1/*
2 * Interface declarations for Skein hashing.
3 * Source code author: Doug Whiting, 2008.
4 * This algorithm and source code is released to the public domain.
5 *
6 * The following compile-time switches may be defined to control some
7 * tradeoffs between speed, code size, error checking, and security.
8 *
9 * The "default" note explains what happens when the switch is not defined.
10 *
11 *  SKEIN_DEBUG            -- make callouts from inside Skein code
12 *                            to examine/display intermediate values.
13 *                            [default: no callouts (no overhead)]
14 *
15 *  SKEIN_ERR_CHECK        -- how error checking is handled inside Skein
16 *                            code. If not defined, most error checking
17 *                            is disabled (for performance). Otherwise,
18 *                            the switch value is interpreted as:
19 *                                0: use assert()      to flag errors
20 *                                1: return SKEIN_FAIL to flag errors
21 */
22/* Copyright 2013 Doug Whiting. This code is released to the public domain. */
23#ifndef	_SYS_SKEIN_H_
24#define	_SYS_SKEIN_H_
25
26#ifdef  _KERNEL
27#include <sys/types.h>		/* get size_t definition */
28#else
29#include <stdint.h>
30#include <stdlib.h>
31#endif
32
33#ifdef	__cplusplus
34extern "C" {
35#endif
36
37enum {
38	SKEIN_SUCCESS = 0,	/* return codes from Skein calls */
39	SKEIN_FAIL = 1,
40	SKEIN_BAD_HASHLEN = 2
41};
42
43#define	SKEIN_MODIFIER_WORDS	(2)	/* number of modifier (tweak) words */
44
45#define	SKEIN_256_STATE_WORDS	(4)
46#define	SKEIN_512_STATE_WORDS	(8)
47#define	SKEIN1024_STATE_WORDS	(16)
48#define	SKEIN_MAX_STATE_WORDS	(16)
49
50#define	SKEIN_256_STATE_BYTES	(8 * SKEIN_256_STATE_WORDS)
51#define	SKEIN_512_STATE_BYTES	(8 * SKEIN_512_STATE_WORDS)
52#define	SKEIN1024_STATE_BYTES	(8 * SKEIN1024_STATE_WORDS)
53
54#define	SKEIN_256_STATE_BITS	(64 * SKEIN_256_STATE_WORDS)
55#define	SKEIN_512_STATE_BITS	(64 * SKEIN_512_STATE_WORDS)
56#define	SKEIN1024_STATE_BITS	(64 * SKEIN1024_STATE_WORDS)
57
58#define	SKEIN_256_BLOCK_BYTES	(8 * SKEIN_256_STATE_WORDS)
59#define	SKEIN_512_BLOCK_BYTES	(8 * SKEIN_512_STATE_WORDS)
60#define	SKEIN1024_BLOCK_BYTES	(8 * SKEIN1024_STATE_WORDS)
61
62typedef struct {
63	size_t hashBitLen;	/* size of hash result, in bits */
64	size_t bCnt;		/* current byte count in buffer b[] */
65	/* tweak words: T[0]=byte cnt, T[1]=flags */
66	uint64_t T[SKEIN_MODIFIER_WORDS];
67} Skein_Ctxt_Hdr_t;
68
69typedef struct {		/*  256-bit Skein hash context structure */
70	Skein_Ctxt_Hdr_t h;	/* common header context variables */
71	uint64_t X[SKEIN_256_STATE_WORDS];	/* chaining variables */
72	/* partial block buffer (8-byte aligned) */
73	uint8_t b[SKEIN_256_BLOCK_BYTES];
74} Skein_256_Ctxt_t;
75
76typedef struct {		/*  512-bit Skein hash context structure */
77	Skein_Ctxt_Hdr_t h;	/* common header context variables */
78	uint64_t X[SKEIN_512_STATE_WORDS];	/* chaining variables */
79	/* partial block buffer (8-byte aligned) */
80	uint8_t b[SKEIN_512_BLOCK_BYTES];
81} Skein_512_Ctxt_t;
82
83typedef struct {		/* 1024-bit Skein hash context structure */
84	Skein_Ctxt_Hdr_t h;	/* common header context variables */
85	uint64_t X[SKEIN1024_STATE_WORDS];	/* chaining variables */
86	/* partial block buffer (8-byte aligned) */
87	uint8_t b[SKEIN1024_BLOCK_BYTES];
88} Skein1024_Ctxt_t;
89
90/*   Skein APIs for (incremental) "straight hashing" */
91int Skein_256_Init(Skein_256_Ctxt_t *ctx, size_t hashBitLen);
92int Skein_512_Init(Skein_512_Ctxt_t *ctx, size_t hashBitLen);
93int Skein1024_Init(Skein1024_Ctxt_t *ctx, size_t hashBitLen);
94
95int Skein_256_Update(Skein_256_Ctxt_t *ctx, const uint8_t *msg,
96    size_t msgByteCnt);
97int Skein_512_Update(Skein_512_Ctxt_t *ctx, const uint8_t *msg,
98    size_t msgByteCnt);
99int Skein1024_Update(Skein1024_Ctxt_t *ctx, const uint8_t *msg,
100    size_t msgByteCnt);
101
102int Skein_256_Final(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
103int Skein_512_Final(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
104int Skein1024_Final(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
105
106/*
107 * Skein APIs for "extended" initialization: MAC keys, tree hashing.
108 * After an InitExt() call, just use Update/Final calls as with Init().
109 *
110 * Notes: Same parameters as _Init() calls, plus treeInfo/key/keyBytes.
111 *          When keyBytes == 0 and treeInfo == SKEIN_SEQUENTIAL,
112 *              the results of InitExt() are identical to calling Init().
113 *          The function Init() may be called once to "precompute" the IV for
114 *              a given hashBitLen value, then by saving a copy of the context
115 *              the IV computation may be avoided in later calls.
116 *          Similarly, the function InitExt() may be called once per MAC key
117 *              to precompute the MAC IV, then a copy of the context saved and
118 *              reused for each new MAC computation.
119 */
120int Skein_256_InitExt(Skein_256_Ctxt_t *ctx, size_t hashBitLen,
121    uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
122int Skein_512_InitExt(Skein_512_Ctxt_t *ctx, size_t hashBitLen,
123    uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
124int Skein1024_InitExt(Skein1024_Ctxt_t *ctx, size_t hashBitLen,
125    uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
126
127/*
128 * Skein APIs for MAC and tree hash:
129 *	Final_Pad: pad, do final block, but no OUTPUT type
130 *	Output:    do just the output stage
131 */
132int Skein_256_Final_Pad(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
133int Skein_512_Final_Pad(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
134int Skein1024_Final_Pad(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
135
136#ifndef	SKEIN_TREE_HASH
137#define	SKEIN_TREE_HASH (1)
138#endif
139#if	SKEIN_TREE_HASH
140int Skein_256_Output(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
141int Skein_512_Output(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
142int Skein1024_Output(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
143#endif
144
145/*
146 * When you initialize a Skein KCF hashing method you can pass this param
147 * structure in cm_param to fine-tune the algorithm's defaults.
148 */
149typedef struct skein_param {
150	size_t	sp_digest_bitlen;		/* length of digest in bits */
151} skein_param_t;
152
153/* Module definitions */
154#ifdef	SKEIN_MODULE_IMPL
155#define	CKM_SKEIN_256				"CKM_SKEIN_256"
156#define	CKM_SKEIN_512				"CKM_SKEIN_512"
157#define	CKM_SKEIN1024				"CKM_SKEIN1024"
158#define	CKM_SKEIN_256_MAC			"CKM_SKEIN_256_MAC"
159#define	CKM_SKEIN_512_MAC			"CKM_SKEIN_512_MAC"
160#define	CKM_SKEIN1024_MAC			"CKM_SKEIN1024_MAC"
161
162typedef enum skein_mech_type {
163	SKEIN_256_MECH_INFO_TYPE,
164	SKEIN_512_MECH_INFO_TYPE,
165	SKEIN1024_MECH_INFO_TYPE,
166	SKEIN_256_MAC_MECH_INFO_TYPE,
167	SKEIN_512_MAC_MECH_INFO_TYPE,
168	SKEIN1024_MAC_MECH_INFO_TYPE
169} skein_mech_type_t;
170
171#define	VALID_SKEIN_DIGEST_MECH(__mech)				\
172	((int)(__mech) >= SKEIN_256_MECH_INFO_TYPE &&		\
173	(__mech) <= SKEIN1024_MECH_INFO_TYPE)
174#define	VALID_SKEIN_MAC_MECH(__mech)				\
175	((int)(__mech) >= SKEIN_256_MAC_MECH_INFO_TYPE &&	\
176	(__mech) <= SKEIN1024_MAC_MECH_INFO_TYPE)
177#endif	/* SKEIN_MODULE_IMPL */
178
179#ifdef	__cplusplus
180}
181#endif
182
183#endif	/* _SYS_SKEIN_H_ */
184