1d059297112922cabb0c674840589be8db821fd9aAdam Langley/* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* ----------------------------------------------------------------------- 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * umac.h -- C Implementation UMAC Message Authentication 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Version 0.93a of rfc4418.txt -- 2006 July 14 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * For a full description of UMAC message authentication see the UMAC 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Please report bugs and suggestions to the UMAC webpage. 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 1999-2004 Ted Krovetz 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Permission to use, copy, modify, and distribute this software and 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * its documentation for any purpose and with or without fee, is hereby 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * granted provided that the above copyright notice appears in all copies 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * and in supporting documentation, and that the name of the copyright 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * holder not be used in advertising or publicity pertaining to 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * distribution of the software without specific, written prior permission. 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Comments should be directed to Ted Krovetz (tdk@acm.org) 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ---------------------------------------------------------------------- */ 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// 26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 1) This version does not work properly on messages larger than 16MB 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 2) If you set the switch to use SSE2, then all data must be 16-byte 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * aligned 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 3) When calling the function umac(), it is assumed that msg is in 33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * a writable buffer of length divisible by 32 bytes. The message itself 34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * does not have to fill the entire buffer, but bytes beyond msg may be 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * zeroed. 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 4) Two free AES implementations are supported by this implementation of 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * UMAC. Paulo Barreto's version is in the public domain and can be found 39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * "Barreto"). The only two files needed are rijndael-alg-fst.c and 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * rijndael-alg-fst.h. 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Brian Gladman's version is distributed with GNU Public lisence 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * and can be found at http://fp.gladman.plus.com/AES/index.htm. It 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * includes a fast IA-32 assembly version. 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /////////////////////////////////////////////////////////////////////// */ 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifndef HEADER_UMAC_H 48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define HEADER_UMAC_H 49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef __cplusplus 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman extern "C" { 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 55d059297112922cabb0c674840589be8db821fd9aAdam Langleystruct umac_ctx *umac_new(const u_char key[]); 56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* Dynamically allocate a umac_ctx struct, initialize variables, 57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * generate subkeys from key. 58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#if 0 61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint umac_reset(struct umac_ctx *ctx); 62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* Reset a umac_ctx to begin authenicating a new message */ 63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 65d059297112922cabb0c674840589be8db821fd9aAdam Langleyint umac_update(struct umac_ctx *ctx, const u_char *input, long len); 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* Incorporate len bytes pointed to by input into context ctx */ 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 68d059297112922cabb0c674840589be8db821fd9aAdam Langleyint umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* Incorporate any pending data and the ctr value, and return tag. 70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * This function returns error code if ctr < 0. 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint umac_delete(struct umac_ctx *ctx); 74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* Deallocate the context structure */ 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#if 0 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint umac(struct umac_ctx *ctx, u_char *input, 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman long len, u_char tag[], 79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char nonce[8]); 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* All-in-one implementation of the functions Reset, Update and Final */ 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* uhash.h */ 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#if 0 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmantypedef struct uhash_ctx *uhash_ctx_t; 88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* The uhash_ctx structure is defined by the implementation of the */ 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* UHASH functions. */ 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanuhash_ctx_t uhash_alloc(u_char key[16]); 92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* Dynamically allocate a uhash_ctx struct and generate subkeys using */ 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* the kdf and kdf_key passed in. If kdf_key_len is 0 then RC6 is */ 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* used to generate key with a fixed key. If kdf_key_len > 0 but kdf */ 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* is NULL then the first 16 bytes pointed at by kdf_key is used as a */ 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* key for an RC6 based KDF. */ 97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint uhash_free(uhash_ctx_t ctx); 99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint uhash_set_params(uhash_ctx_t ctx, 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman void *params); 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint uhash_reset(uhash_ctx_t ctx); 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint uhash_update(uhash_ctx_t ctx, 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char *input, 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman long len); 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint uhash_final(uhash_ctx_t ctx, 110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char ouput[]); 111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint uhash(uhash_ctx_t ctx, 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char *input, 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman long len, 115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char output[]); 116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 119d059297112922cabb0c674840589be8db821fd9aAdam Langley/* matching umac-128 API, we reuse umac_ctx, since it's opaque */ 120d059297112922cabb0c674840589be8db821fd9aAdam Langleystruct umac_ctx *umac128_new(const u_char key[]); 121d059297112922cabb0c674840589be8db821fd9aAdam Langleyint umac128_update(struct umac_ctx *ctx, const u_char *input, long len); 122d059297112922cabb0c674840589be8db821fd9aAdam Langleyint umac128_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); 123d059297112922cabb0c674840589be8db821fd9aAdam Langleyint umac128_delete(struct umac_ctx *ctx); 124d059297112922cabb0c674840589be8db821fd9aAdam Langley 125bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef __cplusplus 126bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 127bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 128bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 129bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif /* HEADER_UMAC_H */ 130