45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Interface declarations for Skein hashing.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Source code author: Doug Whiting, 2008.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * This algorithm and source code is released to the public domain.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * The following compile-time switches may be defined to control some
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * tradeoffs between speed, code size, error checking, and security.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * The "default" note explains what happens when the switch is not defined.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * SKEIN_DEBUG -- make callouts from inside Skein code
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * to examine/display intermediate values.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * [default: no callouts (no overhead)]
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * SKEIN_ERR_CHECK -- how error checking is handled inside Skein
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * code. If not defined, most error checking
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * is disabled (for performance). Otherwise,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * the switch value is interpreted as:
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * 0: use assert() to flag errors
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * 1: return SKEIN_FAIL to flag errors
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens/* Copyright 2013 Doug Whiting. This code is released to the public domain. */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#include <sys/types.h> /* get size_t definition */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens SKEIN_SUCCESS = 0, /* return codes from Skein calls */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_MODIFIER_WORDS (2) /* number of modifier (tweak) words */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_256_STATE_BYTES (8 * SKEIN_256_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_512_STATE_BYTES (8 * SKEIN_512_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN1024_STATE_BYTES (8 * SKEIN1024_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_256_STATE_BITS (64 * SKEIN_256_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_512_STATE_BITS (64 * SKEIN_512_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN1024_STATE_BITS (64 * SKEIN1024_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_256_BLOCK_BYTES (8 * SKEIN_256_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN_512_BLOCK_BYTES (8 * SKEIN_512_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#define SKEIN1024_BLOCK_BYTES (8 * SKEIN1024_STATE_WORDS)
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrenstypedef struct {
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens size_t hashBitLen; /* size of hash result, in bits */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens size_t bCnt; /* current byte count in buffer b[] */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens /* tweak words: T[0]=byte cnt, T[1]=flags */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrenstypedef struct { /* 256-bit Skein hash context structure */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens Skein_Ctxt_Hdr_t h; /* common header context variables */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens uint64_t X[SKEIN_256_STATE_WORDS]; /* chaining variables */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens /* partial block buffer (8-byte aligned) */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrenstypedef struct { /* 512-bit Skein hash context structure */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens Skein_Ctxt_Hdr_t h; /* common header context variables */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens uint64_t X[SKEIN_512_STATE_WORDS]; /* chaining variables */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens /* partial block buffer (8-byte aligned) */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrenstypedef struct { /* 1024-bit Skein hash context structure */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens Skein_Ctxt_Hdr_t h; /* common header context variables */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens uint64_t X[SKEIN1024_STATE_WORDS]; /* chaining variables */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens /* partial block buffer (8-byte aligned) */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens/* Skein APIs for (incremental) "straight hashing" */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_256_Init(Skein_256_Ctxt_t *ctx, size_t hashBitLen);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_512_Init(Skein_512_Ctxt_t *ctx, size_t hashBitLen);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein1024_Init(Skein1024_Ctxt_t *ctx, size_t hashBitLen);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_256_Update(Skein_256_Ctxt_t *ctx, const uint8_t *msg,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_512_Update(Skein_512_Ctxt_t *ctx, const uint8_t *msg,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein1024_Update(Skein1024_Ctxt_t *ctx, const uint8_t *msg,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_256_Final(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_512_Final(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein1024_Final(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Skein APIs for "extended" initialization: MAC keys, tree hashing.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * After an InitExt() call, just use Update/Final calls as with Init().
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Notes: Same parameters as _Init() calls, plus treeInfo/key/keyBytes.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * When keyBytes == 0 and treeInfo == SKEIN_SEQUENTIAL,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * the results of InitExt() are identical to calling Init().
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * The function Init() may be called once to "precompute" the IV for
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * a given hashBitLen value, then by saving a copy of the context
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * the IV computation may be avoided in later calls.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Similarly, the function InitExt() may be called once per MAC key
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * to precompute the MAC IV, then a copy of the context saved and
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * reused for each new MAC computation.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_256_InitExt(Skein_256_Ctxt_t *ctx, size_t hashBitLen,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_512_InitExt(Skein_512_Ctxt_t *ctx, size_t hashBitLen,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein1024_InitExt(Skein1024_Ctxt_t *ctx, size_t hashBitLen,
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens uint64_t treeInfo, const uint8_t *key, size_t keyBytes);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Skein APIs for MAC and tree hash:
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Final_Pad: pad, do final block, but no OUTPUT type
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * Output: do just the output stage
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_256_Final_Pad(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_512_Final_Pad(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein1024_Final_Pad(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_256_Output(Skein_256_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein_512_Output(Skein_512_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrensint Skein1024_Output(Skein1024_Ctxt_t *ctx, uint8_t *hashVal);
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * When you initialize a Skein KCF hashing method you can pass this param
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens * structure in cm_param to fine-tune the algorithm's defaults.
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens size_t sp_digest_bitlen; /* length of digest in bits */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens/* Module definitions */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens ((int)(__mech) >= SKEIN_256_MECH_INFO_TYPE && \
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens ((int)(__mech) >= SKEIN_256_MAC_MECH_INFO_TYPE && \
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#endif /* SKEIN_MODULE_IMPL */
45818ee124adeaaf947698996b4f4c722afc6d1fMatthew Ahrens#endif /* _SYS_SKEIN_H_ */