Software APIs
mac.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_MAC_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_MAC_H_
7 
8 #include "datatypes.h"
9 #include "hash.h"
10 
11 /**
12  * @file
13  * @brief Message authentication codes for the OpenTitan cryptography library.
14  *
15  * Supports message authentication based on either HMAC or KMAC.
16  */
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif // __cplusplus
21 
22 /**
23  * Enum to define KMAC mode.
24  *
25  * Values are hardened.
26  */
27 typedef enum otcrypto_kmac_mode {
28  // KMAC128 mode.
29  kOtcryptoKmacModeKmac128 = 0x336,
30  // KMAC256 mode.
31  kOtcryptoKmacModeKmac256 = 0xec4,
32 } otcrypto_kmac_mode_t;
33 
34 /**
35  * Generic hmac context.
36  *
37  * Representation is internal to the hmac implementation; initialize
38  * with #otcrypto_hmac_init.
39  */
40 typedef struct otcrypto_hmac_context {
41  uint32_t data[kOtcryptoHashCtxStructWords];
42 } otcrypto_hmac_context_t;
43 
44 /**
45  * Performs the HMAC function on the input data.
46  *
47  * This function computes the HMAC function on the `input_message` using the
48  * `key` and returns a `tag`. The key should be at least as long as the digest
49  * for the chosen hash function. The hash function is determined by the key
50  * mode. Only SHA-2 hash functions are supported. Other modes (e.g. SHA-3) are
51  * not supported and will result in errors.
52  *
53  * The caller should allocate the following amount of space for the `tag`
54  * buffer, depending on which hash algorithm is used:
55  *
56  * SHA-256: 32 bytes
57  * SHA-384: 48 bytes
58  * SHA-512: 64 bytes
59  *
60  * The caller should also set the `len` field of `tag` to the equivalent number
61  * of 32-bit words (e.g. 8 for SHA-256).
62  *
63  * @param key Pointer to the blinded key struct with key shares.
64  * @param input_message Input message to be hashed.
65  * @param[out] tag Output authentication tag.
66  * @return The result of the HMAC operation.
67  */
68 otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
69  otcrypto_const_byte_buf_t input_message,
70  otcrypto_word32_buf_t tag);
71 
72 /**
73  * Performs the KMAC function on the input data.
74  *
75  * This function computes the KMAC on the `input_message` using the `key` and
76  * returns a `tag` of `required_output_len`. The customization string is passed
77  * through `customization_string` parameter. If no customization is desired it
78  * can be be left empty (by settings its `data` to NULL and `length` to 0).
79  *
80  * The caller should set the `key_length` field of `key.config` to the number
81  * of bytes in the key. Only the following key sizes (in bytes) are supported:
82  * [16, 24, 32, 48, 64]. If any other size is given, the function will return
83  * an error.
84  *
85  * The caller should allocate enough space in the `tag` buffer to hold
86  * `required_output_len` bytes, rounded up to the nearest word, and then set
87  * the `len` field of `tag` to the word length. If the word length is not long
88  * enough to hold `required_output_len` bytes, then the function will return an
89  * error.
90  *
91  * @param key Pointer to the blinded key struct with key shares.
92  * @param input_message Input message to be hashed.
93  * @param mac_mode Required KMAC mode.
94  * @param customization_string Customization string.
95  * @param required_output_len Required output length, in bytes.
96  * @param[out] tag Output authentication tag.
97  * @return The result of the KMAC operation.
98  */
99 otcrypto_status_t otcrypto_kmac(const otcrypto_blinded_key_t *key,
100  otcrypto_const_byte_buf_t input_message,
101  otcrypto_kmac_mode_t kmac_mode,
102  otcrypto_const_byte_buf_t customization_string,
103  size_t required_output_len,
104  otcrypto_word32_buf_t tag);
105 
106 /**
107  * Performs the INIT operation for HMAC.
108  *
109  * Initializes the HMAC context. The key should be at least as long as the
110  * digest for the chosen hash function. The hash function is determined by the
111  * key mode. Only SHA-2 hash functions are are supported. Other modes (e.g.
112  * SHA-3) are not supported and will result in errors.
113  *
114  * @param[out] ctx Pointer to the generic HMAC context struct.
115  * @param key Pointer to the blinded HMAC key struct.
116  * @param hash_mode Hash function to use.
117  * @return Result of the HMAC init operation.
118  */
119 otcrypto_status_t otcrypto_hmac_init(otcrypto_hmac_context_t *ctx,
120  const otcrypto_blinded_key_t *key);
121 
122 /**
123  * Performs the UPDATE operation for HMAC.
124  *
125  * The update operation processes the `input_message` using the selected
126  * compression function. The intermediate state is stored in the HMAC context
127  * `ctx`. Any partial data is stored back in the context and combined with the
128  * subsequent bytes.
129  *
130  * #otcrypto_hmac_init should be called before calling this function.
131  *
132  * @param ctx Pointer to the generic HMAC context struct.
133  * @param input_message Input message to be hashed.
134  * @return Result of the HMAC update operation.
135  */
136 otcrypto_status_t otcrypto_hmac_update(otcrypto_hmac_context_t *const ctx,
137  otcrypto_const_byte_buf_t input_message);
138 
139 /**
140  * Performs the FINAL operation for HMAC.
141  *
142  * The final operation processes the remaining partial blocks, computes the
143  * final authentication code and copies it to the `tag` parameter.
144  *
145  * #otcrypto_hmac_update should be called before calling this function.
146  *
147  * The caller should allocate space for the `tag` buffer, (the length should
148  * match the hash function digest size), and set the length of expected output
149  * in the `len` field of `tag`. If the user-set length and the output length
150  * does not match, an error message will be returned.
151  *
152  * @param ctx Pointer to the generic HMAC context struct.
153  * @param[out] tag Output authentication tag.
154  * @return Result of the HMAC final operation.
155  */
156 otcrypto_status_t otcrypto_hmac_final(otcrypto_hmac_context_t *const ctx,
157  otcrypto_word32_buf_t tag);
158 
159 #ifdef __cplusplus
160 } // extern "C"
161 #endif // __cplusplus
162 
163 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_MAC_H_
Return to OpenTitan Documentation