Software APIs
Data Structures | Typedefs | Enumerations | Functions
dif_kmac.h File Reference

(2c5ba75c1c)

KMAC Device Interface Functions More...

#include <stdint.h>
#include "sw/device/lib/base/macros.h"
#include "sw/device/lib/base/mmio.h"
#include "sw/device/lib/dif/dif_base.h"
#include "sw/device/lib/dif/autogen/dif_kmac_autogen.h"

Go to the source code of this file.

Data Structures

struct  dif_kmac_config
 Runtime configuration for KMAC. More...
 
struct  dif_kmac_operation_state
 A KMAC operation state context. More...
 
struct  dif_kmac_key
 A key for KMAC operations. More...
 
struct  dif_kmac_customization_string
 An encoded bit string used for customization string (S). More...
 
struct  dif_kmac_function_name
 An encoded bit string used for function name (N). More...
 
struct  dif_kmac_status
 

Typedefs

typedef enum dif_kmac_entropy_mode dif_kmac_entropy_mode_t
 This API implements an interface for the KMAC hardware. More...
 
typedef struct dif_kmac_config dif_kmac_config_t
 Runtime configuration for KMAC. More...
 
typedef struct dif_kmac_operation_state dif_kmac_operation_state_t
 A KMAC operation state context.
 
typedef enum dif_kmac_mode_sha3 dif_kmac_mode_sha3_t
 Supported SHA-3 modes of operation.
 
typedef enum dif_kmac_mode_shake dif_kmac_mode_shake_t
 Supported SHAKE modes of operation.
 
typedef enum dif_kmac_mode_cshake dif_kmac_mode_cshake_t
 Supported cSHAKE modes of operation.
 
typedef enum dif_kmac_mode_kmac dif_kmac_mode_kmac_t
 Supported KMAC modes of operation.
 
typedef enum dif_kmac_key_length dif_kmac_key_length_t
 Key length. More...
 
typedef struct dif_kmac_key dif_kmac_key_t
 A key for KMAC operations. More...
 
typedef struct dif_kmac_customization_string dif_kmac_customization_string_t
 An encoded bit string used for customization string (S). More...
 
typedef struct dif_kmac_function_name dif_kmac_function_name_t
 An encoded bit string used for function name (N). More...
 
typedef enum dif_kmac_error dif_kmac_error_t
 Error reported by KMAC unit. More...
 
typedef enum dif_kmac_fifo_state dif_kmac_fifo_state_t
 The state of the message FIFO used to buffer absorbed data. More...
 
typedef enum dif_kmac_sha3_state dif_kmac_sha3_state_t
 
typedef enum dif_kmac_alert_faults dif_kmac_alert_faults_t
 The kmac error faults. More...
 
typedef struct dif_kmac_status dif_kmac_status_t
 

Enumerations

enum  dif_kmac_entropy_mode {
  kDifKmacEntropyModeIdle = 0 ,
  kDifKmacEntropyModeEdn ,
  kDifKmacEntropyModeSoftware
}
 This API implements an interface for the KMAC hardware. More...
 
enum  {
  kDifKmacMaxCustomizationStringLen = 32 ,
  kDifKmacMaxCustomizationStringOverhead = 3 ,
  kDifKmacMaxFunctionNameLen = 4 ,
  kDifKmacMaxFunctionNameOverhead = 2 ,
  kDifKmacMaxOutputLenWords = (UINT32_MAX - 32) / 32 ,
  kDifKmacMaxKeyLenWords = 512 / 32 ,
  kDifKmacEntropySeedWords = 6 ,
  kDifKmacStateShareOffset = 0x100 ,
  kDifKmacStateWords = 1600 / 8 / sizeof(uint32_t)
}
 Maximum lengths supported by the KMAC unit. More...
 
enum  dif_kmac_mode_sha3 {
  kDifKmacModeSha3Len224 ,
  kDifKmacModeSha3Len256 ,
  kDifKmacModeSha3Len384 ,
  kDifKmacModeSha3Len512
}
 Supported SHA-3 modes of operation. More...
 
enum  dif_kmac_mode_shake {
  kDifKmacModeShakeLen128 ,
  kDifKmacModeShakeLen256
}
 Supported SHAKE modes of operation. More...
 
enum  dif_kmac_mode_cshake {
  kDifKmacModeCshakeLen128 ,
  kDifKmacModeCshakeLen256
}
 Supported cSHAKE modes of operation. More...
 
enum  dif_kmac_mode_kmac {
  kDifKmacModeKmacLen128 ,
  kDifKmacModeKmacLen256
}
 Supported KMAC modes of operation. More...
 
enum  dif_kmac_key_length {
  kDifKmacKeyLen128 = 0 ,
  kDifKmacKeyLen192 = 1 ,
  kDifKmacKeyLen256 = 2 ,
  kDifKmacKeyLen384 = 3 ,
  kDifKmacKeyLen512 = 4
}
 Key length. More...
 
enum  dif_kmac_error {
  kDifErrorNone = 0 ,
  kDifErrorKeyNotValid = 1 ,
  kDifErrorSoftwarePushedMessageFifo = 2 ,
  kDifErrorSoftwareIssuedCommandWhileAppInterfaceActive = 3 ,
  kDifErrorEntropyWaitTimerExpired = 4 ,
  kDifErrorEntropyModeIncorrect = 5 ,
  kDifErrorUnexpectedModeStrength = 6 ,
  kDifErrorIncorrectFunctionName = 7 ,
  kDifErrorSoftwareCommandSequence = 8 ,
  kDifErrorSoftwareHashingWithoutEntropyReady = 9 ,
  kDifErrorFatalError = 0xC1 ,
  kDifErrorPackerIntegrity = 0xC2 ,
  kDifErrorMsgFifoIntegrity = 0xC3
}
 Error reported by KMAC unit. More...
 
enum  dif_kmac_fifo_state {
  kDifKmacFifoStatePartial = 0 ,
  kDifKmacFifoStateEmpty = 1 << 0 ,
  kDifKmacFifoStateFull = 1 << 1
}
 The state of the message FIFO used to buffer absorbed data. More...
 
enum  dif_kmac_sha3_state {
  kDifKmacSha3StateIdle = 1 << 0 ,
  kDifKmacSha3StateAbsorbing = 1 << 1 ,
  kDifKmacSha3StateSqueezing = 1 << 2
}
 
enum  dif_kmac_alert_faults {
  kDifKmacAlertNone = 0 ,
  kDifKmacAlertFatalFault = 1 << 0 ,
  kDifKmacAlertRecovCtrlUpdate = 1 << 1
}
 The kmac error faults. More...
 

Functions

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_configure (dif_kmac_t *kmac, dif_kmac_config_t config)
 Configures KMAC with runtime information. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_customization_string_init (const char *data, size_t len, dif_kmac_customization_string_t *out)
 Encode a customization string (S). More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_function_name_init (const char *data, size_t len, dif_kmac_function_name_t *out)
 Encode a function name (N). More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_sha3_start (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state, dif_kmac_mode_sha3_t mode)
 Start a SHA-3 operation. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_shake_start (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state, dif_kmac_mode_shake_t mode)
 Start a SHAKE operation. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_cshake_start (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state, dif_kmac_mode_cshake_t mode, const dif_kmac_function_name_t *n, const dif_kmac_customization_string_t *s)
 Start a cSHAKE operation. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_kmac_start (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state, dif_kmac_mode_kmac_t mode, size_t l, const dif_kmac_key_t *k, const dif_kmac_customization_string_t *s)
 Start a KMAC operation. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_absorb (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state, const void *msg, size_t len, size_t *processed)
 Absorb bytes from the message provided. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_squeeze (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state, uint32_t *out, size_t len, size_t *processed, uint32_t *capacity)
 Squeeze bytes into the output buffer provided. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_end (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state)
 Ends a squeeze operation and resets the hardware so it is ready for a new operation. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_get_error (const dif_kmac_t *kmac, dif_kmac_error_t *error, uint32_t *info)
 Read the kmac error register to get the error code indicated the interrupt state. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_reset (const dif_kmac_t *kmac, dif_kmac_operation_state_t *operation_state)
 Clear the current error code and reset the state machine to the idle state ready to accept new operations. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_err_processed (const dif_kmac_t *kmac)
 Let the KMAC HW know that SW has processed the errors the HW has flagged. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_has_error_occurred (const dif_kmac_t *kmac, bool *error)
 Report whether the hardware currently indicates an error. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_clear_err_irq (const dif_kmac_t *kmac)
 Clear the kmac_err IRQ. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_get_status (const dif_kmac_t *kmac, dif_kmac_status_t *kmac_status)
 Fetch the current status of the message FIFO used to buffer absorbed data. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_get_hash_counter (const dif_kmac_t *kmac, uint32_t *hash_ctr)
 Returns the current value of the refresh hash counter. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_config_is_locked (const dif_kmac_t *kmac, bool *is_locked)
 Reports whether or not the KMAC configuration register is locked. More...
 
OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_poll_status (const dif_kmac_t *kmac, uint32_t flag)
 Poll until a given flag in the status register is set. More...
 

Detailed Description

KMAC Device Interface Functions

Definition in file dif_kmac.h.


Data Structure Documentation

◆ dif_kmac_config

struct dif_kmac_config

Runtime configuration for KMAC.

This struct describes runtime information for configuration of the hardware.

Definition at line 153 of file dif_kmac.h.

Data Fields
bool entropy_fast_process Entropy fast process mode when enabled prevents the KMAC unit consuming entropy unless it is processing a secret key.

This process should not be used when resistance against side-channel attacks is required, because it may lead to leakage of the secret key in the power trace.

uint16_t entropy_hash_threshold The number of KMAC invocations that triggers an automatic seed request from EDN.
dif_kmac_entropy_mode_t entropy_mode Entropy mode specifying the source of entropy (EDN or software).
uint16_t entropy_prescaler Prescaler value that determines how many clock pulse triggers an increment in the timer counter.
uint32_t entropy_seed[kDifKmacEntropySeedWords] Entropy seed.

Only used when the source of entropy is software.

uint16_t entropy_wait_timer Number of clock cycles to wait for the EDN to reseed the entropy generator before an error is raised (see dif_kmac_get_error).

If 0 the unit will wait forever.

bool message_big_endian Convert the message to big-endian byte order.

Note: this option currently had no effect since the message is sent a byte at a time but will in the future.

bool msg_mask Message Masking with PRNG.

If true, KMAC applies PRNG to the input messages to the Keccak module when KMAC mode is on.

bool output_big_endian Convert the output state (digest) to big-endian byte order on a word granularity.
bool sideload Place kmac inside key sideload mode.

◆ dif_kmac_operation_state

struct dif_kmac_operation_state

A KMAC operation state context.

Definition at line 221 of file dif_kmac.h.

Data Fields
bool append_d Flag indicating whether the output length (d) should be right encoded in software and appended to the end of the message.

The output length is required to be appended to the message as part of a KMAC operation.

size_t d The output length (d) in 32-bit words.

If the output length is not fixed then this field will be set to 0.

Note: if the output length is fixed length will be modified to ensure that d - offset always accurately reflects the number of words remaining.

size_t offset Offset into the output state.
size_t r The rate (r) in 32-bit words.
bool squeezing Whether the 'squeezing' phase has been started.

◆ dif_kmac_key

struct dif_kmac_key

A key for KMAC operations.

The key is provided in two parts, share0 and share1. These are combined using a bitwise XOR operation in the KMAC unit to produce the real key.

The key shares are encoded in little endian byte order. This is fixed and cannot be changed (unlike the byte order used for the message and state).

Unused words in the key shares must be set to 0.

Definition at line 329 of file dif_kmac.h.

Data Fields
dif_kmac_key_length_t length
uint32_t share0[kDifKmacMaxKeyLenWords]
uint32_t share1[kDifKmacMaxKeyLenWords]

◆ dif_kmac_customization_string

struct dif_kmac_customization_string

An encoded bit string used for customization string (S).

Use dif_kmac_customization_string_init to initialize.

Definition at line 340 of file dif_kmac.h.

Data Fields
char buffer[kDifKmacMaxCustomizationStringLen+kDifKmacMaxCustomizationStringOverhead] Encoded S: left_encode(len(S)) || S.
uint32_t length Length of data in buffer in bytes.

◆ dif_kmac_function_name

struct dif_kmac_function_name

An encoded bit string used for function name (N).

Use dif_kmac_function_name_init to initialize.

Definition at line 353 of file dif_kmac.h.

Data Fields
char buffer[kDifKmacMaxFunctionNameLen+kDifKmacMaxFunctionNameOverhead] Encoded N: left_encode(len(N)) || N.
uint32_t length Length of data in buffer in bytes.

◆ dif_kmac_status

struct dif_kmac_status

Definition at line 474 of file dif_kmac.h.

Data Fields
dif_kmac_alert_faults_t faults Kmac faults and errors state.
uint32_t fifo_depth Message FIFO entry count.
dif_kmac_fifo_state_t fifo_state Kmac fifo state.
dif_kmac_sha3_state_t sha3_state Sha3 state.

Typedef Documentation

◆ dif_kmac_alert_faults_t

The kmac error faults.

The hardware defined these status in different bit fields, however they work better in the same field. Then the values chosen for this enum allow the conversion from the register bits to this enum without branches.

◆ dif_kmac_config_t

Runtime configuration for KMAC.

This struct describes runtime information for configuration of the hardware.

◆ dif_kmac_customization_string_t

An encoded bit string used for customization string (S).

Use dif_kmac_customization_string_init to initialize.

◆ dif_kmac_entropy_mode_t

This API implements an interface for the KMAC hardware.

The KMAC hardware implements the following cryptographic hash and message authentication code (MAC) functions:

  • SHA-3 [1]
  • SHAKE [1]
  • cSHAKE [2]
  • KMAC [2]

The following sequence of operations is required to initialize the KMAC hardware:

If configuration changes are required then dif_kmac_configure can be called again so long as there are no operations in progress.

The following sequence of operations is required to execute an operation:

This is a streaming API and the dif_kmac_absorb and dif_kmac_squeeze functions may be called multiple times during a single operation. Once dif_kmac_squeeze has been called however no further dif_kmac_absorb calls may be made. See NIST FIPS 202 [1] for more information about the sponge construction and the 'absorbing' and 'squeezing' states.

Please see the following documentation for more information about the KMAC hardware: https://docs.opentitan.org/hw/ip/kmac/doc/

References: [1] - NIST FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions http://dx.doi.org/10.6028/NIST.FIPS.202 [2] - NIST Special Publication 800-185 SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash https://doi.org/10.6028/NIST.SP.800-185 Supported entropy modes.

Entropy may be provided by the entropy distribution network (EDN) or using a seed provided by software.

◆ dif_kmac_error_t

Error reported by KMAC unit.

Codes taken from hw/ip/kmac/rtl/kmac_pkg.sv:err_code_e

◆ dif_kmac_fifo_state_t

The state of the message FIFO used to buffer absorbed data.

The hardware defined these status in different bit fields, however they work better in the same field. i.e the fifo can't be empty and full at the same time. That said, the values chosen for this enum allow the conversion from the register bits to this enum without branches.

◆ dif_kmac_function_name_t

An encoded bit string used for function name (N).

Use dif_kmac_function_name_init to initialize.

◆ dif_kmac_key_length_t

Key length.

The key length is specified in bits.

◆ dif_kmac_key_t

typedef struct dif_kmac_key dif_kmac_key_t

A key for KMAC operations.

The key is provided in two parts, share0 and share1. These are combined using a bitwise XOR operation in the KMAC unit to produce the real key.

The key shares are encoded in little endian byte order. This is fixed and cannot be changed (unlike the byte order used for the message and state).

Unused words in the key shares must be set to 0.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Maximum lengths supported by the KMAC unit.

Enumerator
kDifKmacMaxCustomizationStringLen 

The maximum length in bytes of a customization string (S) before it has been encoded.

kDifKmacMaxCustomizationStringOverhead 

The maximum number of bytes required to encode the length of the customization string.

Assumes maximum customization string length of 32 bytes (256 bits).

kDifKmacMaxFunctionNameLen 

The maximum length in bytes of a function name (N) before it has been encoded.

kDifKmacMaxFunctionNameOverhead 

The maximum number of bytes required to encode the length of the function name.

Assumes maximum function name length of 4 bytes (32 bits).

kDifKmacMaxOutputLenWords 

The maximum output length (L) that can be set when starting a KMAC operation.

The length is in 32-bit words and is designed to be low enough that the length in bits can still be represented by an unsigned 32-bit integer.

kDifKmacMaxKeyLenWords 

The maximum key length supported by the KMAC operation.

The length is in 32-bit words.

kDifKmacEntropySeedWords 

The length of the software entropy seed.

The length is in 32-bit words.

kDifKmacStateShareOffset 

The offset of the second share within the output state register.

kDifKmacStateWords 

The size of the Keccak state in words (i.e.

1600 bits).

Definition at line 86 of file dif_kmac.h.

◆ dif_kmac_alert_faults

The kmac error faults.

The hardware defined these status in different bit fields, however they work better in the same field. Then the values chosen for this enum allow the conversion from the register bits to this enum without branches.

Enumerator
kDifKmacAlertNone 

Neither errors nor fault has occurred.

kDifKmacAlertFatalFault 

A fatal fault has occurred and the KMAC unit needs to be reset (1), Examples for such faults include i) TL-UL bus integrity fault ii) storage errors in the shadow registers iii) errors in the message, round, or key counter iv) any internal FSM entering an invalid state v) an error in the redundant lfsr.

kDifKmacAlertRecovCtrlUpdate 

An update error has occurred in the shadowed Control Register.

KMAC operation needs to be restarted by re-writing the Control Register.

Definition at line 454 of file dif_kmac.h.

◆ dif_kmac_entropy_mode

This API implements an interface for the KMAC hardware.

The KMAC hardware implements the following cryptographic hash and message authentication code (MAC) functions:

  • SHA-3 [1]
  • SHAKE [1]
  • cSHAKE [2]
  • KMAC [2]

The following sequence of operations is required to initialize the KMAC hardware:

If configuration changes are required then dif_kmac_configure can be called again so long as there are no operations in progress.

The following sequence of operations is required to execute an operation:

This is a streaming API and the dif_kmac_absorb and dif_kmac_squeeze functions may be called multiple times during a single operation. Once dif_kmac_squeeze has been called however no further dif_kmac_absorb calls may be made. See NIST FIPS 202 [1] for more information about the sponge construction and the 'absorbing' and 'squeezing' states.

Please see the following documentation for more information about the KMAC hardware: https://docs.opentitan.org/hw/ip/kmac/doc/

References: [1] - NIST FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions http://dx.doi.org/10.6028/NIST.FIPS.202 [2] - NIST Special Publication 800-185 SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash https://doi.org/10.6028/NIST.SP.800-185 Supported entropy modes.

Entropy may be provided by the entropy distribution network (EDN) or using a seed provided by software.

Definition at line 77 of file dif_kmac.h.

◆ dif_kmac_error

Error reported by KMAC unit.

Codes taken from hw/ip/kmac/rtl/kmac_pkg.sv:err_code_e

Enumerator
kDifErrorNone 

No error has occured.

kDifErrorKeyNotValid 

The Key Manager has raised an error because the secret key is not valid.

kDifErrorSoftwarePushedMessageFifo 

An attempt was made to write data into the message FIFO but the KMAC unit was not in the correct state to receive the data.

kDifErrorSoftwareIssuedCommandWhileAppInterfaceActive 

SW issued a command while a HW application interface was using KMAC.

kDifErrorEntropyWaitTimerExpired 

The entropy wait timer has expired.

kDifErrorEntropyModeIncorrect 

Incorrect entropy mode when entropy is ready.

Definition at line 365 of file dif_kmac.h.

◆ dif_kmac_fifo_state

The state of the message FIFO used to buffer absorbed data.

The hardware defined these status in different bit fields, however they work better in the same field. i.e the fifo can't be empty and full at the same time. That said, the values chosen for this enum allow the conversion from the register bits to this enum without branches.

Enumerator
kDifKmacFifoStatePartial 

The message FIFO is not empty or full.

kDifKmacFifoStateEmpty 

The message FIFO is empty.

kDifKmacFifoStateFull 

The message FIFO is full.

Further writes will block.

Definition at line 420 of file dif_kmac.h.

◆ dif_kmac_key_length

Key length.

The key length is specified in bits.

Enumerator
kDifKmacKeyLen128 

Software provided 128 bit key.

kDifKmacKeyLen192 

Software provided 192 bit key.

kDifKmacKeyLen256 

Software provided 256 bit key.

kDifKmacKeyLen384 

Software provided 384 bit key.

kDifKmacKeyLen512 

Software provided 512 bit key.

Definition at line 304 of file dif_kmac.h.

◆ dif_kmac_mode_cshake

Supported cSHAKE modes of operation.

Enumerator
kDifKmacModeCshakeLen128 

cSHAKE with 128 bit strength.

kDifKmacModeCshakeLen256 

cSHAKE with 256 bit strength.

Definition at line 282 of file dif_kmac.h.

◆ dif_kmac_mode_kmac

Supported KMAC modes of operation.

Enumerator
kDifKmacModeKmacLen128 

KMAC with 128 bit strength.

kDifKmacModeKmacLen256 

KMAC with 256 bit strength.

Definition at line 292 of file dif_kmac.h.

◆ dif_kmac_mode_sha3

Supported SHA-3 modes of operation.

Enumerator
kDifKmacModeSha3Len224 

SHA-3 with 224 bit strength.

kDifKmacModeSha3Len256 

SHA-3 with 256 bit strength.

kDifKmacModeSha3Len384 

SHA-3 with 384 bit strength.

kDifKmacModeSha3Len512 

SHA-3 with 512 bit strength.

Definition at line 258 of file dif_kmac.h.

◆ dif_kmac_mode_shake

Supported SHAKE modes of operation.

Enumerator
kDifKmacModeShakeLen128 

SHAKE with 128 bit strength.

kDifKmacModeShakeLen256 

SHAKE with 256 bit strength.

Definition at line 272 of file dif_kmac.h.

◆ dif_kmac_sha3_state

Enumerator
kDifKmacSha3StateIdle 

SHA3 hashing engine is in idle state.

kDifKmacSha3StateAbsorbing 

SHA3 is receiving message stream and processing it.

kDifKmacSha3StateSqueezing 

SHA3 completes sponge absorbing stage.

In this stage, SW can manually run the hashing engine.

Definition at line 429 of file dif_kmac.h.

Function Documentation

◆ dif_kmac_absorb()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_absorb ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state,
const void *  msg,
size_t  len,
size_t *  processed 
)

Absorb bytes from the message provided.

If processed is non-NULL, then this function will write the remaining space in the FIFO and update processed with the number of bytes written. The caller should adjust the msg pointer and len parameters and call again as needed until all input has been written.

If processed is NULL, then this function will block until the entire message has been processed or an error occurs.

If big-endian mode is enabled for messages (message_big_endian) only the part of the message aligned to 32-bit word boundaries will be byte swapped. Unaligned leading and trailing bytes will be written into the message as-is.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
msgPointer to data to absorb.
lenNumber of bytes of data to absorb.
[out]processedNumber of bytes processed (optional). @preturn The result of the operation.

Definition at line 622 of file dif_kmac.c.

◆ dif_kmac_clear_err_irq()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_clear_err_irq ( const dif_kmac_t kmac)

Clear the kmac_err IRQ.

Parameters
kmacA KMAC handle.
Returns
The result of the operation.

Definition at line 147 of file dif_kmac.c.

◆ dif_kmac_config_is_locked()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_config_is_locked ( const dif_kmac_t kmac,
bool *  is_locked 
)

Reports whether or not the KMAC configuration register is locked.

If writes to the KMAC configuration register are disabled (locked) then it is not possible to change any configuration parameters or start a new operation. The configuration register is locked when an operation has been started and is unlocked again when it completes.

Parameters
kmacA KMAC handle.
[out]is_lockedOut-param reporting the lock state.
Returns
The result of the operation.

Definition at line 825 of file dif_kmac.c.

◆ dif_kmac_configure()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_configure ( dif_kmac_t kmac,
dif_kmac_config_t  config 
)

Configures KMAC with runtime information.

Parameters
kmacA KMAC handle.
configRuntime configuration parameters.
Returns
The result of the operation.

Definition at line 172 of file dif_kmac.c.

◆ dif_kmac_customization_string_init()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_customization_string_init ( const char *  data,
size_t  len,
dif_kmac_customization_string_t out 
)

Encode a customization string (S).

The length of the string must not exceed kDifKmacMaxCustomizationStringLen.

Note that this function will encode len bytes from data regardless of whether data is null-terminated or not.

See NIST Special Publication 800-185 [2] for more information about the customization string (S) parameter.

Parameters
dataString to encode.
lenLength of string to encode.
[out]outEncoded customization string.
Returns
The result of the operation.

Definition at line 36 of file dif_kmac.c.

◆ dif_kmac_end()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_end ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state 
)

Ends a squeeze operation and resets the hardware so it is ready for a new operation.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
Returns
The result of the operation.

Definition at line 792 of file dif_kmac.c.

◆ dif_kmac_err_processed()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_err_processed ( const dif_kmac_t kmac)

Let the KMAC HW know that SW has processed the errors the HW has flagged.

Parameters
kmacA KMAC handle
Returns
The result of the operation.

Definition at line 903 of file dif_kmac.c.

◆ dif_kmac_function_name_init()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_function_name_init ( const char *  data,
size_t  len,
dif_kmac_function_name_t out 
)

Encode a function name (N).

The length of the string must not exceed kDifKmacMaxFunctionNameLen.

Note that this function will encode len bytes from data regardless of whether data is null-terminated or not.

See NIST Special Publication 800-185 [2] for more information about the function name (N) parameter.

Parameters
dataString to encode.
lenLength of string to encode.
[out]outEncoded function name.
Returns
The result of the operation.

Definition at line 71 of file dif_kmac.c.

◆ dif_kmac_get_error()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_get_error ( const dif_kmac_t kmac,
dif_kmac_error_t error,
uint32_t *  info 
)

Read the kmac error register to get the error code indicated the interrupt state.

This function should be called in case of any of the start functions returns kDifError.

Parameters
kmacA KMAC handle.
[out]errorThe current error code.
[out]infoOptional additional error information.
Returns
The result of the operation.

Definition at line 878 of file dif_kmac.c.

◆ dif_kmac_get_hash_counter()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_get_hash_counter ( const dif_kmac_t kmac,
uint32_t *  hash_ctr 
)

Returns the current value of the refresh hash counter.

Parameters
kmacA KMAC handle.
hash_ctrThe hash counter value that is returned.
Returns
The result of the operation.

Definition at line 863 of file dif_kmac.c.

◆ dif_kmac_get_status()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_get_status ( const dif_kmac_t kmac,
dif_kmac_status_t kmac_status 
)

Fetch the current status of the message FIFO used to buffer absorbed data.

Parameters
kmacA KMAC handle.
[out]kmac_statusThe kmac status struct.
Returns
The result of the operation.

Definition at line 837 of file dif_kmac.c.

◆ dif_kmac_has_error_occurred()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_has_error_occurred ( const dif_kmac_t kmac,
bool *  error 
)

Report whether the hardware currently indicates an error.

Parameters
kmacA KMAC handle.
[out]errorWhether hardware currently indicates an error.
Returns
The result of the operation.

Definition at line 137 of file dif_kmac.c.

◆ dif_kmac_mode_cshake_start()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_cshake_start ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state,
dif_kmac_mode_cshake_t  mode,
const dif_kmac_function_name_t n,
const dif_kmac_customization_string_t s 
)

Start a cSHAKE operation.

cSHAKE operations have a variable (XOF) output length.

See NIST Special Publication 800-185 [2] for more information about cSHAKE.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
modeThe mode of operation.
nFunction name (optional).
sCustomization string (optional).
Returns
The result of the operation.

Definition at line 387 of file dif_kmac.c.

◆ dif_kmac_mode_kmac_start()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_kmac_start ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state,
dif_kmac_mode_kmac_t  mode,
size_t  l,
const dif_kmac_key_t k,
const dif_kmac_customization_string_t s 
)

Start a KMAC operation.

To use KMAC in eXtendable-Output Function (XOF) mode set the output length (l) to 0. The output length must not be greater than kDifKmacMaxOutputLenWords.

The key provided must have at least as many bits as the security strength of the mode.

See NIST Special Publication 800-185 [2] for more information about KMAC.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
modeThe mode of operation.
lOutput length (number of 32-bit words that will be 'squeezed').
kPointer to secret key.
sCustomization string (optional).
Returns
The result of the operation.

Definition at line 487 of file dif_kmac.c.

◆ dif_kmac_mode_sha3_start()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_sha3_start ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state,
dif_kmac_mode_sha3_t  mode 
)

Start a SHA-3 operation.

SHA-3 operations have a fixed output length.

See NIST FIPS 202 [1] for more information about SHA-3.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
modeThe SHA-3 mode of operation.
Returns
The result of the operation.

Definition at line 272 of file dif_kmac.c.

◆ dif_kmac_mode_shake_start()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_mode_shake_start ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state,
dif_kmac_mode_shake_t  mode 
)

Start a SHAKE operation.

SHAKE operations have a variable (XOF) output length.

See NIST FIPS 202 [1] for more information about SHAKE.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
modeThe mode of operation.
Returns
The result of the operation.

Definition at line 338 of file dif_kmac.c.

◆ dif_kmac_poll_status()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_poll_status ( const dif_kmac_t kmac,
uint32_t  flag 
)

Poll until a given flag in the status register is set.

Parameters
kmacA KMAC handle.
flagthe
Returns
The result of the operation.

Definition at line 157 of file dif_kmac.c.

◆ dif_kmac_reset()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_reset ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state 
)

Clear the current error code and reset the state machine to the idle state ready to accept new operations.

The state of any in-progress operation will be lost and the operation will need to be restarted.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
Returns
The result of the operation.

Definition at line 890 of file dif_kmac.c.

◆ dif_kmac_squeeze()

OT_WARN_UNUSED_RESULT dif_result_t dif_kmac_squeeze ( const dif_kmac_t kmac,
dif_kmac_operation_state_t operation_state,
uint32_t *  out,
size_t  len,
size_t *  processed,
uint32_t *  capacity 
)

Squeeze bytes into the output buffer provided.

Requesting a squeeze operation will prevent any further absorption operations from taking place.

If kDifKmacIncomplete is returned then the hardware is currently recomputing the state and the output was only partially written. The output pointer and length should be updated according to the number of bytes processed and the squeeze operation continued at a later time.

If processed is not provided then this function will block until len bytes have been written to out or an error occurs.

Normally, the capacity part of Keccak state is and should not be read as part of a regular cryptographic operation. However, this function can also read the capacity for testing purposes. When capacity is a non-NULL pointer, at the end of the operation, the capacity part of the Keccak state is also read and written into this buffer. The capacity is read for each output round, meaning that if the requested digest is larger than a single Keccak round can provide (i.e. the rate), then the additional rounds also update this buffer. Hence it should be large enough to accommodate ceil(digest_len/rate_len) * capacity_len. capacity can be set to NULL to skip reading the capacity.

Parameters
kmacA KMAC handle.
operation_stateA KMAC operation state context.
[out]outPointer to output buffer.
[out]lenNumber of 32-bit words to write to output buffer.
[out]processedNumber of 32-bit words written to output buffer (optional).
[out]capacityOptional buffer to read capacity along with the digest. @preturn The result of the operation.

Definition at line 673 of file dif_kmac.c.