xref: /freebsd/crypto/openssl/providers/implementations/macs/kmac_prov.c (revision 02e9120893770924227138ba49df1edb3896112a)
1 /*
2  * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * See SP800-185 "Appendix A - KMAC, .... in Terms of Keccak[c]"
12  *
13  * Inputs are:
14  *    K = Key                  (len(K) < 2^2040 bits)
15  *    X = Input
16  *    L = Output length        (0 <= L < 2^2040 bits)
17  *    S = Customization String Default="" (len(S) < 2^2040 bits)
18  *
19  * KMAC128(K, X, L, S)
20  * {
21  *     newX = bytepad(encode_string(K), 168) ||  X || right_encode(L).
22  *     T = bytepad(encode_string("KMAC") || encode_string(S), 168).
23  *     return KECCAK[256](T || newX || 00, L).
24  * }
25  *
26  * KMAC256(K, X, L, S)
27  * {
28  *     newX = bytepad(encode_string(K), 136) ||  X || right_encode(L).
29  *     T = bytepad(encode_string("KMAC") || encode_string(S), 136).
30  *     return KECCAK[512](T || newX || 00, L).
31  * }
32  *
33  * KMAC128XOF(K, X, L, S)
34  * {
35  *     newX = bytepad(encode_string(K), 168) ||  X || right_encode(0).
36  *     T = bytepad(encode_string("KMAC") || encode_string(S), 168).
37  *     return KECCAK[256](T || newX || 00, L).
38  * }
39  *
40  * KMAC256XOF(K, X, L, S)
41  * {
42  *     newX = bytepad(encode_string(K), 136) ||  X || right_encode(0).
43  *     T = bytepad(encode_string("KMAC") || encode_string(S), 136).
44  *     return KECCAK[512](T || newX || 00, L).
45  * }
46  *
47  */
48 
49 #include <stdlib.h>
50 #include <string.h>
51 #include <openssl/core_dispatch.h>
52 #include <openssl/core_names.h>
53 #include <openssl/params.h>
54 #include <openssl/evp.h>
55 #include <openssl/err.h>
56 #include <openssl/proverr.h>
57 
58 #include "prov/implementations.h"
59 #include "prov/provider_ctx.h"
60 #include "prov/provider_util.h"
61 #include "prov/providercommon.h"
62 #include "internal/cryptlib.h" /* ossl_assert */
63 
64 /*
65  * Forward declaration of everything implemented here.  This is not strictly
66  * necessary for the compiler, but provides an assurance that the signatures
67  * of the functions in the dispatch table are correct.
68  */
69 static OSSL_FUNC_mac_newctx_fn kmac128_new;
70 static OSSL_FUNC_mac_newctx_fn kmac256_new;
71 static OSSL_FUNC_mac_dupctx_fn kmac_dup;
72 static OSSL_FUNC_mac_freectx_fn kmac_free;
73 static OSSL_FUNC_mac_gettable_ctx_params_fn kmac_gettable_ctx_params;
74 static OSSL_FUNC_mac_get_ctx_params_fn kmac_get_ctx_params;
75 static OSSL_FUNC_mac_settable_ctx_params_fn kmac_settable_ctx_params;
76 static OSSL_FUNC_mac_set_ctx_params_fn kmac_set_ctx_params;
77 static OSSL_FUNC_mac_init_fn kmac_init;
78 static OSSL_FUNC_mac_update_fn kmac_update;
79 static OSSL_FUNC_mac_final_fn kmac_final;
80 
81 #define KMAC_MAX_BLOCKSIZE ((1600 - 128 * 2) / 8) /* 168 */
82 
83 /*
84  * Length encoding will be  a 1 byte size + length in bits (3 bytes max)
85  * This gives a range of 0..0XFFFFFF bits = 2097151 bytes).
86  */
87 #define KMAC_MAX_OUTPUT_LEN (0xFFFFFF / 8)
88 #define KMAC_MAX_ENCODED_HEADER_LEN (1 + 3)
89 
90 /*
91  * Restrict the maximum length of the customisation string.  This must not
92  * exceed 64 bits = 8k bytes.
93  */
94 #define KMAC_MAX_CUSTOM 512
95 
96 /* Maximum size of encoded custom string */
97 #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN)
98 
99 /* Maximum key size in bytes = 512 (4096 bits) */
100 #define KMAC_MAX_KEY 512
101 #define KMAC_MIN_KEY 4
102 
103 /*
104  * Maximum Encoded Key size will be padded to a multiple of the blocksize
105  * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN = 512 + 4
106  * Padded to a multiple of KMAC_MAX_BLOCKSIZE
107  */
108 #define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 4)
109 
110 /* Fixed value of encode_string("KMAC") */
111 static const unsigned char kmac_string[] = {
112     0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43
113 };
114 
115 #define KMAC_FLAG_XOF_MODE          1
116 
117 struct kmac_data_st {
118     void  *provctx;
119     EVP_MD_CTX *ctx;
120     PROV_DIGEST digest;
121     size_t out_len;
122     size_t key_len;
123     size_t custom_len;
124     /* If xof_mode = 1 then we use right_encode(0) */
125     int xof_mode;
126     /* key and custom are stored in encoded form */
127     unsigned char key[KMAC_MAX_KEY_ENCODED];
128     unsigned char custom[KMAC_MAX_CUSTOM_ENCODED];
129 };
130 
131 static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
132                          const unsigned char *in, size_t in_len);
133 static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
134                         size_t bits);
135 static int bytepad(unsigned char *out, size_t *out_len,
136                    const unsigned char *in1, size_t in1_len,
137                    const unsigned char *in2, size_t in2_len,
138                    size_t w);
139 static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
140                                    size_t *out_len,
141                                    const unsigned char *in, size_t in_len,
142                                    size_t w);
143 
144 static void kmac_free(void *vmacctx)
145 {
146     struct kmac_data_st *kctx = vmacctx;
147 
148     if (kctx != NULL) {
149         EVP_MD_CTX_free(kctx->ctx);
150         ossl_prov_digest_reset(&kctx->digest);
151         OPENSSL_cleanse(kctx->key, kctx->key_len);
152         OPENSSL_cleanse(kctx->custom, kctx->custom_len);
153         OPENSSL_free(kctx);
154     }
155 }
156 
157 /*
158  * We have KMAC implemented as a hash, which we can use instead of
159  * reimplementing the EVP functionality with direct use of
160  * keccak_mac_init() and friends.
161  */
162 static struct kmac_data_st *kmac_new(void *provctx)
163 {
164     struct kmac_data_st *kctx;
165 
166     if (!ossl_prov_is_running())
167         return NULL;
168 
169     if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL
170             || (kctx->ctx = EVP_MD_CTX_new()) == NULL) {
171         kmac_free(kctx);
172         return NULL;
173     }
174     kctx->provctx = provctx;
175     return kctx;
176 }
177 
178 static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
179 {
180     struct kmac_data_st *kctx = kmac_new(provctx);
181 
182     if (kctx == NULL)
183         return 0;
184     if (!ossl_prov_digest_load_from_params(&kctx->digest, params,
185                                       PROV_LIBCTX_OF(provctx))) {
186         kmac_free(kctx);
187         return 0;
188     }
189 
190     kctx->out_len = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
191     return kctx;
192 }
193 
194 static void *kmac128_new(void *provctx)
195 {
196     static const OSSL_PARAM kmac128_params[] = {
197         OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128,
198                                sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)),
199         OSSL_PARAM_END
200     };
201     return kmac_fetch_new(provctx, kmac128_params);
202 }
203 
204 static void *kmac256_new(void *provctx)
205 {
206     static const OSSL_PARAM kmac256_params[] = {
207         OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256,
208                                sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)),
209         OSSL_PARAM_END
210     };
211     return kmac_fetch_new(provctx, kmac256_params);
212 }
213 
214 static void *kmac_dup(void *vsrc)
215 {
216     struct kmac_data_st *src = vsrc;
217     struct kmac_data_st *dst;
218 
219     if (!ossl_prov_is_running())
220         return NULL;
221 
222     dst = kmac_new(src->provctx);
223     if (dst == NULL)
224         return NULL;
225 
226     if (!EVP_MD_CTX_copy(dst->ctx, src->ctx)
227         || !ossl_prov_digest_copy(&dst->digest, &src->digest)) {
228         kmac_free(dst);
229         return NULL;
230     }
231 
232     dst->out_len = src->out_len;
233     dst->key_len = src->key_len;
234     dst->custom_len = src->custom_len;
235     dst->xof_mode = src->xof_mode;
236     memcpy(dst->key, src->key, src->key_len);
237     memcpy(dst->custom, src->custom, dst->custom_len);
238 
239     return dst;
240 }
241 
242 static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
243                        size_t keylen)
244 {
245     const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest);
246     int w = EVP_MD_get_block_size(digest);
247 
248     if (keylen < KMAC_MIN_KEY || keylen > KMAC_MAX_KEY) {
249         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
250         return 0;
251     }
252     if (w <= 0) {
253         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
254         return 0;
255     }
256     if (!kmac_bytepad_encode_key(kctx->key, sizeof(kctx->key), &kctx->key_len,
257                                  key, keylen, (size_t)w))
258         return 0;
259     return 1;
260 }
261 
262 /*
263  * The init() assumes that any ctrl methods are set beforehand for
264  * md, key and custom. Setting the fields afterwards will have no
265  * effect on the output mac.
266  */
267 static int kmac_init(void *vmacctx, const unsigned char *key,
268                      size_t keylen, const OSSL_PARAM params[])
269 {
270     struct kmac_data_st *kctx = vmacctx;
271     EVP_MD_CTX *ctx = kctx->ctx;
272     unsigned char *out;
273     size_t out_len, block_len;
274     int res, t;
275 
276     if (!ossl_prov_is_running() || !kmac_set_ctx_params(kctx, params))
277         return 0;
278 
279     if (key != NULL) {
280         if (!kmac_setkey(kctx, key, keylen))
281             return 0;
282     } else if (kctx->key_len == 0) {
283         /* Check key has been set */
284         ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
285         return 0;
286     }
287     if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest),
288                            NULL))
289         return 0;
290 
291     t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
292     if (t <= 0) {
293         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
294         return 0;
295     }
296     block_len = t;
297 
298     /* Set default custom string if it is not already set */
299     if (kctx->custom_len == 0) {
300         const OSSL_PARAM cparams[] = {
301             OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, "", 0),
302             OSSL_PARAM_END
303         };
304         (void)kmac_set_ctx_params(kctx, cparams);
305     }
306 
307     if (!bytepad(NULL, &out_len, kmac_string, sizeof(kmac_string),
308                  kctx->custom, kctx->custom_len, block_len)) {
309         ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
310         return 0;
311     }
312     out = OPENSSL_malloc(out_len);
313     if (out == NULL) {
314         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
315         return 0;
316     }
317     res = bytepad(out, NULL, kmac_string, sizeof(kmac_string),
318                   kctx->custom, kctx->custom_len, block_len)
319           && EVP_DigestUpdate(ctx, out, out_len)
320           && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len);
321     OPENSSL_free(out);
322     return res;
323 }
324 
325 static int kmac_update(void *vmacctx, const unsigned char *data,
326                        size_t datalen)
327 {
328     struct kmac_data_st *kctx = vmacctx;
329 
330     return EVP_DigestUpdate(kctx->ctx, data, datalen);
331 }
332 
333 static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
334                       size_t outsize)
335 {
336     struct kmac_data_st *kctx = vmacctx;
337     EVP_MD_CTX *ctx = kctx->ctx;
338     size_t lbits, len;
339     unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN];
340     int ok;
341 
342     if (!ossl_prov_is_running())
343         return 0;
344 
345     /* KMAC XOF mode sets the encoded length to 0 */
346     lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8));
347 
348     ok = right_encode(encoded_outlen, sizeof(encoded_outlen), &len, lbits)
349         && EVP_DigestUpdate(ctx, encoded_outlen, len)
350         && EVP_DigestFinalXOF(ctx, out, kctx->out_len);
351     *outl = kctx->out_len;
352     return ok;
353 }
354 
355 static const OSSL_PARAM known_gettable_ctx_params[] = {
356     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
357     OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
358     OSSL_PARAM_END
359 };
360 static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *ctx,
361                                                   ossl_unused void *provctx)
362 {
363     return known_gettable_ctx_params;
364 }
365 
366 static int kmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
367 {
368     struct kmac_data_st *kctx = vmacctx;
369     OSSL_PARAM *p;
370     int sz;
371 
372     if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
373             && !OSSL_PARAM_set_size_t(p, kctx->out_len))
374         return 0;
375 
376     if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL) {
377         sz = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest));
378         if (!OSSL_PARAM_set_int(p, sz))
379             return 0;
380     }
381 
382     return 1;
383 }
384 
385 static const OSSL_PARAM known_settable_ctx_params[] = {
386     OSSL_PARAM_int(OSSL_MAC_PARAM_XOF, NULL),
387     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
388     OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
389     OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0),
390     OSSL_PARAM_END
391 };
392 static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx,
393                                                   ossl_unused void *provctx)
394 {
395     return known_settable_ctx_params;
396 }
397 
398 /*
399  * The following params can be set any time before final():
400  *     - "outlen" or "size":    The requested output length.
401  *     - "xof":                 If set, this indicates that right_encoded(0)
402  *                              is part of the digested data, otherwise it
403  *                              uses right_encoded(requested output length).
404  *
405  * All other params should be set before init().
406  */
407 static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params)
408 {
409     struct kmac_data_st *kctx = vmacctx;
410     const OSSL_PARAM *p;
411 
412     if (params == NULL)
413         return 1;
414 
415     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL
416         && !OSSL_PARAM_get_int(p, &kctx->xof_mode))
417         return 0;
418     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) {
419         size_t sz = 0;
420 
421         if (!OSSL_PARAM_get_size_t(p, &sz))
422             return 0;
423         if (sz > KMAC_MAX_OUTPUT_LEN) {
424             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
425             return 0;
426         }
427         kctx->out_len = sz;
428     }
429     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL
430             && !kmac_setkey(kctx, p->data, p->data_size))
431         return 0;
432     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM))
433         != NULL) {
434         if (p->data_size > KMAC_MAX_CUSTOM) {
435             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH);
436             return 0;
437         }
438         if (!encode_string(kctx->custom, sizeof(kctx->custom), &kctx->custom_len,
439                            p->data, p->data_size))
440             return 0;
441     }
442     return 1;
443 }
444 
445 /* Encoding/Padding Methods. */
446 
447 /* Returns the number of bytes required to store 'bits' into a byte array */
448 static unsigned int get_encode_size(size_t bits)
449 {
450     unsigned int cnt = 0, sz = sizeof(size_t);
451 
452     while (bits && (cnt < sz)) {
453         ++cnt;
454         bits >>= 8;
455     }
456     /* If bits is zero 1 byte is required */
457     if (cnt == 0)
458         cnt = 1;
459     return cnt;
460 }
461 
462 /*
463  * Convert an integer into bytes . The number of bytes is appended
464  * to the end of the buffer. Returns an array of bytes 'out' of size
465  * *out_len.
466  *
467  * e.g if bits = 32, out[2] = { 0x20, 0x01 }
468  */
469 static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
470                         size_t bits)
471 {
472     unsigned int len = get_encode_size(bits);
473     int i;
474 
475     if (len >= out_max_len) {
476         ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
477         return 0;
478     }
479 
480     /* MSB's are at the start of the bytes array */
481     for (i = len - 1; i >= 0; --i) {
482         out[i] = (unsigned char)(bits & 0xFF);
483         bits >>= 8;
484     }
485     /* Tack the length onto the end */
486     out[len] = (unsigned char)len;
487 
488     /* The Returned length includes the tacked on byte */
489     *out_len = len + 1;
490     return 1;
491 }
492 
493 /*
494  * Encodes a string with a left encoded length added. Note that the
495  * in_len is converted to bits (*8).
496  *
497  * e.g- in="KMAC" gives out[6] = { 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 }
498  *                                 len   bits    K     M     A     C
499  */
500 static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
501                          const unsigned char *in, size_t in_len)
502 {
503     if (in == NULL) {
504         *out_len = 0;
505     } else {
506         size_t i, bits, len, sz;
507 
508         bits = 8 * in_len;
509         len = get_encode_size(bits);
510         sz = 1 + len + in_len;
511 
512         if (sz > out_max_len) {
513             ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
514             return 0;
515         }
516 
517         out[0] = (unsigned char)len;
518         for (i = len; i > 0; --i) {
519             out[i] = (bits & 0xFF);
520             bits >>= 8;
521         }
522         memcpy(out + len + 1, in, in_len);
523         *out_len = sz;
524     }
525     return 1;
526 }
527 
528 /*
529  * Returns a zero padded encoding of the inputs in1 and an optional
530  * in2 (can be NULL). The padded output must be a multiple of the blocksize 'w'.
531  * The value of w is in bytes (< 256).
532  *
533  * The returned output is:
534  *    zero_padded(multiple of w, (left_encode(w) || in1 [|| in2])
535  */
536 static int bytepad(unsigned char *out, size_t *out_len,
537                    const unsigned char *in1, size_t in1_len,
538                    const unsigned char *in2, size_t in2_len, size_t w)
539 {
540     int len;
541     unsigned char *p = out;
542     int sz = w;
543 
544     if (out == NULL) {
545         if (out_len == NULL) {
546             ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
547             return 0;
548         }
549         sz = 2 + in1_len + (in2 != NULL ? in2_len : 0);
550         *out_len = (sz + w - 1) / w * w;
551         return 1;
552     }
553 
554     if (!ossl_assert(w <= 255))
555         return 0;
556 
557     /* Left encoded w */
558     *p++ = 1;
559     *p++ = (unsigned char)w;
560     /* || in1 */
561     memcpy(p, in1, in1_len);
562     p += in1_len;
563     /* [ || in2 ] */
564     if (in2 != NULL && in2_len > 0) {
565         memcpy(p, in2, in2_len);
566         p += in2_len;
567     }
568     /* Figure out the pad size (divisible by w) */
569     len = p - out;
570     sz = (len + w - 1) / w * w;
571     /* zero pad the end of the buffer */
572     if (sz != len)
573         memset(p, 0, sz - len);
574     if (out_len != NULL)
575         *out_len = sz;
576     return 1;
577 }
578 
579 /* Returns out = bytepad(encode_string(in), w) */
580 static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
581                                    size_t *out_len,
582                                    const unsigned char *in, size_t in_len,
583                                    size_t w)
584 {
585     unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN];
586     size_t tmp_len;
587 
588     if (!encode_string(tmp, sizeof(tmp), &tmp_len, in, in_len))
589         return 0;
590     if (!bytepad(NULL, out_len, tmp, tmp_len, NULL, 0, w))
591         return 0;
592     if (!ossl_assert(*out_len <= out_max_len))
593         return 0;
594     return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w);
595 }
596 
597 const OSSL_DISPATCH ossl_kmac128_functions[] = {
598     { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new },
599     { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
600     { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
601     { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
602     { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
603     { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
604     { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
605       (void (*)(void))kmac_gettable_ctx_params },
606     { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
607     { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
608       (void (*)(void))kmac_settable_ctx_params },
609     { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
610     { 0, NULL }
611 };
612 
613 const OSSL_DISPATCH ossl_kmac256_functions[] = {
614     { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new },
615     { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
616     { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
617     { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
618     { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
619     { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
620     { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
621       (void (*)(void))kmac_gettable_ctx_params },
622     { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
623     { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
624       (void (*)(void))kmac_settable_ctx_params },
625     { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
626     { 0, NULL }
627 };
628