--- /dev/null
+/* -*-c-*-
+ *
+ * The PMAC1 message authentication mode
+ *
+ * (c) 2018 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Library General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb. If not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+/*----- Notes on PMAC1 ----------------------------------------------------*
+ *
+ * PMAC was designed in 2002 by John Black and Phillip Rogaway as a
+ * blockcipher-based MAC which can operate on multiple message blocks in
+ * parallel. Unfortunately, Rogaway applied for patents on PMAC, and as a
+ * result it saw limited adoption. Rogaway has since abandoned the patent
+ * applications, and PMAC is free for all uses.
+ *
+ * Confusingly, Rogaway's 2004 paper `Efficient Instantiations of Tweakable
+ * Blockciphers and Refinements to Modes OCB and PMAC' named the new versions
+ * of those modes `OCB1' and `PMAC1'. The 2011 paper by Krovetz and Rogaway,
+ * `The Software Performance of Authenticated-Encryption Modes' renamed the
+ * original 2001 version of OCB as `OCB1', and the 2004 version `OCB2', and
+ * introduced a new `OCB3', but does not mention PMAC. (PMAC is used as-is
+ * in the 2001 and 2004 versions of OCB, to process header data; the header
+ * processing in the 2011 version of OCB is not a secure standalone MAC, so
+ * there is no PMAC3.) I've decided to follow and extend the 2011 naming, so
+ * `PMAC1' refers to the 2002 PMAC; the 2004 version would be `PMAC2'.
+ *
+ * This implementation does not currently attempt to process blocks in
+ * parallel, though this is a possible future improvement.
+ */
+
+#ifndef CATACOMB_PMAC1_H
+#define CATACOMB_PMAC1_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <stddef.h>
+
+#include <mLib/bits.h>
+
+#ifndef CATACOMB_GMAC_H
+# include "gmac.h"
+#endif
+
+#ifndef CATACOMB_OCB1_H
+# include "ocb1.h"
+#endif
+
+/*----- Macros ------------------------------------------------------------*/
+
+/* --- @PMAC1_DECL@ --- *
+ *
+ * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
+ *
+ * Use: Creates declarations for PMAC1 message-authentication mode.
+ *
+ * Most of these are aliases for OCB1 operations: see
+ * <catacomb/ocb1.h> for their documentation.
+ */
+
+#define PMAC1_DECL(PRE, pre) \
+ \
+OCB1_STRUCTS(PRE, pre, pre##_pmac1key, pre##_pmac1ctx) \
+ \
+extern void pre##_pmac1setkey(pre##_pmac1key */*key*/, \
+ const void */*k*/, size_t /*ksz*/); \
+ \
+extern void pre##_pmac1init(pre##_pmac1ctx */*ctx*/, \
+ const pre##_pmac1key */*k*/); \
+ \
+extern void pre##_pmac1hash(pre##_pmac1ctx */*ctx*/, \
+ const void */*p*/, size_t /*sz*/); \
+ \
+/* --- @pre_pmac1done@ --- * \
+ * \
+ * Arguments: @pre_pmac1ctx *ctx@ = pointer to PMAC1 context block \
+ * @void *t@ = where to write the tag \
+ * \
+ * Returns: --- \
+ * \
+ * Use: Finishes a MAC operation and produces the tag. \
+ */ \
+ \
+extern void pre##_pmac1done(pre##_pmac1ctx */*ctx*/, void */*t*/); \
+ \
+/* --- Generic MAC interface --- */ \
+ \
+extern const gcmac pre##_pmac1;
+
+/*----- That's all, folks -------------------------------------------------*/
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif