diff options
author | Rob Austein <sra@hactrn.net> | 2015-06-04 01:28:52 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2015-06-04 01:28:52 -0400 |
commit | 73a9466319ab4edce0dc82185a422005f57e0f99 (patch) | |
tree | 315305b05ff1861697cae18a3015e17508f84159 | |
parent | 407905016d0404507ef08c71eec89158aa95cb35 (diff) |
Refactor hash code prior to adding HMAC (which we need for PBKDF2).
Main changes: moving the ten zillion core-related constants from
closures into a driver structure, rework API to the more common
initialize/update/finalize because it's easier to understand,
particularly with HMAC.
-rw-r--r-- | cryptech.h | 76 | ||||
-rw-r--r-- | hash.c | 476 | ||||
-rw-r--r-- | tests/test-hash.c | 85 |
3 files changed, 370 insertions, 267 deletions
@@ -479,23 +479,65 @@ extern hal_error_t hal_io_wait_valid(off_t offset); extern hal_error_t hal_get_random(void *buffer, const size_t length); extern void hal_hash_set_debug(int onoff); -extern hal_error_t hal_hash_sha1_core_present(void); -extern hal_error_t hal_hash_sha256_core_present(void); -extern hal_error_t hal_hash_sha512_core_present(void); -extern size_t hal_hash_state_size(void); -extern void hal_hash_state_initialize(void *state); -extern hal_error_t hal_hash_sha1(void *state, const uint8_t * data_buffer, const size_t data_buffer_length, - uint8_t *digest_buffer, const size_t digest_buffer_length); -extern hal_error_t hal_hash_sha256(void *state, const uint8_t *data_buffer, const size_t data_buffer_length, - uint8_t *digest_buffer, const size_t digest_buffer_length); -extern hal_error_t hal_hash_sha512_224(void *state, const uint8_t *data_buffer, const size_t data_buffer_length, - uint8_t *digest_buffer, const size_t digest_buffer_length); -extern hal_error_t hal_hash_sha512_256(void *state, const uint8_t *data_buffer, const size_t data_buffer_length, - uint8_t *digest_buffer, const size_t digest_buffer_length); -extern hal_error_t hal_hash_sha384(void *state, const uint8_t *data_buffer, const size_t data_buffer_length, - uint8_t *digest_buffer, const size_t digest_buffer_length); -extern hal_error_t hal_hash_sha512(void *state, const uint8_t *data_buffer, const size_t data_buffer_length, - uint8_t *digest_buffer, const size_t digest_buffer_length); + +/* + * Public information about a digest algorithm. + * + * The _state_length values in the descriptor and the typed opaque + * pointers in the API are all intended to hide internal details of + * the implementation while making memory allocation the caller's + * problem. + */ + +typedef struct { + size_t block_length; + size_t digest_length; + size_t hash_state_length; + size_t hmac_state_length; + const void *driver; +} hal_hash_descriptor_t; + +/* + * Typed opaque pointers to internal state. + */ + +typedef struct { void *state; } hal_hash_state_t; +typedef struct { void *state; } hal_hmac_state_t; + +/* + * Supported digest algorithms. + */ + +extern const hal_hash_descriptor_t hal_hash_sha1; +extern const hal_hash_descriptor_t hal_hash_sha256; +extern const hal_hash_descriptor_t hal_hash_sha512_224; +extern const hal_hash_descriptor_t hal_hash_sha512_256; +extern const hal_hash_descriptor_t hal_hash_sha384; +extern const hal_hash_descriptor_t hal_hash_sha512; + +extern hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor); + +extern hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor, + hal_hash_state_t *state, + void *state_buffer, const size_t state_length); + +extern hal_error_t hal_hash_update(const hal_hash_state_t state, + const uint8_t * data, const size_t length); + +extern hal_error_t hal_hash_finalize(const hal_hash_state_t state, + uint8_t *digest, const size_t length); + +extern hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor, + hal_hmac_state_t *state, + void *state_buffer, const size_t state_length, + const uint8_t * const key, const size_t key_length); + +extern hal_error_t hal_hmac_update(const hal_hmac_state_t state, + const uint8_t * data, const size_t length); + +extern hal_error_t hal_hmac_finalize(const hal_hmac_state_t state, + uint8_t *hmac, const size_t length); + extern hal_error_t hal_aes_keywrap(const uint8_t *kek, const size_t kek_length, const uint8_t *plaintext, const size_t plaintext_length, @@ -48,107 +48,232 @@ /* Longest digest block we support at the moment */ #define MAX_BLOCK_LEN SHA512_BLOCK_LEN -/* Hash state */ +/* + * Driver. This encapsulates whatever per-algorithm voodoo we need + * this week. At the moment, this is mostly Cryptech core addresses, + * but this is subject to change without notice. + * + * Most of the addresses in the current version could be calculated + * from a single address (the core base address), but this week's + * theory prefers the precomputed composite addresses, and doing it + * this way saves some microscopic bit of addition at runtime. + * Whatever. It'll probably all change again once we have a dynamic + * memory map, so it's not really worth overthinking at the moment. + */ + typedef struct { + size_t length_length; /* Length of the length field */ + off_t block_addr; /* Where to write hash blocks */ + off_t ctrl_addr; /* Control register */ + off_t status_addr; /* Status register */ + off_t digest_addr; /* Where to read digest */ + off_t name_addr; /* Where to read core name */ + char core_name[8]; /* Expected name of core */ + uint8_t ctrl_mode; /* Digest mode, for cores that have modes */ +} driver_t; + +/* + * Hash state. + */ + +typedef struct { + const hal_hash_descriptor_t *descriptor; + const driver_t *driver; uint64_t msg_length_high; /* Total data hashed in this message */ uint64_t msg_length_low; /* (128 bits in SHA-512 cases) */ - size_t block_length; /* Block length for this algorithm */ uint8_t block[MAX_BLOCK_LEN]; /* Block we're accumulating */ size_t block_used; /* How much of the block we've used */ unsigned block_count; /* Blocks sent */ -} hash_state_t; +} internal_hash_state_t; -static int debug = 0; +/* + * Drivers and descriptors for known digest algorithms. + */ + +/* Drivers */ + +static const driver_t sha1_driver = { + SHA1_LENGTH_LEN, + SHA1_ADDR_BLOCK, SHA1_ADDR_CTRL, SHA1_ADDR_STATUS, SHA1_ADDR_DIGEST, + SHA1_ADDR_NAME0, (SHA1_NAME0 SHA1_NAME1), + 0 +}; + +static const driver_t sha256_driver = { + SHA256_LENGTH_LEN, + SHA256_ADDR_BLOCK, SHA256_ADDR_CTRL, SHA256_ADDR_STATUS, SHA256_ADDR_DIGEST, + SHA256_ADDR_NAME0, (SHA256_NAME0 SHA256_NAME1), + 0 +}; + +static const driver_t sha512_224_driver = { + SHA512_LENGTH_LEN, + SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, + SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), + MODE_SHA_512_224 +}; + +static const driver_t sha512_256_driver = { + SHA512_LENGTH_LEN, + SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, + SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), + MODE_SHA_512_256 +}; + +static const driver_t sha384_driver = { + SHA512_LENGTH_LEN, + SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, + SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), + MODE_SHA_384 +}; + +static const driver_t sha512_driver = { + SHA512_LENGTH_LEN, + SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, + SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), + MODE_SHA_512 +}; + +/* Descriptors */ + +const hal_hash_descriptor_t hal_hash_sha1 = { + SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, + sizeof(internal_hash_state_t), 0, + &sha1_driver +}; + +const hal_hash_descriptor_t hal_hash_sha256 = { + SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, + sizeof(internal_hash_state_t), 0, + &sha256_driver +}; + +const hal_hash_descriptor_t hal_hash_sha512_224 = { + SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, + sizeof(internal_hash_state_t), 0, + &sha512_224_driver +}; + +const hal_hash_descriptor_t hal_hash_sha512_256 = { + SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, + sizeof(internal_hash_state_t), 0, + &sha512_256_driver +}; + +const hal_hash_descriptor_t hal_hash_sha384 = { + SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, + sizeof(internal_hash_state_t), 0, + &sha384_driver +}; + +const hal_hash_descriptor_t hal_hash_sha512 = { + SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, + sizeof(internal_hash_state_t), 0, + &sha512_driver +}; /* * Debugging control. */ +static int debug = 0; + void hal_hash_set_debug(int onoff) { debug = onoff; } /* - * Tell caller how much space to allocate for a hash_state_t. This - * lets us hide details that are nobody else's business while letting - * somebody else deal with memory allocation (and is the way - * Cryptlib's HAL code works, not by coincidence). + * Internal utility to do whatever checking we need of a descriptor, + * then extract the driver pointer in a way that works nicely with + * initialization of an automatic const pointer. + * + * Returns the driver pointer on success, NULL on failure. */ -size_t hal_hash_state_size(void) +static const driver_t *check_driver(const hal_hash_descriptor_t * const descriptor) { - return sizeof(hash_state_t); -} - -void hal_hash_state_initialize(void *_state) -{ - hash_state_t *state = _state; - assert(state != NULL); - memset(state, 0, sizeof(*state)); + return descriptor == NULL ? NULL : descriptor->driver; } /* * Report whether cores are present. */ -hal_error_t hal_hash_sha1_core_present(void) +hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor) { - return hal_io_expected(SHA1_ADDR_NAME0, (const uint8_t *) (SHA1_NAME0 SHA1_NAME1), 8); -} + const driver_t * const driver = check_driver(descriptor); -hal_error_t hal_hash_sha256_core_present(void) -{ - return hal_io_expected(SHA256_ADDR_NAME0, (const uint8_t *) (SHA256_NAME0 SHA256_NAME1), 8); + if (driver == NULL) + return HAL_ERROR_BAD_ARGUMENTS; + + return hal_io_expected(driver->name_addr, + (const uint8_t *) driver->core_name, + sizeof(driver->core_name)); } -hal_error_t hal_hash_sha512_core_present(void) +/* + * Initialize hash state. + */ + +hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor, + hal_hash_state_t *opaque_state, + void *state_buffer, const size_t state_length) { - return hal_io_expected(SHA512_ADDR_NAME0, (const uint8_t *) (SHA512_NAME0 SHA512_NAME1), 8); + const driver_t * const driver = check_driver(descriptor); + internal_hash_state_t *state = state_buffer; + + if (driver == NULL || state == NULL || opaque_state == NULL || + state_length < descriptor->hash_state_length) + return HAL_ERROR_BAD_ARGUMENTS; + + memset(state, 0, sizeof(*state)); + state->descriptor = descriptor; + state->driver = driver; + + opaque_state->state = state; + + return HAL_OK; } /* * Send one block to a core. */ -static hal_error_t hash_write_block(const off_t block_addr, - const off_t ctrl_addr, - const off_t status_addr, - const uint8_t ctrl_mode, - const hash_state_t * const state) +static hal_error_t hash_write_block(const internal_hash_state_t * const state) { uint8_t ctrl_cmd[4]; hal_error_t err; - assert(state != NULL && state->block_length % 4 == 0); + assert(state != NULL && state->descriptor != NULL && state->driver != NULL); + assert(state->descriptor->block_length % 4 == 0); if (debug) fprintf(stderr, "[ %s ]\n", state->block_count == 0 ? "init" : "next"); - if ((err = hal_io_write(block_addr, state->block, state->block_length)) != HAL_OK) + if ((err = hal_io_write(state->driver->block_addr, state->block, state->descriptor->block_length)) != HAL_OK) return err; ctrl_cmd[0] = ctrl_cmd[1] = ctrl_cmd[2] = 0; ctrl_cmd[3] = state->block_count == 0 ? CTRL_INIT : CTRL_NEXT; - ctrl_cmd[3] |= ctrl_mode; + ctrl_cmd[3] |= state->driver->ctrl_mode; /* * Not sure why we're waiting for ready here, but it's what the old * (read: tested) code did, so keep that behavior for now. */ - if ((err = hal_io_write(ctrl_addr, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK) + if ((err = hal_io_write(state->driver->ctrl_addr, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK) return err; - return hal_io_wait_valid(status_addr); + return hal_io_wait_valid(state->driver->status_addr); } /* * Read hash result from core. */ -static hal_error_t hash_read_digest(const off_t digest_addr, - const off_t status_addr, +static hal_error_t hash_read_digest(const driver_t * const driver, uint8_t *digest, const size_t digest_length) { @@ -156,211 +281,146 @@ static hal_error_t hash_read_digest(const off_t digest_addr, assert(digest != NULL && digest_length % 4 == 0); - if ((err = hal_io_wait_valid(status_addr)) != HAL_OK) + if ((err = hal_io_wait_valid(driver->status_addr)) != HAL_OK) return err; - return hal_io_read(digest_addr, digest, digest_length); + return hal_io_read(driver->digest_addr, digest, digest_length); } /* - * Hash data. All supported hash algorithms use similar block - * manipulations and padding algorithms, so all can use this method - * with a few parameters which we handle via closures below. + * Add data to hash. */ -static hal_error_t hash_do_hash(hash_state_t *state, /* Opaque state block */ - const uint8_t * const data_buffer, /* Data to be hashed */ - size_t data_buffer_length, /* Length of data_buffer */ - uint8_t *digest_buffer, /* Returned digest */ - const size_t digest_buffer_length, /* Length of digest_buffer */ - const size_t block_length, /* Length of a block */ - const size_t digest_length, /* Length of resulting digest */ - const size_t length_length, /* Length of the length field */ - const off_t block_addr, /* Where to write hash blocks */ - const off_t ctrl_addr, /* Control register */ - const off_t status_addr, /* Status register */ - const off_t digest_addr, /* Where to read digest */ - const uint8_t ctrl_mode) /* Digest mode, for cores that have modes */ +hal_error_t hal_hash_update(hal_hash_state_t opaque_state, /* Opaque state block */ + const uint8_t * const data_buffer, /* Data to be hashed */ + size_t data_buffer_length) /* Length of data_buffer */ { + internal_hash_state_t *state = opaque_state.state; + const uint8_t *p = data_buffer; hal_error_t err; size_t n; - int i; - if (state == NULL || - (state->block_length != 0 && state->block_length != block_length) || - (data_buffer_length > 0 && data_buffer == NULL) || - (data_buffer_length == 0 && digest_buffer == NULL) || - (digest_buffer != NULL && digest_buffer_length < digest_length)) + if (state == NULL || data_buffer == NULL) return HAL_ERROR_BAD_ARGUMENTS; - if (state->block_length == 0) - state->block_length = block_length; - - assert(block_length <= sizeof(state->block)); - - if (data_buffer_length > 0) { /* We have data to hash */ - - const uint8_t *p = data_buffer; - - while ((n = state->block_length - state->block_used) <= data_buffer_length) { - /* - * We have enough data for another complete block. - */ - if (debug) - fprintf(stderr, "[ Full block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n", - (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); - memcpy(state->block + state->block_used, p, n); - if ((state->msg_length_low += n) < n) - state->msg_length_high++; - state->block_used = 0; - data_buffer_length -= n; - p += n; - if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK) - return err; - state->block_count++; - } - - if (data_buffer_length > 0) { - /* - * Data left over, but not enough for a full block, stash it. - */ - if (debug) - fprintf(stderr, "[ Partial block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n", - (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); - assert(data_buffer_length < n); - memcpy(state->block + state->block_used, p, data_buffer_length); - if ((state->msg_length_low += data_buffer_length) < data_buffer_length) - state->msg_length_high++; - state->block_used += data_buffer_length; - } - } + if (data_buffer_length == 0) + return HAL_OK; - else { /* Done: add padding, then pull result from the core */ - - uint64_t bit_length_low = (state->msg_length_low << 3); - uint64_t bit_length_high = (state->msg_length_high << 3) | (state->msg_length_low >> 61); - uint8_t *p; - - /* Initial pad byte */ - assert(state->block_used < state->block_length); - state->block[state->block_used++] = 0x80; - - /* If not enough room for bit count, zero and push current block */ - if ((n = state->block_length - state->block_used) < length_length) { - if (debug) - fprintf(stderr, "[ Overflow block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n", - (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); - if (n > 0) - memset(state->block + state->block_used, 0, n); - if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK) - return err; - state->block_count++; - state->block_used = 0; - } + assert(state->descriptor != NULL && state->driver != NULL); + assert(state->descriptor->block_length <= sizeof(state->block)); - /* Pad final block */ - n = state->block_length - state->block_used; - assert(n >= length_length); - if (n > 0) - memset(state->block + state->block_used, 0, n); + while ((n = state->descriptor->block_length - state->block_used) <= data_buffer_length) { + /* + * We have enough data for another complete block. + */ if (debug) - fprintf(stderr, "[ Final block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n", + fprintf(stderr, "[ Full block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n", (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); - p = state->block + state->block_length; - for (i = 0; (bit_length_low || bit_length_high) && i < length_length; i++) { - *--p = (uint8_t) (bit_length_low & 0xFF); - bit_length_low >>= 8; - if (bit_length_high) { - bit_length_low |= ((bit_length_high & 0xFF) << 56); - bit_length_high >>= 8; - } - } - - /* Push final block */ - if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK) + memcpy(state->block + state->block_used, p, n); + if ((state->msg_length_low += n) < n) + state->msg_length_high++; + state->block_used = 0; + data_buffer_length -= n; + p += n; + if ((err = hash_write_block(state)) != HAL_OK) return err; state->block_count++; + } - /* All data pushed to core, now we just need to read back the result */ - if ((err = hash_read_digest(digest_addr, status_addr, digest_buffer, digest_length)) != HAL_OK) - return err; + if (data_buffer_length > 0) { + /* + * Data left over, but not enough for a full block, stash it. + */ + if (debug) + fprintf(stderr, "[ Partial block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n", + (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); + assert(data_buffer_length < n); + memcpy(state->block + state->block_used, p, data_buffer_length); + if ((state->msg_length_low += data_buffer_length) < data_buffer_length) + state->msg_length_high++; + state->block_used += data_buffer_length; } return HAL_OK; } /* - * Closures to provide the public API. + * Finish hash and return digest. */ -hal_error_t hal_hash_sha1(void *state, - const uint8_t *data_buffer, - const size_t data_buffer_length, - uint8_t *digest_buffer, - const size_t digest_buffer_length) +hal_error_t hal_hash_finalize(hal_hash_state_t opaque_state, /* Opaque state block */ + uint8_t *digest_buffer, /* Returned digest */ + const size_t digest_buffer_length) /* Length of digest_buffer */ { - return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length, - SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, SHA1_LENGTH_LEN, - SHA1_ADDR_BLOCK, SHA1_ADDR_CTRL, SHA1_ADDR_STATUS, SHA1_ADDR_DIGEST, 0); -} + internal_hash_state_t *state = opaque_state.state; + uint64_t bit_length_high, bit_length_low; + hal_error_t err; + uint8_t *p; + size_t n; + int i; -hal_error_t hal_hash_sha256(void *state, - const uint8_t *data_buffer, - const size_t data_buffer_length, - uint8_t *digest_buffer, - const size_t digest_buffer_length) -{ - return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length, - SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, SHA256_LENGTH_LEN, - SHA256_ADDR_BLOCK, SHA256_ADDR_CTRL, SHA256_ADDR_STATUS, SHA256_ADDR_DIGEST, 0); -} + if (state == NULL || digest_buffer == NULL) + return HAL_ERROR_BAD_ARGUMENTS; -hal_error_t hal_hash_sha512_224(void *state, - const uint8_t *data_buffer, - const size_t data_buffer_length, - uint8_t *digest_buffer, - const size_t digest_buffer_length) -{ - return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length, - SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - MODE_SHA_512_224); -} + assert(state->descriptor != NULL && state->driver != NULL); -hal_error_t hal_hash_sha512_256(void *state, - const uint8_t *data_buffer, - const size_t data_buffer_length, - uint8_t *digest_buffer, - const size_t digest_buffer_length) -{ - return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length, - SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - MODE_SHA_512_256); -} + if (digest_buffer_length < state->descriptor->digest_length) + return HAL_ERROR_BAD_ARGUMENTS; -hal_error_t hal_hash_sha384(void *state, - const uint8_t *data_buffer, - const size_t data_buffer_length, - uint8_t *digest_buffer, - const size_t digest_buffer_length) -{ - return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length, - SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - MODE_SHA_384); -} + assert(state->descriptor->block_length <= sizeof(state->block)); -hal_error_t hal_hash_sha512(void *state, - const uint8_t *data_buffer, - const size_t data_buffer_length, - uint8_t *digest_buffer, - const size_t digest_buffer_length) -{ - return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length, - SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - MODE_SHA_512); + /* + * Add padding, then pull result from the core + */ + + bit_length_low = (state->msg_length_low << 3); + bit_length_high = (state->msg_length_high << 3) | (state->msg_length_low >> 61); + + /* Initial pad byte */ + assert(state->block_used < state->descriptor->block_length); + state->block[state->block_used++] = 0x80; + + /* If not enough room for bit count, zero and push current block */ + if ((n = state->descriptor->block_length - state->block_used) < state->driver->length_length) { + if (debug) + fprintf(stderr, "[ Overflow block, used %lu, n %lu, msg_length %llu ]\n", + (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); + if (n > 0) + memset(state->block + state->block_used, 0, n); + if ((err = hash_write_block(state)) != HAL_OK) + return err; + state->block_count++; + state->block_used = 0; + } + + /* Pad final block */ + n = state->descriptor->block_length - state->block_used; + assert(n >= state->driver->length_length); + if (n > 0) + memset(state->block + state->block_used, 0, n); + if (debug) + fprintf(stderr, "[ Final block, used %lu, n %lu, msg_length %llu ]\n", + (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low); + p = state->block + state->descriptor->block_length; + for (i = 0; (bit_length_low || bit_length_high) && i < state->driver->length_length; i++) { + *--p = (uint8_t) (bit_length_low & 0xFF); + bit_length_low >>= 8; + if (bit_length_high) { + bit_length_low |= ((bit_length_high & 0xFF) << 56); + bit_length_high >>= 8; + } + } + + /* Push final block */ + if ((err = hash_write_block(state)) != HAL_OK) + return err; + state->block_count++; + + /* All data pushed to core, now we just need to read back the result */ + if ((err = hash_read_digest(state->driver, digest_buffer, state->descriptor->digest_length)) != HAL_OK) + return err; + + return HAL_OK; } /* diff --git a/tests/test-hash.c b/tests/test-hash.c index 671f200..92acdfd 100644 --- a/tests/test-hash.c +++ b/tests/test-hash.c @@ -124,32 +124,49 @@ static const uint8_t sha512_double_digest[] = { /* 64 bytes */ 0x87, 0x4b, 0xe9, 0x09 }; -static int _test_hash(hal_error_t (*hash)(void *, - const uint8_t *, const size_t, - uint8_t *, const size_t), +static int _test_hash(const hal_hash_descriptor_t * const descriptor, const uint8_t * const data, const size_t data_len, const uint8_t * const result, const size_t result_len, const char * const label) { - uint8_t state[512], digest[512]; + uint8_t statebuf[512], digest[512]; + hal_hash_state_t state; hal_error_t err; - assert(hash != NULL && data != NULL && result != NULL && label != NULL); - + assert(descriptor != NULL && data != NULL && result != NULL && label != NULL); assert(result_len <= sizeof(digest)); - assert(hal_hash_state_size() <= sizeof(state)); + assert(descriptor->hash_state_length <= sizeof(statebuf)); printf("Starting %s test\n", label); - hal_hash_state_initialize(state); + err = hal_hash_core_present(descriptor); + + switch (err) { + + case HAL_OK: + break; + + case HAL_ERROR_IO_UNEXPECTED: + printf("Core not present, skipping test\n"); + return 1; + + default: + printf("Failed while checking for core: %s\n", hal_error_string(err)); + return 0; + } + + if ((err = hal_hash_initialize(descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK) { + printf("Failed while initializing hash: %s\n", hal_error_string(err)); + return 0; + } - if ((err = hash(state, data, data_len, NULL, 0)) != HAL_OK) { - printf("Failed: %s\n", hal_error_string(err)); + if ((err = hal_hash_update(state, data, data_len)) != HAL_OK) { + printf("Failed while updating hash: %s\n", hal_error_string(err)); return 0; } - if ((err = hash(state, NULL, 0, digest, sizeof(digest))) != HAL_OK) { - printf("Failed: %s\n", hal_error_string(err)); + if ((err = hal_hash_finalize(state, digest, sizeof(digest))) != HAL_OK) { + printf("Failed while finalizing hash: %s\n", hal_error_string(err)); return 0; } @@ -170,46 +187,30 @@ static int _test_hash(hal_error_t (*hash)(void *, return 1; } -#define test_hash(_hash_, _data_, _result_, _label_) \ - _test_hash(_hash_, _data_, sizeof(_data_), _result_, sizeof(_result_), _label_) +#define test_hash(_desc_, _data_, _result_, _label_) \ + _test_hash(_desc_, _data_, sizeof(_data_), _result_, sizeof(_result_), _label_) int main (int argc, char *argv[]) { int ok = 1; - if (hal_hash_sha1_core_present() == HAL_OK) { - ok &= test_hash(hal_hash_sha1, nist_512_single, sha1_single_digest, "SHA-1 single block"); - ok &= test_hash(hal_hash_sha1, nist_512_double, sha1_double_digest, "SHA-1 double block"); - } - else { - printf("SHA-1 core not present, skipping tests which depend on it\n"); - } + ok &= test_hash(&hal_hash_sha1, nist_512_single, sha1_single_digest, "SHA-1 single block"); + ok &= test_hash(&hal_hash_sha1, nist_512_double, sha1_double_digest, "SHA-1 double block"); - if (hal_hash_sha256_core_present() == HAL_OK) { - ok &= test_hash(hal_hash_sha256, nist_512_single, sha256_single_digest, "SHA-256 single block"); - ok &= test_hash(hal_hash_sha256, nist_512_double, sha256_double_digest, "SHA-256 double block"); - } - else { - printf("SHA-256 core not present, skipping tests which depend on it\n"); - } - - if (hal_hash_sha512_core_present() == HAL_OK) { + ok &= test_hash(&hal_hash_sha256, nist_512_single, sha256_single_digest, "SHA-256 single block"); + ok &= test_hash(&hal_hash_sha256, nist_512_double, sha256_double_digest, "SHA-256 double block"); - ok &= test_hash(hal_hash_sha512_224, nist_1024_single, sha512_224_single_digest, "SHA-512/224 single block"); - ok &= test_hash(hal_hash_sha512_224, nist_1024_double, sha512_224_double_digest, "SHA-512/224 double block"); + ok &= test_hash(&hal_hash_sha512_224, nist_1024_single, sha512_224_single_digest, "SHA-512/224 single block"); + ok &= test_hash(&hal_hash_sha512_224, nist_1024_double, sha512_224_double_digest, "SHA-512/224 double block"); - ok &= test_hash(hal_hash_sha512_256, nist_1024_single, sha512_256_single_digest, "SHA-512/256 single block"); - ok &= test_hash(hal_hash_sha512_256, nist_1024_double, sha512_256_double_digest, "SHA-512/256 double block"); + ok &= test_hash(&hal_hash_sha512_256, nist_1024_single, sha512_256_single_digest, "SHA-512/256 single block"); + ok &= test_hash(&hal_hash_sha512_256, nist_1024_double, sha512_256_double_digest, "SHA-512/256 double block"); - ok &= test_hash(hal_hash_sha384, nist_1024_single, sha384_single_digest, "SHA-384 single block"); - ok &= test_hash(hal_hash_sha384, nist_1024_double, sha384_double_digest, "SHA-384 double block"); + ok &= test_hash(&hal_hash_sha384, nist_1024_single, sha384_single_digest, "SHA-384 single block"); + ok &= test_hash(&hal_hash_sha384, nist_1024_double, sha384_double_digest, "SHA-384 double block"); - ok &= test_hash(hal_hash_sha512, nist_1024_single, sha512_single_digest, "SHA-512 single block"); - ok &= test_hash(hal_hash_sha512, nist_1024_double, sha512_double_digest, "SHA-512 double block"); - } - else { - printf("SHA-512 core not present, skipping tests which depend on it\n"); - } + ok &= test_hash(&hal_hash_sha512, nist_1024_single, sha512_single_digest, "SHA-512 single block"); + ok &= test_hash(&hal_hash_sha512, nist_1024_double, sha512_double_digest, "SHA-512 double block"); return !ok; } |