/*
* RELIC is an Efficient LIbrary for Cryptography
* Copyright (c) 2009 RELIC Authors
*
* This file is part of RELIC. RELIC is legal property of its developers,
* whose names are not listed here. Please refer to the COPYRIGHT file
* for contact information.
*
* RELIC is free software; you can redistribute it and/or modify it under the
* terms of the version 2.1 (or later) of the GNU Lesser General Public License
* as published by the Free Software Foundation; or version 2.0 of the Apache
* License as published by the Apache Software Foundation. See the LICENSE files
* for more details.
*
* RELIC is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the LICENSE files for more details.
*
* You should have received a copy of the GNU Lesser General Public or the
* Apache License along with RELIC. If not, see
* or .
*/
/**
* @defgroup md Hash functions
*/
/**
* @file
*
* Interface of the module for computing hash functions.
*
* @ingroup md
*/
#ifndef RLC_MD_H
#define RLC_MD_H
#include "relic_conf.h"
#include "relic_types.h"
#include "relic_label.h"
/*============================================================================*/
/* Constant definitions */
/*============================================================================*/
enum {
/** Hash length for SHA-224 function. */
RLC_MD_LEN_SH224 = 28,
/** Hash length for SHA-256 function. */
RLC_MD_LEN_SH256 = 32,
/** Hash length for SHA-384 function. */
RLC_MD_LEN_SH384 = 48,
/** Hash length for SHA-512 function. */
RLC_MD_LEN_SH512 = 64,
/** Hash length for BLAKE2s-160 function. */
RLC_MD_LEN_B2S160 = 20,
/** Hash length for BLAKE2s-256 function. */
RLC_MD_LEN_B2S256 = 32
};
/**
* Length in bytes of default hash function output.
*/
#if MD_MAP == SH224
#define RLC_MD_LEN RLC_MD_LEN_SH224
#elif MD_MAP == SH256
#define RLC_MD_LEN RLC_MD_LEN_SH256
#elif MD_MAP == SH384
#define RLC_MD_LEN RLC_MD_LEN_SH384
#elif MD_MAP == SH512
#define RLC_MD_LEN RLC_MD_LEN_SH512
#elif MD_MAP == B2S160
#define RLC_MD_LEN RLC_MD_LEN_B2S160
#elif MD_MAP == B2S256
#define RLC_MD_LEN RLC_MD_LEN_B2S256
#endif
/*============================================================================*/
/* Macro definitions */
/*============================================================================*/
/**
* Maps a byte vector to a fixed-length byte vector using the chosen hash
* function.
*
* @param[out] H - the digest.
* @param[in] M - the message to hash.
* @param[in] L - the message length in bytes.
*/
#if MD_MAP == SH224
#define md_map(H, M, L) md_map_sh224(H, M, L)
#elif MD_MAP == SH256
#define md_map(H, M, L) md_map_sh256(H, M, L)
#elif MD_MAP == SH384
#define md_map(H, M, L) md_map_sh384(H, M, L)
#elif MD_MAP == SH512
#define md_map(H, M, L) md_map_sh512(H, M, L)
#elif MD_MAP == BLAKE2S_160
#define md_map(H, M, L) md_map_b2s160(H, M, L)
#elif MD_MAP == BLAKE2S_256
#define md_map(H, M, L) md_map_b2s256(H, M, L)
#endif
/**
* Maps a byte vector and optional domain separation tag to an arbitrary-length
* pseudorandom output using the chosen hash function.
*
* @param[out] B - the output buffer.
* @param[in] BL - the requested size of the output.
* @param[in] I - the message to hash.
* @param[in] IL - the message length in bytes.
* @param[in] D - the domain separation tag.
* @param[in] DL - the domain separation tag length in bytes.
*/
#if MD_MAP == SH224
#define md_xmd(B, BL, I, IL, D, DL) md_xmd_sh224(B, BL, I, IL, D, DL)
#elif MD_MAP == SH256
#define md_xmd(B, BL, I, IL, D, DL) md_xmd_sh256(B, BL, I, IL, D, DL)
#elif MD_MAP == SH384
#define md_xmd(B, BL, I, IL, D, DL) md_xmd_sh384(B, BL, I, IL, D, DL)
#elif MD_MAP == SH512
#define md_xmd(B, BL, I, IL, D, DL) md_xmd_sh512(B, BL, I, IL, D, DL)
#endif
/*============================================================================*/
/* Function prototypes */
/*============================================================================*/
/**
* Computes the SHA-224 hash function.
*
* @param[out] hash - the digest.
* @param[in] msg - the message to hash.
* @param[in] len - the message length in bytes.
*/
void md_map_sh224(uint8_t *hash, const uint8_t *msg, int len);
/**
* Computes the SHA-256 hash function.
*
* @param[out] hash - the digest.
* @param[in] msg - the message to hash.
* @param[in] len - the message length in bytes.
*/
void md_map_sh256(uint8_t *hash, const uint8_t *msg, int len);
/**
* Computes the SHA-384 hash function.
*
* @param[out] hash - the digest.
* @param[in] msg - the message to hash.
* @param[in] len - the message length in bytes.
*/
void md_map_sh384(uint8_t *hash, const uint8_t *msg, int len);
/**
* Computes the SHA-512 hash function.
*
* @param[out] hash - the digest.
* @param[in] msg - the message to hash.
* @param[in] len - the message length in bytes.
*/
void md_map_sh512(uint8_t *hash, const uint8_t *msg, int len);
/**
* Computes the BLAKE2s-160 hash function.
*
* @param[out] hash - the digest.
* @param[in] msg - the message to hash.
* @param[in] len - the message length in bytes.
*/
void md_map_b2s160(uint8_t *hash, const uint8_t *msg, int len);
/**
* Computes the BLAKE2s-256 hash function.
*
* @param[out] hash - the digest.
* @param[in] msg - the message to hash.
* @param[in] len - the message length in bytes.
*/
void md_map_b2s256(uint8_t *hash, const uint8_t *msg, int len);
/**
* Derives a key from shared secret material through the standardized KDF2
* function.
*
* @param[out] key - the resulting key.
* @param[in] key_len - the intended key length in bytes.
* @param[in] in - the shared secret.
* @param[in] in_len - the length of the shared secret in bytes.
*/
void md_kdf(uint8_t *key, int key_len, const uint8_t *in, int in_len);
/**
* Derives a mask from shared secret material through the PKCS#1 2.1 MGF1
* function. This is the same as the standardized KDF1 key derivation function.
*
* @param[out] key - the resulting mask.
* @param[in] key_len - the intended mask length in bytes.
* @param[in] in - the shared secret.
* @param[in] in_len - the length of the shared secret in bytes.
*/
void md_mgf(uint8_t *mask, int mask_len, const uint8_t *in, int in_len);
/**
* Computes a Message Authentication Code through HMAC.
*
* @param[out] mac - the authentication.
* @param[in] in - the date to authenticate.
* @param[in] in_len - the number of bytes to authenticate.
* @param[in] key - the cryptographic key.
* @param[in] key_len - the size of the key in bytes.
*/
void md_hmac(uint8_t *mac, const uint8_t *in, int in_len, const uint8_t *key,
int key_len);
/**
* Map a byte vector and optional domain separation tag to an arbitrary-length
* pseudorandom output using the SHA-224 hash function.
*
* @param[out] buf - the output buffer.
* @param[in] buf_len - the requested size of the output.
* @param[in] in - the message to hash.
* @param[in] in_len - the message length in bytes.
* @param[in] dst - the domain separation tag.
* @param[in] dst_len - the domain separation tag length in bytes.
*/
void md_xmd_sh224(uint8_t *buf, int buf_len, const uint8_t *in, int in_len,
const uint8_t *dst, int dst_len);
/**
* Map a byte vector and optional domain separation tag to an arbitrary-length
* pseudorandom output using the SHA-256 hash function.
*
* @param[out] buf - the output buffer.
* @param[in] buf_len - the requested size of the output.
* @param[in] in - the message to hash.
* @param[in] in_len - the message length in bytes.
* @param[in] dst - the domain separation tag.
* @param[in] dst_len - the domain separation tag length in bytes.
*/
void md_xmd_sh256(uint8_t *buf, int buf_len, const uint8_t *in, int in_len,
const uint8_t *dst, int dst_len);
/**
* Map a byte vector and optional domain separation tag to an arbitrary-length
* pseudorandom output using the SHA-384 hash function.
*
* @param[out] buf - the output buffer.
* @param[in] buf_len - the requested size of the output.
* @param[in] in - the message to hash.
* @param[in] in_len - the message length in bytes.
* @param[in] dst - the domain separation tag.
* @param[in] dst_len - the domain separation tag length in bytes.
*/
void md_xmd_sh384(uint8_t *buf, int buf_len, const uint8_t *in, int in_len,
const uint8_t *dst, int dst_len);
/**
* Map a byte vector and optional domain separation tag to an arbitrary-length
* pseudorandom output using the SHA-512 hash function.
*
* @param[out] buf - the output buffer.
* @param[in] buf_len - the requested size of the output.
* @param[in] in - the message to hash.
* @param[in] in_len - the message length in bytes.
* @param[in] dst - the domain separation tag.
* @param[in] dst_len - the domain separation tag length in bytes.
*/
void md_xmd_sh512(uint8_t *buf, int buf_len, const uint8_t *in, int in_len,
const uint8_t *dst, int dst_len);
#endif /* !RLC_MD_H */