1 /*
2 * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * See SP800-185 "Appendix A - KMAC, .... in Terms of Keccak[c]"
12 *
13 * Inputs are:
14 * K = Key (len(K) < 2^2040 bits)
15 * X = Input
16 * L = Output length (0 <= L < 2^2040 bits)
17 * S = Customization String Default="" (len(S) < 2^2040 bits)
18 *
19 * KMAC128(K, X, L, S)
20 * {
21 * newX = bytepad(encode_string(K), 168) || X || right_encode(L).
22 * T = bytepad(encode_string("KMAC") || encode_string(S), 168).
23 * return KECCAK[256](T || newX || 00, L).
24 * }
25 *
26 * KMAC256(K, X, L, S)
27 * {
28 * newX = bytepad(encode_string(K), 136) || X || right_encode(L).
29 * T = bytepad(encode_string("KMAC") || encode_string(S), 136).
30 * return KECCAK[512](T || newX || 00, L).
31 * }
32 *
33 * KMAC128XOF(K, X, L, S)
34 * {
35 * newX = bytepad(encode_string(K), 168) || X || right_encode(0).
36 * T = bytepad(encode_string("KMAC") || encode_string(S), 168).
37 * return KECCAK[256](T || newX || 00, L).
38 * }
39 *
40 * KMAC256XOF(K, X, L, S)
41 * {
42 * newX = bytepad(encode_string(K), 136) || X || right_encode(0).
43 * T = bytepad(encode_string("KMAC") || encode_string(S), 136).
44 * return KECCAK[512](T || newX || 00, L).
45 * }
46 *
47 */
48
49 #include <stdlib.h>
50 #include <string.h>
51 #include <openssl/core_dispatch.h>
52 #include <openssl/core_names.h>
53 #include <openssl/params.h>
54 #include <openssl/evp.h>
55 #include <openssl/err.h>
56 #include <openssl/proverr.h>
57
58 #include "prov/implementations.h"
59 #include "prov/provider_ctx.h"
60 #include "prov/provider_util.h"
61 #include "prov/providercommon.h"
62 #include "internal/cryptlib.h" /* ossl_assert */
63
64 /*
65 * Forward declaration of everything implemented here. This is not strictly
66 * necessary for the compiler, but provides an assurance that the signatures
67 * of the functions in the dispatch table are correct.
68 */
69 static OSSL_FUNC_mac_newctx_fn kmac128_new;
70 static OSSL_FUNC_mac_newctx_fn kmac256_new;
71 static OSSL_FUNC_mac_dupctx_fn kmac_dup;
72 static OSSL_FUNC_mac_freectx_fn kmac_free;
73 static OSSL_FUNC_mac_gettable_ctx_params_fn kmac_gettable_ctx_params;
74 static OSSL_FUNC_mac_get_ctx_params_fn kmac_get_ctx_params;
75 static OSSL_FUNC_mac_settable_ctx_params_fn kmac_settable_ctx_params;
76 static OSSL_FUNC_mac_set_ctx_params_fn kmac_set_ctx_params;
77 static OSSL_FUNC_mac_init_fn kmac_init;
78 static OSSL_FUNC_mac_update_fn kmac_update;
79 static OSSL_FUNC_mac_final_fn kmac_final;
80
81 #define KMAC_MAX_BLOCKSIZE ((1600 - 128 * 2) / 8) /* 168 */
82
83 /*
84 * Length encoding will be a 1 byte size + length in bits (3 bytes max)
85 * This gives a range of 0..0XFFFFFF bits = 2097151 bytes).
86 */
87 #define KMAC_MAX_OUTPUT_LEN (0xFFFFFF / 8)
88 #define KMAC_MAX_ENCODED_HEADER_LEN (1 + 3)
89
90 /*
91 * Restrict the maximum length of the customisation string. This must not
92 * exceed 64 bits = 8k bytes.
93 */
94 #define KMAC_MAX_CUSTOM 512
95
96 /* Maximum size of encoded custom string */
97 #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN)
98
99 /* Maximum key size in bytes = 512 (4096 bits) */
100 #define KMAC_MAX_KEY 512
101 #define KMAC_MIN_KEY 4
102
103 /*
104 * Maximum Encoded Key size will be padded to a multiple of the blocksize
105 * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN = 512 + 4
106 * Padded to a multiple of KMAC_MAX_BLOCKSIZE
107 */
108 #define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 4)
109
110 /* Fixed value of encode_string("KMAC") */
111 static const unsigned char kmac_string[] = {
112 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43
113 };
114
115 #define KMAC_FLAG_XOF_MODE 1
116
117 struct kmac_data_st {
118 void *provctx;
119 EVP_MD_CTX *ctx;
120 PROV_DIGEST digest;
121 size_t out_len;
122 size_t key_len;
123 size_t custom_len;
124 /* If xof_mode = 1 then we use right_encode(0) */
125 int xof_mode;
126 /* key and custom are stored in encoded form */
127 unsigned char key[KMAC_MAX_KEY_ENCODED];
128 unsigned char custom[KMAC_MAX_CUSTOM_ENCODED];
129 };
130
131 static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
132 const unsigned char *in, size_t in_len);
133 static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
134 size_t bits);
135 static int bytepad(unsigned char *out, size_t *out_len,
136 const unsigned char *in1, size_t in1_len,
137 const unsigned char *in2, size_t in2_len,
138 size_t w);
139 static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
140 size_t *out_len,
141 const unsigned char *in, size_t in_len,
142 size_t w);
143
kmac_free(void * vmacctx)144 static void kmac_free(void *vmacctx)
145 {
146 struct kmac_data_st *kctx = vmacctx;
147
148 if (kctx != NULL) {
149 EVP_MD_CTX_free(kctx->ctx);
150 ossl_prov_digest_reset(&kctx->digest);
151 OPENSSL_cleanse(kctx->key, kctx->key_len);
152 OPENSSL_cleanse(kctx->custom, kctx->custom_len);
153 OPENSSL_free(kctx);
154 }
155 }
156
157 /*
158 * We have KMAC implemented as a hash, which we can use instead of
159 * reimplementing the EVP functionality with direct use of
160 * keccak_mac_init() and friends.
161 */
kmac_new(void * provctx)162 static struct kmac_data_st *kmac_new(void *provctx)
163 {
164 struct kmac_data_st *kctx;
165
166 if (!ossl_prov_is_running())
167 return NULL;
168
169 if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL
170 || (kctx->ctx = EVP_MD_CTX_new()) == NULL) {
171 kmac_free(kctx);
172 return NULL;
173 }
174 kctx->provctx = provctx;
175 return kctx;
176 }
177
kmac_fetch_new(void * provctx,const OSSL_PARAM * params)178 static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
179 {
180 struct kmac_data_st *kctx = kmac_new(provctx);
181 int md_size;
182
183 if (kctx == NULL)
184 return 0;
185 if (!ossl_prov_digest_load_from_params(&kctx->digest, params,
186 PROV_LIBCTX_OF(provctx))) {
187 kmac_free(kctx);
188 return 0;
189 }
190
191 md_size = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
192 if (md_size <= 0) {
193 kmac_free(kctx);
194 return 0;
195 }
196 kctx->out_len = (size_t)md_size;
197 return kctx;
198 }
199
kmac128_new(void * provctx)200 static void *kmac128_new(void *provctx)
201 {
202 static const OSSL_PARAM kmac128_params[] = {
203 OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128,
204 sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)),
205 OSSL_PARAM_END
206 };
207 return kmac_fetch_new(provctx, kmac128_params);
208 }
209
kmac256_new(void * provctx)210 static void *kmac256_new(void *provctx)
211 {
212 static const OSSL_PARAM kmac256_params[] = {
213 OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256,
214 sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)),
215 OSSL_PARAM_END
216 };
217 return kmac_fetch_new(provctx, kmac256_params);
218 }
219
kmac_dup(void * vsrc)220 static void *kmac_dup(void *vsrc)
221 {
222 struct kmac_data_st *src = vsrc;
223 struct kmac_data_st *dst;
224
225 if (!ossl_prov_is_running())
226 return NULL;
227
228 dst = kmac_new(src->provctx);
229 if (dst == NULL)
230 return NULL;
231
232 if (!EVP_MD_CTX_copy(dst->ctx, src->ctx)
233 || !ossl_prov_digest_copy(&dst->digest, &src->digest)) {
234 kmac_free(dst);
235 return NULL;
236 }
237
238 dst->out_len = src->out_len;
239 dst->key_len = src->key_len;
240 dst->custom_len = src->custom_len;
241 dst->xof_mode = src->xof_mode;
242 memcpy(dst->key, src->key, src->key_len);
243 memcpy(dst->custom, src->custom, dst->custom_len);
244
245 return dst;
246 }
247
kmac_setkey(struct kmac_data_st * kctx,const unsigned char * key,size_t keylen)248 static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
249 size_t keylen)
250 {
251 const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest);
252 int w = EVP_MD_get_block_size(digest);
253
254 if (keylen < KMAC_MIN_KEY || keylen > KMAC_MAX_KEY) {
255 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
256 return 0;
257 }
258 if (w <= 0) {
259 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
260 return 0;
261 }
262 if (!kmac_bytepad_encode_key(kctx->key, sizeof(kctx->key), &kctx->key_len,
263 key, keylen, (size_t)w))
264 return 0;
265 return 1;
266 }
267
268 /*
269 * The init() assumes that any ctrl methods are set beforehand for
270 * md, key and custom. Setting the fields afterwards will have no
271 * effect on the output mac.
272 */
kmac_init(void * vmacctx,const unsigned char * key,size_t keylen,const OSSL_PARAM params[])273 static int kmac_init(void *vmacctx, const unsigned char *key,
274 size_t keylen, const OSSL_PARAM params[])
275 {
276 struct kmac_data_st *kctx = vmacctx;
277 EVP_MD_CTX *ctx = kctx->ctx;
278 unsigned char *out;
279 size_t out_len, block_len;
280 int res, t;
281
282 if (!ossl_prov_is_running() || !kmac_set_ctx_params(kctx, params))
283 return 0;
284
285 if (key != NULL) {
286 if (!kmac_setkey(kctx, key, keylen))
287 return 0;
288 } else if (kctx->key_len == 0) {
289 /* Check key has been set */
290 ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
291 return 0;
292 }
293 if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest),
294 NULL))
295 return 0;
296
297 t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
298 if (t <= 0) {
299 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
300 return 0;
301 }
302 block_len = t;
303
304 /* Set default custom string if it is not already set */
305 if (kctx->custom_len == 0) {
306 const OSSL_PARAM cparams[] = {
307 OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, "", 0),
308 OSSL_PARAM_END
309 };
310 (void)kmac_set_ctx_params(kctx, cparams);
311 }
312
313 if (!bytepad(NULL, &out_len, kmac_string, sizeof(kmac_string),
314 kctx->custom, kctx->custom_len, block_len)) {
315 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
316 return 0;
317 }
318 out = OPENSSL_malloc(out_len);
319 if (out == NULL)
320 return 0;
321 res = bytepad(out, NULL, kmac_string, sizeof(kmac_string),
322 kctx->custom, kctx->custom_len, block_len)
323 && EVP_DigestUpdate(ctx, out, out_len)
324 && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len);
325 OPENSSL_free(out);
326 return res;
327 }
328
kmac_update(void * vmacctx,const unsigned char * data,size_t datalen)329 static int kmac_update(void *vmacctx, const unsigned char *data,
330 size_t datalen)
331 {
332 struct kmac_data_st *kctx = vmacctx;
333
334 return EVP_DigestUpdate(kctx->ctx, data, datalen);
335 }
336
kmac_final(void * vmacctx,unsigned char * out,size_t * outl,size_t outsize)337 static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
338 size_t outsize)
339 {
340 struct kmac_data_st *kctx = vmacctx;
341 EVP_MD_CTX *ctx = kctx->ctx;
342 size_t lbits, len;
343 unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN];
344 int ok;
345
346 if (!ossl_prov_is_running())
347 return 0;
348
349 /* KMAC XOF mode sets the encoded length to 0 */
350 lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8));
351
352 ok = right_encode(encoded_outlen, sizeof(encoded_outlen), &len, lbits)
353 && EVP_DigestUpdate(ctx, encoded_outlen, len)
354 && EVP_DigestFinalXOF(ctx, out, kctx->out_len);
355 *outl = kctx->out_len;
356 return ok;
357 }
358
359 static const OSSL_PARAM known_gettable_ctx_params[] = {
360 OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
361 OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
362 OSSL_PARAM_END
363 };
kmac_gettable_ctx_params(ossl_unused void * ctx,ossl_unused void * provctx)364 static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *ctx,
365 ossl_unused void *provctx)
366 {
367 return known_gettable_ctx_params;
368 }
369
kmac_get_ctx_params(void * vmacctx,OSSL_PARAM params[])370 static int kmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
371 {
372 struct kmac_data_st *kctx = vmacctx;
373 OSSL_PARAM *p;
374 int sz;
375
376 if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
377 && !OSSL_PARAM_set_size_t(p, kctx->out_len))
378 return 0;
379
380 if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL) {
381 sz = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest));
382 if (!OSSL_PARAM_set_int(p, sz))
383 return 0;
384 }
385
386 return 1;
387 }
388
389 static const OSSL_PARAM known_settable_ctx_params[] = {
390 OSSL_PARAM_int(OSSL_MAC_PARAM_XOF, NULL),
391 OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
392 OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
393 OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0),
394 OSSL_PARAM_END
395 };
kmac_settable_ctx_params(ossl_unused void * ctx,ossl_unused void * provctx)396 static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx,
397 ossl_unused void *provctx)
398 {
399 return known_settable_ctx_params;
400 }
401
402 /*
403 * The following params can be set any time before final():
404 * - "outlen" or "size": The requested output length.
405 * - "xof": If set, this indicates that right_encoded(0)
406 * is part of the digested data, otherwise it
407 * uses right_encoded(requested output length).
408 *
409 * All other params should be set before init().
410 */
kmac_set_ctx_params(void * vmacctx,const OSSL_PARAM * params)411 static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params)
412 {
413 struct kmac_data_st *kctx = vmacctx;
414 const OSSL_PARAM *p;
415
416 if (params == NULL)
417 return 1;
418
419 if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL
420 && !OSSL_PARAM_get_int(p, &kctx->xof_mode))
421 return 0;
422 if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) {
423 size_t sz = 0;
424
425 if (!OSSL_PARAM_get_size_t(p, &sz))
426 return 0;
427 if (sz > KMAC_MAX_OUTPUT_LEN) {
428 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
429 return 0;
430 }
431 kctx->out_len = sz;
432 }
433 if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL
434 && !kmac_setkey(kctx, p->data, p->data_size))
435 return 0;
436 if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM))
437 != NULL) {
438 if (p->data_size > KMAC_MAX_CUSTOM) {
439 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH);
440 return 0;
441 }
442 if (!encode_string(kctx->custom, sizeof(kctx->custom), &kctx->custom_len,
443 p->data, p->data_size))
444 return 0;
445 }
446 return 1;
447 }
448
449 /* Encoding/Padding Methods. */
450
451 /* Returns the number of bytes required to store 'bits' into a byte array */
get_encode_size(size_t bits)452 static unsigned int get_encode_size(size_t bits)
453 {
454 unsigned int cnt = 0, sz = sizeof(size_t);
455
456 while (bits && (cnt < sz)) {
457 ++cnt;
458 bits >>= 8;
459 }
460 /* If bits is zero 1 byte is required */
461 if (cnt == 0)
462 cnt = 1;
463 return cnt;
464 }
465
466 /*
467 * Convert an integer into bytes . The number of bytes is appended
468 * to the end of the buffer. Returns an array of bytes 'out' of size
469 * *out_len.
470 *
471 * e.g if bits = 32, out[2] = { 0x20, 0x01 }
472 */
right_encode(unsigned char * out,size_t out_max_len,size_t * out_len,size_t bits)473 static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
474 size_t bits)
475 {
476 unsigned int len = get_encode_size(bits);
477 int i;
478
479 if (len >= out_max_len) {
480 ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
481 return 0;
482 }
483
484 /* MSB's are at the start of the bytes array */
485 for (i = len - 1; i >= 0; --i) {
486 out[i] = (unsigned char)(bits & 0xFF);
487 bits >>= 8;
488 }
489 /* Tack the length onto the end */
490 out[len] = (unsigned char)len;
491
492 /* The Returned length includes the tacked on byte */
493 *out_len = len + 1;
494 return 1;
495 }
496
497 /*
498 * Encodes a string with a left encoded length added. Note that the
499 * in_len is converted to bits (*8).
500 *
501 * e.g- in="KMAC" gives out[6] = { 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 }
502 * len bits K M A C
503 */
encode_string(unsigned char * out,size_t out_max_len,size_t * out_len,const unsigned char * in,size_t in_len)504 static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
505 const unsigned char *in, size_t in_len)
506 {
507 if (in == NULL) {
508 *out_len = 0;
509 } else {
510 size_t i, bits, len, sz;
511
512 bits = 8 * in_len;
513 len = get_encode_size(bits);
514 sz = 1 + len + in_len;
515
516 if (sz > out_max_len) {
517 ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
518 return 0;
519 }
520
521 out[0] = (unsigned char)len;
522 for (i = len; i > 0; --i) {
523 out[i] = (bits & 0xFF);
524 bits >>= 8;
525 }
526 memcpy(out + len + 1, in, in_len);
527 *out_len = sz;
528 }
529 return 1;
530 }
531
532 /*
533 * Returns a zero padded encoding of the inputs in1 and an optional
534 * in2 (can be NULL). The padded output must be a multiple of the blocksize 'w'.
535 * The value of w is in bytes (< 256).
536 *
537 * The returned output is:
538 * zero_padded(multiple of w, (left_encode(w) || in1 [|| in2])
539 */
bytepad(unsigned char * out,size_t * out_len,const unsigned char * in1,size_t in1_len,const unsigned char * in2,size_t in2_len,size_t w)540 static int bytepad(unsigned char *out, size_t *out_len,
541 const unsigned char *in1, size_t in1_len,
542 const unsigned char *in2, size_t in2_len, size_t w)
543 {
544 int len;
545 unsigned char *p = out;
546 int sz = w;
547
548 if (out == NULL) {
549 if (out_len == NULL) {
550 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
551 return 0;
552 }
553 sz = 2 + in1_len + (in2 != NULL ? in2_len : 0);
554 *out_len = (sz + w - 1) / w * w;
555 return 1;
556 }
557
558 if (!ossl_assert(w <= 255))
559 return 0;
560
561 /* Left encoded w */
562 *p++ = 1;
563 *p++ = (unsigned char)w;
564 /* || in1 */
565 memcpy(p, in1, in1_len);
566 p += in1_len;
567 /* [ || in2 ] */
568 if (in2 != NULL && in2_len > 0) {
569 memcpy(p, in2, in2_len);
570 p += in2_len;
571 }
572 /* Figure out the pad size (divisible by w) */
573 len = p - out;
574 sz = (len + w - 1) / w * w;
575 /* zero pad the end of the buffer */
576 if (sz != len)
577 memset(p, 0, sz - len);
578 if (out_len != NULL)
579 *out_len = sz;
580 return 1;
581 }
582
583 /* Returns out = bytepad(encode_string(in), w) */
kmac_bytepad_encode_key(unsigned char * out,size_t out_max_len,size_t * out_len,const unsigned char * in,size_t in_len,size_t w)584 static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
585 size_t *out_len,
586 const unsigned char *in, size_t in_len,
587 size_t w)
588 {
589 unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN];
590 size_t tmp_len;
591
592 if (!encode_string(tmp, sizeof(tmp), &tmp_len, in, in_len))
593 return 0;
594 if (!bytepad(NULL, out_len, tmp, tmp_len, NULL, 0, w))
595 return 0;
596 if (!ossl_assert(*out_len <= out_max_len))
597 return 0;
598 return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w);
599 }
600
601 const OSSL_DISPATCH ossl_kmac128_functions[] = {
602 { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new },
603 { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
604 { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
605 { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
606 { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
607 { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
608 { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
609 (void (*)(void))kmac_gettable_ctx_params },
610 { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
611 { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
612 (void (*)(void))kmac_settable_ctx_params },
613 { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
614 OSSL_DISPATCH_END
615 };
616
617 const OSSL_DISPATCH ossl_kmac256_functions[] = {
618 { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new },
619 { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
620 { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
621 { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
622 { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
623 { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
624 { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
625 (void (*)(void))kmac_gettable_ctx_params },
626 { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
627 { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
628 (void (*)(void))kmac_settable_ctx_params },
629 { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
630 OSSL_DISPATCH_END
631 };
632