From d60ebea1fac988fbe7fe9b9d059f37e46cbbd018 Mon Sep 17 00:00:00 2001 From: Christian Neukirchen Date: Sat, 16 Mar 2013 01:16:30 +0100 Subject: initial import --- sosemanuk.h | 176 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 sosemanuk.h (limited to 'sosemanuk.h') diff --git a/sosemanuk.h b/sosemanuk.h new file mode 100644 index 0000000..3cee5a8 --- /dev/null +++ b/sosemanuk.h @@ -0,0 +1,176 @@ +/* + * SOSEMANUK reference API. + * + * This file documents the reference implementation API. If the + * macro SOSEMANUK_ECRYPT is defined, the API follows the ECRYPT + * conventions (types, function names...) and uses the ECRYPT files; + * otherwise, a simpler API is used. + * + * (c) 2005 X-CRYPT project. This software is provided 'as-is', without + * any express or implied warranty. In no event will the authors be held + * liable for any damages arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to no restriction. + * + * Technical remarks and questions can be addressed to + * + */ + +#ifndef SOSEMANUK_H__ +#define SOSEMANUK_H__ + +/* + * This macro enables the ECRYPT API, and disables the local API. + * It is defined by default, for ECRYPT processing. + */ +//#define SOSEMANUK_ECRYPT + +#ifdef SOSEMANUK_ECRYPT + +#include "ecrypt-sync.h" + +#else + +#include + +/* + * Input/Output is defined in terms of octets, but C provides only + * the C notion of "byte". We require that C bytes are actually octets. + */ +#if CHAR_BIT != 8 +#error We need 8-bit bytes +#endif + +/* + * We want an unsigned integer type with at least (and possibly exactly) + * 32 bits. Such a type implements arithmetics modulo 2^n for a value + * n greater than or equal to 32. The type is named "unum32". + * + * Note: we try to use C99 features such as . This may prove + * problematic on architectures which claim C99 conformance, but fail + * to actually conform. If necessary, define the macro BROKEN_C99 to + * fall back to C90, whatever the environment claims: +#define BROKEN_C99 1 + */ + +#if !defined BROKEN_C99 && defined __STDC__ && __STDC_VERSION__ >= 199901L + +/* + * C99 implementation. We use "uint_least32_t" which has the required + * semantics. + */ +#include +typedef uint_least32_t unum32; + +#else + +/* + * Pre-C99 implementation. "unsigned long" is guaranteed to be wide + * enough, but we want to use "unsigned int" if possible (especially + * for 64-bit architectures). + */ +#if UINT_MAX >= 0xFFFFFFFF +typedef unsigned int unum32; +#else +typedef unsigned long unum32; +#endif + +#endif + +/* + * We want (and sometimes need) to perform explicit truncations to 32 bits. + */ +#define ONE32 ((unum32)0xFFFFFFFF) +#define T32(x) ((x) & ONE32) + +/* + * Some of our functions will be tagged as "inline" to help the compiler + * optimize things. We use "inline" only if the compiler is advanced + * enough to understand it; C99 compilers, and pre-C99 versions of gcc, + * understand enough "inline" for our purposes. + */ +#if (!defined BROKEN_C99 && defined __STDC__ && __STDC_VERSION__ >= 199901L) \ + || defined __GNUC__ +#define INLINE inline +#else +#define INLINE +#endif + +/* + * API description: + * + * The SOSEMANUK algorithm works with a secret key and an initial value (IV). + * Two context structures are used: + * + * -- "sosemanuk_key_context" holds the processed secret key. The contents + * of this structure depends only on the key, not the IV. + * + * -- "sosemanuk_run_context" holds the current cipher internal state. This + * structure is initialized using the "sosemanuk_key_context" structure, and + * the IV; it is updated each time some output is produced. + * + * Both structures may be allocated as local variables. There is no + * other external allocation (using malloc() or any similar function). + * There is no global state; hence, this code is thread-safe and + * reentrant. + */ + +typedef struct { + /* + * Sub-keys for Serpent24. + */ + unum32 sk[100]; +} sosemanuk_key_context; + +typedef struct { + /* + * Internal cipher state. + */ + unum32 s00, s01, s02, s03, s04, s05, s06, s07, s08, s09; + unum32 r1, r2; + + /* + * Buffering: the stream cipher produces output data by + * blocks of 640 bits. buf[] contains such a block, and + * "ptr" is the index of the next output byte. + */ + unsigned char buf[80]; + unsigned ptr; +} sosemanuk_run_context; + +/* + * Key schedule: initialize the key context structure with the provided + * secret key. The secret key is an array of 1 to 32 bytes. + */ +void sosemanuk_schedule(sosemanuk_key_context *kc, + unsigned char *key, size_t key_len); + +/* + * Cipher initialization: the cipher internal state is initialized, using + * the provided key context and IV. The IV length is up to 16 bytes. If + * "iv_len" is 0 (no IV), then the "iv" parameter can be NULL. + */ +void sosemanuk_init(sosemanuk_run_context *rc, + sosemanuk_key_context *kc, unsigned char *iv, size_t iv_len); + +/* + * Cipher operation, as a PRNG: the provided output buffer is filled with + * pseudo-random bytes as output from the stream cipher. + */ +void sosemanuk_prng(sosemanuk_run_context *rc, + unsigned char *out, size_t out_len); + +/* + * Cipher operation, as a stream cipher: data is read from the "in" + * buffer, combined by XOR with the stream, and the result is written + * in the "out" buffer. "in" and "out" must be either equal, or + * reference distinct buffers (no partial overlap is allowed). + */ +void sosemanuk_encrypt(sosemanuk_run_context *rc, + unsigned char *in, unsigned char *out, size_t data_len); + +#endif + +#endif -- cgit 1.4.1