Software APIs
hash.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HASH_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HASH_H_
7 
8 #include "datatypes.h"
9 
10 /**
11  * @file
12  * @brief Hash functions for the OpenTitan cryptography library.
13  *
14  * Supports both SHA2 and SHA3 hash functions, plus the additional Keccak-based
15  * hash functions SHAKE and cSHAKE.
16  */
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif // __cplusplus
21 
22 enum {
23 
24  /* Digest size for SHA-256/HMAC-256 in bits, bytes and word respectively. */
25  kSha256DigestBits = 256,
26  kSha256DigestBytes = kSha256DigestBits / 8,
27  kSha256DigestWords = kSha256DigestBytes / sizeof(uint32_t),
28  /* Digest size for SHA-384/HMAC-384 in bits, bytes and word respectively. */
29  kSha384DigestBits = 384,
30  kSha384DigestBytes = kSha384DigestBits / 8,
31  kSha384DigestWords = kSha384DigestBytes / sizeof(uint32_t),
32  /* Digest size for SHA-512/HMAC-512 in bits, bytes and word respectively. */
33  kSha512DigestBits = 512,
34  kSha512DigestBytes = kSha512DigestBits / 8,
35  kSha512DigestWords = kSha512DigestBytes / sizeof(uint32_t),
36  /**
37  * The size of the publicly exposed HMAC context in words.
38  * We assert that this value is large enough to host the internal HMAC driver
39  * struct.
40  */
41  kOtcryptoHashCtxStructWords = 92,
42 };
43 
44 /**
45  * Generic opaque hash context.
46  *
47  * Representation is internal to the hash implementation; initialize
48  * with #otcrypto_hash_init.
49  */
50 typedef struct otcrypto_hash_context {
51  uint32_t data[kOtcryptoHashCtxStructWords];
52 } otcrypto_hash_context_t;
53 
54 /**
55  * Performs the required hash function on the input data.
56  *
57  * The caller should allocate space for the `digest` buffer and set the `mode`
58  * and `len` fields. If the length does not match the mode, an error message
59  * will be returned.
60  *
61  * This function should only be used for fixed-length hash functions (SHA-2 and
62  * SHA-3 families). Use `otcrypto_xof_shake` and `otcrypto_xof_cshake` for
63  * extendable-output functions.
64  *
65  * @param input_message Input message to be hashed.
66  * @param[out] digest Output digest after hashing the input message.
67  * @return Result of the hash operation.
68  */
69 otcrypto_status_t otcrypto_hash(otcrypto_const_byte_buf_t input_message,
70  otcrypto_hash_digest_t digest);
71 
72 /**
73  * Performs the SHAKE extendable output function (XOF) on input data.
74  *
75  * The caller should allocate space for the `digest` buffer and set the `mode`
76  * and `len` fields. The `mode` parameter must be
77  * `kOtcryptoHashXofModeShake128` or `kOtcryptoHashXofModeShake256`; other
78  * values will result in errors.
79  *
80  * @param input_message Input message for extendable output function.
81  * @param[out] digest Output from the extendable output function.
82  * @return Result of the xof operation.
83  */
84 otcrypto_status_t otcrypto_xof_shake(otcrypto_const_byte_buf_t input_message,
85  otcrypto_hash_digest_t digest);
86 
87 /**
88  * Performs the CSHAKE extendable output function (XOF) on input data.
89  *
90  * The `function_name_string` is used by NIST to define functions based on
91  * cSHAKE. When no function other than cSHAKE is desired; it can be empty. The
92  * `customization_string` is used to define a variant of the cSHAKE function.
93  * If no customization is desired it can be empty.
94  *
95  * The caller should allocate space for the `digest` buffer and set the `mode`
96  * and `len` fields. The `mode` parameter must be
97  * `kOtcryptoHashXofModeCshake128` or `kOtcryptoHashXofModeCshake256`; other
98  * values will result in errors.
99  *
100  * @param input_message Input message for extendable output function.
101  * @param function_name_string NIST Function name string.
102  * @param customization_string Customization string for cSHAKE.
103  * @param[out] digest Output from the extendable output function.
104  * @return Result of the xof operation.
105  */
106 otcrypto_status_t otcrypto_xof_cshake(
107  otcrypto_const_byte_buf_t input_message,
108  otcrypto_const_byte_buf_t function_name_string,
109  otcrypto_const_byte_buf_t customization_string,
110  otcrypto_hash_digest_t digest);
111 
112 /**
113  * Performs the INIT operation for a cryptographic hash function.
114  *
115  * Initializes the generic hash context. The required hash mode is selected
116  * through the `hash_mode` parameter. Only `kOtcryptoHashModeSha256`,
117  * `kOtcryptoHashModeSha384` and `kOtcryptoHashModeSha512` are supported. Other
118  * modes are not supported and an error would be returned.
119  *
120  * Populates the hash context with the selected hash mode and its digest and
121  * block sizes. The structure of hash context and how it populates the required
122  * fields are internal to the specific hash implementation.
123  *
124  * @param ctx Pointer to the generic hash context struct.
125  * @param hash_mode Required hash mode.
126  * @return Result of the hash init operation.
127  */
128 otcrypto_status_t otcrypto_hash_init(otcrypto_hash_context_t *const ctx,
129  otcrypto_hash_mode_t hash_mode);
130 
131 /**
132  * Performs the UPDATE operation for a cryptographic hash function.
133  *
134  * The update operation processes the `input_message` using the selected hash
135  * compression function. The intermediate digest is stored in the context
136  * `ctx`. Any partial data is stored back in the context and combined with the
137  * subsequent bytes.
138  *
139  * #otcrypto_hash_init should be called before this function.
140  *
141  * @param ctx Pointer to the generic hash context struct.
142  * @param input_message Input message to be hashed.
143  * @return Result of the hash update operation.
144  */
145 otcrypto_status_t otcrypto_hash_update(otcrypto_hash_context_t *const ctx,
146  otcrypto_const_byte_buf_t input_message);
147 
148 /**
149  * Performs the FINAL operation for a cryptographic hash function.
150  *
151  * The final operation processes the remaining partial blocks, computes the
152  * final hash and copies it to the `digest` parameter.
153  *
154  * #otcrypto_hash_update should be called before this function.
155  *
156  * The caller should allocate space for the `digest` buffer and set the `mode`
157  * and `len` fields. If the `mode` doesn't match the mode of the hash context,
158  * the function will return an error.
159  *
160  * @param ctx Pointer to the generic hash context struct.
161  * @param[out] digest Output digest after hashing the input blocks.
162  * @return Result of the hash final operation.
163  */
164 otcrypto_status_t otcrypto_hash_final(otcrypto_hash_context_t *const ctx,
165  otcrypto_hash_digest_t digest);
166 
167 #ifdef __cplusplus
168 } // extern "C"
169 #endif // __cplusplus
170 
171 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HASH_H_
Return to OpenTitan Documentation