CHelix v1.07
Welcome to CHelix, a C++ implementation for the Helix Encryption and Authentication
algorithm as presented in a November 2003 Dr. Dobb's Journal article by Niels Ferguson
and Bruce Schneier. For further information please refer to the article and / or
the web site for it at http://www.macfergus.com/helix.
Features
- Encrypts / Decrypts and produces a hash in one operation.
- It's Fast!, Using just this C++ code on an AMD Athlon XP 2700+ and
Visual Studio 6, I was able to get an encryption speed of 191 MB / second
with just the C++ code provided. This corresponds to c. 11 clock ticks per
byte.
- The test program verifies the encryption and decryption using the supplied
test vectors from the Helix web site.
- Encryption and Decryption can be done in place. To achieve this simply set
the OUT parameter in the Encrypt or Decrypt functions to point to the buffer
which is being encrypted / decrypted. For an example of this check out the last
test in the TestHelix.cpp module.
Copyright
- You are allowed to include the source code in any product (commercial, shareware,
freeware or otherwise) when your product is released in binary form.
- You are allowed to modify the source code in any way you want except you
cannot modify the copyright details at the top of each module.
- If you want to distribute source code with your application, then you are
only allowed to distribute versions released by the author. This is to maintain
a single distribution point for the source code.
History
V1.0 (29 November 2003)
V1.01 (30 November 2003)
- Following an email update from Niels Ferguson, the following changes were
made:
- Removed the need for the doBlk function
- Made the Block function inline.
- Removed the unneeded code "m_i8 >> 31"
- Removed the unneeded local variable tag in the Finish method.
- Removed the switch statement in preference for a lookup array in Decrypt.
- plaintext is now not released from Decrypt if the MAC's do not match up.
- Optimized the key method CHelix::Block by using register local variables.
This now gets the throughput on my machine up to 191 MB / second
V1.02 (1 December 2003)
- Optimized the for loop in Finish. Now it is only called 3 times instead
of 4.
V1.03 (1 December 2003)
- Further optimizations as suggested by Serhiy Pavlov boost the speed to 208
MB / second on my home machine. This corresponds to a speed of 10.4 clock ticks
per byte!,
- Also produced a DLL version of the algorithm, so that client applications
which do not or cannot (e.g. Visual Basic) muck around with the C++ source code
can use the code.
V1.04 (18 June 2004)
- Fixed a bug in the CHelix constructor. Thanks to Richard Gyger for reporting
this problem.
V1.05 (17 September 2004)
- Fixed a number of warnings in the code when compiled in VC .Net 2003 with
the "Force conformance in For Loop Scope" compiler option is set.
V1.06 (28 October 2004)
- Fixed a problem in the decryption where the Helix_Decrypt_Masks bit masks
were incorrectly defined. Thanks to Dwain Skinner for reporting and providing
a fix for this problem.
- Removed the declaration of #pragma intrinsic(_rotl) as recent Platform SDK's
already have this defined.
- Sample app provided with download, now uses console I/O for reporting its
results.
V1.07 (30 December 2006)
- Updated copyright details.
- Addition of a CHELIX_EXT_CLASS preprocessor macro to allow the classes
to be more easily added to an extension dll
- Optimized CHelix constructor code.
- Code now uses newer C++ style casts instead of C style casts.
- Updated the code to clean compile on VC2005
- Reworked the layout of the CHelixMAC operator== method
- Replaced use of BOOL with bool in the class.
- Updated documentation to use the same style as the web site
API Reference
The API consists of the public methods of the CHelix class. They consist of:
CHelix::SetKey
CHelix::Encrypt
CHelix::Decrypt
CHelix::SetKey
bool SetKey(const BYTE* pbyKey, DWORD dwKeyLength);
Parameters
pbyKey Pointer to a data to encrypt.
dwKeyLength The length of the key "pByKey" in bytes.
Return Value
true if the key was set otherwise false.
Remarks
Initializes the helix instance using the secret value "pbyKey" and length
"nLength". The maximum value for the key is 32 bytes. The secret key should
be known only to the sender and receiver.
CHelix::Encrypt
bool Encrypt(const BYTE* pbyPlainText, DWORD dwPlainTextSize,
const CHelixNonce& nonce, BYTE* pbyCipherText, CHelixMAC&
mac);
Parameters
pbyPlainText Pointer to the data to encrypt.
dwPlainTextSize The size in bytes of the data in "pbyPlainText".
nonce The cryptographic nonce to use for the encryption. This is a 16
byte value which should be unique for each message to be encrypted.
pbyCipherText Pointer to the buffer which receives the encrypted data
upon return of the function. The buffer should be the same size (or greater) than
"dwPlainTextSize" bytes in size.
mac Pointer to the message authentication code (aka hash or digest) for
the data which is filled in upon return.
Return Value
true if the data was encrypted successfully otherwise false.
Remarks
To encrypt data in place, set "pbyCipherText" to be the same value as
"pbyPlainText".
CHelix::Decrypt
Decrypt();
bool Decrypt(const BYTE* pbyCipherText, DWORD
dwCipherTextSize, const CHelixNonce& nonce, const CHelixMAC&
mac, BYTE* pbyPlainText);
Parameters
pbyCipherText Pointer to the data to decrypt.
dwCipherTextSize The size in bytes of the data in "pbyCipherText".
nonce The cryptographic nonce to use for the decryption. This is the 16
byte value which should be transmitted with the encrypted data such as in a Message
sequence number or other counter.
mac Pointer to the message authentication code (aka hash or digest) for
the data. Again this should be transmitted with the encrypted data.
pbyPlainText Pointer to the buffer which receives the decrypted data upon
return of the function. The buffer should be the same size (or greater) than
"dwCipherTextSize" bytes in size.
Return Value
true if the received MAC "mac" is the same as the calculated mac from
the actual received data otherwise false.
Remarks
To decrypt data in place, set "pbyPlainText" to be the same value as
"pbyCipherText".
Contacting the Author
PJ Naughter
Email: pjna@naughter.com
Web: http://www.naughter.com
30 December 2006