Software APIs
hmac.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HMAC_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HMAC_H_
7 
8 #include "datatypes.h"
9 #include "hash.h"
10 
11 /**
12  * @file
13  * @brief Message authentication codes for the OpenTitan cryptography library.
14  *
15  * Supports message authentication based on either HMAC or KMAC.
16  */
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif // __cplusplus
21 
22 /**
23  * Generic hmac context.
24  *
25  * Representation is internal to the hmac implementation; initialize
26  * with #otcrypto_hmac_init.
27  */
28 typedef struct otcrypto_hmac_context {
29  uint32_t data[kOtcryptoHashCtxStructWords];
30 } otcrypto_hmac_context_t;
31 
32 /**
33  * Performs the HMAC function on the input data.
34  *
35  * This function computes the HMAC function on the `input_message` using the
36  * `key` and returns a `tag`. The key should be at least as long as the digest
37  * for the chosen hash function. The hash function is determined by the key
38  * mode. Only SHA-2 hash functions are supported. Other modes (e.g. SHA-3) are
39  * not supported and will result in errors.
40  *
41  * The caller should allocate the following amount of space for the `tag`
42  * buffer, depending on which hash algorithm is used:
43  *
44  * SHA-256: 32 bytes
45  * SHA-384: 48 bytes
46  * SHA-512: 64 bytes
47  *
48  * The caller should also set the `len` field of `tag` to the equivalent number
49  * of 32-bit words (e.g. 8 for SHA-256).
50  *
51  * @param key Pointer to the blinded key struct with key shares.
52  * @param input_message Input message to be hashed.
53  * @param[out] tag Output authentication tag.
54  * @return The result of the HMAC operation.
55  */
56 OT_WARN_UNUSED_RESULT
57 otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
58  otcrypto_const_byte_buf_t input_message,
59  otcrypto_word32_buf_t tag);
60 
61 /**
62  * Performs the INIT operation for HMAC.
63  *
64  * Initializes the HMAC context. The key should be at least as long as the
65  * digest for the chosen hash function. The hash function is determined by the
66  * key mode. Only SHA-2 hash functions are are supported. Other modes (e.g.
67  * SHA-3) are not supported and will result in errors.
68  *
69  * @param[out] ctx Pointer to the generic HMAC context struct.
70  * @param key Pointer to the blinded HMAC key struct.
71  * @param hash_mode Hash function to use.
72  * @return Result of the HMAC init operation.
73  */
74 OT_WARN_UNUSED_RESULT
75 otcrypto_status_t otcrypto_hmac_init(otcrypto_hmac_context_t *ctx,
76  const otcrypto_blinded_key_t *key);
77 
78 /**
79  * Performs the UPDATE operation for HMAC.
80  *
81  * The update operation processes the `input_message` using the selected
82  * compression function. The intermediate state is stored in the HMAC context
83  * `ctx`. Any partial data is stored back in the context and combined with the
84  * subsequent bytes.
85  *
86  * #otcrypto_hmac_init should be called before calling this function.
87  *
88  * @param ctx Pointer to the generic HMAC context struct.
89  * @param input_message Input message to be hashed.
90  * @return Result of the HMAC update operation.
91  */
92 OT_WARN_UNUSED_RESULT
93 otcrypto_status_t otcrypto_hmac_update(otcrypto_hmac_context_t *const ctx,
94  otcrypto_const_byte_buf_t input_message);
95 
96 /**
97  * Performs the FINAL operation for HMAC.
98  *
99  * The final operation processes the remaining partial blocks, computes the
100  * final authentication code and copies it to the `tag` parameter.
101  *
102  * #otcrypto_hmac_update should be called before calling this function.
103  *
104  * The caller should allocate space for the `tag` buffer, (the length should
105  * match the hash function digest size), and set the length of expected output
106  * in the `len` field of `tag`. If the user-set length and the output length
107  * does not match, an error message will be returned.
108  *
109  * @param ctx Pointer to the generic HMAC context struct.
110  * @param[out] tag Output authentication tag.
111  * @return Result of the HMAC final operation.
112  */
113 OT_WARN_UNUSED_RESULT
114 otcrypto_status_t otcrypto_hmac_final(otcrypto_hmac_context_t *const ctx,
115  otcrypto_word32_buf_t tag);
116 
117 #ifdef __cplusplus
118 } // extern "C"
119 #endif // __cplusplus
120 
121 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HMAC_H_
Return to OpenTitan Documentation