aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/rtl/coretest_hashes.v318
-rw-r--r--src/rtl/novena_fpga.v147
-rwxr-xr-xsrc/sw/configure.sh15
-rw-r--r--src/sw/hash_tester.c942
-rwxr-xr-xsrc/sw/hash_tester.py669
5 files changed, 2091 insertions, 0 deletions
diff --git a/src/rtl/coretest_hashes.v b/src/rtl/coretest_hashes.v
new file mode 100644
index 0000000..5076047
--- /dev/null
+++ b/src/rtl/coretest_hashes.v
@@ -0,0 +1,318 @@
+//======================================================================
+//
+// coretest_hashes.v
+// -----------------
+// Top level wrapper that creates the Cryptech coretest system.
+// The wrapper contains instances of external interface, coretest
+// and the core to be tested. And if more than one core is
+// present the wrapper also includes address and data muxes.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, SUNET
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or
+// without modification, are permitted provided that the following
+// conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in
+// the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+// ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module coretest_hashes(
+ input wire clk,
+ input wire reset_n,
+
+ // External interface.
+ input wire SCL,
+ input wire SDA,
+ output wire SDA_pd,
+
+ output wire [7 : 0] debug
+ );
+
+
+ //----------------------------------------------------------------
+ // Internal constant and parameter definitions.
+ //----------------------------------------------------------------
+ parameter I2C_ADDR_PREFIX = 8'h00;
+ parameter SHA1_ADDR_PREFIX = 8'h10;
+ parameter SHA256_ADDR_PREFIX = 8'h20;
+ parameter SHA512_ADDR_PREFIX = 8'h30;
+
+
+ //----------------------------------------------------------------
+ // Wires.
+ //----------------------------------------------------------------
+ // Coretest connections.
+ wire coretest_reset_n;
+ wire coretest_cs;
+ wire coretest_we;
+ wire [15 : 0] coretest_address;
+ wire [31 : 0] coretest_write_data;
+ reg [31 : 0] coretest_read_data;
+ reg coretest_error;
+
+ // i2c connections
+ wire i2c_rxd_syn;
+ wire [7 : 0] i2c_rxd_data;
+ wire i2c_rxd_ack;
+ wire i2c_txd_syn;
+ wire [7 : 0] i2c_txd_data;
+ wire i2c_txd_ack;
+ reg i2c_cs;
+ reg i2c_we;
+ reg [7 : 0] i2c_address;
+ reg [31 : 0] i2c_write_data;
+ wire [31 : 0] i2c_read_data;
+ wire i2c_error;
+ wire [7 : 0] i2c_debug;
+
+ // sha1 connections.
+ reg sha1_cs;
+ reg sha1_we;
+ reg [7 : 0] sha1_address;
+ reg [31 : 0] sha1_write_data;
+ wire [31 : 0] sha1_read_data;
+ wire sha1_error;
+ wire [7 : 0] sha1_debug;
+
+ // sha256 connections.
+ reg sha256_cs;
+ reg sha256_we;
+ reg [7 : 0] sha256_address;
+ reg [31 : 0] sha256_write_data;
+ wire [31 : 0] sha256_read_data;
+ wire sha256_error;
+ wire [7 : 0] sha256_debug;
+
+ // sha512 connections.
+ reg sha512_cs;
+ reg sha512_we;
+ reg [7 : 0] sha512_address;
+ reg [31 : 0] sha512_write_data;
+ wire [31 : 0] sha512_read_data;
+ wire sha512_error;
+ wire [7 : 0] sha512_debug;
+
+
+ //----------------------------------------------------------------
+ // Concurrent assignment.
+ //----------------------------------------------------------------
+ assign debug = i2c_debug;
+
+
+ //----------------------------------------------------------------
+ // Core instantiations.
+ //----------------------------------------------------------------
+ coretest coretest(
+ .clk(clk),
+ .reset_n(reset_n),
+
+ .rx_syn(i2c_rxd_syn),
+ .rx_data(i2c_rxd_data),
+ .rx_ack(i2c_rxd_ack),
+
+ .tx_syn(i2c_txd_syn),
+ .tx_data(i2c_txd_data),
+ .tx_ack(i2c_txd_ack),
+
+ // Interface to the core being tested.
+ .core_reset_n(coretest_reset_n),
+ .core_cs(coretest_cs),
+ .core_we(coretest_we),
+ .core_address(coretest_address),
+ .core_write_data(coretest_write_data),
+ .core_read_data(coretest_read_data),
+ .core_error(coretest_error)
+ );
+
+
+ i2c i2c(
+ .clk(clk),
+ .reset_n(!reset_n), // active high
+
+ .SCL(SCL),
+ .SDA(SDA),
+ .SDA_pd(SDA_pd),
+ .i2c_device_addr(8'h1E),
+
+ .rxd_syn(i2c_rxd_syn),
+ .rxd_data(i2c_rxd_data),
+ .rxd_ack(i2c_rxd_ack),
+
+ .txd_syn(i2c_txd_syn),
+ .txd_data(i2c_txd_data),
+ .txd_ack(i2c_txd_ack),
+
+ .cs(i2c_cs),
+ .we(i2c_we),
+ .address(i2c_address),
+ .write_data(i2c_write_data),
+ .read_data(i2c_read_data),
+ .error(i2c_error),
+
+ .debug(i2c_debug)
+ );
+
+
+ sha1 sha1(
+ // Clock and reset.
+ .clk(clk),
+ .reset_n(reset_n),
+
+ // Control.
+ .cs(sha1_cs),
+ .we(sha1_we),
+
+ // Data ports.
+ .address(sha1_address),
+ .write_data(sha1_write_data),
+ .read_data(sha1_read_data),
+ .error(sha1_error)
+ );
+
+
+ sha256 sha256(
+ // Clock and reset.
+ .clk(clk),
+ .reset_n(reset_n),
+
+ // Control.
+ .cs(sha256_cs),
+ .we(sha256_we),
+
+ // Data ports.
+ .address(sha256_address),
+ .write_data(sha256_write_data),
+ .read_data(sha256_read_data),
+ .error(sha256_error)
+ );
+
+
+ sha512 sha512(
+ // Clock and reset.
+ .clk(clk),
+ .reset_n(reset_n),
+
+ // Control.
+ .cs(sha512_cs),
+ .we(sha512_we),
+
+ // Data ports.
+ .address(sha512_address),
+ .write_data(sha512_write_data),
+ .read_data(sha512_read_data),
+ .error(sha512_error)
+ );
+
+
+ //----------------------------------------------------------------
+ // address_mux
+ //
+ // Combinational data mux that handles addressing between
+ // cores using the 32-bit memory like interface.
+ //----------------------------------------------------------------
+ always @*
+ begin : address_mux
+ // Default assignments.
+ coretest_read_data = 32'h00000000;
+ coretest_error = 0;
+
+ i2c_cs = 0;
+ i2c_we = 0;
+ i2c_address = 8'h00;
+ i2c_write_data = 32'h00000000;
+
+ sha1_cs = 0;
+ sha1_we = 0;
+ sha1_address = 8'h00;
+ sha1_write_data = 32'h00000000;
+
+ sha256_cs = 0;
+ sha256_we = 0;
+ sha256_address = 8'h00;
+ sha256_write_data = 32'h00000000;
+
+ sha512_cs = 0;
+ sha512_we = 0;
+ sha512_address = 8'h00;
+ sha512_write_data = 32'h00000000;
+
+
+ case (coretest_address[15 : 8])
+ I2C_ADDR_PREFIX:
+ begin
+ i2c_cs = coretest_cs;
+ i2c_we = coretest_we;
+ i2c_address = coretest_address[7 : 0];
+ i2c_write_data = coretest_write_data;
+ coretest_read_data = i2c_read_data;
+ coretest_error = i2c_error;
+ end
+
+
+ SHA1_ADDR_PREFIX:
+ begin
+ sha1_cs = coretest_cs;
+ sha1_we = coretest_we;
+ sha1_address = coretest_address[7 : 0];
+ sha1_write_data = coretest_write_data;
+ coretest_read_data = sha1_read_data;
+ coretest_error = sha1_error;
+ end
+
+
+ SHA256_ADDR_PREFIX:
+ begin
+ sha256_cs = coretest_cs;
+ sha256_we = coretest_we;
+ sha256_address = coretest_address[7 : 0];
+ sha256_write_data = coretest_write_data;
+ coretest_read_data = sha256_read_data;
+ coretest_error = sha256_error;
+ end
+
+
+ SHA512_ADDR_PREFIX:
+ begin
+ sha512_cs = coretest_cs;
+ sha512_we = coretest_we;
+ sha512_address = coretest_address[7 : 0];
+ sha512_write_data = coretest_write_data;
+ coretest_read_data = sha512_read_data;
+ coretest_error = sha512_error;
+ end
+
+
+ default:
+ begin
+ end
+ endcase // case (coretest_address[15 : 8])
+ end // address_mux
+
+endmodule // coretest_hashes
+
+//======================================================================
+// EOF coretest_hashes.v
+//======================================================================
diff --git a/src/rtl/novena_fpga.v b/src/rtl/novena_fpga.v
new file mode 100644
index 0000000..fd0f667
--- /dev/null
+++ b/src/rtl/novena_fpga.v
@@ -0,0 +1,147 @@
+//////////////////////////////////////////////////////////////////////////////
+// Copyright (c) 2013, Andrew "bunnie" Huang
+//
+// See the NOTICE file distributed with this work for additional
+// information regarding copyright ownership. The copyright holder
+// licenses this file to you under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// code distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//////////////////////////////////////////////////////////////////////////////
+
+/// note: must set "-g UnusedPin:Pullnone" to avoid conflicts with unused pins
+
+`timescale 1ns / 1ps
+
+module novena_fpga(
+ // CPU side mapping
+ input wire [15:0] EIM_DA,
+ output reg EIM_A16, // relay of the trigger output
+ output reg EIM_A17, // relay of the trigger data (read path)
+
+ // connector side mapping
+ //input wire F_LVDS_N3, // output of trigger
+ //input wire F_DX2, // output of trigger
+ //output wire F_LVDS_N5, // trigger reset
+ output wire F_LVDS_P4, // trigger reset
+ //inout wire F_LVDS_P5, // trigger data (bidir)
+ //input wire F_DX18, // trigger data in from sticker (DUT->CPU)
+ output wire F_LVDS_P11, // trigger data out to sticker (CPU->DUT)
+ //output wire F_LVDS_N8, // trigger clock
+ //output wire F_DX14, // trigger clock
+
+ output wire F_LVDS_N7, // drive TPI data line
+ output wire F_LVDS_P7, // drive TPI signal lines
+
+ output wire F_DX15, // 1 = drive 5V, 0 = drive 3V to DUT
+
+ output wire F_LVDS_CK1_N,
+ output wire F_LVDS_CK1_P,
+ output wire F_LVDS_N11,
+
+ output wire F_LVDS_N0,
+ output wire F_LVDS_P0,
+ output wire F_DX1,
+
+ output wire F_LVDS_N15,
+ output wire F_LVDS_P15,
+ output wire F_LVDS_NC,
+
+ //input wire F_DX11,
+ //input wire F_DX3,
+ //input wire F_DX0,
+
+ //input wire F_LVDS_CK0_P,
+ //input wire F_LVDS_CK0_N,
+ //input wire F_LVDS_P9,
+
+ //input wire [1:0] EIM_CS,
+ //input wire EIM_LBA,
+
+ input wire CLK2_N,
+ input wire CLK2_P,
+ output wire FPGA_LED2,
+
+ input wire I2C3_SCL,
+ inout wire I2C3_SDA,
+
+ input wire RESETBMCU,
+ output wire F_DX17, // dummy
+ output wire APOPTOSIS
+);
+ wire clk;
+
+ IBUFGDS clkibufgds(
+ .I(CLK2_P),
+ .IB(CLK2_N),
+ .O(clk)
+ );
+
+ assign FPGA_LED2 = 1'b1;
+
+ assign APOPTOSIS = 1'b0;
+ assign F_DX15 = 1'b1; //+5V P_DUT
+
+ // OE on bank to drive signals; signal not inverted in software
+ assign F_LVDS_P7 = !EIM_DA[3];
+ // OE on bank to drive the data; signal not inverted in software
+ assign F_LVDS_N7 = !EIM_DA[4];
+ assign F_LVDS_P4 = 1'b0;
+ assign F_LVDS_P11 = 1'b0;
+ assign F_LVDS_CK1_N = 1'b0;
+ assign F_LVDS_CK1_P = 1'b0;
+ assign F_LVDS_N11 = 1'b0;
+ assign F_LVDS_N0 = 1'b0;
+ assign F_LVDS_P0 = 1'b0;
+ assign F_DX1 = 1'b0;
+ assign F_LVDS_N15 = 1'b0;
+ assign F_LVDS_P15 = 1'b0;
+ assign F_LVDS_NC = 1'b0;
+
+ // reduction and of EIM_DA, dummy-map to keep compiler quiet
+ assign F_DX17 = &EIM_DA | RESETBMCU;
+
+ ////////////////////////////////////
+ ///// I2C register set
+ ////////////////////////////////////
+ wire SDA_pd;
+ wire SDA_int;
+ reg clk25;
+
+ initial begin
+ clk25 <= 1'b0;
+ end
+ always @ (posedge clk) begin
+ clk25 <= ~clk25;
+ EIM_A16 <= 1'b0;
+ EIM_A17 <= 1'b0;
+ end
+
+ IOBUF #(
+ .DRIVE(8),
+ .SLEW("SLOW")
+ ) IOBUF_sda (
+ .IO(I2C3_SDA),
+ .I(1'b0),
+ .T(!SDA_pd),
+ .O(SDA_int)
+ );
+
+ coretest_hashes top(
+ .clk(clk25),
+ .reset_n(1'b1),
+
+ .SCL(I2C3_SCL),
+ .SDA(SDA_int),
+ .SDA_pd(SDA_pd)
+ );
+
+endmodule
diff --git a/src/sw/configure.sh b/src/sw/configure.sh
new file mode 100755
index 0000000..b3ed7cf
--- /dev/null
+++ b/src/sw/configure.sh
@@ -0,0 +1,15 @@
+#!/bin/sh -
+# bitbang a configuration to the FPGA on a Novena PVT1
+bitfile="${1-novena_fpga.bit}"
+echo "Setting export of reset pin"
+echo 135 > /sys/class/gpio/export
+echo "setting reset pin to out"
+echo out > /sys/class/gpio/gpio135/direction
+echo "flipping reset"
+echo 0 > /sys/class/gpio/gpio135/value
+echo 1 > /sys/class/gpio/gpio135/value
+echo "configuring FPGA"
+dd if=${bitfile} of=/dev/spidev2.0 bs=128
+echo "turning on clock to FPGA"
+# compile devmem2 from novena-scope-drivers/userspace/devmem2.c
+./devmem2 0x020c8160 w 0x00000D2B
diff --git a/src/sw/hash_tester.c b/src/sw/hash_tester.c
new file mode 100644
index 0000000..d02db41
--- /dev/null
+++ b/src/sw/hash_tester.c
@@ -0,0 +1,942 @@
+/*
+ * hash_tester.c
+ * --------------
+ * This program sends several commands to the coretest_hashes subsystem
+ * in order to verify the SHA-1, SHA-256 and SHA-512/x hash function
+ * cores.
+ *
+ * Note: This version of the program talks to the FPGA over an I2C bus.
+ *
+ * The single and dual block test cases are taken from the
+ * NIST KAT document:
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA_All.pdf
+ *
+ *
+ * Authors: Joachim Strömbergson, Paul Selkirk
+ * Copyright (c) 2014, SUNET
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <time.h>
+#include <linux/i2c-dev.h>
+#include <sys/ioctl.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+
+/* I2C configuration */
+#define I2C_dev "/dev/i2c-2"
+#define I2C_addr 0x0f
+
+/* command codes */
+#define SOC 0x55
+#define EOC 0xaa
+#define READ_CMD 0x10
+#define WRITE_CMD 0x11
+
+/* response codes */
+#define SOR 0xaa
+#define EOR 0x55
+#define UNKNOWN 0xfe
+#define ERROR 0xfd
+#define READ_OK 0x7f
+#define WRITE_OK 0x7e
+#define RESET_OK 0x7d
+
+/* addresses and codes common to all hash cores */
+#define ADDR_NAME0 0x00
+#define ADDR_NAME1 0x01
+#define ADDR_VERSION 0x02
+#define ADDR_CTRL 0x08
+#define CTRL_INIT_CMD 1
+#define CTRL_NEXT_CMD 2
+#define ADDR_STATUS 0x09
+#define STATUS_READY_BIT 0
+#define STATUS_VALID_BIT 1
+
+/* addresses and codes for the specific hash cores */
+#define SHA1_ADDR_PREFIX 0x10
+#define SHA1_ADDR_BLOCK 0x10
+#define SHA1_BLOCK_LEN 16
+#define SHA1_ADDR_DIGEST 0x20
+#define SHA1_DIGEST_LEN 5
+
+#define SHA256_ADDR_PREFIX 0x20
+#define SHA256_ADDR_BLOCK 0x10
+#define SHA256_BLOCK_LEN 16
+#define SHA256_ADDR_DIGEST 0x20
+#define SHA256_DIGEST_LEN 8
+
+#define SHA512_ADDR_PREFIX 0x30
+#define SHA512_CTRL_MODE_LOW 2
+#define SHA512_CTRL_MODE_HIGH 3
+#define SHA512_ADDR_BLOCK 0x10
+#define SHA512_BLOCK_LEN 32
+#define SHA512_ADDR_DIGEST 0x40
+#define SHA512_DIGEST_LEN 16
+#define MODE_SHA_512_224 0
+#define MODE_SHA_512_256 1
+#define MODE_SHA_384 2
+#define MODE_SHA_512 3
+
+int i2cfd;
+int debug = 0;
+
+/* SHA-1/SHA-256 One Block Message Sample
+ Input Message: "abc" */
+const uint32_t NIST_512_SINGLE[] =
+{ 0x61626380, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000018 };
+
+const uint32_t SHA1_SINGLE_DIGEST[] =
+{ 0xa9993e36, 0x4706816a, 0xba3e2571, 0x7850c26c,
+ 0x9cd0d89d };
+
+const uint32_t SHA256_SINGLE_DIGEST[] =
+{ 0xBA7816BF, 0x8F01CFEA, 0x414140DE, 0x5DAE2223,
+ 0xB00361A3, 0x96177A9C, 0xB410FF61, 0xF20015AD };
+
+/* SHA-1/SHA-256 Two Block Message Sample
+ Input Message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" */
+const uint32_t NIST_512_DOUBLE0[] =
+{ 0x61626364, 0x62636465, 0x63646566, 0x64656667,
+ 0x65666768, 0x66676869, 0x6768696A, 0x68696A6B,
+ 0x696A6B6C, 0x6A6B6C6D, 0x6B6C6D6E, 0x6C6D6E6F,
+ 0x6D6E6F70, 0x6E6F7071, 0x80000000, 0x00000000 };
+const uint32_t NIST_512_DOUBLE1[] =
+{ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x000001C0 };
+
+const uint32_t SHA1_DOUBLE_DIGEST[] =
+{ 0x84983E44, 0x1C3BD26E, 0xBAAE4AA1, 0xF95129E5,
+ 0xE54670F1 };
+
+const uint32_t SHA256_DOUBLE_DIGEST[] =
+{ 0x248D6A61, 0xD20638B8, 0xE5C02693, 0x0C3E6039,
+ 0xA33CE459, 0x64FF2167, 0xF6ECEDD4, 0x19DB06C1 };
+
+/* SHA-512 One Block Message Sample
+ Input Message: "abc" */
+const uint32_t NIST_1024_SINGLE[] =
+{ 0x61626380, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000018 };
+
+const uint32_t SHA512_224_SINGLE_DIGEST[] =
+{ 0x4634270f, 0x707b6a54, 0xdaae7530, 0x460842e2,
+ 0x0e37ed26, 0x5ceee9a4, 0x3e8924aa };
+const uint32_t SHA512_256_SINGLE_DIGEST[] =
+{ 0x53048e26, 0x81941ef9, 0x9b2e29b7, 0x6b4c7dab,
+ 0xe4c2d0c6, 0x34fc6d46, 0xe0e2f131, 0x07e7af23 };
+const uint32_t SHA384_SINGLE_DIGEST[] =
+{ 0xcb00753f, 0x45a35e8b, 0xb5a03d69, 0x9ac65007,
+ 0x272c32ab, 0x0eded163, 0x1a8b605a, 0x43ff5bed,
+ 0x8086072b, 0xa1e7cc23, 0x58baeca1, 0x34c825a7 };
+const uint32_t SHA512_SINGLE_DIGEST[] =
+{ 0xddaf35a1, 0x93617aba, 0xcc417349, 0xae204131,
+ 0x12e6fa4e, 0x89a97ea2, 0x0a9eeee6, 0x4b55d39a,
+ 0x2192992a, 0x274fc1a8, 0x36ba3c23, 0xa3feebbd,
+ 0x454d4423, 0x643ce80e, 0x2a9ac94f, 0xa54ca49f };
+
+/* SHA-512 Two Block Message Sample
+ Input Message: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" */
+const uint32_t NIST_1024_DOUBLE0[] =
+{ 0x61626364, 0x65666768, 0x62636465, 0x66676869,
+ 0x63646566, 0x6768696a, 0x64656667, 0x68696a6b,
+ 0x65666768, 0x696a6b6c, 0x66676869, 0x6a6b6c6d,
+ 0x6768696a, 0x6b6c6d6e, 0x68696a6b, 0x6c6d6e6f,
+ 0x696a6b6c, 0x6d6e6f70, 0x6a6b6c6d, 0x6e6f7071,
+ 0x6b6c6d6e, 0x6f707172, 0x6c6d6e6f, 0x70717273,
+ 0x6d6e6f70, 0x71727374, 0x6e6f7071, 0x72737475,
+ 0x80000000, 0x00000000, 0x00000000, 0x00000000 };
+const uint32_t NIST_1024_DOUBLE1[] =
+{ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000380 };
+
+const uint32_t SHA512_224_DOUBLE_DIGEST[] =
+{ 0x23fec5bb, 0x94d60b23, 0x30819264, 0x0b0c4533,
+ 0x35d66473, 0x4fe40e72, 0x68674af9 };
+const uint32_t SHA512_256_DOUBLE_DIGEST[] =
+{ 0x3928e184, 0xfb8690f8, 0x40da3988, 0x121d31be,
+ 0x65cb9d3e, 0xf83ee614, 0x6feac861, 0xe19b563a };
+const uint32_t SHA384_DOUBLE_DIGEST[] =
+{ 0x09330c33, 0xf71147e8, 0x3d192fc7, 0x82cd1b47,
+ 0x53111b17, 0x3b3b05d2, 0x2fa08086, 0xe3b0f712,
+ 0xfcc7c71a, 0x557e2db9, 0x66c3e9fa, 0x91746039 };
+const uint32_t SHA512_DOUBLE_DIGEST[] =
+{ 0x8e959b75, 0xdae313da, 0x8cf4f728, 0x14fc143f,
+ 0x8f7779c6, 0xeb9f7fa1, 0x7299aead, 0xb6889018,
+ 0x501d289e, 0x4900f7e4, 0x331b99de, 0xc4b5433a,
+ 0xc7d329ee, 0xb6dd2654, 0x5e96e55b, 0x874be909 };
+
+/* ---------------- I2C low-level code ---------------- */
+int i2c_setup(char *dev, int addr)
+{
+ i2cfd = open(dev, O_RDWR);
+ if (i2cfd < 0) {
+ fprintf(stderr, "Unable to open %s: ", dev);
+ perror("");
+ i2cfd = 0;
+ return 1;
+ }
+
+ if (ioctl(i2cfd, I2C_SLAVE, addr) < 0) {
+ fprintf(stderr, "Unable to set I2C slave device 0x%02x: ", addr);
+ perror("");
+ return 1;
+ }
+
+ return 0;
+}
+
+int i2c_write(uint8_t *buf, int len)
+{
+ if (debug) {
+ int i;
+ printf("write [");
+ for (i = 0; i < len; ++i)
+ printf(" %02x", buf[i]);
+ printf(" ]\n");
+ }
+
+ if (write(i2cfd, buf, len) != len) {
+ perror("i2c write failed");
+ return 1;
+ }
+
+ return 0;
+}
+
+int i2c_read(uint8_t *buf, int len)
+{
+ int i;
+
+ if (debug)
+ printf("read [");
+
+ for (i = 0; i < len; ++i) {
+ if (read(i2cfd, &buf[i], 1) != 1) {
+ fprintf(stderr, "i2c read failed on byte %d: ", i);
+ perror("");
+ return 1;
+ }
+ if (debug)
+ printf(" %02x", buf[i]);
+ }
+
+ if (debug)
+ printf(" ]\n");
+
+ return 0;
+}
+
+/* ---------------- test-case low-level code ---------------- */
+int tc_send_write_cmd(uint8_t addr0, uint8_t addr1, uint32_t data)
+{
+ uint8_t buf[9];
+
+ buf[0] = SOC;
+ buf[1] = WRITE_CMD;
+ buf[2] = addr0;
+ buf[3] = addr1;
+ buf[4] = (data >> 24) & 0xff;
+ buf[5] = (data >> 16) & 0xff;
+ buf[6] = (data >> 8) & 0xff;
+ buf[7] = data & 0xff;
+ buf[8] = EOC;
+
+ return i2c_write(buf, sizeof(buf));
+}
+
+int tc_send_read_cmd(uint8_t addr0, uint8_t addr1)
+{
+ uint8_t buf[5];
+
+ buf[0] = SOC;
+ buf[1] = READ_CMD;
+ buf[2] = addr0;
+ buf[3] = addr1;
+ buf[4] = EOC;
+
+ return i2c_write(buf, sizeof(buf));
+}
+
+int tc_get_resp(uint8_t *expected, int len)
+{
+ uint8_t buf[9];
+ int i;
+
+ if (i2c_read(buf, len) != 0)
+ return 1;
+
+ for (i = 0; i < len; ++i) {
+ if (buf[i] != expected[i]) {
+ fprintf(stderr, "response byte %d: expected 0x%02x, got 0x%02x\n",
+ i, expected[i], buf[i]);
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+int tc_get_write_resp(uint8_t addr0, uint8_t addr1)
+{
+ uint8_t expected[5];
+
+ expected[0] = SOR;
+ expected[1] = WRITE_OK;
+ expected[2] = addr0;
+ expected[3] = addr1;
+ expected[4] = EOR;
+
+ return tc_get_resp(expected, sizeof(expected));
+}
+
+int tc_get_read_resp(uint8_t addr0, uint8_t addr1, uint32_t data)
+{
+ uint8_t expected[9];
+
+ expected[0] = SOR;
+ expected[1] = READ_OK;
+ expected[2] = addr0;
+ expected[3] = addr1;
+ expected[4] = (data >> 24) & 0xff;
+ expected[5] = (data >> 16) & 0xff;
+ expected[6] = (data >> 8) & 0xff;
+ expected[7] = data & 0xff;
+ expected[8] = EOR;
+
+ return tc_get_resp(expected, sizeof(expected));
+}
+
+int tc_write(uint8_t addr0, uint8_t addr1, uint32_t data)
+{
+ return (tc_send_write_cmd(addr0, addr1, data) ||
+ tc_get_write_resp(addr0, addr1));
+}
+
+int tc_read(uint8_t addr0, uint8_t addr1, uint32_t data)
+{
+ return (tc_send_read_cmd(addr0, addr1) ||
+ tc_get_read_resp(addr0, addr1, data));
+}
+
+int tc_init(uint8_t addr0)
+{
+ return tc_write(addr0, ADDR_CTRL, CTRL_INIT_CMD);
+}
+
+int tc_next(uint8_t addr0)
+{
+ return tc_write(addr0, ADDR_CTRL, CTRL_NEXT_CMD);
+}
+
+int tc_wait(uint8_t addr0, uint8_t status)
+{
+ uint8_t buf[9];
+
+ do {
+ if (tc_send_read_cmd(addr0, ADDR_STATUS) != 0)
+ return 1;
+ if (i2c_read(buf, 9) != 0)
+ return 1;
+ } while ((buf[7] & status) != status);
+
+ return 0;
+}
+
+int tc_wait_ready(uint8_t addr0)
+{
+ return tc_wait(addr0, STATUS_READY_BIT);
+}
+
+int tc_wait_valid(uint8_t addr0)
+{
+ return tc_wait(addr0, STATUS_VALID_BIT);
+}
+
+/* ---------------- SHA-1 test cases ---------------- */
+
+int sha1_read(uint8_t addr, uint32_t data)
+{
+ return tc_read(SHA1_ADDR_PREFIX, addr, data);
+}
+
+int sha1_write(uint8_t addr, uint32_t data)
+{
+ return tc_write(SHA1_ADDR_PREFIX, addr, data);
+}
+
+int sha1_init(void)
+{
+ return tc_init(SHA1_ADDR_PREFIX);
+}
+
+int sha1_next(void)
+{
+ return tc_next(SHA1_ADDR_PREFIX);
+}
+
+int sha1_wait_ready(void)
+{
+ return tc_wait_ready(SHA1_ADDR_PREFIX);
+}
+
+int sha1_wait_valid(void)
+{
+ return tc_wait_valid(SHA1_ADDR_PREFIX);
+}
+
+/* TC1: Read name and version from SHA-1 core. */
+int TC1(void)
+{
+ uint32_t name0 = 0x73686131; /* "sha1" */
+ uint32_t name1 = 0x20202020; /* " " */
+ uint32_t version = 0x302e3530; /* "0.50" */
+
+ printf("TC1: Reading name, type and version words from SHA-1 core.\n");
+
+ return
+ sha1_read(ADDR_NAME0, name0) ||
+ sha1_read(ADDR_NAME1, name1) ||
+ sha1_read(ADDR_VERSION, version);
+}
+
+/* TC2: SHA-1 Single block message test as specified by NIST. */
+int TC2(void)
+{
+ const uint32_t *block = NIST_512_SINGLE;
+ const uint32_t *expected = SHA1_SINGLE_DIGEST;
+ int i;
+
+ printf("TC2: Single block message test for SHA-1.\n");
+
+ /* Write block to SHA-1. */
+ for (i = 0; i < SHA1_BLOCK_LEN; ++i) {
+ if (sha1_write(SHA1_ADDR_BLOCK + i, block[i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha1_init() != 0) || (sha1_wait_valid() != 0))
+ return 1;
+
+ /* Extract the digest. */
+ for (i = 0; i < SHA1_DIGEST_LEN; ++i) {
+ if (sha1_read(SHA1_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+/* TC3: SHA-1 Double block message test as specified by NIST. */
+int TC3(void)
+{
+ const uint32_t *block[2] = { NIST_512_DOUBLE0, NIST_512_DOUBLE1 };
+ static const uint32_t block0_expected[] =
+ { 0xF4286818, 0xC37B27AE, 0x0408F581, 0x84677148, 0x4A566572 };
+ const uint32_t *expected = SHA1_DOUBLE_DIGEST;
+ int i;
+
+ printf("TC3: Double block message test for SHA-1.\n");
+
+ /* Write first block to SHA-1. */
+ for (i = 0; i < SHA1_BLOCK_LEN; ++i) {
+ if (sha1_write(SHA1_ADDR_BLOCK + i, block[0][i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha1_init() != 0) || (sha1_wait_valid() != 0))
+ return 1;
+
+ /* Extract the first digest. */
+ for (i = 0; i < SHA1_DIGEST_LEN; ++i) {
+ if (sha1_read(SHA1_ADDR_DIGEST + i, block0_expected[i]) != 0)
+ return 1;
+ }
+
+ /* Write second block to SHA-1. */
+ for (i = 0; i < SHA1_BLOCK_LEN; ++i) {
+ if (sha1_write(SHA1_ADDR_BLOCK + i, block[1][i]) != 0)
+ return 1;
+ }
+
+ /* Start next block hashing, wait and check status. */
+ if ((sha1_next() != 0) || (sha1_wait_valid() != 0))
+ return 1;
+
+ /* Extract the second digest. */
+ for (i = 0; i < SHA1_DIGEST_LEN; ++i) {
+ if (sha1_read(SHA1_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+/* ---------------- SHA-256 test cases ---------------- */
+
+int sha256_read(uint8_t addr, uint32_t data)
+{
+ return tc_read(SHA256_ADDR_PREFIX, addr, data);
+}
+
+int sha256_write(uint8_t addr, uint32_t data)
+{
+ return tc_write(SHA256_ADDR_PREFIX, addr, data);
+}
+
+int sha256_init(void)
+{
+ return tc_init(SHA256_ADDR_PREFIX);
+}
+
+int sha256_next(void)
+{
+ return tc_next(SHA256_ADDR_PREFIX);
+}
+
+int sha256_wait_ready(void)
+{
+ return tc_wait_ready(SHA256_ADDR_PREFIX);
+}
+
+int sha256_wait_valid(void)
+{
+ return tc_wait_valid(SHA256_ADDR_PREFIX);
+}
+
+/* TC4: Read name and version from SHA-256 core. */
+int TC4(void)
+{
+ uint32_t name0 = 0x73686132; /* "sha2" */
+ uint32_t name1 = 0x2d323536; /* "-256" */
+ uint32_t version = 0x302e3830; /* "0.80" */
+
+ printf("TC4: Reading name, type and version words from SHA-256 core.\n");
+
+ return
+ sha256_read(ADDR_NAME0, name0) ||
+ sha256_read(ADDR_NAME1, name1) ||
+ sha256_read(ADDR_VERSION, version);
+}
+
+/* TC5: SHA-256 Single block message test as specified by NIST. */
+int TC5(void)
+{
+ const uint32_t *block = NIST_512_SINGLE;
+ const uint32_t *expected = SHA256_SINGLE_DIGEST;
+ int i;
+
+ printf("TC5: Single block message test for SHA-256.\n");
+
+ /* Write block to SHA-256. */
+ for (i = 0; i < SHA256_BLOCK_LEN; ++i) {
+ if (sha256_write(SHA256_ADDR_BLOCK + i, block[i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha256_init() != 0) || (sha256_wait_valid() != 0))
+ return 1;
+
+ /* Extract the digest. */
+ for (i = 0; i < SHA256_DIGEST_LEN; ++i) {
+ if (sha256_read(SHA256_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+
+ return 0;
+}
+
+/* TC6: SHA-1 Double block message test as specified by NIST. */
+int TC6(void)
+{
+ const uint32_t *block[2] = { NIST_512_DOUBLE0, NIST_512_DOUBLE1 };
+ static const uint32_t block0_expected[] =
+ { 0x85E655D6, 0x417A1795, 0x3363376A, 0x624CDE5C,
+ 0x76E09589, 0xCAC5F811, 0xCC4B32C1, 0xF20E533A };
+ const uint32_t *expected = SHA256_DOUBLE_DIGEST;
+ int i;
+
+ printf("TC6: Double block message test for SHA-256.\n");
+
+ /* Write first block to SHA-256. */
+ for (i = 0; i < SHA256_BLOCK_LEN; ++i) {
+ if (sha256_write(SHA256_ADDR_BLOCK + i, block[0][i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha256_init() != 0) || (sha256_wait_valid() != 0))
+ return 1;
+
+ /* Extract the first digest. */
+ for (i = 0; i < SHA256_DIGEST_LEN; ++i) {
+ if (sha256_read(SHA256_ADDR_DIGEST + i, block0_expected[i]) != 0)
+ return 1;
+ }
+
+ /* Write second block to SHA-256. */
+ for (i = 0; i < SHA256_BLOCK_LEN; ++i) {
+ if (sha256_write(SHA256_ADDR_BLOCK + i, block[1][i]) != 0)
+ return 1;
+ }
+
+ /* Start next block hashing, wait and check status. */
+ if ((sha256_next() != 0) || (sha256_wait_valid() != 0))
+ return 1;
+
+ /* Extract the second digest. */
+ for (i = 0; i < SHA256_DIGEST_LEN; ++i) {
+ if (sha256_read(SHA256_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+/* TC7: SHA-256 Huge message test. */
+int TC7(void)
+{
+ static const uint32_t block[] =
+ { 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f,
+ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f,
+ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f,
+ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f };
+
+ /* final digest after 1000 iterations */
+ static const uint32_t expected[] =
+ { 0x7638f3bc, 0x500dd1a6, 0x586dd4d0, 0x1a1551af,
+ 0xd821d235, 0x2f919e28, 0xd5842fab, 0x03a40f2a };
+
+ int i, n = 1000;
+
+ printf("TC7: Message with %d blocks test for SHA-256.\n", n);
+
+ /* Write first block to SHA-256. */
+ for (i = 0; i < SHA256_BLOCK_LEN; ++i) {
+ if (sha256_write( SHA256_ADDR_BLOCK + i, block[i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha256_init() != 0) || (sha256_wait_ready() != 0))
+ return 1;
+
+ /* First block done. Do the rest. */
+ for (i = 1; i < n; ++i) {
+ /* Start next block hashing, wait and check status. */
+ if ((sha256_next() != 0) || (sha256_wait_ready() != 0))
+ return 1;
+ }
+
+ /* XXX valid is probably set at the same time as ready */
+ if (sha256_wait_valid() != 0)
+ return 1;
+ /* Extract the final digest. */
+ for (i = 0; i < SHA256_DIGEST_LEN; ++i) {
+ if (sha256_read(SHA256_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+/* ---------------- SHA-512 test cases ---------------- */
+
+int sha512_read(uint8_t addr, uint32_t data)
+{
+ return tc_read(SHA512_ADDR_PREFIX, addr, data);
+}
+
+int sha512_write(uint8_t addr, uint32_t data)
+{
+ return tc_write(SHA512_ADDR_PREFIX, addr, data);
+}
+
+int sha512_init(uint8_t mode)
+{
+ return tc_write(SHA512_ADDR_PREFIX, ADDR_CTRL,
+ CTRL_INIT_CMD + (mode << SHA512_CTRL_MODE_LOW));
+}
+
+int sha512_next(uint8_t mode)
+{
+ return tc_write(SHA512_ADDR_PREFIX, ADDR_CTRL,
+ CTRL_NEXT_CMD + (mode << SHA512_CTRL_MODE_LOW));
+}
+
+int sha512_wait_ready(void)
+{
+ return tc_wait_ready(SHA512_ADDR_PREFIX);
+}
+
+int sha512_wait_valid(void)
+{
+ return tc_wait_valid(SHA512_ADDR_PREFIX);
+}
+
+/* TC8: Read name and version from SHA-512 core. */
+int TC8(void)
+{
+ uint32_t name0 = 0x73686132; /* "sha2" */
+ uint32_t name1 = 0x2d353132; /* "-512" */
+ uint32_t version = 0x302e3830; /* "0.80" */
+
+ printf("TC8: Reading name, type and version words from SHA-512 core.\n");
+
+ return
+ sha512_read(ADDR_NAME0, name0) ||
+ sha512_read(ADDR_NAME1, name1) ||
+ sha512_read(ADDR_VERSION, version);
+}
+
+/* TC9: SHA-512 Single block message test as specified by NIST.
+ We do this for all modes. */
+int tc9(uint8_t mode, const uint32_t *expected, int len)
+{
+ const uint32_t *block = NIST_1024_SINGLE;
+ int i;
+
+ /* Write block to SHA-512. */
+ for (i = 0; i < SHA512_BLOCK_LEN; ++i) {
+ if (sha512_write(SHA512_ADDR_BLOCK + i, block[i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha512_init(mode) != 0) || (sha512_wait_valid() != 0))
+ return 1;
+
+ /* Extract the digest. */
+ for (i = 0; i < len/4; ++i) {
+ if (sha512_read(SHA512_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+int TC9(void)
+{
+ printf("TC9-1: Single block message test for SHA-512/224.\n");
+ if (tc9(MODE_SHA_512_224, SHA512_224_SINGLE_DIGEST,
+ sizeof(SHA512_224_SINGLE_DIGEST)) != 0)
+ return 1;
+
+ printf("TC9-2: Single block message test for SHA-512/256.\n");
+ if (tc9(MODE_SHA_512_256, SHA512_256_SINGLE_DIGEST,
+ sizeof(SHA512_256_SINGLE_DIGEST)) != 0)
+ return 1;
+
+ printf("TC9-3: Single block message test for SHA-384.\n");
+ if (tc9(MODE_SHA_384, SHA384_SINGLE_DIGEST,
+ sizeof(SHA384_SINGLE_DIGEST)) != 0)
+ return 1;
+
+ printf("TC9-4: Single block message test for SHA-512.\n");
+ if (tc9(MODE_SHA_512, SHA512_SINGLE_DIGEST,
+ sizeof(SHA512_SINGLE_DIGEST)) != 0)
+ return 1;
+
+ return 0;
+}
+
+/* TC10: SHA-512 Double block message test as specified by NIST.
+ We do this for all modes. */
+int tc10(uint8_t mode, const uint32_t *expected, int len)
+{
+ const uint32_t *block[2] = { NIST_1024_DOUBLE0, NIST_1024_DOUBLE1 };
+ int i;
+
+ /* Write first block to SHA-512. */
+ for (i = 0; i < SHA512_BLOCK_LEN; ++i) {
+ if (sha512_write(SHA512_ADDR_BLOCK + i, block[0][i]) != 0)
+ return 1;
+ }
+
+ /* Start initial block hashing, wait and check status. */
+ if ((sha512_init(mode) != 0) || (sha512_wait_ready() != 0))
+ return 1;
+
+ /* Write second block to SHA-512. */
+ for (i = 0; i < SHA512_BLOCK_LEN; ++i) {
+ if (sha512_write(SHA512_ADDR_BLOCK + i, block[1][i]) != 0)
+ return 1;
+ }
+
+ /* Start next block hashing, wait and check status. */
+ if ((sha512_next(mode) != 0) || (sha512_wait_valid() != 0))
+ return 1;
+
+ /* Extract the digest. */
+ for (i = 0; i < len/4; ++i) {
+ if (sha512_read(SHA512_ADDR_DIGEST + i, expected[i]) != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+int TC10(void)
+{
+ printf("TC10-1: Double block message test for SHA-512/224.\n");
+ if (tc10(MODE_SHA_512_224, SHA512_224_DOUBLE_DIGEST,
+ sizeof(SHA512_224_DOUBLE_DIGEST)) != 0)
+ return 1;
+
+ printf("TC10-2: Double block message test for SHA-512/256.\n");
+ if (tc10(MODE_SHA_512_256, SHA512_256_DOUBLE_DIGEST,
+ sizeof(SHA512_256_DOUBLE_DIGEST)) != 0)
+ return 1;
+
+ printf("TC10-3: Double block message test for SHA-384.\n");
+ if (tc10(MODE_SHA_384, SHA384_DOUBLE_DIGEST,
+ sizeof(SHA384_DOUBLE_DIGEST)) != 0)
+ return 1;
+
+ printf("TC10-4: Double block message test for SHA-512.\n");
+ if (tc10(MODE_SHA_512, SHA512_DOUBLE_DIGEST,
+ sizeof(SHA512_DOUBLE_DIGEST)) != 0)
+ return 1;
+
+ return 0;
+}
+
+/* ---------------- main ---------------- */
+
+int main(int argc, char *argv[])
+{
+ typedef int (*tcfp)(void);
+ tcfp all_tests[] = { TC1, TC2, TC3, TC4, TC5, TC6, TC7, TC8, TC9, TC10 };
+ tcfp sha1_tests[] = { TC1, TC2, TC3 };
+ tcfp sha256_tests[] = { TC4, TC5, TC6, TC7 };
+ tcfp sha512_tests[] = { TC8, TC9, TC10 };
+
+ char *usage = "Usage: %s [-d] [-i I2C_device] [-a I2C_addr] tc...\n";
+ char *dev = I2C_dev;
+ int addr = I2C_addr;
+ int i, j, opt;
+
+ while ((opt = getopt(argc, argv, "di:a:")) != -1) {
+ switch (opt) {
+ case 'h':
+ case '?':
+ printf(usage, argv[0]);
+ return 0;
+ case 'd':
+ debug = 1;
+ break;
+ case 'i':
+ dev = optarg;
+ break;
+ case 'a':
+ addr = (int)strtol(optarg, NULL, 0);
+ if ((addr < 0x03) || (addr > 0x77)) {
+ fprintf(stderr, "addr must be between 0x03 and 0x77\n");
+ return 1;
+ }
+ break;
+ default:
+ fprintf(stderr, usage, argv[0]);
+ return 1;
+ }
+ }
+
+ if (i2c_setup(dev, addr) != 0)
+ return 1;
+
+ /* no args == run all tests */
+ if (optind >= argc) {
+ for (j = 0; j < sizeof(all_tests)/sizeof(all_tests[0]); ++j)
+ if (all_tests[j]() != 0)
+ return 1;
+ return 0;
+ }
+
+ for (i = optind; i < argc; ++i) {
+ if (strcmp(argv[i], "sha1") == 0) {
+ for (j = 0; j < sizeof(sha1_tests)/sizeof(sha1_tests[0]); ++j)
+ if (sha1_tests[j]() != 0)
+ return 1;
+ }
+ else if (strcmp(argv[i], "sha256") == 0) {
+ for (j = 0; j < sizeof(sha256_tests)/sizeof(sha256_tests[0]); ++j)
+ if (sha256_tests[j]() != 0)
+ return 1;
+ }
+ else if (strcmp(argv[i], "sha512") == 0) {
+ for (j = 0; j < sizeof(sha512_tests)/sizeof(sha512_tests[0]); ++j)
+ if (sha512_tests[j]() != 0)
+ return 1;
+ }
+ else if (strcmp(argv[i], "all") == 0) {
+ for (j = 0; j < sizeof(all_tests)/sizeof(all_tests[0]); ++j)
+ if (all_tests[j]() != 0)
+ return 1;
+ }
+ else if (isdigit(argv[i][0]) &&
+ (((j = atoi(argv[i])) > 0) &&
+ (j <= sizeof(all_tests)/sizeof(all_tests[0])))) {
+ if (all_tests[j - 1]() != 0)
+ return 1;
+ }
+ else {
+ fprintf(stderr, "unknown test case %s\n", argv[i]);
+ return 1;
+ }
+ }
+
+ return 0;
+}
diff --git a/src/sw/hash_tester.py b/src/sw/hash_tester.py
new file mode 100755
index 0000000..e2b3777
--- /dev/null
+++ b/src/sw/hash_tester.py
@@ -0,0 +1,669 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#=======================================================================
+#
+# hash_tester.py
+# --------------
+# This program sends several commands to the coretest_hashes subsystem
+# in order to verify the SHA-1, SHA-256 and SHA-512/x hash function
+# cores. The program will use the built in hash implementations in
+# Python to do functional comparison and validation.
+#
+# This version of the program talks to the FPGA over an I2C bus, but
+# does not require any additional modules.
+#
+# The single and dual block test cases are taken from the
+# NIST KAT document:
+# http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA_All.pdf
+#
+#
+# Authors: Joachim Strömbergson, Paul Selkirk
+# Copyright (c) 2014, SUNET
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#=======================================================================
+
+#-------------------------------------------------------------------
+# Python module imports.
+#-------------------------------------------------------------------
+import sys
+import io
+import fcntl
+
+#-------------------------------------------------------------------
+# Defines.
+#-------------------------------------------------------------------
+
+# addresses and codes common to all hash cores
+ADDR_NAME0 = 0x00
+ADDR_NAME1 = 0x01
+ADDR_VERSION = 0x02
+ADDR_CTRL = 0x08
+CTRL_INIT_CMD = 1
+CTRL_NEXT_CMD = 2
+ADDR_STATUS = 0x09
+STATUS_READY_BIT = 0
+STATUS_VALID_BIT = 1
+
+#----------------------------------------------------------------
+# NIST sample message blocks and expected digests
+#----------------------------------------------------------------
+
+# SHA-1/SHA-256 One Block Message Sample
+# Input Message: "abc"
+NIST_512_SINGLE = [ 0x61626380, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000018 ]
+
+SHA1_SINGLE_DIGEST = [ 0xa9993e36, 0x4706816a, 0xba3e2571, 0x7850c26c,
+ 0x9cd0d89d ]
+
+SHA256_SINGLE_DIGEST = [ 0xBA7816BF, 0x8F01CFEA, 0x414140DE, 0x5DAE2223,
+ 0xB00361A3, 0x96177A9C, 0xB410FF61, 0xF20015AD ]
+
+# SHA-1/SHA-256 Two Block Message Sample
+# Input Message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+NIST_512_DOUBLE0 = [ 0x61626364, 0x62636465, 0x63646566, 0x64656667,
+ 0x65666768, 0x66676869, 0x6768696A, 0x68696A6B,
+ 0x696A6B6C, 0x6A6B6C6D, 0x6B6C6D6E, 0x6C6D6E6F,
+ 0x6D6E6F70, 0x6E6F7071, 0x80000000, 0x00000000 ]
+NIST_512_DOUBLE1 = [ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x000001C0 ]
+
+SHA1_DOUBLE_DIGEST = [ 0x84983E44, 0x1C3BD26E, 0xBAAE4AA1, 0xF95129E5,
+ 0xE54670F1 ]
+
+SHA256_DOUBLE_DIGEST = [ 0x248D6A61, 0xD20638B8, 0xE5C02693, 0x0C3E6039,
+ 0xA33CE459, 0x64FF2167, 0xF6ECEDD4, 0x19DB06C1 ]
+
+# SHA-512 One Block Message Sample
+# Input Message: "abc"
+NIST_1024_SINGLE = [ 0x61626380, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000018 ]
+
+SHA512_224_SINGLE_DIGEST = [0x4634270f, 0x707b6a54, 0xdaae7530, 0x460842e2,
+ 0x0e37ed26, 0x5ceee9a4, 0x3e8924aa]
+SHA512_256_SINGLE_DIGEST = [0x53048e26, 0x81941ef9, 0x9b2e29b7, 0x6b4c7dab,
+ 0xe4c2d0c6, 0x34fc6d46, 0xe0e2f131, 0x07e7af23]
+SHA384_SINGLE_DIGEST = [0xcb00753f, 0x45a35e8b, 0xb5a03d69, 0x9ac65007,
+ 0x272c32ab, 0x0eded163, 0x1a8b605a, 0x43ff5bed,
+ 0x8086072b, 0xa1e7cc23, 0x58baeca1, 0x34c825a7]
+SHA512_SINGLE_DIGEST = [0xddaf35a1, 0x93617aba, 0xcc417349, 0xae204131,
+ 0x12e6fa4e, 0x89a97ea2, 0x0a9eeee6, 0x4b55d39a,
+ 0x2192992a, 0x274fc1a8, 0x36ba3c23, 0xa3feebbd,
+ 0x454d4423, 0x643ce80e, 0x2a9ac94f, 0xa54ca49f]
+
+# SHA-512 Two Block Message Sample
+# Input Message: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+# "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+NIST_1024_DOUBLE0 = [ 0x61626364, 0x65666768, 0x62636465, 0x66676869,
+ 0x63646566, 0x6768696a, 0x64656667, 0x68696a6b,
+ 0x65666768, 0x696a6b6c, 0x66676869, 0x6a6b6c6d,
+ 0x6768696a, 0x6b6c6d6e, 0x68696a6b, 0x6c6d6e6f,
+ 0x696a6b6c, 0x6d6e6f70, 0x6a6b6c6d, 0x6e6f7071,
+ 0x6b6c6d6e, 0x6f707172, 0x6c6d6e6f, 0x70717273,
+ 0x6d6e6f70, 0x71727374, 0x6e6f7071, 0x72737475,
+ 0x80000000, 0x00000000, 0x00000000, 0x00000000 ]
+NIST_1024_DOUBLE1 = [ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000380 ]
+
+SHA512_224_DOUBLE_DIGEST = [ 0x23fec5bb, 0x94d60b23, 0x30819264, 0x0b0c4533,
+ 0x35d66473, 0x4fe40e72, 0x68674af9 ]
+SHA512_256_DOUBLE_DIGEST = [ 0x3928e184, 0xfb8690f8, 0x40da3988, 0x121d31be,
+ 0x65cb9d3e, 0xf83ee614, 0x6feac861, 0xe19b563a ]
+SHA384_DOUBLE_DIGEST = [ 0x09330c33, 0xf71147e8, 0x3d192fc7, 0x82cd1b47,
+ 0x53111b17, 0x3b3b05d2, 0x2fa08086, 0xe3b0f712,
+ 0xfcc7c71a, 0x557e2db9, 0x66c3e9fa, 0x91746039 ]
+SHA512_DOUBLE_DIGEST = [ 0x8e959b75, 0xdae313da, 0x8cf4f728, 0x14fc143f,
+ 0x8f7779c6, 0xeb9f7fa1, 0x7299aead, 0xb6889018,
+ 0x501d289e, 0x4900f7e4, 0x331b99de, 0xc4b5433a,
+ 0xc7d329ee, 0xb6dd2654, 0x5e96e55b, 0x874be909 ]
+
+def hexlist(list):
+ return "[ " + ' '.join('%02x' % b for b in list) + " ]"
+
+#----------------------------------------------------------------
+# I2C class
+#----------------------------------------------------------------
+
+# default configuration
+I2C_dev = "/dev/i2c-2"
+I2C_addr = 0x0f
+
+# from /usr/include/linux/i2c-dev.h
+I2C_SLAVE = 0x0703
+
+class I2C:
+ # file handle for the i2c device
+ file = None
+
+ # constructor: initialize the i2c communications channel
+ def __init__(self, dev=I2C_dev, addr=I2C_addr):
+ self.dev = dev
+ self.addr = addr
+ try:
+ self.file = io.FileIO(self.dev, 'r+b')
+ except IOError as e:
+ print "Unable to open %s: %s" % (self.dev, e.strerror)
+ sys.exit(1)
+ try:
+ fcntl.ioctl(self.file, I2C_SLAVE, self.addr)
+ except IOError as e:
+ print "Unable to set I2C slave device 0x%02x: %s" % (self.addr, e.strerror)
+ sys.exit(1)
+
+ # destructor: close the i2c communications channel
+ def __del__(self):
+ if (self.file):
+ self.file.close()
+
+ # write a command to the i2c device
+ def write(self, buf):
+ if DEBUG:
+ print "write %s" % hexlist(buf)
+ self.file.write(bytearray(buf))
+
+ # read 5 or 9 response bytes to a buffer
+ def read(self, len):
+ buf = []
+ # read() on the i2c device will only return 1 byte at a time
+ for i in range(len):
+ buf.append(ord(self.file.read(1)))
+ if DEBUG:
+ print "read %s" % hexlist(buf)
+ return buf
+
+#----------------------------------------------------------------
+# test-case class
+#----------------------------------------------------------------
+
+# command codes
+SOC = 0x55
+EOC = 0xaa
+READ_CMD = 0x10
+WRITE_CMD = 0x11
+
+# response codes
+SOR = 0xaa
+EOR = 0x55
+READ_OK = 0x7f
+WRITE_OK = 0x7e
+
+class TcError(Exception):
+ pass
+
+class tc:
+ def __init__(self, i2c, addr0, addr1):
+ self.i2c = i2c
+ self.addr0 = addr0
+ self.addr1 = addr1
+
+ def send_write_cmd(self, data):
+ buf = [SOC, WRITE_CMD, self.addr0, self.addr1]
+ for s in (24, 16, 8, 0):
+ buf.append(data >> s & 0xff)
+ buf.append(EOC)
+ self.i2c.write(buf)
+
+ def send_read_cmd(self):
+ buf = [SOC, READ_CMD, self.addr0, self.addr1, EOC]
+ self.i2c.write(buf)
+
+ def get_resp(self, expected):
+ buf = self.i2c.read(len(expected))
+ if (buf != expected):
+ print "expected %s,\nreceived %s" % (hexlist(expected), hexlist(buf))
+ raise TcError()
+
+ def get_write_resp(self):
+ expected = [SOR, WRITE_OK, self.addr0, self.addr1, EOR]
+ self.get_resp(expected)
+
+ def get_read_resp(self, data):
+ expected = [SOR, READ_OK, self.addr0, self.addr1]
+ for s in (24, 16, 8, 0):
+ expected.append(data >> s & 0xff)
+ expected.append(EOR)
+ self.get_resp(expected)
+
+ def write(self, data):
+ self.send_write_cmd(data)
+ self.get_write_resp()
+
+ def read(self, data):
+ self.send_read_cmd()
+ self.get_read_resp(data)
+
+def tc_write(i2c, addr0, addr1, data):
+ tc(i2c, addr0, addr1).write(data)
+
+def tc_read(i2c, addr0, addr1, data):
+ tc(i2c, addr0, addr1).read(data)
+
+def tc_init(i2c, addr0):
+ tc(i2c, addr0, ADDR_CTRL).write(CTRL_INIT_CMD)
+
+def tc_next(i2c, addr0):
+ tc(i2c, addr0, ADDR_CTRL).write(CTRL_NEXT_CMD)
+
+def tc_wait(i2c, addr0, status):
+ t = tc(i2c, addr0, ADDR_STATUS)
+ while 1:
+ t.send_read_cmd()
+ buf = t.i2c.read(9)
+ if ((buf[7] & status) == status):
+ break
+
+def tc_wait_ready(i2c, addr0):
+ tc_wait(i2c, addr0, STATUS_READY_BIT)
+
+def tc_wait_valid(i2c, addr0):
+ tc_wait(i2c, addr0, STATUS_VALID_BIT)
+
+#----------------------------------------------------------------
+# SHA-1 test cases
+#----------------------------------------------------------------
+SHA1_ADDR_PREFIX = 0x10
+SHA1_ADDR_BLOCK = 0x10
+SHA1_ADDR_DIGEST = 0x20
+
+def sha1_read(i2c, addr, data):
+ tc_read(i2c, SHA1_ADDR_PREFIX, addr, data)
+
+def sha1_write(i2c, addr, data):
+ tc_write(i2c, SHA1_ADDR_PREFIX, addr, data)
+
+def sha1_init(i2c):
+ tc_init(i2c, SHA1_ADDR_PREFIX)
+
+def sha1_next(i2c):
+ tc_next(i2c, SHA1_ADDR_PREFIX)
+
+def sha1_wait_ready(i2c):
+ tc_wait_ready(i2c, SHA1_ADDR_PREFIX)
+
+def sha1_wait_valid(i2c):
+ tc_wait_valid(i2c, SHA1_ADDR_PREFIX)
+
+# TC1: Read name and version from SHA-1 core.
+def TC1(i2c):
+ print "TC1: Reading name, type and version words from SHA-1 core."
+
+ sha1_read(i2c, ADDR_NAME0, 0x73686131) # "sha1"
+ sha1_read(i2c, ADDR_NAME1, 0x20202020) # " "
+ sha1_read(i2c, ADDR_VERSION, 0x302e3530) # "0.50"
+
+# TC2: SHA-1 Single block message test as specified by NIST.
+def TC2(i2c):
+ block = NIST_512_SINGLE
+ expected = SHA1_SINGLE_DIGEST
+
+ print "TC2: Single block message test for SHA-1."
+
+ # Write block to SHA-1.
+ for i in range(len(block)):
+ sha1_write(i2c, SHA1_ADDR_BLOCK + i, block[i])
+
+ # Start initial block hashing, wait and check status.
+ sha1_init(i2c)
+ sha1_wait_valid(i2c)
+
+ # Extract the digest.
+ for i in range(len(expected)):
+ sha1_read(i2c, SHA1_ADDR_DIGEST + i, expected[i])
+
+# TC3: SHA-1 Double block message test as specified by NIST.
+def TC3(i2c):
+ block = [ NIST_512_DOUBLE0, NIST_512_DOUBLE1 ]
+ block0_expected = [ 0xF4286818, 0xC37B27AE, 0x0408F581, 0x84677148,
+ 0x4A566572 ]
+ expected = SHA1_DOUBLE_DIGEST
+
+ print "TC3: Double block message test for SHA-1."
+
+ # Write first block to SHA-1.
+ for i in range(len(block[0])):
+ sha1_write(i2c, SHA1_ADDR_BLOCK + i, block[0][i])
+
+ # Start initial block hashing, wait and check status.
+ sha1_init(i2c)
+ sha1_wait_valid(i2c)
+
+ # Extract the first digest.
+ for i in range(len(block0_expected)):
+ sha1_read(i2c, SHA1_ADDR_DIGEST + i, block0_expected[i])
+
+ # Write second block to SHA-1.
+ for i in range(len(block[1])):
+ sha1_write(i2c, SHA1_ADDR_BLOCK + i, block[1][i])
+
+ # Start next block hashing, wait and check status.
+ sha1_next(i2c)
+ sha1_wait_valid(i2c)
+
+ # Extract the second digest.
+ for i in range(len(expected)):
+ sha1_read(i2c, SHA1_ADDR_DIGEST + i, expected[i])
+
+#----------------------------------------------------------------
+# SHA-256 test cases
+#----------------------------------------------------------------
+SHA256_ADDR_PREFIX = 0x20
+SHA256_ADDR_BLOCK = 0x10
+SHA256_ADDR_DIGEST = 0x20
+
+def sha256_read(i2c, addr, data):
+ tc_read(i2c, SHA256_ADDR_PREFIX, addr, data)
+
+def sha256_write(i2c, addr, data):
+ tc_write(i2c, SHA256_ADDR_PREFIX, addr, data)
+
+def sha256_init(i2c):
+ tc_init(i2c, SHA256_ADDR_PREFIX)
+
+def sha256_next(i2c):
+ tc_next(i2c, SHA256_ADDR_PREFIX)
+
+def sha256_wait_ready(i2c):
+ tc_wait_ready(i2c, SHA256_ADDR_PREFIX)
+
+def sha256_wait_valid(i2c):
+ tc_wait_valid(i2c, SHA256_ADDR_PREFIX)
+
+# TC4: Read name and version from SHA-256 core.
+def TC4(i2c):
+ print "TC4: Reading name, type and version words from SHA-256 core."
+
+ sha256_read(i2c, ADDR_NAME0, 0x73686132) # "sha2"
+ sha256_read(i2c, ADDR_NAME1, 0x2d323536) # "-256"
+ sha256_read(i2c, ADDR_VERSION, 0x302e3830) # "0.80"
+
+# TC5: SHA-256 Single block message test as specified by NIST.
+def TC5(i2c):
+ block = NIST_512_SINGLE
+ expected = SHA256_SINGLE_DIGEST
+
+ print "TC5: Single block message test for SHA-256."
+
+ # Write block to SHA-256.
+ for i in range(len(block)):
+ sha256_write(i2c, SHA256_ADDR_BLOCK + i, block[i])
+
+ # Start initial block hashing, wait and check status.
+ sha256_init(i2c)
+ sha256_wait_valid(i2c)
+
+ # Extract the digest.
+ for i in range(len(expected)):
+ sha256_read(i2c, SHA256_ADDR_DIGEST + i, expected[i])
+
+# TC6: SHA-256 Double block message test as specified by NIST.
+def TC6(i2c):
+ block = [ NIST_512_DOUBLE0, NIST_512_DOUBLE1 ]
+ block0_expected = [ 0x85E655D6, 0x417A1795, 0x3363376A, 0x624CDE5C,
+ 0x76E09589, 0xCAC5F811, 0xCC4B32C1, 0xF20E533A ]
+ expected = SHA256_DOUBLE_DIGEST
+
+ print "TC6: Double block message test for SHA-256."
+
+ # Write first block to SHA-256.
+ for i in range(len(block[0])):
+ sha256_write(i2c, SHA256_ADDR_BLOCK + i, block[0][i])
+
+ # Start initial block hashing, wait and check status.
+ sha256_init(i2c)
+ sha256_wait_valid(i2c)
+
+ # Extract the first digest.
+ for i in range(len(block0_expected)):
+ sha256_read(i2c, SHA256_ADDR_DIGEST + i, block0_expected[i])
+
+ # Write second block to SHA-256.
+ for i in range(len(block[1])):
+ sha256_write(i2c, SHA256_ADDR_BLOCK + i, block[1][i])
+
+ # Start next block hashing, wait and check status.
+ sha256_next(i2c)
+ sha256_wait_valid(i2c)
+
+ # Extract the second digest.
+ for i in range(len(expected)):
+ sha256_read(i2c, SHA256_ADDR_DIGEST + i, expected[i])
+
+# TC7: SHA-256 Huge message test.
+def TC7(i2c):
+ block = [ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f,
+ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f,
+ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f,
+ 0xaa55aa55, 0xdeadbeef, 0x55aa55aa, 0xf00ff00f ]
+ expected = [ 0x7638f3bc, 0x500dd1a6, 0x586dd4d0, 0x1a1551af,
+ 0xd821d235, 0x2f919e28, 0xd5842fab, 0x03a40f2a ]
+ n = 1000
+
+ print "TC7: Message with %d blocks test for SHA-256." % n
+
+ # Write first block to SHA-256.
+ for i in range(len(block)):
+ sha256_write(i2c, SHA256_ADDR_BLOCK + i, block[i])
+
+ # Start initial block hashing, wait and check status.
+ sha256_init(i2c)
+ sha256_wait_ready(i2c)
+
+ # First block done. Do the rest.
+ for i in range(n - 1):
+ # Start next block hashing, wait and check status.
+ sha256_next(i2c)
+ sha256_wait_ready(i2c)
+
+ # XXX valid is probably set at the same time as ready
+ sha256_wait_valid(i2c)
+
+ # Extract the final digest.
+ for i in range(len(expected)):
+ sha256_read(i2c, SHA256_ADDR_DIGEST + i, expected[i])
+
+#----------------------------------------------------------------
+# SHA-512 test cases
+#----------------------------------------------------------------
+SHA512_ADDR_PREFIX = 0x30
+SHA512_ADDR_BLOCK = 0x10
+SHA512_ADDR_DIGEST = 0x40
+SHA512_CTRL_MODE_LOW = 2
+SHA512_CTRL_MODE_HIGH = 3
+MODE_SHA_512_224 = 0
+MODE_SHA_512_256 = 1
+MODE_SHA_384 = 2
+MODE_SHA_512 = 3
+
+def sha512_read(i2c, addr, data):
+ tc_read(i2c, SHA512_ADDR_PREFIX, addr, data)
+
+def sha512_write(i2c, addr, data):
+ tc_write(i2c, SHA512_ADDR_PREFIX, addr, data)
+
+def sha512_init(i2c, mode):
+ tc_write(i2c, SHA512_ADDR_PREFIX, ADDR_CTRL,
+ CTRL_INIT_CMD + (mode << SHA512_CTRL_MODE_LOW))
+
+def sha512_next(i2c, mode):
+ tc_write(i2c, SHA512_ADDR_PREFIX, ADDR_CTRL,
+ CTRL_NEXT_CMD + (mode << SHA512_CTRL_MODE_LOW))
+
+def sha512_wait_ready(i2c):
+ tc_wait_ready(i2c, SHA512_ADDR_PREFIX)
+
+def sha512_wait_valid(i2c):
+ tc_wait_valid(i2c, SHA512_ADDR_PREFIX)
+
+# TC8: Read name and version from SHA-512 core.
+def TC8(i2c):
+ print "TC8: Reading name, type and version words from SHA-512 core."
+
+ sha512_read(i2c, ADDR_NAME0, 0x73686132) # "sha2"
+ sha512_read(i2c, ADDR_NAME1, 0x2d353132) # "-512"
+ sha512_read(i2c, ADDR_VERSION, 0x302e3830) # "0.80"
+
+# TC9: SHA-512 Single block message test as specified by NIST.
+# We do this for all modes.
+def TC9(i2c):
+ def tc9(i2c, mode, expected):
+ block = NIST_1024_SINGLE
+
+ # Write block to SHA-512.
+ for i in range(len(block)):
+ sha512_write(i2c, SHA512_ADDR_BLOCK + i, block[i])
+
+ # Start initial block hashing, wait and check status.
+ sha512_init(i2c, mode)
+ sha512_wait_valid(i2c)
+
+ # Extract the digest.
+ for i in range(len(expected)):
+ sha512_read(i2c, SHA512_ADDR_DIGEST + i, expected[i])
+
+ print "TC9-1: Single block message test for SHA-512/224."
+ tc9(i2c, MODE_SHA_512_224, SHA512_224_SINGLE_DIGEST)
+
+ print "TC9-2: Single block message test for SHA-512/256."
+ tc9(i2c, MODE_SHA_512_256, SHA512_256_SINGLE_DIGEST)
+
+ print "TC9-3: Single block message test for SHA-384."
+ tc9(i2c, MODE_SHA_384, SHA384_SINGLE_DIGEST)
+
+ print "TC9-4: Single block message test for SHA-512."
+ tc9(i2c, MODE_SHA_512, SHA512_SINGLE_DIGEST)
+
+# TC10: SHA-512 Single block message test as specified by NIST.
+# We do this for all modes.
+def TC10(i2c):
+ def tc10(i2c, mode, expected):
+ block = [ NIST_1024_DOUBLE0, NIST_1024_DOUBLE1 ]
+
+ # Write first block to SHA-512.
+ for i in range(len(block[0])):
+ sha512_write(i2c, SHA512_ADDR_BLOCK + i, block[0][i])
+
+ # Start initial block hashing, wait and check status.
+ sha512_init(i2c, mode)
+ sha512_wait_ready(i2c)
+
+ # Write second block to SHA-512.
+ for i in range(len(block[1])):
+ sha512_write(i2c, SHA512_ADDR_BLOCK + i, block[1][i])
+
+ # Start next block hashing, wait and check status.
+ sha512_next(i2c, mode)
+ sha512_wait_valid(i2c)
+
+ # Extract the digest.
+ for i in range(len(expected)):
+ sha512_read(i2c, SHA512_ADDR_DIGEST + i, expected[i])
+
+ print "TC10-1: Double block message test for SHA-512/224."
+ tc10(i2c, MODE_SHA_512_224, SHA512_224_DOUBLE_DIGEST)
+
+ print "TC10-2: Double block message test for SHA-512/256."
+ tc10(i2c, MODE_SHA_512_256, SHA512_256_DOUBLE_DIGEST)
+
+ print "TC10-3: Double block message test for SHA-384."
+ tc10(i2c, MODE_SHA_384, SHA384_DOUBLE_DIGEST)
+
+ print "TC10-4: Double block message test for SHA-512."
+ tc10(i2c, MODE_SHA_512, SHA512_DOUBLE_DIGEST)
+
+
+#----------------------------------------------------------------
+# main
+#----------------------------------------------------------------
+if __name__ == '__main__':
+ import argparse
+
+ all_tests = [ TC1, TC2, TC3, TC4, TC5, TC6, TC7, TC8, TC9, TC10 ]
+ sha1_tests = all_tests[0:3]
+ sha256_tests = all_tests[3:7]
+ sha512_tests = all_tests[7:]
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument('-d', '--debug', action='store_true',
+ help='add debugging/trace information')
+ parser.add_argument('-i', dest='dev', default=I2C_dev,
+ help='I2C device name (default ' + I2C_dev + ')')
+ parser.add_argument('-a', dest='addr', type=lambda x:int(x,0), default=I2C_addr,
+ help='I2C device address (default ' + hex(I2C_addr) + ')')
+ parser.add_argument('test_cases', metavar='TC', nargs='*',
+ help='test case number, "sha1", "sha256", "sha512", or "all"')
+ args = parser.parse_args()
+ DEBUG = args.debug
+ i = I2C(args.dev, args.addr)
+
+ if (not args.test_cases):
+ for TC in all_tests:
+ TC(i)
+ else:
+ for t in args.test_cases:
+ if (t == 'sha1'):
+ for TC in sha1_tests:
+ TC(i)
+ elif (t == 'sha256'):
+ for TC in sha256_tests:
+ TC(i)
+ elif (t == 'sha512'):
+ for TC in sha512_tests:
+ TC(i)
+ elif (t == 'all'):
+ for TC in all_tests:
+ TC(i)
+ else:
+ try:
+ n = int(t)
+ except:
+ print 'invalid test case %s' % t
+ else:
+ if ((n < 1) or (n > len(all_tests))):
+ print 'invalid test case %d' % n
+ else:
+ all_tests[n-1](i)
+
+#=======================================================================
+# EOF hash_tester.py
+#=======================================================================