|  | // Copyright lowRISC contributors. | 
|  | // Licensed under the Apache License, Version 2.0, see LICENSE for details. | 
|  | // SPDX-License-Identifier: Apache-2.0 | 
|  | #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_KMAC_H_ | 
|  | #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_KMAC_H_ | 
|  |  | 
|  | #include <stddef.h> | 
|  | #include <stdint.h> | 
|  |  | 
|  | #include "sw/device/lib/base/macros.h" | 
|  |  | 
|  | #ifdef __cplusplus | 
|  | extern "C" { | 
|  | #endif | 
|  |  | 
|  | /** | 
|  | * List of supported KMAC modes. | 
|  | * | 
|  | * We might need to reconsider whether we want to better organize this enum, | 
|  | * and if we want to split the large init/update API to individual functions, | 
|  | * e.g. kmac_init_sha3(kSha3Length384) or kmac_init_sha3_384(). | 
|  | */ | 
|  | typedef enum kmac_operation { | 
|  | kSHA3_224, | 
|  | kSHA3_256, | 
|  | kSHA3_384, | 
|  | kSHA3_512, | 
|  | kSHAKE128, | 
|  | kSHAKE256, | 
|  | kcSHAKE128, | 
|  | kcSHAKE256 | 
|  | } kmac_operation_t; | 
|  |  | 
|  | /** | 
|  | * Error return types for KMAC. | 
|  | * | 
|  | * This is not the exhaustive list, so the fields of this enum are likely to be | 
|  | * revised later. | 
|  | */ | 
|  | typedef enum kmac_error { | 
|  | kKmacOk = 0, | 
|  | kKmacInternalError = 1, | 
|  | kKmacArgsError = 2, | 
|  | kKmacNotImplemented = 3, | 
|  | } kmac_error_t; | 
|  |  | 
|  | /** | 
|  | * Initializes the KMAC configuration. | 
|  | * | 
|  | * In particular, this function sets the CFG register of KMAC for given | 
|  | * `operation_type`. The struct type kmac_operation_t is defined in a way that | 
|  | * each field inherently implies a fixed security strength (i.e. half of Keccak | 
|  | * capacity). For instance, if we want to run SHA-3 with 224-bit digest size, | 
|  | * then `operation_type` = kSHA3_224. | 
|  | * | 
|  | * @param operation_type The chosen operation, see kmac_operation_t struct. | 
|  | * @return Error of type kmac_error_t. | 
|  | */ | 
|  | OT_WARN_UNUSED_RESULT | 
|  | kmac_error_t kmac_init(kmac_operation_t operation_type); | 
|  |  | 
|  | /** | 
|  | * Feeds the given input string to KMAC core, and produces the digest. | 
|  | * | 
|  | * Before running this, the operation type must be configured with kmac_init. | 
|  | * Then, we can use this function to feed various bytes of data to the KMAC | 
|  | * core. Note that this is a one-shot implementation, and it does not support | 
|  | * streaming mode. This decision is in accord with OpenTitan's Crypto Library | 
|  | * Specification. Refer to the Hash section of this specification. | 
|  | * | 
|  | * Current implementation has few limitiations: | 
|  | * | 
|  | * 1. `data` pointer is assumed to be word-aligned. The case where `data` is not | 
|  | * divisible by 4 is not yet implemented. | 
|  | * 2. Currently, there is no error check on consisteny of the input parameters. | 
|  | * For instance, one can invoke SHA-3_224 with digest_len=32, which will produce | 
|  | * 256 bits of digest. | 
|  | * | 
|  | * Requirements: | 
|  | * 1. The caller must ensure that `digest` is large enough to accommodate | 
|  | * `digest_len` bytes. | 
|  | * | 
|  | * @param data Byte pointer to the input string. | 
|  | * @param data_len The number of bytes pointed by `data`. | 
|  | * @param digest The buffer to which the result will be written. | 
|  | * @param digest_len The length of the digest, i.e. the number of bytes read | 
|  | * from the final Keccak state. | 
|  | */ | 
|  | OT_WARN_UNUSED_RESULT | 
|  | kmac_error_t kmac_update(const uint8_t *data, size_t data_len, uint8_t *digest, | 
|  | size_t digest_len); | 
|  |  | 
|  | #ifdef __cplusplus | 
|  | } | 
|  | #endif | 
|  |  | 
|  | #endif  // OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_KMAC_H_ |