xref: /freebsd/crypto/libecc/src/examples/hash/gostr34_11_94.h (revision f0865ec9906d5a18fa2a3b61381f22ce16e606ad) 
1*f0865ec9SKyle Evans /*
2*f0865ec9SKyle Evans  *  Copyright (C) 2021 - This file is part of libecc project
3*f0865ec9SKyle Evans  *
4*f0865ec9SKyle Evans  *  Authors:
5*f0865ec9SKyle Evans  *      Ryad BENADJILA <ryadbenadjila@gmail.com>
6*f0865ec9SKyle Evans  *      Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr>
7*f0865ec9SKyle Evans  *
8*f0865ec9SKyle Evans  *  This software is licensed under a dual BSD and GPL v2 license.
9*f0865ec9SKyle Evans  *  See LICENSE file at the root folder of the project.
10*f0865ec9SKyle Evans  */
11*f0865ec9SKyle Evans #ifndef __GOSTR34_11_94_H__
12*f0865ec9SKyle Evans #define __GOSTR34_11_94_H__
13*f0865ec9SKyle Evans 
14*f0865ec9SKyle Evans /* Include libec for useful types and macros */
15*f0865ec9SKyle Evans #include <libecc/libec.h>
16*f0865ec9SKyle Evans 
17*f0865ec9SKyle Evans /****************************************************/
18*f0865ec9SKyle Evans /*
19*f0865ec9SKyle Evans  * 32-bit integer manipulation macros
20*f0865ec9SKyle Evans  */
21*f0865ec9SKyle Evans #ifndef GET_UINT32_BE
22*f0865ec9SKyle Evans #define GET_UINT32_BE(n, b, i)			  	\
23*f0865ec9SKyle Evans do {						    	\
24*f0865ec9SKyle Evans 	(n) =     ( ((u32) (b)[(i)    ]) << 24 )   	\
25*f0865ec9SKyle Evans 		| ( ((u32) (b)[(i) + 1]) << 16 )	\
26*f0865ec9SKyle Evans 		| ( ((u32) (b)[(i) + 2]) <<  8 )	\
27*f0865ec9SKyle Evans 		| ( ((u32) (b)[(i) + 3])       );       \
28*f0865ec9SKyle Evans } while( 0 )
29*f0865ec9SKyle Evans #endif
30*f0865ec9SKyle Evans #ifndef GET_UINT32_LE
31*f0865ec9SKyle Evans #define GET_UINT32_LE(n, b, i)			  	\
32*f0865ec9SKyle Evans do {						    	\
33*f0865ec9SKyle Evans 	(n) =     ( ((u32) (b)[(i) + 3]) << 24 )   	\
34*f0865ec9SKyle Evans 		| ( ((u32) (b)[(i) + 2]) << 16 )	\
35*f0865ec9SKyle Evans 		| ( ((u32) (b)[(i) + 1]) <<  8 )	\
36*f0865ec9SKyle Evans 		| ( ((u32) (b)[(i)    ])       );       \
37*f0865ec9SKyle Evans } while( 0 )
38*f0865ec9SKyle Evans #endif
39*f0865ec9SKyle Evans 
40*f0865ec9SKyle Evans 
41*f0865ec9SKyle Evans #ifndef PUT_UINT32_BE
42*f0865ec9SKyle Evans #define PUT_UINT32_BE(n, b, i)		  	\
43*f0865ec9SKyle Evans do {					    	\
44*f0865ec9SKyle Evans 	(b)[(i)    ] = (u8) ( (n) >> 24 );      \
45*f0865ec9SKyle Evans 	(b)[(i) + 1] = (u8) ( (n) >> 16 );      \
46*f0865ec9SKyle Evans 	(b)[(i) + 2] = (u8) ( (n) >>  8 );      \
47*f0865ec9SKyle Evans 	(b)[(i) + 3] = (u8) ( (n)       );      \
48*f0865ec9SKyle Evans } while( 0 )
49*f0865ec9SKyle Evans #endif
50*f0865ec9SKyle Evans 
51*f0865ec9SKyle Evans #ifndef PUT_UINT32_LE
52*f0865ec9SKyle Evans #define PUT_UINT32_LE(n, b, i)		  	\
53*f0865ec9SKyle Evans do {					    	\
54*f0865ec9SKyle Evans 	(b)[(i) + 3] = (u8) ( (n) >> 24 );      \
55*f0865ec9SKyle Evans 	(b)[(i) + 2] = (u8) ( (n) >> 16 );      \
56*f0865ec9SKyle Evans 	(b)[(i) + 1] = (u8) ( (n) >>  8 );      \
57*f0865ec9SKyle Evans 	(b)[(i)    ] = (u8) ( (n)       );      \
58*f0865ec9SKyle Evans } while( 0 )
59*f0865ec9SKyle Evans #endif
60*f0865ec9SKyle Evans 
61*f0865ec9SKyle Evans /*
62*f0865ec9SKyle Evans  * 64-bit integer manipulation macros
63*f0865ec9SKyle Evans  */
64*f0865ec9SKyle Evans #ifndef GET_UINT64_BE
65*f0865ec9SKyle Evans #define GET_UINT64_BE(n,b,i)                            \
66*f0865ec9SKyle Evans do {                                                    \
67*f0865ec9SKyle Evans     (n) = ( ((u64) (b)[(i)    ]) << 56 )                \
68*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 1]) << 48 )                \
69*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 2]) << 40 )                \
70*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 3]) << 32 )                \
71*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 4]) << 24 )                \
72*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 5]) << 16 )                \
73*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 6]) <<  8 )                \
74*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 7])            );          \
75*f0865ec9SKyle Evans } while( 0 )
76*f0865ec9SKyle Evans #endif /* GET_UINT64_BE */
77*f0865ec9SKyle Evans 
78*f0865ec9SKyle Evans #ifndef GET_UINT64_LE
79*f0865ec9SKyle Evans #define GET_UINT64_LE(n,b,i)                            \
80*f0865ec9SKyle Evans do {                                                    \
81*f0865ec9SKyle Evans     (n) = ( ((u64) (b)[(i) + 7]) << 56 )                \
82*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 6]) << 48 )                \
83*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 5]) << 40 )                \
84*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 4]) << 32 )                \
85*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 3]) << 24 )                \
86*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 2]) << 16 )                \
87*f0865ec9SKyle Evans         | ( ((u64) (b)[(i) + 1]) <<  8 )                \
88*f0865ec9SKyle Evans         | ( ((u64) (b)[(i)    ])            );          \
89*f0865ec9SKyle Evans } while( 0 )
90*f0865ec9SKyle Evans #endif /* GET_UINT64_LE */
91*f0865ec9SKyle Evans 
92*f0865ec9SKyle Evans #ifndef PUT_UINT64_BE
93*f0865ec9SKyle Evans #define PUT_UINT64_BE(n,b,i)            \
94*f0865ec9SKyle Evans do {                                    \
95*f0865ec9SKyle Evans     (b)[(i)    ] = (u8) ( (n) >> 56 );  \
96*f0865ec9SKyle Evans     (b)[(i) + 1] = (u8) ( (n) >> 48 );  \
97*f0865ec9SKyle Evans     (b)[(i) + 2] = (u8) ( (n) >> 40 );  \
98*f0865ec9SKyle Evans     (b)[(i) + 3] = (u8) ( (n) >> 32 );  \
99*f0865ec9SKyle Evans     (b)[(i) + 4] = (u8) ( (n) >> 24 );  \
100*f0865ec9SKyle Evans     (b)[(i) + 5] = (u8) ( (n) >> 16 );  \
101*f0865ec9SKyle Evans     (b)[(i) + 6] = (u8) ( (n) >>  8 );  \
102*f0865ec9SKyle Evans     (b)[(i) + 7] = (u8) ( (n)       );  \
103*f0865ec9SKyle Evans } while( 0 )
104*f0865ec9SKyle Evans #endif /* PUT_UINT64_BE */
105*f0865ec9SKyle Evans 
106*f0865ec9SKyle Evans #ifndef PUT_UINT64_LE
107*f0865ec9SKyle Evans #define PUT_UINT64_LE(n,b,i)            \
108*f0865ec9SKyle Evans do {                                    \
109*f0865ec9SKyle Evans     (b)[(i) + 7] = (u8) ( (n) >> 56 );  \
110*f0865ec9SKyle Evans     (b)[(i) + 6] = (u8) ( (n) >> 48 );  \
111*f0865ec9SKyle Evans     (b)[(i) + 5] = (u8) ( (n) >> 40 );  \
112*f0865ec9SKyle Evans     (b)[(i) + 4] = (u8) ( (n) >> 32 );  \
113*f0865ec9SKyle Evans     (b)[(i) + 3] = (u8) ( (n) >> 24 );  \
114*f0865ec9SKyle Evans     (b)[(i) + 2] = (u8) ( (n) >> 16 );  \
115*f0865ec9SKyle Evans     (b)[(i) + 1] = (u8) ( (n) >>  8 );  \
116*f0865ec9SKyle Evans     (b)[(i)    ] = (u8) ( (n)       );  \
117*f0865ec9SKyle Evans } while( 0 )
118*f0865ec9SKyle Evans #endif /* PUT_UINT64_LE */
119*f0865ec9SKyle Evans 
120*f0865ec9SKyle Evans #define GOSTR34_11_94_STATE_SIZE   4
121*f0865ec9SKyle Evans #define GOSTR34_11_94_BLOCK_SIZE   32
122*f0865ec9SKyle Evans #define GOSTR34_11_94_DIGEST_SIZE  32
123*f0865ec9SKyle Evans #define GOSTR34_11_94_DIGEST_SIZE_BITS  256
124*f0865ec9SKyle Evans 
125*f0865ec9SKyle Evans #define GOSTR34_11_94_HASH_MAGIC ((word_t)(0x1262734139734143ULL))
126*f0865ec9SKyle Evans #define GOSTR34_11_94_HASH_CHECK_INITIALIZED(A, ret, err) \
127*f0865ec9SKyle Evans 	MUST_HAVE((((void *)(A)) != NULL) && ((A)->magic == GOSTR34_11_94_HASH_MAGIC), ret, err)
128*f0865ec9SKyle Evans 
129*f0865ec9SKyle Evans #define ROTL_GOSTR34_11_94(x, n)      ((((u32)(x)) << (n)) | (((u32)(x)) >> (32-(n))))
130*f0865ec9SKyle Evans 
131*f0865ec9SKyle Evans /* All the inner operations */
132*f0865ec9SKyle Evans 
133*f0865ec9SKyle Evans typedef enum {
134*f0865ec9SKyle Evans 	GOST34_11_94_NORM   = 0,
135*f0865ec9SKyle Evans 	GOST34_11_94_RFC4357 = 1,
136*f0865ec9SKyle Evans } gostr34_11_94_type;
137*f0865ec9SKyle Evans 
138*f0865ec9SKyle Evans typedef struct {
139*f0865ec9SKyle Evans 	/* "Type" of GOST, changing the SBOX to use */
140*f0865ec9SKyle Evans 	gostr34_11_94_type gostr34_11_94_t;
141*f0865ec9SKyle Evans 	/* Number of bytes processed */
142*f0865ec9SKyle Evans 	u64 gostr34_11_94_total;
143*f0865ec9SKyle Evans 	/* Internal state: 4 64-bit values */
144*f0865ec9SKyle Evans 	u64 gostr34_11_94_state[GOSTR34_11_94_STATE_SIZE];
145*f0865ec9SKyle Evans 	/* Internal buffer to handle updates in a block */
146*f0865ec9SKyle Evans 	u8 gostr34_11_94_buffer[GOSTR34_11_94_BLOCK_SIZE];
147*f0865ec9SKyle Evans 	/* The sum */
148*f0865ec9SKyle Evans 	u64 gostr34_11_94_sum[GOSTR34_11_94_STATE_SIZE];
149*f0865ec9SKyle Evans 	/* Initialization magic value */
150*f0865ec9SKyle Evans 	word_t magic;
151*f0865ec9SKyle Evans } gostr34_11_94_context;
152*f0865ec9SKyle Evans 
153*f0865ec9SKyle Evans 
154*f0865ec9SKyle Evans /* Init hash function. Returns 0 on success, -1 on error. */
155*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_init(gostr34_11_94_context *ctx);
156*f0865ec9SKyle Evans 
157*f0865ec9SKyle Evans /* Function to modify the initial IV as it is not imposed by the RFCs */
158*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_set_iv(gostr34_11_94_context *ctx, const u64 iv[GOSTR34_11_94_STATE_SIZE]);
159*f0865ec9SKyle Evans 
160*f0865ec9SKyle Evans /* Function to modify the GOST type (that will dictate the underlying SBOX to use for block encryption) */
161*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_set_type(gostr34_11_94_context *ctx, gostr34_11_94_type type);
162*f0865ec9SKyle Evans 
163*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_update(gostr34_11_94_context *ctx, const u8 *input, u32 ilen);
164*f0865ec9SKyle Evans 
165*f0865ec9SKyle Evans /* Finalize. Returns 0 on success, -1 on error.*/
166*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_final(gostr34_11_94_context *ctx, u8 output[GOSTR34_11_94_DIGEST_SIZE]);
167*f0865ec9SKyle Evans 
168*f0865ec9SKyle Evans /*
169*f0865ec9SKyle Evans  * Scattered version performing init/update/finalize on a vector of buffers
170*f0865ec9SKyle Evans  * 'inputs' with the length of each buffer passed via 'ilens'. The function
171*f0865ec9SKyle Evans  * loops on pointers in 'inputs' until it finds a NULL pointer. The function
172*f0865ec9SKyle Evans  * returns 0 on success, -1 on error.
173*f0865ec9SKyle Evans  */
174*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_scattered(const u8 **inputs, const u32 *ilens,
175*f0865ec9SKyle Evans 		      u8 output[GOSTR34_11_94_DIGEST_SIZE], gostr34_11_94_type type);
176*f0865ec9SKyle Evans 
177*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_scattered_norm(const u8 **inputs, const u32 *ilens,
178*f0865ec9SKyle Evans 		      u8 output[GOSTR34_11_94_DIGEST_SIZE]);
179*f0865ec9SKyle Evans 
180*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_scattered_rfc4357(const u8 **inputs, const u32 *ilens,
181*f0865ec9SKyle Evans 		      u8 output[GOSTR34_11_94_DIGEST_SIZE]);
182*f0865ec9SKyle Evans 
183*f0865ec9SKyle Evans /*
184*f0865ec9SKyle Evans  * Single call version performing init/update/final on given input.
185*f0865ec9SKyle Evans  * Returns 0 on success, -1 on error.
186*f0865ec9SKyle Evans  */
187*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94(const u8 *input, u32 ilen, u8 output[GOSTR34_11_94_DIGEST_SIZE], gostr34_11_94_type type);
188*f0865ec9SKyle Evans 
189*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_norm(const u8 *input, u32 ilen, u8 output[GOSTR34_11_94_DIGEST_SIZE]);
190*f0865ec9SKyle Evans 
191*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int gostr34_11_94_rfc4357(const u8 *input, u32 ilen, u8 output[GOSTR34_11_94_DIGEST_SIZE]);
192*f0865ec9SKyle Evans 
193*f0865ec9SKyle Evans #endif /* __GOSTR34_11_94_H__ */
194