xref: /illumos-gate/usr/src/uts/common/sys/skein.h (revision 45818ee1) 
1*45818ee1SMatthew Ahrens /*
2*45818ee1SMatthew Ahrens  * Interface declarations for Skein hashing.
3*45818ee1SMatthew Ahrens  * Source code author: Doug Whiting, 2008.
4*45818ee1SMatthew Ahrens  * This algorithm and source code is released to the public domain.
5*45818ee1SMatthew Ahrens  *
6*45818ee1SMatthew Ahrens  * The following compile-time switches may be defined to control some
7*45818ee1SMatthew Ahrens  * tradeoffs between speed, code size, error checking, and security.
8*45818ee1SMatthew Ahrens  *
9*45818ee1SMatthew Ahrens  * The "default" note explains what happens when the switch is not defined.
10*45818ee1SMatthew Ahrens  *
11*45818ee1SMatthew Ahrens  *  SKEIN_DEBUG            -- make callouts from inside Skein code
12*45818ee1SMatthew Ahrens  *                            to examine/display intermediate values.
13*45818ee1SMatthew Ahrens  *                            [default: no callouts (no overhead)]
14*45818ee1SMatthew Ahrens  *
15*45818ee1SMatthew Ahrens  *  SKEIN_ERR_CHECK        -- how error checking is handled inside Skein
16*45818ee1SMatthew Ahrens  *                            code. If not defined, most error checking
17*45818ee1SMatthew Ahrens  *                            is disabled (for performance). Otherwise,
18*45818ee1SMatthew Ahrens  *                            the switch value is interpreted as:
19*45818ee1SMatthew Ahrens  *                                0: use assert()      to flag errors
20*45818ee1SMatthew Ahrens  *                                1: return SKEIN_FAIL to flag errors
21*45818ee1SMatthew Ahrens  */
22*45818ee1SMatthew Ahrens /* Copyright 2013 Doug Whiting. This code is released to the public domain. */
23*45818ee1SMatthew Ahrens #ifndef	_SYS_SKEIN_H_
24*45818ee1SMatthew Ahrens #define	_SYS_SKEIN_H_
25*45818ee1SMatthew Ahrens 
26*45818ee1SMatthew Ahrens #include <sys/types.h>		/* get size_t definition */
27*45818ee1SMatthew Ahrens 
28*45818ee1SMatthew Ahrens #ifdef	__cplusplus
29*45818ee1SMatthew Ahrens extern "C" {
30*45818ee1SMatthew Ahrens #endif
31*45818ee1SMatthew Ahrens 
32*45818ee1SMatthew Ahrens enum {
33*45818ee1SMatthew Ahrens 	SKEIN_SUCCESS = 0,	/* return codes from Skein calls */
34*45818ee1SMatthew Ahrens 	SKEIN_FAIL = 1,
35*45818ee1SMatthew Ahrens 	SKEIN_BAD_HASHLEN = 2
36*45818ee1SMatthew Ahrens };
37*45818ee1SMatthew Ahrens 
38*45818ee1SMatthew Ahrens #define	SKEIN_MODIFIER_WORDS	(2)	/* number of modifier (tweak) words */
39*45818ee1SMatthew Ahrens 
40*45818ee1SMatthew Ahrens #define	SKEIN_256_STATE_WORDS	(4)
41*45818ee1SMatthew Ahrens #define	SKEIN_512_STATE_WORDS	(8)
42*45818ee1SMatthew Ahrens #define	SKEIN1024_STATE_WORDS	(16)
43*45818ee1SMatthew Ahrens #define	SKEIN_MAX_STATE_WORDS	(16)
44*45818ee1SMatthew Ahrens 
45*45818ee1SMatthew Ahrens #define	SKEIN_256_STATE_BYTES	(8 * SKEIN_256_STATE_WORDS)
46*45818ee1SMatthew Ahrens #define	SKEIN_512_STATE_BYTES	(8 * SKEIN_512_STATE_WORDS)
47*45818ee1SMatthew Ahrens #define	SKEIN1024_STATE_BYTES	(8 * SKEIN1024_STATE_WORDS)
48*45818ee1SMatthew Ahrens 
49*45818ee1SMatthew Ahrens #define	SKEIN_256_STATE_BITS	(64 * SKEIN_256_STATE_WORDS)
50*45818ee1SMatthew Ahrens #define	SKEIN_512_STATE_BITS	(64 * SKEIN_512_STATE_WORDS)
51*45818ee1SMatthew Ahrens #define	SKEIN1024_STATE_BITS	(64 * SKEIN1024_STATE_WORDS)
52*45818ee1SMatthew Ahrens 
53*45818ee1SMatthew Ahrens #define	SKEIN_256_BLOCK_BYTES	(8 * SKEIN_256_STATE_WORDS)
54*45818ee1SMatthew Ahrens #define	SKEIN_512_BLOCK_BYTES	(8 * SKEIN_512_STATE_WORDS)
55*45818ee1SMatthew Ahrens #define	SKEIN1024_BLOCK_BYTES	(8 * SKEIN1024_STATE_WORDS)
56*45818ee1SMatthew Ahrens 
57*45818ee1SMatthew Ahrens typedef struct {
58*45818ee1SMatthew Ahrens 	size_t hashBitLen;	/* size of hash result, in bits */
59*45818ee1SMatthew Ahrens 	size_t bCnt;		/* current byte count in buffer b[] */
60*45818ee1SMatthew Ahrens 	/* tweak words: T[0]=byte cnt, T[1]=flags */
61*45818ee1SMatthew Ahrens 	uint64_t T[SKEIN_MODIFIER_WORDS];
62*45818ee1SMatthew Ahrens } Skein_Ctxt_Hdr_t;
63*45818ee1SMatthew Ahrens 
64*45818ee1SMatthew Ahrens typedef struct {		/*  256-bit Skein hash context structure */
65*45818ee1SMatthew Ahrens 	Skein_Ctxt_Hdr_t h;	/* common header context variables */
66*45818ee1SMatthew Ahrens 	uint64_t X[SKEIN_256_STATE_WORDS];	/* chaining variables */
67*45818ee1SMatthew Ahrens 	/* partial block buffer (8-byte aligned) */
68*45818ee1SMatthew Ahrens 	uint8_t b[SKEIN_256_BLOCK_BYTES];
69*45818ee1SMatthew Ahrens } Skein_256_Ctxt_t;
70*45818ee1SMatthew Ahrens 
71*45818ee1SMatthew Ahrens typedef struct {		/*  512-bit Skein hash context structure */
72*45818ee1SMatthew Ahrens 	Skein_Ctxt_Hdr_t h;	/* common header context variables */
73*45818ee1SMatthew Ahrens 	uint64_t X[SKEIN_512_STATE_WORDS];	/* chaining variables */
74*45818ee1SMatthew Ahrens 	/* partial block buffer (8-byte aligned) */
75*45818ee1SMatthew Ahrens 	uint8_t b[SKEIN_512_BLOCK_BYTES];
76*45818ee1SMatthew Ahrens } Skein_512_Ctxt_t;
77*45818ee1SMatthew Ahrens 
78*45818ee1SMatthew Ahrens typedef struct {		/* 1024-bit Skein hash context structure */
79*45818ee1SMatthew Ahrens 	Skein_Ctxt_Hdr_t h;	/* common header context variables */
80*45818ee1SMatthew Ahrens 	uint64_t X[SKEIN1024_STATE_WORDS];	/* chaining variables */
81*45818ee1SMatthew Ahrens 	/* partial block buffer (8-byte aligned) */
82*45818ee1SMatthew Ahrens 	uint8_t b[SKEIN1024_BLOCK_BYTES];
83*45818ee1SMatthew Ahrens } Skein1024_Ctxt_t;
84*45818ee1SMatthew Ahrens 
85*45818ee1SMatthew Ahrens /*   Skein APIs for (incremental) "straight hashing" */
86*45818ee1SMatthew Ahrens int Skein_256_Init(Skein_256_Ctxt_t *ctx, size_t hashBitLen);
87*45818ee1SMatthew Ahrens int Skein_512_Init(Skein_512_Ctxt_t *ctx, size_t hashBitLen);
88*45818ee1SMatthew Ahrens int Skein1024_Init(Skein1024_Ctxt_t *ctx, size_t hashBitLen);
89*45818ee1SMatthew Ahrens 
90*45818ee1SMatthew Ahrens int Skein_256_Update(Skein_256_Ctxt_t *ctx, const uint8_t *msg,
91*45818ee1SMatthew Ahrens     size_t msgByteCnt);
92*45818ee1SMatthew Ahrens int Skein_512_Update(Skein_512_Ctxt_t *ctx, const uint8_t *msg,
93*45818ee1SMatthew Ahrens     size_t msgByteCnt);
94*45818ee1SMatthew Ahrens int Skein1024_Update(Skein1024_Ctxt_t *ctx, const uint8_t *msg,
95*45818ee1SMatthew Ahrens     size_t msgByteCnt);
96*45818ee1SMatthew Ahrens 
97*45818ee1SMatthew Ahrens int Skein_256_Final(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
98*45818ee1SMatthew Ahrens int Skein_512_Final(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
99*45818ee1SMatthew Ahrens int Skein1024_Final(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
100*45818ee1SMatthew Ahrens 
101*45818ee1SMatthew Ahrens /*
102*45818ee1SMatthew Ahrens  * Skein APIs for "extended" initialization: MAC keys, tree hashing.
103*45818ee1SMatthew Ahrens  * After an InitExt() call, just use Update/Final calls as with Init().
104*45818ee1SMatthew Ahrens  *
105*45818ee1SMatthew Ahrens  * Notes: Same parameters as _Init() calls, plus treeInfo/key/keyBytes.
106*45818ee1SMatthew Ahrens  *          When keyBytes == 0 and treeInfo == SKEIN_SEQUENTIAL,
107*45818ee1SMatthew Ahrens  *              the results of InitExt() are identical to calling Init().
108*45818ee1SMatthew Ahrens  *          The function Init() may be called once to "precompute" the IV for
109*45818ee1SMatthew Ahrens  *              a given hashBitLen value, then by saving a copy of the context
110*45818ee1SMatthew Ahrens  *              the IV computation may be avoided in later calls.
111*45818ee1SMatthew Ahrens  *          Similarly, the function InitExt() may be called once per MAC key
112*45818ee1SMatthew Ahrens  *              to precompute the MAC IV, then a copy of the context saved and
113*45818ee1SMatthew Ahrens  *              reused for each new MAC computation.
114*45818ee1SMatthew Ahrens  */
115*45818ee1SMatthew Ahrens int Skein_256_InitExt(Skein_256_Ctxt_t *ctx, size_t hashBitLen,
116*45818ee1SMatthew Ahrens     uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
117*45818ee1SMatthew Ahrens int Skein_512_InitExt(Skein_512_Ctxt_t *ctx, size_t hashBitLen,
118*45818ee1SMatthew Ahrens     uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
119*45818ee1SMatthew Ahrens int Skein1024_InitExt(Skein1024_Ctxt_t *ctx, size_t hashBitLen,
120*45818ee1SMatthew Ahrens     uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
121*45818ee1SMatthew Ahrens 
122*45818ee1SMatthew Ahrens /*
123*45818ee1SMatthew Ahrens  * Skein APIs for MAC and tree hash:
124*45818ee1SMatthew Ahrens  *	Final_Pad: pad, do final block, but no OUTPUT type
125*45818ee1SMatthew Ahrens  *	Output:    do just the output stage
126*45818ee1SMatthew Ahrens  */
127*45818ee1SMatthew Ahrens int Skein_256_Final_Pad(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
128*45818ee1SMatthew Ahrens int Skein_512_Final_Pad(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
129*45818ee1SMatthew Ahrens int Skein1024_Final_Pad(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
130*45818ee1SMatthew Ahrens 
131*45818ee1SMatthew Ahrens #ifndef	SKEIN_TREE_HASH
132*45818ee1SMatthew Ahrens #define	SKEIN_TREE_HASH (1)
133*45818ee1SMatthew Ahrens #endif
134*45818ee1SMatthew Ahrens #if	SKEIN_TREE_HASH
135*45818ee1SMatthew Ahrens int Skein_256_Output(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
136*45818ee1SMatthew Ahrens int Skein_512_Output(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
137*45818ee1SMatthew Ahrens int Skein1024_Output(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
138*45818ee1SMatthew Ahrens #endif
139*45818ee1SMatthew Ahrens 
140*45818ee1SMatthew Ahrens /*
141*45818ee1SMatthew Ahrens  * When you initialize a Skein KCF hashing method you can pass this param
142*45818ee1SMatthew Ahrens  * structure in cm_param to fine-tune the algorithm's defaults.
143*45818ee1SMatthew Ahrens  */
144*45818ee1SMatthew Ahrens typedef struct skein_param {
145*45818ee1SMatthew Ahrens 	size_t	sp_digest_bitlen;		/* length of digest in bits */
146*45818ee1SMatthew Ahrens } skein_param_t;
147*45818ee1SMatthew Ahrens 
148*45818ee1SMatthew Ahrens /* Module definitions */
149*45818ee1SMatthew Ahrens #ifdef	SKEIN_MODULE_IMPL
150*45818ee1SMatthew Ahrens #define	CKM_SKEIN_256				"CKM_SKEIN_256"
151*45818ee1SMatthew Ahrens #define	CKM_SKEIN_512				"CKM_SKEIN_512"
152*45818ee1SMatthew Ahrens #define	CKM_SKEIN1024				"CKM_SKEIN1024"
153*45818ee1SMatthew Ahrens #define	CKM_SKEIN_256_MAC			"CKM_SKEIN_256_MAC"
154*45818ee1SMatthew Ahrens #define	CKM_SKEIN_512_MAC			"CKM_SKEIN_512_MAC"
155*45818ee1SMatthew Ahrens #define	CKM_SKEIN1024_MAC			"CKM_SKEIN1024_MAC"
156*45818ee1SMatthew Ahrens 
157*45818ee1SMatthew Ahrens typedef enum skein_mech_type {
158*45818ee1SMatthew Ahrens 	SKEIN_256_MECH_INFO_TYPE,
159*45818ee1SMatthew Ahrens 	SKEIN_512_MECH_INFO_TYPE,
160*45818ee1SMatthew Ahrens 	SKEIN1024_MECH_INFO_TYPE,
161*45818ee1SMatthew Ahrens 	SKEIN_256_MAC_MECH_INFO_TYPE,
162*45818ee1SMatthew Ahrens 	SKEIN_512_MAC_MECH_INFO_TYPE,
163*45818ee1SMatthew Ahrens 	SKEIN1024_MAC_MECH_INFO_TYPE
164*45818ee1SMatthew Ahrens } skein_mech_type_t;
165*45818ee1SMatthew Ahrens 
166*45818ee1SMatthew Ahrens #define	VALID_SKEIN_DIGEST_MECH(__mech)				\
167*45818ee1SMatthew Ahrens 	((int)(__mech) >= SKEIN_256_MECH_INFO_TYPE &&		\
168*45818ee1SMatthew Ahrens 	(__mech) <= SKEIN1024_MECH_INFO_TYPE)
169*45818ee1SMatthew Ahrens #define	VALID_SKEIN_MAC_MECH(__mech)				\
170*45818ee1SMatthew Ahrens 	((int)(__mech) >= SKEIN_256_MAC_MECH_INFO_TYPE &&	\
171*45818ee1SMatthew Ahrens 	(__mech) <= SKEIN1024_MAC_MECH_INFO_TYPE)
172*45818ee1SMatthew Ahrens #endif	/* SKEIN_MODULE_IMPL */
173*45818ee1SMatthew Ahrens 
174*45818ee1SMatthew Ahrens #ifdef	__cplusplus
175*45818ee1SMatthew Ahrens }
176*45818ee1SMatthew Ahrens #endif
177*45818ee1SMatthew Ahrens 
178*45818ee1SMatthew Ahrens #endif	/* _SYS_SKEIN_H_ */
179