// Copyright lowRISC contributors.
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_KMAC_H_
#define OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_KMAC_H_

#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>

#include "sw/device/lib/base/macros.h"
#include "sw/device/lib/crypto/include/datatypes.h"

#ifdef __cplusplus
extern "C" {
#endif

/**
 * The exposed costants to caller functions.
 */
enum {
  // The total size of prefix registers (in bytes), after removing len encodings
  kKmacPrefixMaxSize = 40,
};

/**
 * Error return types for KMAC.
 *
 * This is not the exhaustive list, so the fields of this enum are likely to be
 * revised later.
 */
typedef enum kmac_error {
  kKmacOk = 0,
  kKmacInternalError,
  kKmacNotIdle,
  kKmacCfgWriteDisabled,
  kKmacIntrErrPending,
  kKmacCfgDisabledError,
  kKmacFatalFaultError,
  kKmacRecovFaultError,
  kKmacArgsError,
  kKmacDigestLenTooLongError,
  kKmacUnsupportedKeySizeError,
  kKmacNotImplemented,
  kKmacCustomPaddingError,
  kKmacUnsupportedPaddingLength,
} kmac_error_t;

/**
 * Simplified key struct to pass blinded key internally.
 */
typedef struct kmac_blinded_key {
  const uint32_t *share0;
  const uint32_t *share1;
  // The length of single share (in bytes)
  size_t len;
} kmac_blinded_key_t;

/**
 * Check whether given key length is valid for KMAC.

 * @param key_len Key length as input.
 * @return Return true if given key length is valid.
 */
OT_WARN_UNUSED_RESULT
bool kmac_is_valid_key_len(size_t key_len);

/**
 * Set the "global" config of HWIP
 *
 * For the moment, we have a number of configuation options needs to be
 * configured at session level. This functions serves as a temporary
 * solution by setting default values to this configuration.
 * TODO: Define config struct and pass it as argument.
 * TODO: see #14832
 *
 * Warning: This function sets `entropy_ready`, which triggers kmac_entropy's
 * FSM to jump to next step. Therefore, the caller of this function should make
 * sure that entropy is configured properly beforehand.
 *
 * It enforces the following as the default configuration:
 * It touches the following fields of CSRs:
 *   CFG register:
 *     endianness, entropy_mode, fast_process, msg_mask, ent_ready,
 * err_processed, en_unsup_mode EDN refresh settings: hash threshold refresh
 * counter entropy seed -> ignore? INTR_ENABLE: all disabled
 *
 * @return Error code.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_hwip_default_configure(void);

/**
 * Compute SHA-3-224 in one-shot.
 *
 * Warning: The caller must ensure that `digest` buffer is large
 * enough to store the resulting digest (at least 224 / 8 = 28 bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_sha3_224(crypto_const_uint8_buf_t message,
                           crypto_uint8_buf_t *digest);

/**
 * Compute SHA-3-256 in one-shot.
 *
 * Warning: The caller must ensure that `digest` buffer is large
 * enough to store the resulting digest (at least 256 / 8 = 32 bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_sha3_256(crypto_const_uint8_buf_t message,
                           crypto_uint8_buf_t *digest);
/**
 * Compute SHA-3-384 in one-shot.
 *
 * Warning: The caller must ensure that `digest` buffer is large
 * enough to store the resulting digest (at least 384 / 8 = 48 bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_sha3_384(crypto_const_uint8_buf_t message,
                           crypto_uint8_buf_t *digest);

/**
 * Compute SHA-3-512 in one-shot.
 *
 * Warning: The caller must ensure that `digest` buffer is large
 * enough to store the resulting digest (at least 512 / 8 = 64 bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_sha3_512(crypto_const_uint8_buf_t message,
                           crypto_uint8_buf_t *digest);

/**
 * Compute SHAKE-128 in one-shot.
 *
 * Warning: The caller must ensure that `digest->len` contains the
 * requested digest length (in bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_shake_128(crypto_const_uint8_buf_t message,
                            crypto_uint8_buf_t *digest);

/**
 * Compute SHAKE-256 in one-shot.
 *
 * Warning: The caller must ensure that `digest->len` contains the
 * requested digest length (in bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_shake_256(crypto_const_uint8_buf_t message,
                            crypto_uint8_buf_t *digest);

/**
 * Compute CSHAKE-128 in one-shot.
 *
 * Warning: The caller must ensure that `digest->len` contains the
 * requested digest length (in bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param func_name The function name.
 * @param cust_str The customization string.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_cshake_128(crypto_const_uint8_buf_t message,
                             crypto_const_uint8_buf_t func_name,
                             crypto_const_uint8_buf_t cust_str,
                             crypto_uint8_buf_t *digest);

/**
 * Compute CSHAKE-256 in one-shot.
 *
 * Warning: The caller must ensure that `digest->len` contains the
 * requested digest length (in bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param message The input message.
 * @param func_name The function name.
 * @param cust_str The customization string.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_cshake_256(crypto_const_uint8_buf_t message,
                             crypto_const_uint8_buf_t func_name,
                             crypto_const_uint8_buf_t cust_str,
                             crypto_uint8_buf_t *digest);

/**
 * Compute KMAC-128 in one-shot.
 *
 * Warning: The caller must ensure that `digest->len` contains the
 * requested digest length (in bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param key The input key as a struct.
 * @param message The input message.
 * @param func_name The function name.
 * @param cust_str The customization string.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_kmac_128(kmac_blinded_key_t *key,
                           crypto_const_uint8_buf_t message,
                           crypto_const_uint8_buf_t cust_str,
                           crypto_uint8_buf_t *digest);

/**
 * Compute KMAC-256 in one-shot.
 *
 * Warning: The caller must ensure that `digest->len` contains the
 * requested digest length (in bytes).
 *
 * The caller must ensure that `message` and `digest` have properly
 * allocated `data` fields whose length matches their `len` fields.
 *
 * @param key The input key as a struct.
 * @param message The input message.
 * @param func_name The function name.
 * @param cust_str The customization string.
 * @param digest The digest buffer to return the result.
 * @return Error status.
 */
OT_WARN_UNUSED_RESULT
kmac_error_t kmac_kmac_256(kmac_blinded_key_t *key,
                           crypto_const_uint8_buf_t message,
                           crypto_const_uint8_buf_t cust_str,
                           crypto_uint8_buf_t *digest);

#ifdef __cplusplus
}
#endif

#endif  // OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_KMAC_H_