aboutsummaryrefslogblamecommitdiff
path: root/cryptech.h
blob: dba9f317f83f6ad7c386ff084547cc99f80d11f2 (plain) (tree)
1
2
3
4
5
6
  

             
                                                            
  
                                                           



























                                                                           
 




























                                                                                

 




                                                  

 







                                                  

 














                                           




                                       















                                                                          












                                      
















                                                                         



                                                







                                                                         



                                                







                                                                         





                                                 



                                        
 
                                     












                                      


































































                                                                          
















                                        



































                                                                          




                                      



























































                                                                          




                                      












                                                                          
 

                                                         
 


                                                         
 

                                                         
 

                                                         
 

                                                         
 

                                                         





                                      
  

                                                                     

   
                        











                                                                                                         
                                                                                                         
                                                                                                         

                                                                                                         





                                                                                
                                                

                                                         




                    


                      

                                                           



                        








                                                                                      




                           



                                    

                                                                     









                                                          














                                                                   

                                            










                                                 

                                                                     

   











                                                          



                                                                                         

                                                                                      

                                                                
                                                                              

                                                                  
                                                                           

                                                                                      


                                                                                           

                                                                
                                                                              

                                                                  
                                                                         
 


                          

                                                                               

                                                                                           
 
                                                                                 

                                                                                               
 
                                                                               
 










                                                                                              











                                                                                             
  
       

   


                                                                    
 

                                       
                                               
 
                                                  
 










                                                                                   
 









                                                                                     

                                                 






                                                                                        
 


                                                                         
                                                                                                            
 


                                                                                           

                                                        



                                                                                         
                         





                        
/*
 * cryptech.h
 * ----------
 * Memory map, access functions, and HAL for Cryptech cores.
 *
 * Authors: Joachim Strombergson, Paul Selkirk, Rob Austein
 * Copyright (c) 2015, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * Each Cryptech core has a set of 4-byte registers, which are accessed
 * through a 16-bit address. The address space is divided as follows:
 *   3 bits segment selector       | up to 8 segments
 *   5 bits core selector          | up to 32 cores/segment (see note below)
 *   8 bits register selector      | up to 256 registers/core (see modexp below)
 * 
 * i.e, the address is structured as:
 * sss ccccc rrrrrrrr
 * 
 * The I2C and UART communication channels use this 16-bit address format
 * directly in their read and write commands.
 * 
 * The EIM communications channel translates this 16-bit address into a
 * 32-bit memory-mapped address in the range 0x08000000..807FFFF:
 * 00001000000000 sss 0 ccccc rrrrrrrr 00
 * 
 * EIM, as implemented on the Novena, uses a 19-bit address space:
 *   Bits 18..16 are the semgent selector.
 *   Bits 15..10 are the core selector.
 *   Bits 9..2 are the register selector.
 *   Bits 1..0 are zero, because reads and writes are always word aligned.
 * 
 * Note that EIM can support 64 cores per segment, but we sacrifice one bit
 * in order to map it into a 16-bit address space.
 */

#ifndef _CRYPTECH_H_
#define _CRYPTECH_H_


/*
 * Default sizes.
 */
#define CORE_SIZE               (0x100)
#define SEGMENT_SIZE            (0x20 * CORE_SIZE)


/*
 * Segments.
 */
#define SEGMENT_OFFSET_GLOBALS  (0 * SEGMENT_SIZE)
#define SEGMENT_OFFSET_HASHES   (1 * SEGMENT_SIZE)
#define SEGMENT_OFFSET_RNGS     (2 * SEGMENT_SIZE)
#define SEGMENT_OFFSET_CIPHERS  (3 * SEGMENT_SIZE)
#define SEGMENT_OFFSET_MATH     (4 * SEGMENT_SIZE)


/*
 * Addresses and codes common to all cores.
 */
#define ADDR_NAME0              (0x00)
#define ADDR_NAME1              (0x01)
#define ADDR_VERSION            (0x02)
#define ADDR_CTRL               (0x08)
#define CTRL_INIT               (1)
#define CTRL_NEXT               (2)
#define ADDR_STATUS             (0x09)
#define STATUS_READY            (1)
#define STATUS_VALID            (2)


/* A handy macro from cryptlib */
#ifndef bitsToBytes
#define bitsToBytes(x)          (x / 8)
#endif


/*
 * Board segment.
 * Board-level registers and communication channel registers.
 */
#define BOARD_ADDR_BASE         (SEGMENT_OFFSET_GLOBALS + (0 * CORE_SIZE))
#define BOARD_ADDR_NAME0        (BOARD_ADDR_BASE + ADDR_NAME0)
#define BOARD_ADDR_NAME1        (BOARD_ADDR_BASE + ADDR_NAME1)
#define BOARD_ADDR_VERSION      (BOARD_ADDR_BASE + ADDR_VERSION)
#define BOARD_ADDR_DUMMY        (BOARD_ADDR_BASE + 0xFF)

#define COMM_ADDR_BASE          (SEGMENT_OFFSET_GLOBALS + (1 * CORE_SIZE))
#define COMM_ADDR_NAME0         (COMM_ADDR_BASE + ADDR_NAME0)
#define COMM_ADDR_NAME1         (COMM_ADDR_BASE + ADDR_NAME1)
#define COMM_ADDR_VERSION       (COMM_ADDR_BASE + ADDR_VERSION)

/* Current name and version values */
#define NOVENA_BOARD_NAME0      "PVT1"
#define NOVENA_BOARD_NAME1      "    "
#define NOVENA_BOARD_VERSION    "0.10"

#define EIM_INTERFACE_NAME0     "eim "
#define EIM_INTERFACE_NAME1     "    "
#define EIM_INTERFACE_VERSION   "0.10"

#define I2C_INTERFACE_NAME0     "i2c "
#define I2C_INTERFACE_NAME1     "    "
#define I2C_INTERFACE_VERSION   "0.10"


/*
 * Hashes segment.
 */

/* Addresses common to all hash cores */
#define ADDR_BLOCK              (0x10)
#define ADDR_DIGEST             (0x20)      /* except SHA512 */

/* Addresses and codes for the specific hash cores */
#define SHA1_ADDR_BASE          (SEGMENT_OFFSET_HASHES + (0 * CORE_SIZE))
#define SHA1_ADDR_NAME0         (SHA1_ADDR_BASE + ADDR_NAME0)
#define SHA1_ADDR_NAME1         (SHA1_ADDR_BASE + ADDR_NAME1)
#define SHA1_ADDR_VERSION       (SHA1_ADDR_BASE + ADDR_VERSION)
#define SHA1_ADDR_CTRL          (SHA1_ADDR_BASE + ADDR_CTRL)
#define SHA1_ADDR_STATUS        (SHA1_ADDR_BASE + ADDR_STATUS)
#define SHA1_ADDR_BLOCK         (SHA1_ADDR_BASE + ADDR_BLOCK)
#define SHA1_ADDR_DIGEST        (SHA1_ADDR_BASE + ADDR_DIGEST)
#define SHA1_BLOCK_LEN          bitsToBytes(512)
#define SHA1_LENGTH_LEN         bitsToBytes(64)
#define SHA1_DIGEST_LEN         bitsToBytes(160)

#define SHA256_ADDR_BASE        (SEGMENT_OFFSET_HASHES + (1 * CORE_SIZE))
#define SHA256_ADDR_NAME0       (SHA256_ADDR_BASE + ADDR_NAME0)
#define SHA256_ADDR_NAME1       (SHA256_ADDR_BASE + ADDR_NAME1)
#define SHA256_ADDR_VERSION     (SHA256_ADDR_BASE + ADDR_VERSION)
#define SHA256_ADDR_CTRL        (SHA256_ADDR_BASE + ADDR_CTRL)
#define SHA256_ADDR_STATUS      (SHA256_ADDR_BASE + ADDR_STATUS)
#define SHA256_ADDR_BLOCK       (SHA256_ADDR_BASE + ADDR_BLOCK)
#define SHA256_ADDR_DIGEST      (SHA256_ADDR_BASE + ADDR_DIGEST)
#define SHA256_BLOCK_LEN        bitsToBytes(512)
#define SHA256_LENGTH_LEN       bitsToBytes(64)
#define SHA256_DIGEST_LEN       bitsToBytes(256)

#define SHA512_ADDR_BASE        (SEGMENT_OFFSET_HASHES + (2 * CORE_SIZE))
#define SHA512_ADDR_NAME0       (SHA512_ADDR_BASE + ADDR_NAME0)
#define SHA512_ADDR_NAME1       (SHA512_ADDR_BASE + ADDR_NAME1)
#define SHA512_ADDR_VERSION     (SHA512_ADDR_BASE + ADDR_VERSION)
#define SHA512_ADDR_CTRL        (SHA512_ADDR_BASE + ADDR_CTRL)
#define SHA512_ADDR_STATUS      (SHA512_ADDR_BASE + ADDR_STATUS)
#define SHA512_ADDR_BLOCK       (SHA512_ADDR_BASE + ADDR_BLOCK)
#define SHA512_ADDR_DIGEST      (SHA512_ADDR_BASE + 0x40)
#define SHA512_BLOCK_LEN        bitsToBytes(1024)
#define SHA512_LENGTH_LEN       bitsToBytes(128)
#define SHA512_224_DIGEST_LEN   bitsToBytes(224)
#define SHA512_256_DIGEST_LEN   bitsToBytes(256)
#define SHA384_DIGEST_LEN       bitsToBytes(384)
#define SHA512_DIGEST_LEN       bitsToBytes(512)
#define MODE_SHA_512_224        (0 << 2)
#define MODE_SHA_512_256        (1 << 2)
#define MODE_SHA_384            (2 << 2)
#define MODE_SHA_512            (3 << 2)

/* Current name and version values */
#define SHA1_NAME0              "sha1"
#define SHA1_NAME1              "    "
#define SHA1_VERSION            "0.50"

#define SHA256_NAME0            "sha2"
#define SHA256_NAME1            "-256"
#define SHA256_VERSION          "0.80"

#define SHA512_NAME0            "sha2"
#define SHA512_NAME1            "-512"
#define SHA512_VERSION          "0.80"


/*
 * TRNG segment.
 */

/* addresses and codes for the TRNG cores */
#define TRNG_ADDR_BASE          (SEGMENT_OFFSET_RNGS + (0x00 * CORE_SIZE))
#define TRNG_ADDR_NAME0         (TRNG_ADDR_BASE + ADDR_NAME0)
#define TRNG_ADDR_NAME1         (TRNG_ADDR_BASE + ADDR_NAME1)
#define TRNG_ADDR_VERSION       (TRNG_ADDR_BASE + ADDR_VERSION)
#define TRNG_ADDR_CTRL          (TRNG_ADDR_BASE + 0x10)
#define TRNG_CTRL_DISCARD       (1)
#define TRNG_CTRL_TEST_MODE     (2)
#define TRNG_ADDR_STATUS        (TRNG_ADDR_BASE + 0x11)
/* No status bits defined (yet) */
#define TRNG_ADDR_DELAY         (TRNG_ADDR_BASE + 0x13)

#define ENTROPY1_ADDR_BASE      (SEGMENT_OFFSET_RNGS + (0x05 * CORE_SIZE))
#define ENTROPY1_ADDR_NAME0     (ENTROPY1_ADDR_BASE + ADDR_NAME0)
#define ENTROPY1_ADDR_NAME1     (ENTROPY1_ADDR_BASE + ADDR_NAME1)
#define ENTROPY1_ADDR_VERSION   (ENTROPY1_ADDR_BASE + ADDR_VERSION)
#define ENTROPY1_ADDR_CTRL      (ENTROPY1_ADDR_BASE + 0x10)
#define ENTROPY1_CTRL_ENABLE    (1)
#define ENTROPY1_ADDR_STATUS    (ENTROPY1_ADDR_BASE + 0x11)
#define ENTROPY1_STATUS_VALID   (1)
#define ENTROPY1_ADDR_ENTROPY   (ENTROPY1_ADDR_BASE + 0x20)
#define ENTROPY1_ADDR_DELTA     (ENTROPY1_ADDR_BASE + 0x30)

#define ENTROPY2_ADDR_BASE      (SEGMENT_OFFSET_RNGS + (0x06 * CORE_SIZE))
#define ENTROPY2_ADDR_NAME0     (ENTROPY2_ADDR_BASE + ADDR_NAME0)
#define ENTROPY2_ADDR_NAME1     (ENTROPY2_ADDR_BASE + ADDR_NAME1)
#define ENTROPY2_ADDR_VERSION   (ENTROPY2_ADDR_BASE + ADDR_VERSION)
#define ENTROPY2_ADDR_CTRL      (ENTROPY2_ADDR_BASE + 0x10)
#define ENTROPY2_CTRL_ENABLE    (1)
#define ENTROPY2_ADDR_STATUS    (ENTROPY2_ADDR_BASE + 0x11)
#define ENTROPY2_STATUS_VALID   (1)
#define ENTROPY2_ADDR_OPA       (ENTROPY2_ADDR_BASE + 0x18)
#define ENTROPY2_ADDR_OPB       (ENTROPY2_ADDR_BASE + 0x19)
#define ENTROPY2_ADDR_ENTROPY   (ENTROPY2_ADDR_BASE + 0x20)
#define ENTROPY2_ADDR_RAW       (ENTROPY2_ADDR_BASE + 0x21)
#define ENTROPY2_ADDR_ROSC      (ENTROPY2_ADDR_BASE + 0x22)

#define MIXER_ADDR_BASE         (SEGMENT_OFFSET_RNGS + (0x0a * CORE_SIZE))
#define MIXER_ADDR_NAME0        (MIXER_ADDR_BASE + ADDR_NAME0)
#define MIXER_ADDR_NAME1        (MIXER_ADDR_BASE + ADDR_NAME1)
#define MIXER_ADDR_VERSION      (MIXER_ADDR_BASE + ADDR_VERSION)
#define MIXER_ADDR_CTRL         (MIXER_ADDR_BASE + 0x10)
#define MIXER_CTRL_ENABLE       (1)
#define MIXER_CTRL_RESTART      (2)
#define MIXER_ADDR_STATUS       (MIXER_ADDR_BASE + 0x11)
/* No status bits defined (yet) */
#define MIXER_ADDR_TIMEOUT      (MIXER_ADDR_BASE + 0x20)

#define CSPRNG_ADDR_BASE        (SEGMENT_OFFSET_RNGS + (0x0b * CORE_SIZE))
#define CSPRNG_ADDR_NAME0       (CSPRNG_ADDR_BASE + ADDR_NAME0)
#define CSPRNG_ADDR_NAME1       (CSPRNG_ADDR_BASE + ADDR_NAME1)
#define CSPRNG_ADDR_VERSION     (CSPRNG_ADDR_BASE + ADDR_VERSION)
#define CSPRNG_ADDR_CTRL        (CSPRNG_ADDR_BASE + 0x10)
#define CSPRNG_CTRL_ENABLE      (1)
#define CSPRNG_CTRL_SEED        (2)
#define CSPRNG_ADDR_STATUS      (CSPRNG_ADDR_BASE + 0x11)
#define CSPRNG_STATUS_VALID     (1)
#define CSPRNG_ADDR_RANDOM      (CSPRNG_ADDR_BASE + 0x20)
#define CSPRNG_ADDR_NROUNDS     (CSPRNG_ADDR_BASE + 0x40)
#define CSPRNG_ADDR_NBLOCKS_LO  (CSPRNG_ADDR_BASE + 0x41)
#define CSPRNG_ADDR_NBLOCKS_HI  (CSPRNG_ADDR_BASE + 0x42)

/* Current name and version values */
#define TRNG_NAME0              "trng"
#define TRNG_NAME1              "    "
#define TRNG_VERSION            "0.50"

#define AVALANCHE_ENTROPY_NAME0   "extn"
#define AVALANCHE_ENTROPY_NAME1   "oise"
#define AVALANCHE_ENTROPY_VERSION "0.10"

#define ROSC_ENTROPY_NAME0      "rosc"
#define ROSC_ENTROPY_NAME1      " ent"
#define ROSC_ENTROPY_VERSION    "0.10"

#define CSPRNG_NAME0            "cspr"
#define CSPRNG_NAME1            "ng  "
#define CSPRNG_VERSION          "0.50"


/*
 * CIPHERS segment.
 */

/* AES core */
#define AES_ADDR_BASE           (SEGMENT_OFFSET_CIPHERS + (0 * CORE_SIZE))
#define AES_ADDR_NAME0          (AES_ADDR_BASE + ADDR_NAME0)
#define AES_ADDR_NAME1          (AES_ADDR_BASE + ADDR_NAME1)
#define AES_ADDR_VERSION        (AES_ADDR_BASE + ADDR_VERSION)
#define AES_ADDR_CTRL           (AES_ADDR_BASE + ADDR_CTRL)
#define AES_ADDR_STATUS         (AES_ADDR_BASE + ADDR_STATUS)

#define AES_ADDR_CONFIG         (AES_ADDR_BASE + 0x0a)
#define AES_CONFIG_ENCDEC       (1)
#define AES_CONFIG_KEYLEN       (2)

#define AES_ADDR_KEY0           (AES_ADDR_BASE + 0x10)
#define AES_ADDR_KEY1           (AES_ADDR_BASE + 0x11)
#define AES_ADDR_KEY2           (AES_ADDR_BASE + 0x12)
#define AES_ADDR_KEY3           (AES_ADDR_BASE + 0x13)
#define AES_ADDR_KEY4           (AES_ADDR_BASE + 0x14)
#define AES_ADDR_KEY5           (AES_ADDR_BASE + 0x15)
#define AES_ADDR_KEY6           (AES_ADDR_BASE + 0x16)
#define AES_ADDR_KEY7           (AES_ADDR_BASE + 0x17)

#define AES_ADDR_BLOCK0         (AES_ADDR_BASE + 0x20)
#define AES_ADDR_BLOCK1         (AES_ADDR_BASE + 0x21)
#define AES_ADDR_BLOCK2         (AES_ADDR_BASE + 0x22)
#define AES_ADDR_BLOCK3         (AES_ADDR_BASE + 0x23)

#define AES_ADDR_RESULT0        (AES_ADDR_BASE + 0x30)
#define AES_ADDR_RESULT1        (AES_ADDR_BASE + 0x31)
#define AES_ADDR_RESULT2        (AES_ADDR_BASE + 0x32)
#define AES_ADDR_RESULT3        (AES_ADDR_BASE + 0x33)

/* Current name and version values */
#define AES_CORE_NAME0          "aes "
#define AES_CORE_NAME1          "    "
#define AES_CORE_VERSION        "0.80"


/* Chacha core */
#define CHACHA_ADDR_BASE        (SEGMENT_OFFSET_CIPHERS + (1 * CORE_SIZE))
#define CHACHA_ADDR_NAME0       (CHACHA_ADDR_BASE + ADDR_NAME0)
#define CHACHA_ADDR_NAME1       (CHACHA_ADDR_BASE + ADDR_NAME1)
#define CHACHA_ADDR_VERSION     (CHACHA_ADDR_BASE + ADDR_VERSION)
#define CHACHA_ADDR_CTRL        (CHACHA_ADDR_BASE + ADDR_CTRL)
#define CHACHA_ADDR_STATUS      (CHACHA_ADDR_BASE + ADDR_STATUS)

#define CHACHA_ADDR_KEYLEN      (CHACHA_ADDR_BASE + 0x0a)
#define CHACHA_KEYLEN           (1)

#define CHACHA_ADDR_ROUNDS      (CHACHA_ADDR_BASE + 0x0b)

#define CHACHA_ADDR_KEY0        (CHACHA_ADDR_BASE + 0x10)
#define CHACHA_ADDR_KEY1        (CHACHA_ADDR_BASE + 0x11)
#define CHACHA_ADDR_KEY2        (CHACHA_ADDR_BASE + 0x12)
#define CHACHA_ADDR_KEY3        (CHACHA_ADDR_BASE + 0x13)
#define CHACHA_ADDR_KEY4        (CHACHA_ADDR_BASE + 0x14)
#define CHACHA_ADDR_KEY5        (CHACHA_ADDR_BASE + 0x15)
#define CHACHA_ADDR_KEY6        (CHACHA_ADDR_BASE + 0x16)
#define CHACHA_ADDR_KEY7        (CHACHA_ADDR_BASE + 0x17)

#define CHACHA_ADDR_IV0         (CHACHA_ADDR_BASE + 0x20)
#define CHACHA_ADDR_IV1         (CHACHA_ADDR_BASE + 0x21)

#define CHACHA_ADDR_DATA_IN0    (CHACHA_ADDR_BASE + 0x40)
#define CHACHA_ADDR_DATA_IN1    (CHACHA_ADDR_BASE + 0x41)
#define CHACHA_ADDR_DATA_IN2    (CHACHA_ADDR_BASE + 0x42)
#define CHACHA_ADDR_DATA_IN3    (CHACHA_ADDR_BASE + 0x43)
#define CHACHA_ADDR_DATA_IN4    (CHACHA_ADDR_BASE + 0x44)
#define CHACHA_ADDR_DATA_IN5    (CHACHA_ADDR_BASE + 0x45)
#define CHACHA_ADDR_DATA_IN6    (CHACHA_ADDR_BASE + 0x46)
#define CHACHA_ADDR_DATA_IN7    (CHACHA_ADDR_BASE + 0x47)
#define CHACHA_ADDR_DATA_IN8    (CHACHA_ADDR_BASE + 0x48)
#define CHACHA_ADDR_DATA_IN9    (CHACHA_ADDR_BASE + 0x49)
#define CHACHA_ADDR_DATA_IN10   (CHACHA_ADDR_BASE + 0x4a)
#define CHACHA_ADDR_DATA_IN11   (CHACHA_ADDR_BASE + 0x4b)
#define CHACHA_ADDR_DATA_IN12   (CHACHA_ADDR_BASE + 0x4c)
#define CHACHA_ADDR_DATA_IN13   (CHACHA_ADDR_BASE + 0x4d)
#define CHACHA_ADDR_DATA_IN14   (CHACHA_ADDR_BASE + 0x4e)
#define CHACHA_ADDR_DATA_IN15   (CHACHA_ADDR_BASE + 0x4f)

#define CHACHA_ADDR_DATA_OUT0   (CHACHA_ADDR_BASE + 0x80)
#define CHACHA_ADDR_DATA_OUT1   (CHACHA_ADDR_BASE + 0x81)
#define CHACHA_ADDR_DATA_OUT2   (CHACHA_ADDR_BASE + 0x82)
#define CHACHA_ADDR_DATA_OUT3   (CHACHA_ADDR_BASE + 0x83)
#define CHACHA_ADDR_DATA_OUT4   (CHACHA_ADDR_BASE + 0x84)
#define CHACHA_ADDR_DATA_OUT5   (CHACHA_ADDR_BASE + 0x85)
#define CHACHA_ADDR_DATA_OUT6   (CHACHA_ADDR_BASE + 0x86)
#define CHACHA_ADDR_DATA_OUT7   (CHACHA_ADDR_BASE + 0x87)
#define CHACHA_ADDR_DATA_OUT8   (CHACHA_ADDR_BASE + 0x88)
#define CHACHA_ADDR_DATA_OUT9   (CHACHA_ADDR_BASE + 0x89)
#define CHACHA_ADDR_DATA_OUT10  (CHACHA_ADDR_BASE + 0x8a)
#define CHACHA_ADDR_DATA_OUT11  (CHACHA_ADDR_BASE + 0x8b)
#define CHACHA_ADDR_DATA_OUT12  (CHACHA_ADDR_BASE + 0x8c)
#define CHACHA_ADDR_DATA_OUT13  (CHACHA_ADDR_BASE + 0x8d)
#define CHACHA_ADDR_DATA_OUT14  (CHACHA_ADDR_BASE + 0x8e)
#define CHACHA_ADDR_DATA_OUT15  (CHACHA_ADDR_BASE + 0x8f)

/* Current name and version values */
#define CHACHA_NAME0            "chac"
#define CHACHA_NAME1            "ha  "
#define CHACHA_VERSION          "0.80"


/*
 * MATH segment.
 */

/* Modexp core */
#define MODEXP_ADDR_BASE        (SEGMENT_OFFSET_MATH + (0x00 * CORE_SIZE))
#define MODEXP_ADDR_NAME0       (MODEXP_ADDR_BASE + ADDR_NAME0)
#define MODEXP_ADDR_NAME1       (MODEXP_ADDR_BASE + ADDR_NAME1)
#define MODEXP_ADDR_VERSION     (MODEXP_ADDR_BASE + ADDR_VERSION)
#define MODEXP_ADDR_CTRL        (MODEXP_ADDR_BASE + ADDR_CTRL)
#define MODEXP_CTRL_INIT_BIT    (1)
#define MODEXP_CTRL_NEXT_BIT    (2)
#define MODEXP_ADDR_STATUS      (MODEXP_ADDR_BASE + ADDR_STATUS)

#define MODEXP_ADDR_DELAY       (MODEXP_ADDR_BASE + 0x13)
#define MODEXP_STATUS_READY     (1)

#define MODEXP_MODULUS_LENGTH   (MODEXP_ADDR_BASE + 0x20)
#define MODEXP_EXPONENT_LENGTH  (MODEXP_ADDR_BASE + 0x21)
#define MODEXP_LENGTH           (MODEXP_ADDR_BASE + 0x22)

#define MODEXP_MODULUS_PTR_RST  (MODEXP_ADDR_BASE + 0x30)
#define MODEXP_MODULUS_DATA     (MODEXP_ADDR_BASE + 0x31)

#define MODEXP_EXPONENT_PTR_RST (MODEXP_ADDR_BASE + 0x40)
#define MODEXP_EXPONENT_DATA    (MODEXP_ADDR_BASE + 0x41)

#define MODEXP_MESSAGE_PTR_RST  (MODEXP_ADDR_BASE + 0x50)
#define MODEXP_MESSAGE_DATA     (MODEXP_ADDR_BASE + 0x51)

#define MODEXP_RESULT_PTR_RST   (MODEXP_ADDR_BASE + 0x60)
#define MODEXP_RESULT_DATA      (MODEXP_ADDR_BASE + 0x61)

#define MODEXP_NAME0            "mode"
#define MODEXP_NAME1            "xp  "
#define MODEXP_VERSION          "0.51"


/*
 * C API error codes.  Defined in this form so we can keep the tokens
 * and error strings together.  See errorstrings.c.
 */

#define HAL_ERROR_LIST \
  DEFINE_HAL_ERROR(HAL_OK,                              "No error")                                     \
  DEFINE_HAL_ERROR(HAL_ERROR_BAD_ARGUMENTS,             "Bad arguments given")                          \
  DEFINE_HAL_ERROR(HAL_ERROR_UNSUPPORTED_KEY,           "Unsupported key type or key length")           \
  DEFINE_HAL_ERROR(HAL_ERROR_IO_SETUP_FAILED,           "Could not set up I/O with FPGA")               \
  DEFINE_HAL_ERROR(HAL_ERROR_IO_TIMEOUT,                "I/O with FPGA timed out")                      \
  DEFINE_HAL_ERROR(HAL_ERROR_IO_UNEXPECTED,             "Unexpected response from FPGA")                \
  DEFINE_HAL_ERROR(HAL_ERROR_IO_OS_ERROR,               "Operating system error talking to FPGA")       \
  DEFINE_HAL_ERROR(HAL_ERROR_IO_BAD_COUNT,              "Bad byte count")                               \
  DEFINE_HAL_ERROR(HAL_ERROR_CSPRNG_BROKEN,             "CSPRNG is returning nonsense")                 \
  DEFINE_HAL_ERROR(HAL_ERROR_KEYWRAP_BAD_MAGIC,         "Bad magic number while unwrapping key")        \
  DEFINE_HAL_ERROR(HAL_ERROR_KEYWRAP_BAD_LENGTH,        "Length out of range while unwrapping key")     \
  DEFINE_HAL_ERROR(HAL_ERROR_KEYWRAP_BAD_PADDING,       "Non-zero padding detected unwrapping key")     \
  DEFINE_HAL_ERROR(HAL_ERROR_IMPOSSIBLE,                "\"Impossible\" error")                         \
  DEFINE_HAL_ERROR(HAL_ERROR_ALLOCATION_FAILURE,        "Memory allocation failed")                     \
  DEFINE_HAL_ERROR(HAL_ERROR_RESULT_TOO_LONG,           "Result too long for buffer")                   \
  DEFINE_HAL_ERROR(HAL_ERROR_ASN1_PARSE_FAILED,         "ASN.1 parse failed")                           \
  END_OF_HAL_ERROR_LIST

/* Marker to forestall silly line continuation errors */
#define END_OF_HAL_ERROR_LIST

/* Define the error code enum here.  See errorstrings.c for the text strings. */
#define DEFINE_HAL_ERROR(_code_,_text_)  _code_,
typedef enum { HAL_ERROR_LIST N_HAL_ERRORS } hal_error_t;
#undef  DEFINE_HAL_ERROR

/*
 * Public functions.
 */

#include <stdint.h>
#include <sys/types.h>

extern const char *hal_error_string(const hal_error_t err);

/*
 * Public I/O functions.
 */

extern void hal_io_set_debug(int onoff);
extern hal_error_t hal_io_write(off_t offset, const uint8_t *buf, size_t len);
extern hal_error_t hal_io_read(off_t offset, uint8_t *buf, size_t len);
extern hal_error_t hal_io_expected(off_t offset, const uint8_t *expected, size_t len);
extern hal_error_t hal_io_init(off_t offset);
extern hal_error_t hal_io_next(off_t offset);
extern hal_error_t hal_io_wait(off_t offset, uint8_t status, int *count);
extern hal_error_t hal_io_wait_ready(off_t offset);
extern hal_error_t hal_io_wait_valid(off_t offset);

/*
 * Higher level public API.
 */

/*
 * Get random bytes from the CSPRNG.
 */

extern hal_error_t hal_get_random(void *buffer, const size_t length);

/*
 * Hash and HMAC API.
 */

/*
 * Longest hash block and digest we support at the moment.
 */

#define HAL_MAX_HASH_BLOCK_LENGTH       SHA512_BLOCK_LEN
#define HAL_MAX_HASH_DIGEST_LENGTH      SHA512_DIGEST_LEN

/*
 * Public information about a digest algorithm.
 *
 * The _state_length values in the descriptor and the typed opaque
 * pointers in the API are all intended to hide internal details of
 * the implementation while making memory allocation the caller's
 * problem.
 */

typedef struct {
  size_t block_length;
  size_t digest_length;
  size_t hash_state_length;
  size_t hmac_state_length;
  const uint8_t * const digest_algorithm_id;
  size_t digest_algorithm_id_length;
  const void *driver;
} hal_hash_descriptor_t;

/*
 * Typed opaque pointers to internal state.
 */

typedef struct { void *state; } hal_hash_state_t;
typedef struct { void *state; } hal_hmac_state_t;

/*
 * Supported digest algorithms.  These are one-element arrays so that
 * they can be used as constant pointers.
 */

extern const hal_hash_descriptor_t hal_hash_sha1[1];
extern const hal_hash_descriptor_t hal_hash_sha256[1];
extern const hal_hash_descriptor_t hal_hash_sha512_224[1];
extern const hal_hash_descriptor_t hal_hash_sha512_256[1];
extern const hal_hash_descriptor_t hal_hash_sha384[1];
extern const hal_hash_descriptor_t hal_hash_sha512[1];

/*
 * Hash and HMAC functions.
 */

extern void hal_hash_set_debug(int onoff);

extern hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor);

extern hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor,
                                       hal_hash_state_t *state,
                                       void *state_buffer, const size_t state_length);

extern hal_error_t hal_hash_update(const hal_hash_state_t state,
                                   const uint8_t * data, const size_t length);

extern hal_error_t hal_hash_finalize(const hal_hash_state_t state,
                                     uint8_t *digest, const size_t length);

extern hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor,
                                       hal_hmac_state_t *state,
                                       void *state_buffer, const size_t state_length,
                                       const uint8_t * const key, const size_t key_length);

extern hal_error_t hal_hmac_update(const hal_hmac_state_t state,
                                   const uint8_t * data, const size_t length);

extern hal_error_t hal_hmac_finalize(const hal_hmac_state_t state,
                                     uint8_t *hmac, const size_t length);

/*
 * AES key wrap functions.
 */

extern hal_error_t hal_aes_keywrap(const uint8_t *kek, const size_t kek_length,
                                   const uint8_t *plaintext, const size_t plaintext_length,
                                   uint8_t *cyphertext, size_t *ciphertext_length);

extern hal_error_t hal_aes_keyunwrap(const uint8_t *kek, const size_t kek_length,
                                     const uint8_t *ciphertext, const size_t ciphertext_length,
                                     unsigned char *plaintext, size_t *plaintext_length);

extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length);

/*
 * PBKDF2 function.  Uses HMAC with the specified digest algorithm as
 * the pseudo-random function (PRF).
 */

extern hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor,
			      const uint8_t * const password, const size_t password_length,
			      const uint8_t * const salt,     const size_t salt_length,
			      uint8_t       * derived_key,    const size_t derived_key_length,
			      unsigned iterations_desired);

/*
 * Modular exponentiation.
 */

extern void hal_modexp_set_debug(const int onoff);

extern hal_error_t hal_modexp(const uint8_t * const msg, const size_t msg_len, /* Message */
                              const uint8_t * const exp, const size_t exp_len, /* Exponent */
                              const uint8_t * const mod, const size_t mod_len, /* Modulus */
                              uint8_t * result, const size_t result_len);


/*
 * RSA.
 */

typedef enum { HAL_RSA_PRIVATE, HAL_RSA_PUBLIC } hal_rsa_key_type_t;

typedef struct { void *key; } hal_rsa_key_t;

extern const size_t hal_rsa_key_t_size;

extern void hal_rsa_set_debug(const int onoff);

extern void hal_rsa_set_blinding(const int onoff);

extern hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
                                    hal_rsa_key_t *key,
                                    void *keybuf, const size_t keybuf_len,
                                    const uint8_t * const n,  const size_t n_len,
                                    const uint8_t * const e,  const size_t e_len,
                                    const uint8_t * const d,  const size_t d_len,
                                    const uint8_t * const p,  const size_t p_len,
                                    const uint8_t * const q,  const size_t q_len,
                                    const uint8_t * const u,  const size_t u_len,
                                    const uint8_t * const dP, const size_t dP_len,
                                    const uint8_t * const dQ, const size_t dQ_len);

extern hal_error_t hal_rsa_key_get_modulus(hal_rsa_key_t key,
                                           uint8_t *modulus,
                                           size_t *modulus_len,
                                           const size_t modulus_max);

extern hal_error_t hal_rsa_key_get_public_exponent(hal_rsa_key_t key,
                                                   uint8_t *public_exponent,
                                                   size_t *public_exponent_len,
                                                   const size_t public_exponent_max);

extern void hal_rsa_key_clear(hal_rsa_key_t key);

extern hal_error_t hal_rsa_encrypt(hal_rsa_key_t key,
                                   const uint8_t * const input,  const size_t input_len,
                                   uint8_t * output, const size_t output_len);

extern hal_error_t hal_rsa_decrypt(hal_rsa_key_t key,
                                   const uint8_t * const input,  const size_t input_len,
                                   uint8_t * output, const size_t output_len);

extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key,
                                   void *keybuf, const size_t keybuf_len,
                                   const unsigned key_length,
                                   const uint8_t * const public_exponent, const size_t public_exponent_len);

extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key,
                                      uint8_t *der, size_t *der_len, const size_t der_max);

extern size_t hal_rsa_key_to_der_len(hal_rsa_key_t key);

extern hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key,
                                        void *keybuf, const size_t keybuf_len,
                                        const uint8_t * const der, const size_t der_len);

#endif /* _CRYPTECH_H_ */

/*
 * Local variables:
 * indent-tabs-mode: nil
 * End:
 */