diff options
-rw-r--r-- | GNUmakefile | 2 | ||||
-rw-r--r-- | aes_keywrap.c | 47 | ||||
-rw-r--r-- | core.c | 211 | ||||
-rw-r--r-- | csprng.c | 7 | ||||
-rw-r--r-- | ecdsa.c | 11 | ||||
-rw-r--r-- | hal.h | 470 | ||||
-rw-r--r-- | hal_io_eim.c | 50 | ||||
-rw-r--r-- | hal_io_i2c.c | 1 | ||||
-rw-r--r-- | hash.c | 116 | ||||
-rw-r--r-- | modexp.c | 41 | ||||
-rw-r--r-- | pbkdf2.c | 15 | ||||
-rw-r--r-- | rsa.c | 43 | ||||
-rw-r--r-- | tests/test-aes-key-wrap.c | 16 | ||||
-rw-r--r-- | tests/test-ecdsa.c | 56 | ||||
-rw-r--r-- | tests/test-hash.c | 34 | ||||
-rw-r--r-- | tests/test-pbkdf2.c | 25 | ||||
-rw-r--r-- | tests/test-rsa.c | 53 | ||||
-rw-r--r-- | verilog_constants.h | 241 |
18 files changed, 791 insertions, 648 deletions
diff --git a/GNUmakefile b/GNUmakefile index 37d038e..5c14b11 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -27,7 +27,7 @@ INC = hal.h LIB = libhal.a -OBJ = ${IO_OBJ} csprng.o hash.o aes_keywrap.o pbkdf2.o \ +OBJ = ${IO_OBJ} core.o csprng.o hash.o aes_keywrap.o pbkdf2.o \ modexp.o rsa.o ecdsa.o asn1.o errorstrings.o IO_OBJ_EIM = hal_io_eim.o novena-eim.o diff --git a/aes_keywrap.c b/aes_keywrap.c index 7b90c9d..324b4ba 100644 --- a/aes_keywrap.c +++ b/aes_keywrap.c @@ -48,6 +48,7 @@ #include <assert.h> #include "hal.h" +#include "verilog_constants.h" /* * How long the ciphertext will be for a given plaintext length. @@ -66,7 +67,7 @@ size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length) typedef enum { KEK_encrypting, KEK_decrypting } kek_action_t; -static hal_error_t load_kek(const uint8_t *K, const size_t K_len, const kek_action_t action) +static hal_error_t load_kek(const hal_core_t *core, const uint8_t *K, const size_t K_len, const kek_action_t action) { uint8_t config[4]; hal_error_t err; @@ -104,9 +105,9 @@ static hal_error_t load_kek(const uint8_t *K, const size_t K_len, const kek_acti * Load the KEK and tell the core to expand it. */ - if ((err = hal_io_write(AES_ADDR_KEY0, K, K_len)) != HAL_OK || - (err = hal_io_write(AES_ADDR_CONFIG, config, sizeof(config))) != HAL_OK || - (err = hal_io_init(AES_ADDR_CTRL)) != HAL_OK) + if ((err = hal_io_write(core, AES_ADDR_KEY0, K, K_len)) != HAL_OK || + (err = hal_io_write(core, AES_ADDR_CONFIG, config, sizeof(config))) != HAL_OK || + (err = hal_io_init(core)) != HAL_OK) return err; return HAL_OK; @@ -127,18 +128,18 @@ static hal_error_t load_kek(const uint8_t *K, const size_t K_len, const kek_acti * Just be VERY careful if you change anything here. */ -static hal_error_t do_block(uint8_t *b1, uint8_t *b2) +static hal_error_t do_block(const hal_core_t *core, uint8_t *b1, uint8_t *b2) { hal_error_t err; assert(b1 != NULL && b2 != NULL); - if ((err = hal_io_write(AES_ADDR_BLOCK0, b1, 8)) != HAL_OK || - (err = hal_io_write(AES_ADDR_BLOCK2, b2, 8)) != HAL_OK || - (err = hal_io_next(AES_ADDR_CTRL)) != HAL_OK || - (err = hal_io_wait_ready(AES_ADDR_STATUS)) != HAL_OK || - (err = hal_io_read(AES_ADDR_RESULT0, b1, 8)) != HAL_OK || - (err = hal_io_read(AES_ADDR_RESULT2, b2, 8)) != HAL_OK) + if ((err = hal_io_write(core, AES_ADDR_BLOCK0, b1, 8)) != HAL_OK || + (err = hal_io_write(core, AES_ADDR_BLOCK2, b2, 8)) != HAL_OK || + (err = hal_io_next(core)) != HAL_OK || + (err = hal_io_wait_ready(core)) != HAL_OK || + (err = hal_io_read(core, AES_ADDR_RESULT0, b1, 8)) != HAL_OK || + (err = hal_io_read(core, AES_ADDR_RESULT2, b2, 8)) != HAL_OK) return err; return HAL_OK; @@ -155,7 +156,8 @@ static hal_error_t do_block(uint8_t *b1, uint8_t *b2) * buffer size. */ -hal_error_t hal_aes_keywrap(const uint8_t *K, const size_t K_len, +hal_error_t hal_aes_keywrap(const hal_core_t *core, + const uint8_t *K, const size_t K_len, const uint8_t * const Q, const size_t m, uint8_t *C, @@ -168,10 +170,13 @@ hal_error_t hal_aes_keywrap(const uint8_t *K, const size_t K_len, assert(calculated_C_len % 8 == 0); + if ((err = hal_core_check_name(&core, AES_CORE_NAME)) != HAL_OK) + return err; + if (Q == NULL || C == NULL || C_len == NULL || *C_len < calculated_C_len) return HAL_ERROR_BAD_ARGUMENTS; - if ((err = load_kek(K, K_len, KEK_encrypting)) != HAL_OK) + if ((err = load_kek(core, K, K_len, KEK_encrypting)) != HAL_OK) return err; *C_len = calculated_C_len; @@ -192,7 +197,7 @@ hal_error_t hal_aes_keywrap(const uint8_t *K, const size_t K_len, n = calculated_C_len/8 - 1; if (n == 1) { - if ((err = do_block(C, C + 8)) != HAL_OK) + if ((err = do_block(core, C, C + 8)) != HAL_OK) return err; } @@ -200,7 +205,7 @@ hal_error_t hal_aes_keywrap(const uint8_t *K, const size_t K_len, for (j = 0; j <= 5; j++) { for (i = 1; i <= n; i++) { uint32_t t = n * j + i; - if ((err = do_block(C, C + i * 8)) != HAL_OK) + if ((err = do_block(core, C, C + i * 8)) != HAL_OK) return err; C[7] ^= t & 0xFF; t >>= 8; C[6] ^= t & 0xFF; t >>= 8; @@ -220,7 +225,8 @@ hal_error_t hal_aes_keywrap(const uint8_t *K, const size_t K_len, * Q should be the same size as C. Q and C can overlap. */ -hal_error_t hal_aes_keyunwrap(const uint8_t *K, const size_t K_len, +hal_error_t hal_aes_keyunwrap(const hal_core_t * core, + const uint8_t *K, const size_t K_len, const uint8_t * const C, const size_t C_len, uint8_t *Q, @@ -231,10 +237,13 @@ hal_error_t hal_aes_keyunwrap(const uint8_t *K, const size_t K_len, long i, j; size_t m; + if ((err = hal_core_check_name(&core, AES_CORE_NAME)) != HAL_OK) + return err; + if (C == NULL || Q == NULL || C_len % 8 != 0 || C_len < 16 || Q_len == NULL || *Q_len < C_len) return HAL_ERROR_BAD_ARGUMENTS; - if ((err = load_kek(K, K_len, KEK_decrypting)) != HAL_OK) + if ((err = load_kek(core, K, K_len, KEK_decrypting)) != HAL_OK) return err; n = (C_len / 8) - 1; @@ -243,7 +252,7 @@ hal_error_t hal_aes_keyunwrap(const uint8_t *K, const size_t K_len, memmove(Q, C, C_len); if (n == 1) { - if ((err = do_block(Q, Q + 8)) != HAL_OK) + if ((err = do_block(core, Q, Q + 8)) != HAL_OK) return err; } @@ -255,7 +264,7 @@ hal_error_t hal_aes_keyunwrap(const uint8_t *K, const size_t K_len, Q[6] ^= t & 0xFF; t >>= 8; Q[5] ^= t & 0xFF; t >>= 8; Q[4] ^= t & 0xFF; - if ((err = do_block(Q, Q + i * 8)) != HAL_OK) + if ((err = do_block(core, Q, Q + i * 8)) != HAL_OK) return err; } } @@ -0,0 +1,211 @@ +/* + * core.c + * ------ + * This module contains code to probe the FPGA for its installed cores. + * + * Author: Paul Selkirk, Rob Austein + * Copyright (c) 2015, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> + +#include "hal.h" +#include "verilog_constants.h" + +/* + * Each Cryptech core has a set of 4-byte registers, which are accessed + * through a 16-bit address. The address space is divided as follows: + * 3 bits segment selector | up to 8 segments + * 5 bits core selector | up to 32 cores/segment (see note below) + * 8 bits register selector | up to 256 registers/core (see modexp below) + * + * i.e, the address is structured as: + * sss ccccc rrrrrrrr + * + * The I2C and UART communication channels use this 16-bit address format + * directly in their read and write commands. + * + * The EIM communications channel translates this 16-bit address into a + * 32-bit memory-mapped address in the range 0x08000000..807FFFF: + * 00001000000000 sss 0 ccccc rrrrrrrr 00 + * + * EIM, as implemented on the Novena, uses a 19-bit address space: + * Bits 18..16 are the semgent selector. + * Bits 15..10 are the core selector. + * Bits 9..2 are the register selector. + * Bits 1..0 are zero, because reads and writes are always word aligned. + * + * Note that EIM can support 64 cores per segment, but we sacrifice one bit + * in order to map it into a 16-bit address space. + */ + +/* + * Structure of our internal database is private, in case we want to + * be change representation (array, tree, list of lists, whatever) at + * some later date without having to change the public API. + */ + +struct hal_core { + hal_core_info_t info; + struct hal_core *next; +}; + +/* + * Check whether a core's name matches a particular string. This is a + * bit nasty due to non-null-terminated fixed-length names. + */ + +static int name_matches(const hal_core_t *const core, const char * const name) +{ + return (core != NULL && name != NULL && *name != '\0' && + strncmp(name, core->info.name, strnlen(name, sizeof(core->info.name))) == 0); +} + +/* + * Probe the FPGA and build our internal database. + * + * At the moment this knows far more than it should about pecularities + * of certain cores. In theory at least some of this will be fixed + * soon on the Verilog side. Adding a core-length word to the core + * header sure would make this simpler. + */ + +#define CORE_MIN 0 +#define CORE_MAX 0x10000 +#define CORE_SIZE 0x100 + +/* Extra space to leave after particular cores. Yummy. */ + +static const struct { const char *name; hal_addr_t extra; } gaps[] = { + { "trng", 4 * CORE_SIZE }, /* Four empty slots after trng */ + { "rosc ent", 3 * CORE_SIZE }, /* Three empty slots after rosc */ + { "csprng", 4 * CORE_SIZE }, /* Four empty slots after csprng */ + { "modexps6", 3 * CORE_SIZE }, /* ModexpS6 uses four slots */ +}; + +static hal_core_t *probe_cores(void) +{ + static hal_core_t *head = NULL; + + if (head != NULL) + return head; + + hal_core_t **tail = &head; + hal_core_t *core = NULL; + hal_error_t err = HAL_OK; + + for (hal_addr_t addr = CORE_MIN; addr < CORE_MAX; addr += CORE_SIZE) { + + if (core == NULL && (core = malloc(sizeof(hal_core_t))) == NULL) { + err = HAL_ERROR_ALLOCATION_FAILURE; + goto fail; + } + + memset(core, 0, sizeof(*core)); + core->info.base = addr; + + if ((err = hal_io_read(core, ADDR_NAME0, (uint8_t *) core->info.name, 8)) != HAL_OK || + (err = hal_io_read(core, ADDR_VERSION, (uint8_t *) core->info.version, 4)) != HAL_OK) + goto fail; + + if (core->info.name[0] == '\0') + continue; + + for (int i = 0; i < sizeof(gaps)/sizeof(*gaps); i++) { + if (name_matches(core, gaps[i].name)) { + addr += gaps[i].extra; + break; + } + } + + *tail = core; + tail = &core->next; + core = NULL; + } + + if (core != NULL) + free(core); + + return head; + + fail: + if (core != NULL) + free(core); + while ((core = head) != NULL) { + head = core->next; + free(core); + } + return NULL; +} + +const hal_core_t * hal_core_iterate(const hal_core_t *core) +{ + return core == NULL ? probe_cores() : core->next; +} + +const hal_core_t *hal_core_find(const char *name, const hal_core_t *core) +{ + for (core = hal_core_iterate(core); core != NULL; core = core->next) + if (name_matches(core, name)) + return core; + return NULL; +} + +hal_error_t hal_core_check_name(const hal_core_t **core, const char *name) +{ + if (core == NULL || name == NULL) + return HAL_ERROR_BAD_ARGUMENTS; + + if (*core == NULL && (*core = hal_core_find(name, NULL)) != NULL) + return HAL_OK; + + if (*core == NULL || !name_matches(*core, name)) + return HAL_ERROR_CORE_NOT_FOUND; + + return HAL_OK; +} + +hal_addr_t hal_core_base(const hal_core_t *core) +{ + return core == NULL ? 0 : core->info.base; +} + +const hal_core_info_t *hal_core_info(const hal_core_t *core) +{ + return core == NULL ? NULL : &core->info; +} + +/* + * Local variables: + * indent-tabs-mode: nil + * End: + */ @@ -38,12 +38,13 @@ #include <stdio.h> #include "hal.h" +#include "verilog_constants.h" #ifndef WAIT_FOR_CSPRNG_VALID #define WAIT_FOR_CSPRNG_VALID 0 #endif -hal_error_t hal_get_random(void *buffer, const size_t length) +hal_error_t hal_get_random(const hal_core_t *core, void *buffer, const size_t length) { uint8_t temp[4], *buf = buffer; hal_error_t err; @@ -52,10 +53,10 @@ hal_error_t hal_get_random(void *buffer, const size_t length) for (i = 0; i < length; i += 4) { const int last = (length - i) < 4; - if (WAIT_FOR_CSPRNG_VALID && (err = hal_io_wait_valid(CSPRNG_ADDR_STATUS)) != HAL_OK) + if (WAIT_FOR_CSPRNG_VALID && (err = hal_io_wait_valid(core)) != HAL_OK) return err; - if ((err = hal_io_read(CSPRNG_ADDR_RANDOM, (last ? temp : &buf[i]), 4)) != HAL_OK) + if ((err = hal_io_read(core, CSPRNG_ADDR_RANDOM, (last ? temp : &buf[i]), 4)) != HAL_OK) return err; if (last) @@ -717,7 +717,7 @@ static inline hal_error_t get_random(void *buffer, const size_t length) if (rng_test_override_function) return rng_test_override_function(buffer, length); else - return hal_get_random(buffer, length); + return hal_get_random(NULL, buffer, length); } #else /* HAL_ECDSA_DEBUG_ONLY_STATIC_TEST_VECTOR_RANDOM */ @@ -830,7 +830,8 @@ static int point_is_on_curve(const ec_point_t * const P, * Generate a new ECDSA key. */ -hal_error_t hal_ecdsa_key_gen(hal_ecdsa_key_t **key_, +hal_error_t hal_ecdsa_key_gen(const hal_core_t *core, + hal_ecdsa_key_t **key_, void *keybuf, const size_t keybuf_len, const hal_ecdsa_curve_t curve_) { @@ -1422,7 +1423,8 @@ static hal_error_t decode_signature_asn1(const ecdsa_curve_t * const curve, * Sign a caller-supplied hash. */ -hal_error_t hal_ecdsa_sign(const hal_ecdsa_key_t * const key, +hal_error_t hal_ecdsa_sign(const hal_core_t *core, + const hal_ecdsa_key_t * const key, const uint8_t * const hash, const size_t hash_len, uint8_t *signature, size_t *signature_len, const size_t signature_max, const hal_ecdsa_signature_format_t signature_format) @@ -1515,7 +1517,8 @@ hal_error_t hal_ecdsa_sign(const hal_ecdsa_key_t * const key, * Verify a signature using a caller-supplied hash. */ -hal_error_t hal_ecdsa_verify(const hal_ecdsa_key_t * const key, +hal_error_t hal_ecdsa_verify(const hal_core_t *core, + const hal_ecdsa_key_t * const key, const uint8_t * const hash, const size_t hash_len, const uint8_t * const signature, const size_t signature_len, const hal_ecdsa_signature_format_t signature_format) @@ -33,390 +33,61 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* - * Each Cryptech core has a set of 4-byte registers, which are accessed - * through a 16-bit address. The address space is divided as follows: - * 3 bits segment selector | up to 8 segments - * 5 bits core selector | up to 32 cores/segment (see note below) - * 8 bits register selector | up to 256 registers/core (see modexp below) - * - * i.e, the address is structured as: - * sss ccccc rrrrrrrr - * - * The I2C and UART communication channels use this 16-bit address format - * directly in their read and write commands. - * - * The EIM communications channel translates this 16-bit address into a - * 32-bit memory-mapped address in the range 0x08000000..807FFFF: - * 00001000000000 sss 0 ccccc rrrrrrrr 00 - * - * EIM, as implemented on the Novena, uses a 19-bit address space: - * Bits 18..16 are the semgent selector. - * Bits 15..10 are the core selector. - * Bits 9..2 are the register selector. - * Bits 1..0 are zero, because reads and writes are always word aligned. - * - * Note that EIM can support 64 cores per segment, but we sacrifice one bit - * in order to map it into a 16-bit address space. - */ - #ifndef _HAL_H_ #define _HAL_H_ - -/* - * Default sizes. - */ -#define CORE_SIZE (0x100) -#define SEGMENT_SIZE (0x20 * CORE_SIZE) - - -/* - * Segments. - */ -#define SEGMENT_OFFSET_GLOBALS (0 * SEGMENT_SIZE) -#define SEGMENT_OFFSET_HASHES (1 * SEGMENT_SIZE) -#define SEGMENT_OFFSET_RNGS (2 * SEGMENT_SIZE) -#define SEGMENT_OFFSET_CIPHERS (3 * SEGMENT_SIZE) -#define SEGMENT_OFFSET_MATH (4 * SEGMENT_SIZE) - - /* - * Addresses and codes common to all cores. + * A handy macro from cryptlib. */ -#define ADDR_NAME0 (0x00) -#define ADDR_NAME1 (0x01) -#define ADDR_VERSION (0x02) -#define ADDR_CTRL (0x08) -#define CTRL_INIT (1) -#define CTRL_NEXT (2) -#define ADDR_STATUS (0x09) -#define STATUS_READY (1) -#define STATUS_VALID (2) - - -/* A handy macro from cryptlib */ #ifndef bitsToBytes #define bitsToBytes(x) (x / 8) #endif - /* - * Board segment. - * Board-level registers and communication channel registers. + * Current name and version values. + * + * Should these even be here? Dunno. + * Should the versions be here even if the names should be? */ -#define BOARD_ADDR_BASE (SEGMENT_OFFSET_GLOBALS + (0 * CORE_SIZE)) -#define BOARD_ADDR_NAME0 (BOARD_ADDR_BASE + ADDR_NAME0) -#define BOARD_ADDR_NAME1 (BOARD_ADDR_BASE + ADDR_NAME1) -#define BOARD_ADDR_VERSION (BOARD_ADDR_BASE + ADDR_VERSION) -#define BOARD_ADDR_DUMMY (BOARD_ADDR_BASE + 0xFF) - -#define COMM_ADDR_BASE (SEGMENT_OFFSET_GLOBALS + (1 * CORE_SIZE)) -#define COMM_ADDR_NAME0 (COMM_ADDR_BASE + ADDR_NAME0) -#define COMM_ADDR_NAME1 (COMM_ADDR_BASE + ADDR_NAME1) -#define COMM_ADDR_VERSION (COMM_ADDR_BASE + ADDR_VERSION) - -/* Current name and version values */ -#define NOVENA_BOARD_NAME0 "PVT1" -#define NOVENA_BOARD_NAME1 " " + +#define NOVENA_BOARD_NAME "PVT1 " #define NOVENA_BOARD_VERSION "0.10" -#define EIM_INTERFACE_NAME0 "eim " -#define EIM_INTERFACE_NAME1 " " +#define EIM_INTERFACE_NAME "eim " #define EIM_INTERFACE_VERSION "0.10" -#define I2C_INTERFACE_NAME0 "i2c " -#define I2C_INTERFACE_NAME1 " " +#define I2C_INTERFACE_NAME "i2c " #define I2C_INTERFACE_VERSION "0.10" - -/* - * Hashes segment. - */ - -/* Addresses common to all hash cores */ -#define ADDR_BLOCK (0x10) -#define ADDR_DIGEST (0x20) /* except SHA512 */ - -/* Addresses and codes for the specific hash cores */ -#define SHA1_ADDR_BASE (SEGMENT_OFFSET_HASHES + (0 * CORE_SIZE)) -#define SHA1_ADDR_NAME0 (SHA1_ADDR_BASE + ADDR_NAME0) -#define SHA1_ADDR_NAME1 (SHA1_ADDR_BASE + ADDR_NAME1) -#define SHA1_ADDR_VERSION (SHA1_ADDR_BASE + ADDR_VERSION) -#define SHA1_ADDR_CTRL (SHA1_ADDR_BASE + ADDR_CTRL) -#define SHA1_ADDR_STATUS (SHA1_ADDR_BASE + ADDR_STATUS) -#define SHA1_ADDR_BLOCK (SHA1_ADDR_BASE + ADDR_BLOCK) -#define SHA1_ADDR_DIGEST (SHA1_ADDR_BASE + ADDR_DIGEST) -#define SHA1_BLOCK_LEN bitsToBytes(512) -#define SHA1_LENGTH_LEN bitsToBytes(64) -#define SHA1_DIGEST_LEN bitsToBytes(160) - -#define SHA256_ADDR_BASE (SEGMENT_OFFSET_HASHES + (1 * CORE_SIZE)) -#define SHA256_ADDR_NAME0 (SHA256_ADDR_BASE + ADDR_NAME0) -#define SHA256_ADDR_NAME1 (SHA256_ADDR_BASE + ADDR_NAME1) -#define SHA256_ADDR_VERSION (SHA256_ADDR_BASE + ADDR_VERSION) -#define SHA256_ADDR_CTRL (SHA256_ADDR_BASE + ADDR_CTRL) -#define SHA256_ADDR_STATUS (SHA256_ADDR_BASE + ADDR_STATUS) -#define SHA256_ADDR_BLOCK (SHA256_ADDR_BASE + ADDR_BLOCK) -#define SHA256_ADDR_DIGEST (SHA256_ADDR_BASE + ADDR_DIGEST) -#define SHA256_BLOCK_LEN bitsToBytes(512) -#define SHA256_LENGTH_LEN bitsToBytes(64) -#define SHA256_DIGEST_LEN bitsToBytes(256) - -#define SHA512_ADDR_BASE (SEGMENT_OFFSET_HASHES + (2 * CORE_SIZE)) -#define SHA512_ADDR_NAME0 (SHA512_ADDR_BASE + ADDR_NAME0) -#define SHA512_ADDR_NAME1 (SHA512_ADDR_BASE + ADDR_NAME1) -#define SHA512_ADDR_VERSION (SHA512_ADDR_BASE + ADDR_VERSION) -#define SHA512_ADDR_CTRL (SHA512_ADDR_BASE + ADDR_CTRL) -#define SHA512_ADDR_STATUS (SHA512_ADDR_BASE + ADDR_STATUS) -#define SHA512_ADDR_BLOCK (SHA512_ADDR_BASE + ADDR_BLOCK) -#define SHA512_ADDR_DIGEST (SHA512_ADDR_BASE + 0x40) -#define SHA512_BLOCK_LEN bitsToBytes(1024) -#define SHA512_LENGTH_LEN bitsToBytes(128) -#define SHA512_224_DIGEST_LEN bitsToBytes(224) -#define SHA512_256_DIGEST_LEN bitsToBytes(256) -#define SHA384_DIGEST_LEN bitsToBytes(384) -#define SHA512_DIGEST_LEN bitsToBytes(512) -#define MODE_SHA_512_224 (0 << 2) -#define MODE_SHA_512_256 (1 << 2) -#define MODE_SHA_384 (2 << 2) -#define MODE_SHA_512 (3 << 2) - -/* Current name and version values */ -#define SHA1_NAME0 "sha1" -#define SHA1_NAME1 " " -#define SHA1_VERSION "0.50" - -#define SHA256_NAME0 "sha2" -#define SHA256_NAME1 "-256" -#define SHA256_VERSION "0.80" - -#define SHA512_NAME0 "sha2" -#define SHA512_NAME1 "-512" -#define SHA512_VERSION "0.80" - - -/* - * TRNG segment. - */ - -/* addresses and codes for the TRNG cores */ -#define TRNG_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x00 * CORE_SIZE)) -#define TRNG_ADDR_NAME0 (TRNG_ADDR_BASE + ADDR_NAME0) -#define TRNG_ADDR_NAME1 (TRNG_ADDR_BASE + ADDR_NAME1) -#define TRNG_ADDR_VERSION (TRNG_ADDR_BASE + ADDR_VERSION) -#define TRNG_ADDR_CTRL (TRNG_ADDR_BASE + 0x10) -#define TRNG_CTRL_DISCARD (1) -#define TRNG_CTRL_TEST_MODE (2) -#define TRNG_ADDR_STATUS (TRNG_ADDR_BASE + 0x11) -/* No status bits defined (yet) */ -#define TRNG_ADDR_DELAY (TRNG_ADDR_BASE + 0x13) - -#define ENTROPY1_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x05 * CORE_SIZE)) -#define ENTROPY1_ADDR_NAME0 (ENTROPY1_ADDR_BASE + ADDR_NAME0) -#define ENTROPY1_ADDR_NAME1 (ENTROPY1_ADDR_BASE + ADDR_NAME1) -#define ENTROPY1_ADDR_VERSION (ENTROPY1_ADDR_BASE + ADDR_VERSION) -#define ENTROPY1_ADDR_CTRL (ENTROPY1_ADDR_BASE + 0x10) -#define ENTROPY1_CTRL_ENABLE (1) -#define ENTROPY1_ADDR_STATUS (ENTROPY1_ADDR_BASE + 0x11) -#define ENTROPY1_STATUS_VALID (1) -#define ENTROPY1_ADDR_ENTROPY (ENTROPY1_ADDR_BASE + 0x20) -#define ENTROPY1_ADDR_DELTA (ENTROPY1_ADDR_BASE + 0x30) - -#define ENTROPY2_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x06 * CORE_SIZE)) -#define ENTROPY2_ADDR_NAME0 (ENTROPY2_ADDR_BASE + ADDR_NAME0) -#define ENTROPY2_ADDR_NAME1 (ENTROPY2_ADDR_BASE + ADDR_NAME1) -#define ENTROPY2_ADDR_VERSION (ENTROPY2_ADDR_BASE + ADDR_VERSION) -#define ENTROPY2_ADDR_CTRL (ENTROPY2_ADDR_BASE + 0x10) -#define ENTROPY2_CTRL_ENABLE (1) -#define ENTROPY2_ADDR_STATUS (ENTROPY2_ADDR_BASE + 0x11) -#define ENTROPY2_STATUS_VALID (1) -#define ENTROPY2_ADDR_OPA (ENTROPY2_ADDR_BASE + 0x18) -#define ENTROPY2_ADDR_OPB (ENTROPY2_ADDR_BASE + 0x19) -#define ENTROPY2_ADDR_ENTROPY (ENTROPY2_ADDR_BASE + 0x20) -#define ENTROPY2_ADDR_RAW (ENTROPY2_ADDR_BASE + 0x21) -#define ENTROPY2_ADDR_ROSC (ENTROPY2_ADDR_BASE + 0x22) - -#define MIXER_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x0a * CORE_SIZE)) -#define MIXER_ADDR_NAME0 (MIXER_ADDR_BASE + ADDR_NAME0) -#define MIXER_ADDR_NAME1 (MIXER_ADDR_BASE + ADDR_NAME1) -#define MIXER_ADDR_VERSION (MIXER_ADDR_BASE + ADDR_VERSION) -#define MIXER_ADDR_CTRL (MIXER_ADDR_BASE + 0x10) -#define MIXER_CTRL_ENABLE (1) -#define MIXER_CTRL_RESTART (2) -#define MIXER_ADDR_STATUS (MIXER_ADDR_BASE + 0x11) -/* No status bits defined (yet) */ -#define MIXER_ADDR_TIMEOUT (MIXER_ADDR_BASE + 0x20) - -#define CSPRNG_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x0b * CORE_SIZE)) -#define CSPRNG_ADDR_NAME0 (CSPRNG_ADDR_BASE + ADDR_NAME0) -#define CSPRNG_ADDR_NAME1 (CSPRNG_ADDR_BASE + ADDR_NAME1) -#define CSPRNG_ADDR_VERSION (CSPRNG_ADDR_BASE + ADDR_VERSION) -#define CSPRNG_ADDR_CTRL (CSPRNG_ADDR_BASE + 0x10) -#define CSPRNG_CTRL_ENABLE (1) -#define CSPRNG_CTRL_SEED (2) -#define CSPRNG_ADDR_STATUS (CSPRNG_ADDR_BASE + 0x11) -#define CSPRNG_STATUS_VALID (1) -#define CSPRNG_ADDR_RANDOM (CSPRNG_ADDR_BASE + 0x20) -#define CSPRNG_ADDR_NROUNDS (CSPRNG_ADDR_BASE + 0x40) -#define CSPRNG_ADDR_NBLOCKS_LO (CSPRNG_ADDR_BASE + 0x41) -#define CSPRNG_ADDR_NBLOCKS_HI (CSPRNG_ADDR_BASE + 0x42) - -/* Current name and version values */ -#define TRNG_NAME0 "trng" -#define TRNG_NAME1 " " +#define TRNG_NAME "trng " #define TRNG_VERSION "0.50" -#define AVALANCHE_ENTROPY_NAME0 "extn" -#define AVALANCHE_ENTROPY_NAME1 "oise" +#define AVALANCHE_ENTROPY_NAME "extnoise" #define AVALANCHE_ENTROPY_VERSION "0.10" -#define ROSC_ENTROPY_NAME0 "rosc" -#define ROSC_ENTROPY_NAME1 " ent" +#define ROSC_ENTROPY_NAME "rosc ent" #define ROSC_ENTROPY_VERSION "0.10" -#define CSPRNG_NAME0 "cspr" -#define CSPRNG_NAME1 "ng " +#define CSPRNG_NAME "csprng " #define CSPRNG_VERSION "0.50" +#define SHA1_NAME "sha1 " +#define SHA1_VERSION "0.50" -/* - * CIPHERS segment. - */ +#define SHA256_NAME "sha2-256" +#define SHA256_VERSION "0.80" -/* AES core */ -#define AES_ADDR_BASE (SEGMENT_OFFSET_CIPHERS + (0 * CORE_SIZE)) -#define AES_ADDR_NAME0 (AES_ADDR_BASE + ADDR_NAME0) -#define AES_ADDR_NAME1 (AES_ADDR_BASE + ADDR_NAME1) -#define AES_ADDR_VERSION (AES_ADDR_BASE + ADDR_VERSION) -#define AES_ADDR_CTRL (AES_ADDR_BASE + ADDR_CTRL) -#define AES_ADDR_STATUS (AES_ADDR_BASE + ADDR_STATUS) - -#define AES_ADDR_CONFIG (AES_ADDR_BASE + 0x0a) -#define AES_CONFIG_ENCDEC (1) -#define AES_CONFIG_KEYLEN (2) - -#define AES_ADDR_KEY0 (AES_ADDR_BASE + 0x10) -#define AES_ADDR_KEY1 (AES_ADDR_BASE + 0x11) -#define AES_ADDR_KEY2 (AES_ADDR_BASE + 0x12) -#define AES_ADDR_KEY3 (AES_ADDR_BASE + 0x13) -#define AES_ADDR_KEY4 (AES_ADDR_BASE + 0x14) -#define AES_ADDR_KEY5 (AES_ADDR_BASE + 0x15) -#define AES_ADDR_KEY6 (AES_ADDR_BASE + 0x16) -#define AES_ADDR_KEY7 (AES_ADDR_BASE + 0x17) - -#define AES_ADDR_BLOCK0 (AES_ADDR_BASE + 0x20) -#define AES_ADDR_BLOCK1 (AES_ADDR_BASE + 0x21) -#define AES_ADDR_BLOCK2 (AES_ADDR_BASE + 0x22) -#define AES_ADDR_BLOCK3 (AES_ADDR_BASE + 0x23) - -#define AES_ADDR_RESULT0 (AES_ADDR_BASE + 0x30) -#define AES_ADDR_RESULT1 (AES_ADDR_BASE + 0x31) -#define AES_ADDR_RESULT2 (AES_ADDR_BASE + 0x32) -#define AES_ADDR_RESULT3 (AES_ADDR_BASE + 0x33) - -/* Current name and version values */ -#define AES_CORE_NAME0 "aes " -#define AES_CORE_NAME1 " " -#define AES_CORE_VERSION "0.80" +#define SHA512_NAME "sha2-512" +#define SHA512_VERSION "0.80" +#define AES_CORE_NAME "aes " +#define AES_CORE_VERSION "0.80" -/* Chacha core */ -#define CHACHA_ADDR_BASE (SEGMENT_OFFSET_CIPHERS + (1 * CORE_SIZE)) -#define CHACHA_ADDR_NAME0 (CHACHA_ADDR_BASE + ADDR_NAME0) -#define CHACHA_ADDR_NAME1 (CHACHA_ADDR_BASE + ADDR_NAME1) -#define CHACHA_ADDR_VERSION (CHACHA_ADDR_BASE + ADDR_VERSION) -#define CHACHA_ADDR_CTRL (CHACHA_ADDR_BASE + ADDR_CTRL) -#define CHACHA_ADDR_STATUS (CHACHA_ADDR_BASE + ADDR_STATUS) - -#define CHACHA_ADDR_KEYLEN (CHACHA_ADDR_BASE + 0x0a) -#define CHACHA_KEYLEN (1) - -#define CHACHA_ADDR_ROUNDS (CHACHA_ADDR_BASE + 0x0b) - -#define CHACHA_ADDR_KEY0 (CHACHA_ADDR_BASE + 0x10) -#define CHACHA_ADDR_KEY1 (CHACHA_ADDR_BASE + 0x11) -#define CHACHA_ADDR_KEY2 (CHACHA_ADDR_BASE + 0x12) -#define CHACHA_ADDR_KEY3 (CHACHA_ADDR_BASE + 0x13) -#define CHACHA_ADDR_KEY4 (CHACHA_ADDR_BASE + 0x14) -#define CHACHA_ADDR_KEY5 (CHACHA_ADDR_BASE + 0x15) -#define CHACHA_ADDR_KEY6 (CHACHA_ADDR_BASE + 0x16) -#define CHACHA_ADDR_KEY7 (CHACHA_ADDR_BASE + 0x17) - -#define CHACHA_ADDR_IV0 (CHACHA_ADDR_BASE + 0x20) -#define CHACHA_ADDR_IV1 (CHACHA_ADDR_BASE + 0x21) - -#define CHACHA_ADDR_DATA_IN0 (CHACHA_ADDR_BASE + 0x40) -#define CHACHA_ADDR_DATA_IN1 (CHACHA_ADDR_BASE + 0x41) -#define CHACHA_ADDR_DATA_IN2 (CHACHA_ADDR_BASE + 0x42) -#define CHACHA_ADDR_DATA_IN3 (CHACHA_ADDR_BASE + 0x43) -#define CHACHA_ADDR_DATA_IN4 (CHACHA_ADDR_BASE + 0x44) -#define CHACHA_ADDR_DATA_IN5 (CHACHA_ADDR_BASE + 0x45) -#define CHACHA_ADDR_DATA_IN6 (CHACHA_ADDR_BASE + 0x46) -#define CHACHA_ADDR_DATA_IN7 (CHACHA_ADDR_BASE + 0x47) -#define CHACHA_ADDR_DATA_IN8 (CHACHA_ADDR_BASE + 0x48) -#define CHACHA_ADDR_DATA_IN9 (CHACHA_ADDR_BASE + 0x49) -#define CHACHA_ADDR_DATA_IN10 (CHACHA_ADDR_BASE + 0x4a) -#define CHACHA_ADDR_DATA_IN11 (CHACHA_ADDR_BASE + 0x4b) -#define CHACHA_ADDR_DATA_IN12 (CHACHA_ADDR_BASE + 0x4c) -#define CHACHA_ADDR_DATA_IN13 (CHACHA_ADDR_BASE + 0x4d) -#define CHACHA_ADDR_DATA_IN14 (CHACHA_ADDR_BASE + 0x4e) -#define CHACHA_ADDR_DATA_IN15 (CHACHA_ADDR_BASE + 0x4f) - -#define CHACHA_ADDR_DATA_OUT0 (CHACHA_ADDR_BASE + 0x80) -#define CHACHA_ADDR_DATA_OUT1 (CHACHA_ADDR_BASE + 0x81) -#define CHACHA_ADDR_DATA_OUT2 (CHACHA_ADDR_BASE + 0x82) -#define CHACHA_ADDR_DATA_OUT3 (CHACHA_ADDR_BASE + 0x83) -#define CHACHA_ADDR_DATA_OUT4 (CHACHA_ADDR_BASE + 0x84) -#define CHACHA_ADDR_DATA_OUT5 (CHACHA_ADDR_BASE + 0x85) -#define CHACHA_ADDR_DATA_OUT6 (CHACHA_ADDR_BASE + 0x86) -#define CHACHA_ADDR_DATA_OUT7 (CHACHA_ADDR_BASE + 0x87) -#define CHACHA_ADDR_DATA_OUT8 (CHACHA_ADDR_BASE + 0x88) -#define CHACHA_ADDR_DATA_OUT9 (CHACHA_ADDR_BASE + 0x89) -#define CHACHA_ADDR_DATA_OUT10 (CHACHA_ADDR_BASE + 0x8a) -#define CHACHA_ADDR_DATA_OUT11 (CHACHA_ADDR_BASE + 0x8b) -#define CHACHA_ADDR_DATA_OUT12 (CHACHA_ADDR_BASE + 0x8c) -#define CHACHA_ADDR_DATA_OUT13 (CHACHA_ADDR_BASE + 0x8d) -#define CHACHA_ADDR_DATA_OUT14 (CHACHA_ADDR_BASE + 0x8e) -#define CHACHA_ADDR_DATA_OUT15 (CHACHA_ADDR_BASE + 0x8f) - -/* Current name and version values */ -#define CHACHA_NAME0 "chac" -#define CHACHA_NAME1 "ha " +#define CHACHA_NAME "chacha " #define CHACHA_VERSION "0.80" - -/* - * MATH segment. - */ - -#define MATH_CORE_SIZE (0x400) - -/* - * ModExpS6 core. MODEXPS6_OPERAND_BITS is size in bits of largest - * supported modulus. - */ - -#define MODEXPS6_ADDR_BASE (SEGMENT_OFFSET_MATH + (0x00 * MATH_CORE_SIZE)) -#define MODEXPS6_OPERAND_BITS (4096) -#define MODEXPS6_OPERAND_WORDS (MODEXPS6_OPERAND_BITS/32) -#define MODEXPS6_ADDR_REGISTERS (MODEXPS6_ADDR_BASE + 0*MODEXPS6_OPERAND_WORDS) -#define MODEXPS6_ADDR_OPERANDS (MODEXPS6_ADDR_BASE + 4*MODEXPS6_OPERAND_WORDS) -#define MODEXPS6_ADDR_NAME0 (MODEXPS6_ADDR_REGISTERS + ADDR_NAME0) -#define MODEXPS6_ADDR_NAME1 (MODEXPS6_ADDR_REGISTERS + ADDR_NAME1) -#define MODEXPS6_ADDR_VERSION (MODEXPS6_ADDR_REGISTERS + ADDR_VERSION) -#define MODEXPS6_ADDR_CTRL (MODEXPS6_ADDR_REGISTERS + ADDR_CTRL) -#define MODEXPS6_ADDR_STATUS (MODEXPS6_ADDR_REGISTERS + ADDR_STATUS) -#define MODEXPS6_ADDR_MODE (MODEXPS6_ADDR_REGISTERS + 0x10) -#define MODEXPS6_ADDR_MODULUS_WIDTH (MODEXPS6_ADDR_REGISTERS + 0x11) -#define MODEXPS6_ADDR_EXPONENT_WIDTH (MODEXPS6_ADDR_REGISTERS + 0x12) -#define MODEXPS6_ADDR_MODULUS (MODEXPS6_ADDR_OPERANDS + 0*MODEXPS6_OPERAND_WORDS) -#define MODEXPS6_ADDR_MESSAGE (MODEXPS6_ADDR_OPERANDS + 1*MODEXPS6_OPERAND_WORDS) -#define MODEXPS6_ADDR_EXPONENT (MODEXPS6_ADDR_OPERANDS + 2*MODEXPS6_OPERAND_WORDS) -#define MODEXPS6_ADDR_RESULT (MODEXPS6_ADDR_OPERANDS + 3*MODEXPS6_OPERAND_WORDS) -#define MODEXPS6_NAME0 "mode" -#define MODEXPS6_NAME1 "xps6" -#define MODEXPS6_VERSION "0.10" +#define MODEXPS6_NAME "modexps6" +#define MODEXPS6_VERSION "0.10" /* * C API error codes. Defined in this form so we can keep the tokens @@ -442,6 +113,7 @@ DEFINE_HAL_ERROR(HAL_ERROR_ASN1_PARSE_FAILED, "ASN.1 parse failed") \ DEFINE_HAL_ERROR(HAL_ERROR_KEY_NOT_ON_CURVE, "EC key is not on its purported curve") \ DEFINE_HAL_ERROR(HAL_ERROR_INVALID_SIGNATURE, "Invalid signature") \ + DEFINE_HAL_ERROR(HAL_ERROR_CORE_NOT_FOUND, "Requested core not found") \ END_OF_HAL_ERROR_LIST /* Marker to forestall silly line continuation errors */ @@ -473,18 +145,45 @@ typedef off_t hal_addr_t; extern const char *hal_error_string(const hal_error_t err); /* + * Opaque structure representing a core. + */ + +typedef struct hal_core hal_core_t; + +/* * Public I/O functions. */ extern void hal_io_set_debug(int onoff); -extern hal_error_t hal_io_write(hal_addr_t offset, const uint8_t *buf, size_t len); -extern hal_error_t hal_io_read(hal_addr_t offset, uint8_t *buf, size_t len); -extern hal_error_t hal_io_expected(hal_addr_t offset, const uint8_t *expected, size_t len); -extern hal_error_t hal_io_init(hal_addr_t offset); -extern hal_error_t hal_io_next(hal_addr_t offset); -extern hal_error_t hal_io_wait(hal_addr_t offset, uint8_t status, int *count); -extern hal_error_t hal_io_wait_ready(hal_addr_t offset); -extern hal_error_t hal_io_wait_valid(hal_addr_t offset); +extern hal_error_t hal_io_write(const hal_core_t *core, hal_addr_t offset, const uint8_t *buf, size_t len); +extern hal_error_t hal_io_read(const hal_core_t *core, hal_addr_t offset, uint8_t *buf, size_t len); +extern hal_error_t hal_io_init(const hal_core_t *core); +extern hal_error_t hal_io_next(const hal_core_t *core); +extern hal_error_t hal_io_wait(const hal_core_t *core, uint8_t status, int *count); +extern hal_error_t hal_io_wait_ready(const hal_core_t *core); +extern hal_error_t hal_io_wait_valid(const hal_core_t *core); + +/* + * Core management functions. + * + * Given our druthers, we'd handle public information about a core + * using the opaque type and individual access methods, but C's + * insistence on discarding array bounds information makes + * non-delimited character arrays problematic unless we wrap them in a + * structure. + */ + +typedef struct { + char name[8]; + char version[4]; + hal_addr_t base; +} hal_core_info_t; + +extern const hal_core_t *hal_core_find(const char *name, const hal_core_t *core); +extern const hal_core_info_t *hal_core_info(const hal_core_t *core); +extern hal_error_t hal_core_check_name(const hal_core_t **core, const char *name); +extern hal_addr_t hal_core_base(const hal_core_t *core); +extern const hal_core_t * hal_core_iterate(const hal_core_t *core); /* * Higher level public API. @@ -494,7 +193,7 @@ extern hal_error_t hal_io_wait_valid(hal_addr_t offset); * Get random bytes from the CSPRNG. */ -extern hal_error_t hal_get_random(void *buffer, const size_t length); +extern hal_error_t hal_get_random(const hal_core_t *core, void *buffer, const size_t length); /* * Hash and HMAC API. @@ -530,11 +229,12 @@ typedef struct { const uint8_t * const digest_algorithm_id; size_t digest_algorithm_id_length; const hal_hash_driver_t *driver; + char core_name[8]; unsigned can_restore_state : 1; } hal_hash_descriptor_t; /* - * Opaque pointers to internal state. + * Opaque structures for internal state. */ typedef struct hal_hash_state hal_hash_state_t; @@ -558,9 +258,8 @@ extern const hal_hash_descriptor_t hal_hash_sha512[1]; extern void hal_hash_set_debug(int onoff); -extern hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor); - -extern hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor, +extern hal_error_t hal_hash_initialize(const hal_core_t *core, + const hal_hash_descriptor_t * const descriptor, hal_hash_state_t **state, void *state_buffer, const size_t state_length); @@ -570,7 +269,8 @@ extern hal_error_t hal_hash_update(hal_hash_state_t *state, extern hal_error_t hal_hash_finalize(hal_hash_state_t *state, uint8_t *digest, const size_t length); -extern hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor, +extern hal_error_t hal_hmac_initialize(const hal_core_t *core, + const hal_hash_descriptor_t * const descriptor, hal_hmac_state_t **state, void *state_buffer, const size_t state_length, const uint8_t * const key, const size_t key_length); @@ -588,11 +288,13 @@ extern void hal_hmac_cleanup(hal_hmac_state_t **state); * AES key wrap functions. */ -extern hal_error_t hal_aes_keywrap(const uint8_t *kek, const size_t kek_length, +extern hal_error_t hal_aes_keywrap(const hal_core_t *core, + const uint8_t *kek, const size_t kek_length, const uint8_t *plaintext, const size_t plaintext_length, uint8_t *cyphertext, size_t *ciphertext_length); -extern hal_error_t hal_aes_keyunwrap(const uint8_t *kek, const size_t kek_length, +extern hal_error_t hal_aes_keyunwrap(const hal_core_t *core, + const uint8_t *kek, const size_t kek_length, const uint8_t *ciphertext, const size_t ciphertext_length, unsigned char *plaintext, size_t *plaintext_length); @@ -603,7 +305,8 @@ extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length); * the pseudo-random function (PRF). */ -extern hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor, +extern hal_error_t hal_pbkdf2(const hal_core_t *core, + const hal_hash_descriptor_t * const descriptor, const uint8_t * const password, const size_t password_length, const uint8_t * const salt, const size_t salt_length, uint8_t * derived_key, const size_t derived_key_length, @@ -615,7 +318,8 @@ extern hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor, extern void hal_modexp_set_debug(const int onoff); -extern hal_error_t hal_modexp(const uint8_t * const msg, const size_t msg_len, /* Message */ +extern hal_error_t hal_modexp(const hal_core_t *core, + const uint8_t * const msg, const size_t msg_len, /* Message */ const uint8_t * const exp, const size_t exp_len, /* Exponent */ const uint8_t * const mod, const size_t mod_len, /* Modulus */ uint8_t * result, const size_t result_len); @@ -666,15 +370,18 @@ extern hal_error_t hal_rsa_key_get_public_exponent(const hal_rsa_key_t * const k extern void hal_rsa_key_clear(hal_rsa_key_t *key); -extern hal_error_t hal_rsa_encrypt(const hal_rsa_key_t * const key, +extern hal_error_t hal_rsa_encrypt(const hal_core_t *core, + const hal_rsa_key_t * const key, const uint8_t * const input, const size_t input_len, uint8_t * output, const size_t output_len); -extern hal_error_t hal_rsa_decrypt(const hal_rsa_key_t * const key, +extern hal_error_t hal_rsa_decrypt(const hal_core_t *core, + const hal_rsa_key_t * const key, const uint8_t * const input, const size_t input_len, uint8_t * output, const size_t output_len); -extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t **key, +extern hal_error_t hal_rsa_key_gen(const hal_core_t *core, + hal_rsa_key_t **key, void *keybuf, const size_t keybuf_len, const unsigned key_length, const uint8_t * const public_exponent, const size_t public_exponent_len); @@ -729,7 +436,8 @@ extern hal_error_t hal_ecdsa_key_get_public(const hal_ecdsa_key_t * const key, extern void hal_ecdsa_key_clear(hal_ecdsa_key_t *key); -extern hal_error_t hal_ecdsa_key_gen(hal_ecdsa_key_t **key, +extern hal_error_t hal_ecdsa_key_gen(const hal_core_t *core, + hal_ecdsa_key_t **key, void *keybuf, const size_t keybuf_len, const hal_ecdsa_curve_t curve); @@ -752,15 +460,17 @@ extern hal_error_t hal_ecdsa_key_from_ecpoint(hal_ecdsa_key_t **key, const uint8_t * const der, const size_t der_len, const hal_ecdsa_curve_t curve); -extern hal_error_t hal_ecdsa_sign(const hal_ecdsa_key_t * const key, +extern hal_error_t hal_ecdsa_sign(const hal_core_t *core, + const hal_ecdsa_key_t * const key, const uint8_t * const hash, const size_t hash_len, uint8_t *signature, size_t *signature_len, const size_t signature_max, const hal_ecdsa_signature_format_t signature_format); -extern hal_error_t hal_ecdsa_verify(const hal_ecdsa_key_t * const key, - const uint8_t * const hash, const size_t hash_len, - const uint8_t * const signature, const size_t signature_len, - const hal_ecdsa_signature_format_t signature_format); +extern hal_error_t hal_ecdsa_verify(const hal_core_t *core, + const hal_ecdsa_key_t * const key, + const uint8_t * const hash, const size_t hash_len, + const uint8_t * const signature, const size_t signature_len, + const hal_ecdsa_signature_format_t signature_format); #endif /* _HAL_H_ */ diff --git a/hal_io_eim.c b/hal_io_eim.c index c0f70f4..4f9df65 100644 --- a/hal_io_eim.c +++ b/hal_io_eim.c @@ -43,6 +43,7 @@ #include "novena-eim.h" #include "hal.h" +#include "verilog_constants.h" static int debug = 0; static int inited = 0; @@ -93,7 +94,7 @@ static void dump(char *label, const uint8_t *buf, size_t len) } } -hal_error_t hal_io_write(hal_addr_t offset, const uint8_t *buf, size_t len) +hal_error_t hal_io_write(const hal_core_t *core, hal_addr_t offset, const uint8_t *buf, size_t len) { hal_error_t err; @@ -105,7 +106,7 @@ hal_error_t hal_io_write(hal_addr_t offset, const uint8_t *buf, size_t len) dump("write ", buf, len); - offset = eim_offset(offset); + offset = eim_offset(offset + hal_core_base(core)); for (; len > 0; offset += 4, buf += 4, len -= 4) { uint32_t val; val = htonl(*(uint32_t *)buf); @@ -115,7 +116,7 @@ hal_error_t hal_io_write(hal_addr_t offset, const uint8_t *buf, size_t len) return HAL_OK; } -hal_error_t hal_io_read(hal_addr_t offset, uint8_t *buf, size_t len) +hal_error_t hal_io_read(const hal_core_t *core, hal_addr_t offset, uint8_t *buf, size_t len) { uint8_t *rbuf = buf; int rlen = len; @@ -127,7 +128,7 @@ hal_error_t hal_io_read(hal_addr_t offset, uint8_t *buf, size_t len) if ((err = init()) != HAL_OK) return err; - offset = eim_offset(offset); + offset = eim_offset(offset + hal_core_base(core)); for (; rlen > 0; offset += 4, rbuf += 4, rlen -= 4) { uint32_t val; eim_read_32(offset, &val); @@ -139,40 +140,19 @@ hal_error_t hal_io_read(hal_addr_t offset, uint8_t *buf, size_t len) return HAL_OK; } -hal_error_t hal_io_expected(hal_addr_t offset, const uint8_t *expected, size_t len) -{ - hal_error_t err; - uint8_t buf[4]; - size_t i; - - if (len % 4 != 0) - return HAL_ERROR_IO_BAD_COUNT; - - dump("expect", expected, len); - - for (i = 0; i < len; i++) { - if ((i & 3) == 0 && (err = hal_io_read(offset + i/4, buf, sizeof(buf))) != HAL_OK) - return err; - if (buf[i & 3] != expected[i]) - return HAL_ERROR_IO_UNEXPECTED; - } - - return HAL_OK; -} - -hal_error_t hal_io_init(hal_addr_t offset) +hal_error_t hal_io_init(const hal_core_t *core) { uint8_t buf[4] = { 0, 0, 0, CTRL_INIT }; - return hal_io_write(offset, buf, sizeof(buf)); + return hal_io_write(core, ADDR_CTRL, buf, sizeof(buf)); } -hal_error_t hal_io_next(hal_addr_t offset) +hal_error_t hal_io_next(const hal_core_t *core) { uint8_t buf[4] = { 0, 0, 0, CTRL_NEXT }; - return hal_io_write(offset, buf, sizeof(buf)); + return hal_io_write(core, ADDR_CTRL, buf, sizeof(buf)); } -hal_error_t hal_io_wait(hal_addr_t offset, uint8_t status, int *count) +hal_error_t hal_io_wait(const hal_core_t *core, uint8_t status, int *count) { hal_error_t err; uint8_t buf[4]; @@ -183,7 +163,7 @@ hal_error_t hal_io_wait(hal_addr_t offset, uint8_t status, int *count) if (count && (*count > 0) && (i >= *count)) return HAL_ERROR_IO_TIMEOUT; - if ((err = hal_io_read(offset, buf, sizeof(buf))) != HAL_OK) + if ((err = hal_io_read(core, ADDR_STATUS, buf, sizeof(buf))) != HAL_OK) return err; if ((buf[3] & status) != 0) { @@ -194,16 +174,16 @@ hal_error_t hal_io_wait(hal_addr_t offset, uint8_t status, int *count) } } -hal_error_t hal_io_wait_ready(hal_addr_t offset) +hal_error_t hal_io_wait_ready(const hal_core_t *core) { int limit = EIM_IO_TIMEOUT; - return hal_io_wait(offset, STATUS_READY, &limit); + return hal_io_wait(core, STATUS_READY, &limit); } -hal_error_t hal_io_wait_valid(hal_addr_t offset) +hal_error_t hal_io_wait_valid(const hal_core_t *core) { int limit = EIM_IO_TIMEOUT; - return hal_io_wait(offset, STATUS_VALID, &limit); + return hal_io_wait(core, STATUS_VALID, &limit); } /* diff --git a/hal_io_i2c.c b/hal_io_i2c.c index 1dbd041..3e8ac59 100644 --- a/hal_io_i2c.c +++ b/hal_io_i2c.c @@ -41,6 +41,7 @@ #include <stdint.h> #include "hal.h" +#include "verilog_constants.h" #define I2C_dev "/dev/i2c-2" #define I2C_addr 0x0f @@ -43,6 +43,7 @@ #include <sys/ioctl.h> #include "hal.h" +#include "verilog_constants.h" /* * HMAC magic numbers. @@ -66,12 +67,8 @@ struct hal_hash_driver { size_t length_length; /* Length of the length field */ - hal_addr_t block_addr; /* Where to write hash blocks */ - hal_addr_t ctrl_addr; /* Control register */ - hal_addr_t status_addr; /* Status register */ - hal_addr_t digest_addr; /* Where to read digest */ - hal_addr_t name_addr; /* Where to read core name */ - char core_name[8]; /* Expected name of core */ + hal_addr_t block_addr; /* Where to write hash blocks */ + hal_addr_t digest_addr; /* Where to read digest */ uint8_t ctrl_mode; /* Digest mode, for cores that have modes */ }; @@ -81,6 +78,7 @@ struct hal_hash_driver { */ struct hal_hash_state { + const hal_core_t *core; const hal_hash_descriptor_t *descriptor; const hal_hash_driver_t *driver; uint64_t msg_length_high; /* Total data hashed in this message */ @@ -116,45 +114,27 @@ struct hal_hmac_state { */ static const hal_hash_driver_t sha1_driver = { - SHA1_LENGTH_LEN, - SHA1_ADDR_BLOCK, SHA1_ADDR_CTRL, SHA1_ADDR_STATUS, SHA1_ADDR_DIGEST, - SHA1_ADDR_NAME0, (SHA1_NAME0 SHA1_NAME1), - 0 + SHA1_LENGTH_LEN, SHA1_ADDR_BLOCK, SHA1_ADDR_DIGEST, 0 }; static const hal_hash_driver_t sha256_driver = { - SHA256_LENGTH_LEN, - SHA256_ADDR_BLOCK, SHA256_ADDR_CTRL, SHA256_ADDR_STATUS, SHA256_ADDR_DIGEST, - SHA256_ADDR_NAME0, (SHA256_NAME0 SHA256_NAME1), - 0 + SHA256_LENGTH_LEN, SHA256_ADDR_BLOCK, SHA256_ADDR_DIGEST, 0 }; static const hal_hash_driver_t sha512_224_driver = { - SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), - MODE_SHA_512_224 + SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_512_224 }; static const hal_hash_driver_t sha512_256_driver = { - SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), - MODE_SHA_512_256 + SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_512_256 }; static const hal_hash_driver_t sha384_driver = { - SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), - MODE_SHA_384 + SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_384 }; static const hal_hash_driver_t sha512_driver = { - SHA512_LENGTH_LEN, - SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST, - SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1), - MODE_SHA_512 + SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_512 }; /* @@ -190,42 +170,42 @@ const hal_hash_descriptor_t hal_hash_sha1[1] = {{ SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t), dalgid_sha1, sizeof(dalgid_sha1), - &sha1_driver, 0 + &sha1_driver, SHA1_NAME, 0 }}; const hal_hash_descriptor_t hal_hash_sha256[1] = {{ SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t), dalgid_sha256, sizeof(dalgid_sha256), - &sha256_driver, 1 + &sha256_driver, SHA256_NAME, 1 }}; const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{ SHA512_BLOCK_LEN, SHA512_224_DIGEST_LEN, sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t), dalgid_sha512_224, sizeof(dalgid_sha512_224), - &sha512_224_driver, 0 + &sha512_224_driver, SHA512_NAME, 0 }}; const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{ SHA512_BLOCK_LEN, SHA512_256_DIGEST_LEN, sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t), dalgid_sha512_256, sizeof(dalgid_sha512_256), - &sha512_256_driver, 0 + &sha512_256_driver, SHA512_NAME, 0 }}; const hal_hash_descriptor_t hal_hash_sha384[1] = {{ SHA512_BLOCK_LEN, SHA384_DIGEST_LEN, sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t), dalgid_sha384, sizeof(dalgid_sha384), - &sha384_driver, 0 + &sha384_driver, SHA512_NAME, 0 }}; const hal_hash_descriptor_t hal_hash_sha512[1] = {{ SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t), dalgid_sha512, sizeof(dalgid_sha512), - &sha512_driver, 0 + &sha512_driver, SHA512_NAME, 0 }}; /* @@ -253,31 +233,29 @@ static const hal_hash_driver_t *check_driver(const hal_hash_descriptor_t * const } /* - * Report whether cores are present. + * Internal utility to check core against descriptor, including + * attempting to locate an appropriate core if we weren't given one. */ -hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor) +static hal_error_t check_core(const hal_core_t **core, + const hal_hash_descriptor_t * const descriptor) { - const hal_hash_driver_t * const driver = check_driver(descriptor); - - if (driver == NULL) - return HAL_ERROR_BAD_ARGUMENTS; - - return hal_io_expected(driver->name_addr, - (const uint8_t *) driver->core_name, - sizeof(driver->core_name)); + assert(descriptor != NULL && descriptor->driver != NULL); + return hal_core_check_name(core, descriptor->core_name); } /* * Initialize hash state. */ -hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor, +hal_error_t hal_hash_initialize(const hal_core_t *core, + const hal_hash_descriptor_t * const descriptor, hal_hash_state_t **state_, void *state_buffer, const size_t state_length) { const hal_hash_driver_t * const driver = check_driver(descriptor); hal_hash_state_t *state = state_buffer; + hal_error_t err; if (driver == NULL || state_ == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -285,12 +263,16 @@ hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor, if (state_buffer != NULL && state_length < descriptor->hash_state_length) return HAL_ERROR_BAD_ARGUMENTS; + if ((err = check_core(&core, descriptor)) != HAL_OK) + return err; + if (state_buffer == NULL && (state = malloc(descriptor->hash_state_length)) == NULL) return HAL_ERROR_ALLOCATION_FAILURE; memset(state, 0, sizeof(*state)); state->descriptor = descriptor; state->driver = driver; + state->core = core; if (state_buffer == NULL) state->flags |= STATE_FLAG_STATE_ALLOCATED; @@ -324,7 +306,8 @@ void hal_hash_cleanup(hal_hash_state_t **state_) * read current hash state from core. */ -static hal_error_t hash_read_digest(const hal_hash_driver_t * const driver, +static hal_error_t hash_read_digest(const hal_core_t *core, + const hal_hash_driver_t * const driver, uint8_t *digest, const size_t digest_length) { @@ -332,17 +315,18 @@ static hal_error_t hash_read_digest(const hal_hash_driver_t * const driver, assert(digest != NULL && digest_length % 4 == 0); - if ((err = hal_io_wait_valid(driver->status_addr)) != HAL_OK) + if ((err = hal_io_wait_valid(core)) != HAL_OK) return err; - return hal_io_read(driver->digest_addr, digest, digest_length); + return hal_io_read(core, driver->digest_addr, digest, digest_length); } /* * Write hash state back to core. */ -static hal_error_t hash_write_digest(const hal_hash_driver_t * const driver, +static hal_error_t hash_write_digest(const hal_core_t *core, + const hal_hash_driver_t * const driver, const uint8_t * const digest, const size_t digest_length) { @@ -350,10 +334,10 @@ static hal_error_t hash_write_digest(const hal_hash_driver_t * const driver, assert(digest != NULL && digest_length % 4 == 0); - if ((err = hal_io_wait_ready(driver->status_addr)) != HAL_OK) + if ((err = hal_io_wait_ready(core)) != HAL_OK) return err; - return hal_io_write(driver->digest_addr, digest, digest_length); + return hal_io_write(core, driver->digest_addr, digest, digest_length); } /* @@ -374,16 +358,16 @@ static hal_error_t hash_write_block(hal_hash_state_t * const state) if (debug) fprintf(stderr, "[ %s ]\n", state->block_count == 0 ? "init" : "next"); - if ((err = hal_io_wait_ready(state->driver->status_addr)) != HAL_OK) + if ((err = hal_io_wait_ready(state->core)) != HAL_OK) return err; if (state->descriptor->can_restore_state && state->block_count != 0 && - (err = hash_write_digest(state->driver, state->core_state, + (err = hash_write_digest(state->core, state->driver, state->core_state, state->descriptor->digest_length)) != HAL_OK) return err; - if ((err = hal_io_write(state->driver->block_addr, state->block, + if ((err = hal_io_write(state->core, state->driver->block_addr, state->block, state->descriptor->block_length)) != HAL_OK) return err; @@ -391,15 +375,15 @@ static hal_error_t hash_write_block(hal_hash_state_t * const state) ctrl_cmd[3] = state->block_count == 0 ? CTRL_INIT : CTRL_NEXT; ctrl_cmd[3] |= state->driver->ctrl_mode; - if ((err = hal_io_write(state->driver->ctrl_addr, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK) + if ((err = hal_io_write(state->core, ADDR_CTRL, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK) return err; if (state->descriptor->can_restore_state && - (err = hash_read_digest(state->driver, state->core_state, + (err = hash_read_digest(state->core, state->driver, state->core_state, state->descriptor->digest_length)) != HAL_OK) return err; - return hal_io_wait_valid(state->driver->status_addr); + return hal_io_wait_valid(state->core); } /* @@ -530,7 +514,7 @@ hal_error_t hal_hash_finalize(hal_hash_state_t *state, /* Opaque sta state->block_count++; /* All data pushed to core, now we just need to read back the result */ - if ((err = hash_read_digest(state->driver, digest_buffer, state->descriptor->digest_length)) != HAL_OK) + if ((err = hash_read_digest(state->core, state->driver, digest_buffer, state->descriptor->digest_length)) != HAL_OK) return err; return HAL_OK; @@ -540,7 +524,8 @@ hal_error_t hal_hash_finalize(hal_hash_state_t *state, /* Opaque sta * Initialize HMAC state. */ -hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor, +hal_error_t hal_hmac_initialize(const hal_core_t *core, + const hal_hash_descriptor_t * const descriptor, hal_hmac_state_t **state_, void *state_buffer, const size_t state_length, const uint8_t * const key, const size_t key_length) @@ -556,6 +541,9 @@ hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor, if (state_buffer != NULL && state_length < descriptor->hmac_state_length) return HAL_ERROR_BAD_ARGUMENTS; + if ((err = check_core(&core, descriptor)) != HAL_OK) + return err; + if (state_buffer == NULL && (state = malloc(descriptor->hmac_state_length)) == NULL) return HAL_ERROR_ALLOCATION_FAILURE; @@ -573,7 +561,7 @@ hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor, return HAL_ERROR_UNSUPPORTED_KEY; #endif - if ((err = hal_hash_initialize(descriptor, &h, &state->hash_state, + if ((err = hal_hash_initialize(core, descriptor, &h, &state->hash_state, sizeof(state->hash_state))) != HAL_OK) goto fail; @@ -593,7 +581,7 @@ hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor, else if ((err = hal_hash_update(h, key, key_length)) != HAL_OK || (err = hal_hash_finalize(h, state->keybuf, sizeof(state->keybuf))) != HAL_OK || - (err = hal_hash_initialize(descriptor, &h, &state->hash_state, + (err = hal_hash_initialize(core, descriptor, &h, &state->hash_state, sizeof(state->hash_state))) != HAL_OK) goto fail; @@ -693,7 +681,7 @@ hal_error_t hal_hmac_finalize(hal_hmac_state_t *state, */ if ((err = hal_hash_finalize(h, d, sizeof(d))) != HAL_OK || - (err = hal_hash_initialize(descriptor, &h, &state->hash_state, + (err = hal_hash_initialize(h->core, descriptor, &h, &state->hash_state, sizeof(state->hash_state))) != HAL_OK || (err = hal_hash_update(h, state->keybuf, descriptor->block_length)) != HAL_OK || (err = hal_hash_update(h, d, descriptor->digest_length)) != HAL_OK || @@ -46,6 +46,7 @@ #include <assert.h> #include "hal.h" +#include "verilog_constants.h" /* * Whether we want debug output. @@ -76,7 +77,8 @@ void hal_modexp_set_debug(const int onoff) * Set an ordinary register. */ -static hal_error_t set_register(const hal_addr_t addr, +static hal_error_t set_register(const hal_core_t *core, + const hal_addr_t addr, uint32_t value) { uint8_t w[4]; @@ -87,7 +89,7 @@ static hal_error_t set_register(const hal_addr_t addr, value >>= 8; } - return hal_io_write(addr, w, sizeof(w)); + return hal_io_write(core, addr, w, sizeof(w)); } /* @@ -96,7 +98,8 @@ static hal_error_t set_register(const hal_addr_t addr, * expects. */ -static hal_error_t get_buffer(const hal_addr_t data_addr, +static hal_error_t get_buffer(const hal_core_t *core, + const hal_addr_t data_addr, uint8_t *value, const size_t length) { @@ -105,7 +108,7 @@ static hal_error_t get_buffer(const hal_addr_t data_addr, assert(value != NULL && length % 4 == 0); for (i = 0; i < length; i += 4) - check(hal_io_read(data_addr + i/4, &value[length - 4 - i], 4)); + check(hal_io_read(core, data_addr + i/4, &value[length - 4 - i], 4)); return HAL_OK; } @@ -116,7 +119,8 @@ static hal_error_t get_buffer(const hal_addr_t data_addr, * expects. */ -static hal_error_t set_buffer(const hal_addr_t data_addr, +static hal_error_t set_buffer(const hal_core_t *core, + const hal_addr_t data_addr, const uint8_t * const value, const size_t length) { @@ -125,7 +129,7 @@ static hal_error_t set_buffer(const hal_addr_t data_addr, assert(value != NULL && length % 4 == 0); for (i = 0; i < length; i += 4) - check(hal_io_write(data_addr + i/4, &value[length - 4 - i], 4)); + check(hal_io_write(core, data_addr + i/4, &value[length - 4 - i], 4)); return HAL_OK; } @@ -134,7 +138,8 @@ static hal_error_t set_buffer(const hal_addr_t data_addr, * Run one modexp operation. */ -hal_error_t hal_modexp(const uint8_t * const msg, const size_t msg_len, /* Message */ +hal_error_t hal_modexp(const hal_core_t *core, + const uint8_t * const msg, const size_t msg_len, /* Message */ const uint8_t * const exp, const size_t exp_len, /* Exponent */ const uint8_t * const mod, const size_t mod_len, /* Modulus */ uint8_t *result, const size_t result_len) @@ -171,37 +176,37 @@ hal_error_t hal_modexp(const uint8_t * const msg, const size_t msg_len, /* Messa */ /* Select mode (1 = fast, 0 = safe) */ - check(set_register(MODEXPS6_ADDR_MODE, (exp_len <= 4))); + check(set_register(core, MODEXPS6_ADDR_MODE, (exp_len <= 4))); /* Set modulus size in bits */ - check(set_register(MODEXPS6_ADDR_MODULUS_WIDTH, mod_len * 8)); + check(set_register(core, MODEXPS6_ADDR_MODULUS_WIDTH, mod_len * 8)); /* Write new modulus */ - check(set_buffer(MODEXPS6_ADDR_MODULUS, mod, mod_len)); + check(set_buffer(core, MODEXPS6_ADDR_MODULUS, mod, mod_len)); /* Pre-calcuate speed-up coefficient */ - check(hal_io_init(MODEXPS6_ADDR_CTRL)); + check(hal_io_init(core)); /* Wait for calculation to complete */ - check(hal_io_wait_ready(MODEXPS6_ADDR_STATUS)); + check(hal_io_wait_ready(core)); /* Write new message */ - check(set_buffer(MODEXPS6_ADDR_MESSAGE, msg, msg_len)); + check(set_buffer(core, MODEXPS6_ADDR_MESSAGE, msg, msg_len)); /* Set new exponent length in bits */ - check(set_register(MODEXPS6_ADDR_EXPONENT_WIDTH, exp_len * 8)); + check(set_register(core, MODEXPS6_ADDR_EXPONENT_WIDTH, exp_len * 8)); /* Set new exponent */ - check(set_buffer(MODEXPS6_ADDR_EXPONENT, exp, exp_len)); + check(set_buffer(core, MODEXPS6_ADDR_EXPONENT, exp, exp_len)); /* Start calculation */ - check(hal_io_next(MODEXPS6_ADDR_CTRL)); + check(hal_io_next(core)); /* Wait for result */ - check(hal_io_wait_valid(MODEXPS6_ADDR_STATUS)); + check(hal_io_wait_valid(core)); /* Extract result */ - check(get_buffer(MODEXPS6_ADDR_RESULT, result, mod_len)); + check(get_buffer(core, MODEXPS6_ADDR_RESULT, result, mod_len)); return HAL_OK; } @@ -43,13 +43,15 @@ #include <sys/ioctl.h> #include "hal.h" +#include "verilog_constants.h" /* * Utility to encapsulate the HMAC operations. May need refactoring * if and when we get clever about reusing HMAC state for speed. */ -static hal_error_t do_hmac(const hal_hash_descriptor_t * const d, +static hal_error_t do_hmac(const hal_core_t *core, + const hal_hash_descriptor_t * const d, const uint8_t * const pw, const size_t pw_len, const uint8_t * const data, const size_t data_len, const uint32_t block, @@ -61,7 +63,7 @@ static hal_error_t do_hmac(const hal_hash_descriptor_t * const d, hal_hmac_state_t *s; hal_error_t err; - if ((err = hal_hmac_initialize(d, &s, sb, sizeof(sb), pw, pw_len)) != HAL_OK) + if ((err = hal_hmac_initialize(core, d, &s, sb, sizeof(sb), pw, pw_len)) != HAL_OK) return err; if ((err = hal_hmac_update(s, data, data_len)) != HAL_OK) @@ -80,7 +82,8 @@ static hal_error_t do_hmac(const hal_hash_descriptor_t * const d, * Derive a key from a passphrase using the PBKDF2 algorithm. */ -hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor, +hal_error_t hal_pbkdf2(const hal_core_t *core, + const hal_hash_descriptor_t * const descriptor, const uint8_t * const password, const size_t password_length, const uint8_t * const salt, const size_t salt_length, uint8_t * derived_key, size_t derived_key_length, @@ -129,8 +132,8 @@ hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor, * This seeds the result, and constitutes iteration one. */ - if ((err = do_hmac(descriptor, password, password_length, salt, salt_length, - block, mac, sizeof(mac))) != HAL_OK) + if ((err = do_hmac(core, descriptor, password, password_length, + salt, salt_length, block, mac, sizeof(mac))) != HAL_OK) return err; memcpy(result, mac, descriptor->digest_length); @@ -142,7 +145,7 @@ hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor, for (iteration = 2; iteration <= iterations_desired; iteration++) { - if ((err = do_hmac(descriptor, password, password_length, + if ((err = do_hmac(core, descriptor, password, password_length, mac, descriptor->digest_length, 0, mac, sizeof(mac))) != HAL_OK) return err; @@ -71,6 +71,7 @@ #include <assert.h> #include "hal.h" +#include "verilog_constants.h" #include <tfm.h> #include "asn1_internal.h" @@ -182,13 +183,17 @@ static hal_error_t unpack_fp(const fp_int * const bn, uint8_t *buffer, const siz * wrap result back up as a bignum. */ -static hal_error_t modexp(const fp_int * msg, +static hal_error_t modexp(const hal_core_t *core, + const fp_int * msg, const fp_int * const exp, const fp_int * const mod, fp_int *res) { hal_error_t err = HAL_OK; + if ((err = hal_core_check_name(&core, MODEXPS6_NAME)) != HAL_OK) + return err; + assert(msg != NULL && exp != NULL && mod != NULL && res != NULL); fp_int reduced_msg[1] = INIT_FP_INT; @@ -210,7 +215,8 @@ static hal_error_t modexp(const fp_int * msg, if ((err = unpack_fp(msg, msgbuf, sizeof(msgbuf))) != HAL_OK || (err = unpack_fp(exp, expbuf, sizeof(expbuf))) != HAL_OK || (err = unpack_fp(mod, modbuf, sizeof(modbuf))) != HAL_OK || - (err = hal_modexp(msgbuf, sizeof(msgbuf), + (err = hal_modexp(core, + msgbuf, sizeof(msgbuf), expbuf, sizeof(expbuf), modbuf, sizeof(modbuf), resbuf, sizeof(resbuf))) != HAL_OK) @@ -237,7 +243,7 @@ static hal_error_t modexp(const fp_int * msg, int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) { - return modexp(a, b, c, d) == HAL_OK ? FP_OKAY : FP_VAL; + return modexp(NULL, a, b, c, d) == HAL_OK ? FP_OKAY : FP_VAL; } #else /* HAL_RSA_USE_MODEXP */ @@ -267,21 +273,21 @@ static hal_error_t modexp(const fp_int * const msg, * try. Come back to this if it looks like a bottleneck. */ -static hal_error_t create_blinding_factors(const hal_rsa_key_t * const key, fp_int *bf, fp_int *ubf) +static hal_error_t create_blinding_factors(const hal_core_t *core, const hal_rsa_key_t * const key, fp_int *bf, fp_int *ubf) { assert(key != NULL && bf != NULL && ubf != NULL); uint8_t rnd[fp_unsigned_bin_size(unconst_fp_int(key->n))]; hal_error_t err = HAL_OK; - if ((err = hal_get_random(rnd, sizeof(rnd))) != HAL_OK) + if ((err = hal_get_random(NULL, rnd, sizeof(rnd))) != HAL_OK) goto fail; fp_init(bf); fp_read_unsigned_bin(bf, rnd, sizeof(rnd)); fp_copy(bf, ubf); - if ((err = modexp(bf, key->e, key->n, bf)) != HAL_OK) + if ((err = modexp(core, bf, key->e, key->n, bf)) != HAL_OK) goto fail; FP_CHECK(fp_invmod(ubf, unconst_fp_int(key->n), ubf)); @@ -295,7 +301,7 @@ static hal_error_t create_blinding_factors(const hal_rsa_key_t * const key, fp_i * RSA decryption via Chinese Remainder Theorem (Garner's formula). */ -static hal_error_t rsa_crt(const hal_rsa_key_t * const key, fp_int *msg, fp_int *sig) +static hal_error_t rsa_crt(const hal_core_t *core, const hal_rsa_key_t * const key, fp_int *msg, fp_int *sig) { assert(key != NULL && msg != NULL && sig != NULL); @@ -310,7 +316,7 @@ static hal_error_t rsa_crt(const hal_rsa_key_t * const key, fp_int *msg, fp_int * Handle blinding if requested. */ if (blinding) { - if ((err = create_blinding_factors(key, bf, ubf)) != HAL_OK) + if ((err = create_blinding_factors(core, key, bf, ubf)) != HAL_OK) goto fail; FP_CHECK(fp_mulmod(msg, bf, unconst_fp_int(key->n), msg)); } @@ -319,8 +325,8 @@ static hal_error_t rsa_crt(const hal_rsa_key_t * const key, fp_int *msg, fp_int * m1 = msg ** dP mod p * m2 = msg ** dQ mod q */ - if ((err = modexp(msg, key->dP, key->p, m1)) != HAL_OK || - (err = modexp(msg, key->dQ, key->q, m2)) != HAL_OK) + if ((err = modexp(core, msg, key->dP, key->p, m1)) != HAL_OK || + (err = modexp(core, msg, key->dQ, key->q, m2)) != HAL_OK) goto fail; /* @@ -366,7 +372,8 @@ static hal_error_t rsa_crt(const hal_rsa_key_t * const key, fp_int *msg, fp_int * to the caller. */ -hal_error_t hal_rsa_encrypt(const hal_rsa_key_t * const key, +hal_error_t hal_rsa_encrypt(const hal_core_t *core, + const hal_rsa_key_t * const key, const uint8_t * const input, const size_t input_len, uint8_t * output, const size_t output_len) { @@ -380,7 +387,7 @@ hal_error_t hal_rsa_encrypt(const hal_rsa_key_t * const key, fp_read_unsigned_bin(i, unconst_uint8_t(input), input_len); - if ((err = modexp(i, key->e, key->n, o)) != HAL_OK || + if ((err = modexp(core, i, key->e, key->n, o)) != HAL_OK || (err = unpack_fp(o, output, output_len)) != HAL_OK) goto fail; @@ -390,7 +397,8 @@ hal_error_t hal_rsa_encrypt(const hal_rsa_key_t * const key, return err; } -hal_error_t hal_rsa_decrypt(const hal_rsa_key_t * const key, +hal_error_t hal_rsa_decrypt(const hal_core_t *core, + const hal_rsa_key_t * const key, const uint8_t * const input, const size_t input_len, uint8_t * output, const size_t output_len) { @@ -410,9 +418,9 @@ hal_error_t hal_rsa_decrypt(const hal_rsa_key_t * const key, */ if (fp_iszero(key->p) || fp_iszero(key->q) || fp_iszero(key->u) || fp_iszero(key->dP) || fp_iszero(key->dQ)) - err = modexp(i, key->d, key->n, o); + err = modexp(core, i, key->d, key->n, o); else - err = rsa_crt(key, i, o); + err = rsa_crt(core, key, i, o); if (err != HAL_OK || (err = unpack_fp(o, output, output_len)) != HAL_OK) goto fail; @@ -583,7 +591,7 @@ static hal_error_t find_prime(const unsigned prime_length, fp_int t[1] = INIT_FP_INT; do { - if ((err = hal_get_random(buffer, sizeof(buffer))) != HAL_OK) + if ((err = hal_get_random(NULL, buffer, sizeof(buffer))) != HAL_OK) return err; buffer[0 ] |= 0xc0; buffer[sizeof(buffer) - 1] |= 0x01; @@ -600,7 +608,8 @@ static hal_error_t find_prime(const unsigned prime_length, * Generate a new RSA keypair. */ -hal_error_t hal_rsa_key_gen(hal_rsa_key_t **key_, +hal_error_t hal_rsa_key_gen(const hal_core_t *core, + hal_rsa_key_t **key_, void *keybuf, const size_t keybuf_len, const unsigned key_length, const uint8_t * const public_exponent, const size_t public_exponent_len) diff --git a/tests/test-aes-key-wrap.c b/tests/test-aes-key-wrap.c index f8467ec..3e9b10d 100644 --- a/tests/test-aes-key-wrap.c +++ b/tests/test-aes-key-wrap.c @@ -108,7 +108,8 @@ static const char *format_hex(const uint8_t *bin, const size_t len, char *hex, c return hex; } -static int run_test(const uint8_t * const K, const size_t K_len, +static int run_test(const hal_core_t *core, + const uint8_t * const K, const size_t K_len, const uint8_t * const C, const size_t C_len) { const size_t Q_len = sizeof(Q); @@ -123,7 +124,7 @@ static int run_test(const uint8_t * const K, const size_t K_len, */ printf("Wrapping with %lu-bit KEK...\n", (unsigned long) K_len * 8); - if ((err = hal_aes_keywrap(K, K_len, Q, Q_len, c, &c_len)) != HAL_OK) { + if ((err = hal_aes_keywrap(core, K, K_len, Q, Q_len, c, &c_len)) != HAL_OK) { printf("Couldn't wrap with %lu-bit KEK: %s\n", (unsigned long) K_len * 8, hal_error_string(err)); ok1 = 0; @@ -143,7 +144,7 @@ static int run_test(const uint8_t * const K, const size_t K_len, */ printf("Unwrapping with %lu-bit KEK...\n", (unsigned long) K_len * 8); - if ((err = hal_aes_keyunwrap(K, K_len, C, C_len, q, &q_len)) != HAL_OK) { + if ((err = hal_aes_keyunwrap(core, K, K_len, C, C_len, q, &q_len)) != HAL_OK) { printf("Couldn't unwrap with %lu-bit KEK: %s\n", (unsigned long) K_len * 8, hal_error_string(err)); ok2 = 0; @@ -166,15 +167,18 @@ int main (int argc, char *argv[]) int failures = 0; printf("Testing whether AES core reports present..."); - if (hal_io_expected(AES_ADDR_NAME0, (const uint8_t *) (AES_CORE_NAME0 AES_CORE_NAME1), 8) != HAL_OK) { + + const hal_core_t *core = hal_core_find(AES_CORE_NAME, NULL); + + if (core == NULL) { printf("no, skipping keywrap tests\n"); } else { printf("yes\n"); - if (!run_test(K_128, sizeof(K_128), C_128, sizeof(C_128))) + if (!run_test(core, K_128, sizeof(K_128), C_128, sizeof(C_128))) failures++; - if (!run_test(K_256, sizeof(K_256), C_256, sizeof(C_256))) + if (!run_test(core, K_256, sizeof(K_256), C_256, sizeof(C_256))) failures++; } diff --git a/tests/test-ecdsa.c b/tests/test-ecdsa.c index 558120b..e940498 100644 --- a/tests/test-ecdsa.c +++ b/tests/test-ecdsa.c @@ -113,7 +113,7 @@ static int test_against_static_vectors(const ecdsa_tc_t * const tc) uint8_t keybuf1[hal_ecdsa_key_t_size]; hal_ecdsa_key_t *key1 = NULL; - if ((err = hal_ecdsa_key_gen(&key1, keybuf1, sizeof(keybuf1), tc->curve)) != HAL_OK) + if ((err = hal_ecdsa_key_gen(NULL, &key1, keybuf1, sizeof(keybuf1), tc->curve)) != HAL_OK) return printf("hal_ecdsa_key_gen() failed: %s\n", hal_error_string(err)), 0; uint8_t Qx[tc->Qx_len], Qy[tc->Qy_len]; @@ -151,13 +151,13 @@ static int test_against_static_vectors(const ecdsa_tc_t * const tc) uint8_t sig[tc->sig_len + 4]; size_t sig_len; - if ((err = hal_ecdsa_sign(key1, tc->H, tc->H_len, sig, &sig_len, sizeof(sig), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + if ((err = hal_ecdsa_sign(NULL, key1, tc->H, tc->H_len, sig, &sig_len, sizeof(sig), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) return printf("hal_ecdsa_sign() failed: %s\n", hal_error_string(err)), 0; if (sig_len != tc->sig_len || memcmp(sig, tc->sig, tc->sig_len) != 0) return printf("Signature mismatch\n"), 0; - if ((err = hal_ecdsa_verify(key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + if ((err = hal_ecdsa_verify(NULL, key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) return printf("hal_ecdsa_verify(private) failed: %s\n", hal_error_string(err)), 0; hal_ecdsa_key_clear(key2); @@ -177,7 +177,7 @@ static int test_against_static_vectors(const ecdsa_tc_t * const tc) tc->Qx, tc->Qx_len, tc->Qy, tc->Qy_len)) != HAL_OK) return printf("hal_ecdsa_load_public() failed: %s\n", hal_error_string(err)), 0; - if ((err = hal_ecdsa_verify(key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) + if ((err = hal_ecdsa_verify(NULL, key2, tc->H, tc->H_len, sig, sig_len, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) return printf("hal_ecdsa_verify(public) failed: %s\n", hal_error_string(err)), 0; uint8_t point[hal_ecdsa_key_to_ecpoint_len(key1)]; @@ -236,7 +236,7 @@ static int test_keygen_sign_verify(const hal_ecdsa_curve_t curve) printf("Generating key\n"); - if ((err = hal_ecdsa_key_gen(&key, keybuf, sizeof(keybuf), curve)) != HAL_OK) + if ((err = hal_ecdsa_key_gen(NULL, &key, keybuf, sizeof(keybuf), curve)) != HAL_OK) return printf("hal_ecdsa_key_gen() failed: %s\n", hal_error_string(err)), 0; printf("Generating digest\n"); @@ -248,7 +248,7 @@ static int test_keygen_sign_verify(const hal_ecdsa_curve_t curve) uint8_t statebuf[hash_descriptor->hash_state_length]; hal_hash_state_t *state = NULL; - if ((err = hal_hash_initialize(hash_descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK || + if ((err = hal_hash_initialize(NULL, hash_descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK || (err = hal_hash_update(state, plaintext, strlen((const char *) plaintext))) != HAL_OK || (err = hal_hash_finalize(state, hashbuf, sizeof(hashbuf))) != HAL_OK) return printf("Couldn't hash plaintext: %s\n", hal_error_string(err)), 0; @@ -263,13 +263,13 @@ static int test_keygen_sign_verify(const hal_ecdsa_curve_t curve) printf("Signing\n"); - if ((err = hal_ecdsa_sign(key, hashbuf, sizeof(hashbuf), + if ((err = hal_ecdsa_sign(NULL, key, hashbuf, sizeof(hashbuf), sigbuf, &siglen, sizeof(sigbuf), HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) return printf("hal_ecdsa_sign() failed: %s\n", hal_error_string(err)), 0; printf("Verifying\n"); - if ((err = hal_ecdsa_verify(key, hashbuf, sizeof(hashbuf), + if ((err = hal_ecdsa_verify(NULL, key, hashbuf, sizeof(hashbuf), sigbuf, siglen, HAL_ECDSA_SIGNATURE_FORMAT_ASN1)) != HAL_OK) return printf("hal_ecdsa_verify() failed: %s\n", hal_error_string(err)), 0; @@ -306,22 +306,24 @@ static void _time_check(const struct timeval t0, const int ok) } while (0) -int main(int argc, char *argv[]) +static void show_core(const hal_core_t *core, const char *whinge) { - uint8_t name[8], version[4]; - hal_error_t err; - - /* - * Initialize EIM and report what core we're running. - */ + const hal_core_info_t *core_info = hal_core_info(core); + if (core_info != NULL) + printf("\"%8.8s\" \"%4.4s\"\n", core_info->name, core_info->version); + else if (whinge != NULL) + printf("%s core not present\n", whinge); +} - if ((err = hal_io_read(CSPRNG_ADDR_NAME0, name, sizeof(name))) != HAL_OK || - (err = hal_io_read(CSPRNG_ADDR_VERSION, version, sizeof(version))) != HAL_OK) { - printf("Initialization failed: %s\n", hal_error_string(err)); - return 1; - } +int main(int argc, char *argv[]) +{ + const hal_core_t *sha256_core = hal_core_find(SHA256_NAME, NULL); + const hal_core_t *sha512_core = hal_core_find(SHA512_NAME, NULL); + const hal_core_t *csprng_core = hal_core_find(CSPRNG_NAME, NULL); - printf("\"%8.8s\" \"%4.4s\"\n\n", name, version); + show_core(sha256_core, "sha-256"); + show_core(sha512_core, "sha-512"); + show_core(csprng_core, "csprng"); int ok = 1; @@ -334,9 +336,15 @@ int main(int argc, char *argv[]) /* * Generate/sign/verify test for each curve. */ - time_check(test_keygen_sign_verify(HAL_ECDSA_CURVE_P256)); - time_check(test_keygen_sign_verify(HAL_ECDSA_CURVE_P384)); - time_check(test_keygen_sign_verify(HAL_ECDSA_CURVE_P521)); + + if (csprng_core != NULL && sha256_core != NULL) { + time_check(test_keygen_sign_verify(HAL_ECDSA_CURVE_P256)); + } + + if (csprng_core != NULL && sha512_core != NULL) { + time_check(test_keygen_sign_verify(HAL_ECDSA_CURVE_P384)); + time_check(test_keygen_sign_verify(HAL_ECDSA_CURVE_P521)); + } return !ok; } diff --git a/tests/test-hash.c b/tests/test-hash.c index 144b1b9..b6001e0 100644 --- a/tests/test-hash.c +++ b/tests/test-hash.c @@ -542,23 +542,14 @@ static int _test_hash(const hal_hash_descriptor_t * const descriptor, printf("Starting %s test\n", label); - err = hal_hash_core_present(descriptor); + const hal_core_t *core = hal_core_find(descriptor->core_name, NULL); - switch (err) { - - case HAL_OK: - break; - - case HAL_ERROR_IO_UNEXPECTED: - printf("Core not present, skipping test\n"); + if (core == NULL) { + printf("Core not found, skipping test\n"); return 1; - - default: - printf("Failed while checking for core: %s\n", hal_error_string(err)); - return 0; } - if ((err = hal_hash_initialize(descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK) { + if ((err = hal_hash_initialize(core, descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK) { printf("Failed while initializing hash: %s\n", hal_error_string(err)); return 0; } @@ -606,23 +597,14 @@ static int _test_hmac(const hal_hash_descriptor_t * const descriptor, printf("Starting %s test\n", label); - err = hal_hash_core_present(descriptor); + const hal_core_t *core = hal_core_find(descriptor->core_name, NULL); - switch (err) { - - case HAL_OK: - break; - - case HAL_ERROR_IO_UNEXPECTED: - printf("Core not present, skipping test\n"); + if (core == NULL) { + printf("Core not found, skipping test\n"); return 1; - - default: - printf("Failed while checking for core: %s\n", hal_error_string(err)); - return 0; } - if ((err = hal_hmac_initialize(descriptor, &state, statebuf, sizeof(statebuf), key, key_len)) != HAL_OK) { + if ((err = hal_hmac_initialize(core, descriptor, &state, statebuf, sizeof(statebuf), key, key_len)) != HAL_OK) { printf("Failed while initializing HMAC: %s\n", hal_error_string(err)); return 0; } diff --git a/tests/test-pbkdf2.c b/tests/test-pbkdf2.c index 0688226..744ca47 100644 --- a/tests/test-pbkdf2.c +++ b/tests/test-pbkdf2.c @@ -158,7 +158,8 @@ static void print_hex(const uint8_t * const val, const size_t len) printf(" %02x", val[i]); } -static int _test_pbkdf2(const uint8_t * const pwd, const size_t pwd_len, +static int _test_pbkdf2(const hal_core_t *core, + const uint8_t * const pwd, const size_t pwd_len, const uint8_t * const salt, const size_t salt_len, const uint8_t * const dk, const size_t dk_len, const unsigned count, const char * const label) @@ -167,7 +168,7 @@ static int _test_pbkdf2(const uint8_t * const pwd, const size_t pwd_len, uint8_t result[dk_len]; - hal_error_t err = hal_pbkdf2(hal_hash_sha1, pwd, pwd_len, salt, salt_len, + hal_error_t err = hal_pbkdf2(core, hal_hash_sha1, pwd, pwd_len, salt, salt_len, result, dk_len, count); if (err != HAL_OK) { @@ -193,35 +194,27 @@ static int _test_pbkdf2(const uint8_t * const pwd, const size_t pwd_len, } #define test_pbkdf2(_n_) \ - _test_pbkdf2(pbkdf2_tc_##_n_##_password, sizeof(pbkdf2_tc_##_n_##_password), \ + _test_pbkdf2(core, \ + pbkdf2_tc_##_n_##_password, sizeof(pbkdf2_tc_##_n_##_password), \ pbkdf2_tc_##_n_##_salt, sizeof(pbkdf2_tc_##_n_##_salt), \ pbkdf2_tc_##_n_##_DK, sizeof(pbkdf2_tc_##_n_##_DK), \ pbkdf2_tc_##_n_##_count, #_n_) int main (int argc, char *argv[]) { - hal_error_t err = hal_hash_core_present(hal_hash_sha1); + const hal_core_t *core = hal_core_find(SHA1_NAME, NULL); int ok = 1; - switch (err) { + if (core == NULL) + printf("SHA-1 core not present, not testing PBKDF2\n"); - case HAL_OK: + else { ok &= test_pbkdf2(1); ok &= test_pbkdf2(2); ok &= test_pbkdf2(3); ok &= test_pbkdf2(4); ok &= test_pbkdf2(5); ok &= test_pbkdf2(6); - break; - - case HAL_ERROR_IO_UNEXPECTED: - printf("SHA-1 core not present, not testing PBKDF2\n"); - break; - - default: - printf("Unexpected error while probing for hash core: %s\n", hal_error_string(err)); - ok = 0; - break; } return !ok; diff --git a/tests/test-rsa.c b/tests/test-rsa.c index 46afa03..c6bf97a 100644 --- a/tests/test-rsa.c +++ b/tests/test-rsa.c @@ -55,7 +55,8 @@ * Run one modexp test. */ -static int test_modexp(const char * const kind, +static int test_modexp(const hal_core_t *core, + const char * const kind, const rsa_tc_t * const tc, const rsa_tc_bn_t * const msg, /* Input message */ const rsa_tc_bn_t * const exp, /* Exponent */ @@ -65,7 +66,7 @@ static int test_modexp(const char * const kind, printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); - if (hal_modexp(msg->val, msg->len, exp->val, exp->len, + if (hal_modexp(core, msg->val, msg->len, exp->val, exp->len, tc->n.val, tc->n.len, result, sizeof(result)) != HAL_OK) { printf("ModExp failed\n"); return 0; @@ -83,7 +84,9 @@ static int test_modexp(const char * const kind, * Run one RSA CRT test. */ -static int test_decrypt(const char * const kind, const rsa_tc_t * const tc) +static int test_decrypt(const hal_core_t *core, + const char * const kind, + const rsa_tc_t * const tc) { printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); @@ -107,7 +110,7 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc) uint8_t result[tc->n.len]; - if ((err = hal_rsa_decrypt(key, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_decrypt(core, key, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) printf("RSA CRT failed: %s\n", hal_error_string(err)); const int mismatch = (err == HAL_OK && memcmp(result, tc->s.val, tc->s.len) != 0); @@ -124,7 +127,9 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc) * Run one RSA key generation + CRT test. */ -static int test_gen(const char * const kind, const rsa_tc_t * const tc) +static int test_gen(const hal_core_t *core, + const char * const kind, + const rsa_tc_t * const tc) { printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); @@ -136,7 +141,7 @@ static int test_gen(const char * const kind, const rsa_tc_t * const tc) const uint8_t f4[] = { 0x01, 0x00, 0x01 }; - if ((err = hal_rsa_key_gen(&key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK) { + if ((err = hal_rsa_key_gen(core, &key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK) { printf("RSA key generation failed: %s\n", hal_error_string(err)); return 0; } @@ -185,7 +190,7 @@ static int test_gen(const char * const kind, const rsa_tc_t * const tc) uint8_t result[tc->n.len]; - if ((err = hal_rsa_decrypt(key1, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_decrypt(core, key1, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) printf("RSA CRT failed: %s\n", hal_error_string(err)); snprintf(fn, sizeof(fn), "test-rsa-sig-%04lu.der", (unsigned long) tc->size); @@ -209,7 +214,7 @@ static int test_gen(const char * const kind, const rsa_tc_t * const tc) if (err != HAL_OK) /* Deferred failure from hal_rsa_decrypt(), above */ return 0; - if ((err = hal_rsa_encrypt(key1, result, sizeof(result), result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_encrypt(core, key1, result, sizeof(result), result, sizeof(result))) != HAL_OK) printf("RSA signature check failed: %s\n", hal_error_string(err)); const int mismatch = (err == HAL_OK && memcmp(result, tc->m.val, tc->m.len) != 0); @@ -258,42 +263,32 @@ static void _time_check(const struct timeval t0, const int ok) * and try generating a signature with that. */ -static int test_rsa(const rsa_tc_t * const tc) +static int test_rsa(const hal_core_t *core, const rsa_tc_t * const tc) { int ok = 1; /* RSA encryption */ - time_check(test_modexp("Verification", tc, &tc->s, &tc->e, &tc->m)); + time_check(test_modexp(core, "Verification", tc, &tc->s, &tc->e, &tc->m)); /* Brute force RSA decryption */ - time_check(test_modexp("Signature (ModExp)", tc, &tc->m, &tc->d, &tc->s)); + time_check(test_modexp(core, "Signature (ModExp)", tc, &tc->m, &tc->d, &tc->s)); /* RSA decyrption using CRT */ - time_check(test_decrypt("Signature (CRT)", tc)); + time_check(test_decrypt(core, "Signature (CRT)", tc)); /* Key generation and CRT -- not test vector, so writes key and sig to file */ - time_check(test_gen("Generation and CRT", tc)); + time_check(test_gen(core, "Generation and CRT", tc)); return ok; } int main(int argc, char *argv[]) { - uint8_t name[8], version[4]; - hal_error_t err; - int i; + const hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL); + const hal_core_info_t *core_info = hal_core_info(core); - /* - * Initialize EIM and report what core we're running. - */ - - if ((err = hal_io_read(MODEXPS6_ADDR_NAME0, name, sizeof(name))) != HAL_OK || - (err = hal_io_read(MODEXPS6_ADDR_VERSION, version, sizeof(version))) != HAL_OK) { - printf("Initialization failed: %s\n", hal_error_string(err)); - return 1; - } - - printf("\"%8.8s\" \"%4.4s\"\n\n", name, version); + if (core_info != NULL) + printf("\"%8.8s\" \"%4.4s\"\n\n", core_info->name, core_info->version); /* * Run the test cases. @@ -303,8 +298,8 @@ int main(int argc, char *argv[]) /* Normal test */ - for (i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++) - if (!test_rsa(&rsa_tc[i])) + for (int i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++) + if (!test_rsa(core, &rsa_tc[i])) return 1; return 0; diff --git a/verilog_constants.h b/verilog_constants.h new file mode 100644 index 0000000..2f04ca5 --- /dev/null +++ b/verilog_constants.h @@ -0,0 +1,241 @@ +/* + * addrs.h + * ------- + * Magic constants which must match Verilog code, mostly bus addresses. + * + * In the long run, this should be generated by a script which pulls + * these numbers out of the Verilog source code. For the moment, it's + * hand-edited. + * + * Authors: Joachim Strombergson, Paul Selkirk, Rob Austein + * Copyright (c) 2015, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _VERILOG_CONSTANTS_H_ +#define _VERILOG_CONSTANTS_H_ + +/* + * Common to all (well, almost all) cores. + */ +#define ADDR_NAME0 (0x00) +#define ADDR_NAME1 (0x01) +#define ADDR_VERSION (0x02) +#define ADDR_CTRL (0x08) +#define CTRL_INIT (1) +#define CTRL_NEXT (2) +#define ADDR_STATUS (0x09) +#define STATUS_READY (1) +#define STATUS_VALID (2) + +/* + * Hash cores. + */ + +#define SHA1_ADDR_BLOCK (0x10) +#define SHA1_ADDR_DIGEST (0x20) +#define SHA1_BLOCK_LEN bitsToBytes(512) +#define SHA1_LENGTH_LEN bitsToBytes(64) +#define SHA1_DIGEST_LEN bitsToBytes(160) + +#define SHA256_ADDR_BLOCK (0x10) +#define SHA256_ADDR_DIGEST (0x20) +#define SHA256_BLOCK_LEN bitsToBytes(512) +#define SHA256_LENGTH_LEN bitsToBytes(64) +#define SHA256_DIGEST_LEN bitsToBytes(256) + +#define SHA512_ADDR_BLOCK (0x10) +#define SHA512_ADDR_DIGEST (0x40) +#define SHA512_BLOCK_LEN bitsToBytes(1024) +#define SHA512_LENGTH_LEN bitsToBytes(128) +#define SHA512_224_DIGEST_LEN bitsToBytes(224) +#define SHA512_256_DIGEST_LEN bitsToBytes(256) +#define SHA384_DIGEST_LEN bitsToBytes(384) +#define SHA512_DIGEST_LEN bitsToBytes(512) +#define MODE_SHA_512_224 (0 << 2) +#define MODE_SHA_512_256 (1 << 2) +#define MODE_SHA_384 (2 << 2) +#define MODE_SHA_512 (3 << 2) + +/* + * RNG cores. + * + * For some reason, the RNG cores use different locations for their + * control and status words. Maybe this will get fixed. Fortunately, + * at the moment, we don't really care, because we never send any + * control bits or read any status bits from any of those cores. + */ + +#define TRNG_ADDR_CTRL (0x10) +#define TRNG_CTRL_DISCARD (1) +#define TRNG_CTRL_TEST_MODE (2) +#define TRNG_ADDR_STATUS (0x11) + /* No status bits defined (yet) */ +#define TRNG_ADDR_DELAY (0x13) + +#define ENTROPY1_ADDR_CTRL (0x10) +#define ENTROPY1_CTRL_ENABLE (1) +#define ENTROPY1_ADDR_STATUS (0x11) +#define ENTROPY1_STATUS_VALID (1) +#define ENTROPY1_ADDR_ENTROPY (0x20) +#define ENTROPY1_ADDR_DELTA (0x30) + +#define ENTROPY2_ADDR_CTRL (0x10) +#define ENTROPY2_CTRL_ENABLE (1) +#define ENTROPY2_ADDR_STATUS (0x11) +#define ENTROPY2_STATUS_VALID (1) +#define ENTROPY2_ADDR_OPA (0x18) +#define ENTROPY2_ADDR_OPB (0x19) +#define ENTROPY2_ADDR_ENTROPY (0x20) +#define ENTROPY2_ADDR_RAW (0x21) +#define ENTROPY2_ADDR_ROSC (0x22) + +#define MIXER_ADDR_CTRL (0x10) +#define MIXER_CTRL_ENABLE (1) +#define MIXER_CTRL_RESTART (2) +#define MIXER_ADDR_STATUS (0x11) +/* No status bits defined (yet) */ +#define MIXER_ADDR_TIMEOUT (0x20) + + +#define CSPRNG_CTRL_ENABLE (1) +#define CSPRNG_CTRL_SEED (2) +#define CSPRNG_STATUS_VALID (1) +#define CSPRNG_ADDR_RANDOM (0x20) +#define CSPRNG_ADDR_NROUNDS (0x40) +#define CSPRNG_ADDR_NBLOCKS_LO (0x41) +#define CSPRNG_ADDR_NBLOCKS_HI (0x42) + +/* + * Cipher cores. + */ + +#define AES_ADDR_CONFIG (0x0a) +#define AES_CONFIG_ENCDEC (1) +#define AES_CONFIG_KEYLEN (2) + +#define AES_ADDR_KEY0 (0x10) +#define AES_ADDR_KEY1 (0x11) +#define AES_ADDR_KEY2 (0x12) +#define AES_ADDR_KEY3 (0x13) +#define AES_ADDR_KEY4 (0x14) +#define AES_ADDR_KEY5 (0x15) +#define AES_ADDR_KEY6 (0x16) +#define AES_ADDR_KEY7 (0x17) + +#define AES_ADDR_BLOCK0 (0x20) +#define AES_ADDR_BLOCK1 (0x21) +#define AES_ADDR_BLOCK2 (0x22) +#define AES_ADDR_BLOCK3 (0x23) + +#define AES_ADDR_RESULT0 (0x30) +#define AES_ADDR_RESULT1 (0x31) +#define AES_ADDR_RESULT2 (0x32) +#define AES_ADDR_RESULT3 (0x33) + +/* Chacha core */ + +#define CHACHA_ADDR_KEYLEN (0x0a) +#define CHACHA_KEYLEN (1) + +#define CHACHA_ADDR_ROUNDS (0x0b) + +#define CHACHA_ADDR_KEY0 (0x10) +#define CHACHA_ADDR_KEY1 (0x11) +#define CHACHA_ADDR_KEY2 (0x12) +#define CHACHA_ADDR_KEY3 (0x13) +#define CHACHA_ADDR_KEY4 (0x14) +#define CHACHA_ADDR_KEY5 (0x15) +#define CHACHA_ADDR_KEY6 (0x16) +#define CHACHA_ADDR_KEY7 (0x17) + +#define CHACHA_ADDR_IV0 (0x20) +#define CHACHA_ADDR_IV1 (0x21) + +#define CHACHA_ADDR_DATA_IN0 (0x40) +#define CHACHA_ADDR_DATA_IN1 (0x41) +#define CHACHA_ADDR_DATA_IN2 (0x42) +#define CHACHA_ADDR_DATA_IN3 (0x43) +#define CHACHA_ADDR_DATA_IN4 (0x44) +#define CHACHA_ADDR_DATA_IN5 (0x45) +#define CHACHA_ADDR_DATA_IN6 (0x46) +#define CHACHA_ADDR_DATA_IN7 (0x47) +#define CHACHA_ADDR_DATA_IN8 (0x48) +#define CHACHA_ADDR_DATA_IN9 (0x49) +#define CHACHA_ADDR_DATA_IN10 (0x4a) +#define CHACHA_ADDR_DATA_IN11 (0x4b) +#define CHACHA_ADDR_DATA_IN12 (0x4c) +#define CHACHA_ADDR_DATA_IN13 (0x4d) +#define CHACHA_ADDR_DATA_IN14 (0x4e) +#define CHACHA_ADDR_DATA_IN15 (0x4f) + +#define CHACHA_ADDR_DATA_OUT0 (0x80) +#define CHACHA_ADDR_DATA_OUT1 (0x81) +#define CHACHA_ADDR_DATA_OUT2 (0x82) +#define CHACHA_ADDR_DATA_OUT3 (0x83) +#define CHACHA_ADDR_DATA_OUT4 (0x84) +#define CHACHA_ADDR_DATA_OUT5 (0x85) +#define CHACHA_ADDR_DATA_OUT6 (0x86) +#define CHACHA_ADDR_DATA_OUT7 (0x87) +#define CHACHA_ADDR_DATA_OUT8 (0x88) +#define CHACHA_ADDR_DATA_OUT9 (0x89) +#define CHACHA_ADDR_DATA_OUT10 (0x8a) +#define CHACHA_ADDR_DATA_OUT11 (0x8b) +#define CHACHA_ADDR_DATA_OUT12 (0x8c) +#define CHACHA_ADDR_DATA_OUT13 (0x8d) +#define CHACHA_ADDR_DATA_OUT14 (0x8e) +#define CHACHA_ADDR_DATA_OUT15 (0x8f) + +/* + * Math cores. + */ + +/* + * ModExpS6 core. MODEXPS6_OPERAND_BITS is size in bits of largest + * supported modulus. + */ + +#define MODEXPS6_OPERAND_BITS (4096) +#define MODEXPS6_OPERAND_WORDS (MODEXPS6_OPERAND_BITS / 32) +#define MODEXPS6_ADDR_REGISTERS (0 * MODEXPS6_OPERAND_WORDS) +#define MODEXPS6_ADDR_OPERANDS (4 * MODEXPS6_OPERAND_WORDS) +#define MODEXPS6_ADDR_MODE (MODEXPS6_ADDR_REGISTERS + 0x10) +#define MODEXPS6_ADDR_MODULUS_WIDTH (MODEXPS6_ADDR_REGISTERS + 0x11) +#define MODEXPS6_ADDR_EXPONENT_WIDTH (MODEXPS6_ADDR_REGISTERS + 0x12) +#define MODEXPS6_ADDR_MODULUS (MODEXPS6_ADDR_OPERANDS + 0 * MODEXPS6_OPERAND_WORDS) +#define MODEXPS6_ADDR_MESSAGE (MODEXPS6_ADDR_OPERANDS + 1 * MODEXPS6_OPERAND_WORDS) +#define MODEXPS6_ADDR_EXPONENT (MODEXPS6_ADDR_OPERANDS + 2 * MODEXPS6_OPERAND_WORDS) +#define MODEXPS6_ADDR_RESULT (MODEXPS6_ADDR_OPERANDS + 3 * MODEXPS6_OPERAND_WORDS) + +#endif /* _VERILOG_CONSTANTS_H_ */ + +/* + * Local variables: + * indent-tabs-mode: nil + * End: + */ |