
  u8* plaintext, 
  u32 msglen,
  u8* mac);

#endif

/*
 * Authenticated encryption/decryption of blocks.
 * 
 * By default, these functions are defined as macros. If you want to
 * provide a different implementation, please undef the
 * ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions
 * declared below.
 */

#define ECRYPT_BLOCKLENGTH 4                  /* [edit] */

#define ECRYPT_USES_DEFAULT_BLOCK_MACROS      /* [edit] */
#ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS

#define ECRYPT_AE_encrypt_blocks(ctx, plaintext, ciphertext, blocks)  \
  ECRYPT_AE_encrypt_bytes(ctx, plaintext, ciphertext,                 \
    (blocks) * ECRYPT_BLOCKLENGTH)

#define ECRYPT_AE_decrypt_blocks(ctx, ciphertext, plaintext, blocks)  \
  ECRYPT_AE_decrypt_bytes(ctx, ciphertext, plaintext,                 \
    (blocks) * ECRYPT_BLOCKLENGTH)

#ifdef ECRYPT_SUPPORTS_AAD

#define ECRYPT_AE_authenticate_blocks(ctx, aad, blocks)               \
  ECRYPT_AE_authenticate_bytes(ctx, aad,                              \
    (blocks) * ECRYPT_BLOCKLENGTH)

#endif

#else

/*
 * Undef ECRYPT_HAS_SINGLE_BLOCK_FUNCTION if you want to provide
 * separate block encryption and decryption functions.
 */
#define ECRYPT_HAS_SINGLE_BLOCK_FUNCTION      /* [edit] */
#ifdef ECRYPT_HAS_SINGLE_BLOCK_FUNCTION

#define ECRYPT_AE_encrypt_blocks(ctx, plaintext, ciphertext, blocks)  \
  ECRYPT_AE_process_blocks(0, ctx, plaintext, ciphertext, blocks)

#define ECRYPT_AE_decrypt_blocks(ctx, ciphertext, plaintext, blocks)  \
  ECRYPT_AE_process_blocks(1, ctx, ciphertext, plaintext, blocks)

void ECRYPT_AE_process_blocks(
  int action,                 /* 0 = encrypt; 1 = decrypt; */
  ECRYPT_AE_ctx* ctx, 
  const u8* input, 
  u8* output, 
  u32 blocks);                /* Message length in blocks. */

#else

void ECRYPT_AE_encrypt_blocks(
  ECRYPT_AE_ctx* ctx, 
  const u8* plaintext, 
  u8* ciphertext, 
  u32 blocks);                /* Message length in blocks. */ 

void ECRYPT_AE_decrypt_blocks(
  ECRYPT_AE_ctx* ctx, 
  const u8* ciphertext, 
  u8* plaintext, 
  u32 blocks);                /* Message length in blocks. */ 

#endif

#ifdef ECRYPT_SUPPORTS_AAD

void ECRYPT_AE_authenticate_blocks(
  ECRYPT_AE_ctx* ctx,
  const u8* aad,
  u32 blocks);                /* Message length in blocks. */ 

#endif

#endif

/*
 * If your cipher can be implemented in different ways, you can use
 * the ECRYPT_VARIANT parameter to allow the user to choose between
 * them at compile time (e.g., gcc -DECRYPT_VARIANT=3 ...). Please
 * only use this possibility if you really think it could make a
 * significant difference and keep the number of variants
 * (ECRYPT_MAXVARIANT) as small as possible (definitely not more than
 * 10). Note also that all variants should have exactly the same
 * external interface (i.e., the same ECRYPT_BLOCKLENGTH, etc.). 
 */
#define ECRYPT_MAXVARIANT 1                   /* [edit] */

#ifndef ECRYPT_VARIANT
#define ECRYPT_VARIANT 1
#endif

#if (ECRYPT_VARIANT > ECRYPT_MAXVARIANT)
#error this variant does not exist
#endif

/* ------------------------------------------------------------------------- */

#endif