aboutsummaryrefslogtreecommitdiff
path: root/hal.h
diff options
context:
space:
mode:
Diffstat (limited to 'hal.h')
-rw-r--r--hal.h673
1 files changed, 673 insertions, 0 deletions
diff --git a/hal.h b/hal.h
new file mode 100644
index 0000000..1c5286c
--- /dev/null
+++ b/hal.h
@@ -0,0 +1,673 @@
+/*
+ * hal.h
+ * ----------
+ * Memory map, access functions, and HAL for Cryptech cores.
+ *
+ * Authors: Joachim Strombergson, Paul Selkirk, Rob Austein
+ * Copyright (c) 2015, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Each Cryptech core has a set of 4-byte registers, which are accessed
+ * through a 16-bit address. The address space is divided as follows:
+ * 3 bits segment selector | up to 8 segments
+ * 5 bits core selector | up to 32 cores/segment (see note below)
+ * 8 bits register selector | up to 256 registers/core (see modexp below)
+ *
+ * i.e, the address is structured as:
+ * sss ccccc rrrrrrrr
+ *
+ * The I2C and UART communication channels use this 16-bit address format
+ * directly in their read and write commands.
+ *
+ * The EIM communications channel translates this 16-bit address into a
+ * 32-bit memory-mapped address in the range 0x08000000..807FFFF:
+ * 00001000000000 sss 0 ccccc rrrrrrrr 00
+ *
+ * EIM, as implemented on the Novena, uses a 19-bit address space:
+ * Bits 18..16 are the semgent selector.
+ * Bits 15..10 are the core selector.
+ * Bits 9..2 are the register selector.
+ * Bits 1..0 are zero, because reads and writes are always word aligned.
+ *
+ * Note that EIM can support 64 cores per segment, but we sacrifice one bit
+ * in order to map it into a 16-bit address space.
+ */
+
+#ifndef _HAL_H_
+#define _HAL_H_
+
+
+/*
+ * Default sizes.
+ */
+#define CORE_SIZE (0x100)
+#define SEGMENT_SIZE (0x20 * CORE_SIZE)
+
+
+/*
+ * Segments.
+ */
+#define SEGMENT_OFFSET_GLOBALS (0 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_HASHES (1 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_RNGS (2 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_CIPHERS (3 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_MATH (4 * SEGMENT_SIZE)
+
+
+/*
+ * Addresses and codes common to all cores.
+ */
+#define ADDR_NAME0 (0x00)
+#define ADDR_NAME1 (0x01)
+#define ADDR_VERSION (0x02)
+#define ADDR_CTRL (0x08)
+#define CTRL_INIT (1)
+#define CTRL_NEXT (2)
+#define ADDR_STATUS (0x09)
+#define STATUS_READY (1)
+#define STATUS_VALID (2)
+
+
+/* A handy macro from cryptlib */
+#ifndef bitsToBytes
+#define bitsToBytes(x) (x / 8)
+#endif
+
+
+/*
+ * Board segment.
+ * Board-level registers and communication channel registers.
+ */
+#define BOARD_ADDR_BASE (SEGMENT_OFFSET_GLOBALS + (0 * CORE_SIZE))
+#define BOARD_ADDR_NAME0 (BOARD_ADDR_BASE + ADDR_NAME0)
+#define BOARD_ADDR_NAME1 (BOARD_ADDR_BASE + ADDR_NAME1)
+#define BOARD_ADDR_VERSION (BOARD_ADDR_BASE + ADDR_VERSION)
+#define BOARD_ADDR_DUMMY (BOARD_ADDR_BASE + 0xFF)
+
+#define COMM_ADDR_BASE (SEGMENT_OFFSET_GLOBALS + (1 * CORE_SIZE))
+#define COMM_ADDR_NAME0 (COMM_ADDR_BASE + ADDR_NAME0)
+#define COMM_ADDR_NAME1 (COMM_ADDR_BASE + ADDR_NAME1)
+#define COMM_ADDR_VERSION (COMM_ADDR_BASE + ADDR_VERSION)
+
+/* Current name and version values */
+#define NOVENA_BOARD_NAME0 "PVT1"
+#define NOVENA_BOARD_NAME1 " "
+#define NOVENA_BOARD_VERSION "0.10"
+
+#define EIM_INTERFACE_NAME0 "eim "
+#define EIM_INTERFACE_NAME1 " "
+#define EIM_INTERFACE_VERSION "0.10"
+
+#define I2C_INTERFACE_NAME0 "i2c "
+#define I2C_INTERFACE_NAME1 " "
+#define I2C_INTERFACE_VERSION "0.10"
+
+
+/*
+ * Hashes segment.
+ */
+
+/* Addresses common to all hash cores */
+#define ADDR_BLOCK (0x10)
+#define ADDR_DIGEST (0x20) /* except SHA512 */
+
+/* Addresses and codes for the specific hash cores */
+#define SHA1_ADDR_BASE (SEGMENT_OFFSET_HASHES + (0 * CORE_SIZE))
+#define SHA1_ADDR_NAME0 (SHA1_ADDR_BASE + ADDR_NAME0)
+#define SHA1_ADDR_NAME1 (SHA1_ADDR_BASE + ADDR_NAME1)
+#define SHA1_ADDR_VERSION (SHA1_ADDR_BASE + ADDR_VERSION)
+#define SHA1_ADDR_CTRL (SHA1_ADDR_BASE + ADDR_CTRL)
+#define SHA1_ADDR_STATUS (SHA1_ADDR_BASE + ADDR_STATUS)
+#define SHA1_ADDR_BLOCK (SHA1_ADDR_BASE + ADDR_BLOCK)
+#define SHA1_ADDR_DIGEST (SHA1_ADDR_BASE + ADDR_DIGEST)
+#define SHA1_BLOCK_LEN bitsToBytes(512)
+#define SHA1_LENGTH_LEN bitsToBytes(64)
+#define SHA1_DIGEST_LEN bitsToBytes(160)
+
+#define SHA256_ADDR_BASE (SEGMENT_OFFSET_HASHES + (1 * CORE_SIZE))
+#define SHA256_ADDR_NAME0 (SHA256_ADDR_BASE + ADDR_NAME0)
+#define SHA256_ADDR_NAME1 (SHA256_ADDR_BASE + ADDR_NAME1)
+#define SHA256_ADDR_VERSION (SHA256_ADDR_BASE + ADDR_VERSION)
+#define SHA256_ADDR_CTRL (SHA256_ADDR_BASE + ADDR_CTRL)
+#define SHA256_ADDR_STATUS (SHA256_ADDR_BASE + ADDR_STATUS)
+#define SHA256_ADDR_BLOCK (SHA256_ADDR_BASE + ADDR_BLOCK)
+#define SHA256_ADDR_DIGEST (SHA256_ADDR_BASE + ADDR_DIGEST)
+#define SHA256_BLOCK_LEN bitsToBytes(512)
+#define SHA256_LENGTH_LEN bitsToBytes(64)
+#define SHA256_DIGEST_LEN bitsToBytes(256)
+
+#define SHA512_ADDR_BASE (SEGMENT_OFFSET_HASHES + (2 * CORE_SIZE))
+#define SHA512_ADDR_NAME0 (SHA512_ADDR_BASE + ADDR_NAME0)
+#define SHA512_ADDR_NAME1 (SHA512_ADDR_BASE + ADDR_NAME1)
+#define SHA512_ADDR_VERSION (SHA512_ADDR_BASE + ADDR_VERSION)
+#define SHA512_ADDR_CTRL (SHA512_ADDR_BASE + ADDR_CTRL)
+#define SHA512_ADDR_STATUS (SHA512_ADDR_BASE + ADDR_STATUS)
+#define SHA512_ADDR_BLOCK (SHA512_ADDR_BASE + ADDR_BLOCK)
+#define SHA512_ADDR_DIGEST (SHA512_ADDR_BASE + 0x40)
+#define SHA512_BLOCK_LEN bitsToBytes(1024)
+#define SHA512_LENGTH_LEN bitsToBytes(128)
+#define SHA512_224_DIGEST_LEN bitsToBytes(224)
+#define SHA512_256_DIGEST_LEN bitsToBytes(256)
+#define SHA384_DIGEST_LEN bitsToBytes(384)
+#define SHA512_DIGEST_LEN bitsToBytes(512)
+#define MODE_SHA_512_224 (0 << 2)
+#define MODE_SHA_512_256 (1 << 2)
+#define MODE_SHA_384 (2 << 2)
+#define MODE_SHA_512 (3 << 2)
+
+/* Current name and version values */
+#define SHA1_NAME0 "sha1"
+#define SHA1_NAME1 " "
+#define SHA1_VERSION "0.50"
+
+#define SHA256_NAME0 "sha2"
+#define SHA256_NAME1 "-256"
+#define SHA256_VERSION "0.80"
+
+#define SHA512_NAME0 "sha2"
+#define SHA512_NAME1 "-512"
+#define SHA512_VERSION "0.80"
+
+
+/*
+ * TRNG segment.
+ */
+
+/* addresses and codes for the TRNG cores */
+#define TRNG_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x00 * CORE_SIZE))
+#define TRNG_ADDR_NAME0 (TRNG_ADDR_BASE + ADDR_NAME0)
+#define TRNG_ADDR_NAME1 (TRNG_ADDR_BASE + ADDR_NAME1)
+#define TRNG_ADDR_VERSION (TRNG_ADDR_BASE + ADDR_VERSION)
+#define TRNG_ADDR_CTRL (TRNG_ADDR_BASE + 0x10)
+#define TRNG_CTRL_DISCARD (1)
+#define TRNG_CTRL_TEST_MODE (2)
+#define TRNG_ADDR_STATUS (TRNG_ADDR_BASE + 0x11)
+/* No status bits defined (yet) */
+#define TRNG_ADDR_DELAY (TRNG_ADDR_BASE + 0x13)
+
+#define ENTROPY1_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x05 * CORE_SIZE))
+#define ENTROPY1_ADDR_NAME0 (ENTROPY1_ADDR_BASE + ADDR_NAME0)
+#define ENTROPY1_ADDR_NAME1 (ENTROPY1_ADDR_BASE + ADDR_NAME1)
+#define ENTROPY1_ADDR_VERSION (ENTROPY1_ADDR_BASE + ADDR_VERSION)
+#define ENTROPY1_ADDR_CTRL (ENTROPY1_ADDR_BASE + 0x10)
+#define ENTROPY1_CTRL_ENABLE (1)
+#define ENTROPY1_ADDR_STATUS (ENTROPY1_ADDR_BASE + 0x11)
+#define ENTROPY1_STATUS_VALID (1)
+#define ENTROPY1_ADDR_ENTROPY (ENTROPY1_ADDR_BASE + 0x20)
+#define ENTROPY1_ADDR_DELTA (ENTROPY1_ADDR_BASE + 0x30)
+
+#define ENTROPY2_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x06 * CORE_SIZE))
+#define ENTROPY2_ADDR_NAME0 (ENTROPY2_ADDR_BASE + ADDR_NAME0)
+#define ENTROPY2_ADDR_NAME1 (ENTROPY2_ADDR_BASE + ADDR_NAME1)
+#define ENTROPY2_ADDR_VERSION (ENTROPY2_ADDR_BASE + ADDR_VERSION)
+#define ENTROPY2_ADDR_CTRL (ENTROPY2_ADDR_BASE + 0x10)
+#define ENTROPY2_CTRL_ENABLE (1)
+#define ENTROPY2_ADDR_STATUS (ENTROPY2_ADDR_BASE + 0x11)
+#define ENTROPY2_STATUS_VALID (1)
+#define ENTROPY2_ADDR_OPA (ENTROPY2_ADDR_BASE + 0x18)
+#define ENTROPY2_ADDR_OPB (ENTROPY2_ADDR_BASE + 0x19)
+#define ENTROPY2_ADDR_ENTROPY (ENTROPY2_ADDR_BASE + 0x20)
+#define ENTROPY2_ADDR_RAW (ENTROPY2_ADDR_BASE + 0x21)
+#define ENTROPY2_ADDR_ROSC (ENTROPY2_ADDR_BASE + 0x22)
+
+#define MIXER_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x0a * CORE_SIZE))
+#define MIXER_ADDR_NAME0 (MIXER_ADDR_BASE + ADDR_NAME0)
+#define MIXER_ADDR_NAME1 (MIXER_ADDR_BASE + ADDR_NAME1)
+#define MIXER_ADDR_VERSION (MIXER_ADDR_BASE + ADDR_VERSION)
+#define MIXER_ADDR_CTRL (MIXER_ADDR_BASE + 0x10)
+#define MIXER_CTRL_ENABLE (1)
+#define MIXER_CTRL_RESTART (2)
+#define MIXER_ADDR_STATUS (MIXER_ADDR_BASE + 0x11)
+/* No status bits defined (yet) */
+#define MIXER_ADDR_TIMEOUT (MIXER_ADDR_BASE + 0x20)
+
+#define CSPRNG_ADDR_BASE (SEGMENT_OFFSET_RNGS + (0x0b * CORE_SIZE))
+#define CSPRNG_ADDR_NAME0 (CSPRNG_ADDR_BASE + ADDR_NAME0)
+#define CSPRNG_ADDR_NAME1 (CSPRNG_ADDR_BASE + ADDR_NAME1)
+#define CSPRNG_ADDR_VERSION (CSPRNG_ADDR_BASE + ADDR_VERSION)
+#define CSPRNG_ADDR_CTRL (CSPRNG_ADDR_BASE + 0x10)
+#define CSPRNG_CTRL_ENABLE (1)
+#define CSPRNG_CTRL_SEED (2)
+#define CSPRNG_ADDR_STATUS (CSPRNG_ADDR_BASE + 0x11)
+#define CSPRNG_STATUS_VALID (1)
+#define CSPRNG_ADDR_RANDOM (CSPRNG_ADDR_BASE + 0x20)
+#define CSPRNG_ADDR_NROUNDS (CSPRNG_ADDR_BASE + 0x40)
+#define CSPRNG_ADDR_NBLOCKS_LO (CSPRNG_ADDR_BASE + 0x41)
+#define CSPRNG_ADDR_NBLOCKS_HI (CSPRNG_ADDR_BASE + 0x42)
+
+/* Current name and version values */
+#define TRNG_NAME0 "trng"
+#define TRNG_NAME1 " "
+#define TRNG_VERSION "0.50"
+
+#define AVALANCHE_ENTROPY_NAME0 "extn"
+#define AVALANCHE_ENTROPY_NAME1 "oise"
+#define AVALANCHE_ENTROPY_VERSION "0.10"
+
+#define ROSC_ENTROPY_NAME0 "rosc"
+#define ROSC_ENTROPY_NAME1 " ent"
+#define ROSC_ENTROPY_VERSION "0.10"
+
+#define CSPRNG_NAME0 "cspr"
+#define CSPRNG_NAME1 "ng "
+#define CSPRNG_VERSION "0.50"
+
+
+/*
+ * CIPHERS segment.
+ */
+
+/* AES core */
+#define AES_ADDR_BASE (SEGMENT_OFFSET_CIPHERS + (0 * CORE_SIZE))
+#define AES_ADDR_NAME0 (AES_ADDR_BASE + ADDR_NAME0)
+#define AES_ADDR_NAME1 (AES_ADDR_BASE + ADDR_NAME1)
+#define AES_ADDR_VERSION (AES_ADDR_BASE + ADDR_VERSION)
+#define AES_ADDR_CTRL (AES_ADDR_BASE + ADDR_CTRL)
+#define AES_ADDR_STATUS (AES_ADDR_BASE + ADDR_STATUS)
+
+#define AES_ADDR_CONFIG (AES_ADDR_BASE + 0x0a)
+#define AES_CONFIG_ENCDEC (1)
+#define AES_CONFIG_KEYLEN (2)
+
+#define AES_ADDR_KEY0 (AES_ADDR_BASE + 0x10)
+#define AES_ADDR_KEY1 (AES_ADDR_BASE + 0x11)
+#define AES_ADDR_KEY2 (AES_ADDR_BASE + 0x12)
+#define AES_ADDR_KEY3 (AES_ADDR_BASE + 0x13)
+#define AES_ADDR_KEY4 (AES_ADDR_BASE + 0x14)
+#define AES_ADDR_KEY5 (AES_ADDR_BASE + 0x15)
+#define AES_ADDR_KEY6 (AES_ADDR_BASE + 0x16)
+#define AES_ADDR_KEY7 (AES_ADDR_BASE + 0x17)
+
+#define AES_ADDR_BLOCK0 (AES_ADDR_BASE + 0x20)
+#define AES_ADDR_BLOCK1 (AES_ADDR_BASE + 0x21)
+#define AES_ADDR_BLOCK2 (AES_ADDR_BASE + 0x22)
+#define AES_ADDR_BLOCK3 (AES_ADDR_BASE + 0x23)
+
+#define AES_ADDR_RESULT0 (AES_ADDR_BASE + 0x30)
+#define AES_ADDR_RESULT1 (AES_ADDR_BASE + 0x31)
+#define AES_ADDR_RESULT2 (AES_ADDR_BASE + 0x32)
+#define AES_ADDR_RESULT3 (AES_ADDR_BASE + 0x33)
+
+/* Current name and version values */
+#define AES_CORE_NAME0 "aes "
+#define AES_CORE_NAME1 " "
+#define AES_CORE_VERSION "0.80"
+
+
+/* Chacha core */
+#define CHACHA_ADDR_BASE (SEGMENT_OFFSET_CIPHERS + (1 * CORE_SIZE))
+#define CHACHA_ADDR_NAME0 (CHACHA_ADDR_BASE + ADDR_NAME0)
+#define CHACHA_ADDR_NAME1 (CHACHA_ADDR_BASE + ADDR_NAME1)
+#define CHACHA_ADDR_VERSION (CHACHA_ADDR_BASE + ADDR_VERSION)
+#define CHACHA_ADDR_CTRL (CHACHA_ADDR_BASE + ADDR_CTRL)
+#define CHACHA_ADDR_STATUS (CHACHA_ADDR_BASE + ADDR_STATUS)
+
+#define CHACHA_ADDR_KEYLEN (CHACHA_ADDR_BASE + 0x0a)
+#define CHACHA_KEYLEN (1)
+
+#define CHACHA_ADDR_ROUNDS (CHACHA_ADDR_BASE + 0x0b)
+
+#define CHACHA_ADDR_KEY0 (CHACHA_ADDR_BASE + 0x10)
+#define CHACHA_ADDR_KEY1 (CHACHA_ADDR_BASE + 0x11)
+#define CHACHA_ADDR_KEY2 (CHACHA_ADDR_BASE + 0x12)
+#define CHACHA_ADDR_KEY3 (CHACHA_ADDR_BASE + 0x13)
+#define CHACHA_ADDR_KEY4 (CHACHA_ADDR_BASE + 0x14)
+#define CHACHA_ADDR_KEY5 (CHACHA_ADDR_BASE + 0x15)
+#define CHACHA_ADDR_KEY6 (CHACHA_ADDR_BASE + 0x16)
+#define CHACHA_ADDR_KEY7 (CHACHA_ADDR_BASE + 0x17)
+
+#define CHACHA_ADDR_IV0 (CHACHA_ADDR_BASE + 0x20)
+#define CHACHA_ADDR_IV1 (CHACHA_ADDR_BASE + 0x21)
+
+#define CHACHA_ADDR_DATA_IN0 (CHACHA_ADDR_BASE + 0x40)
+#define CHACHA_ADDR_DATA_IN1 (CHACHA_ADDR_BASE + 0x41)
+#define CHACHA_ADDR_DATA_IN2 (CHACHA_ADDR_BASE + 0x42)
+#define CHACHA_ADDR_DATA_IN3 (CHACHA_ADDR_BASE + 0x43)
+#define CHACHA_ADDR_DATA_IN4 (CHACHA_ADDR_BASE + 0x44)
+#define CHACHA_ADDR_DATA_IN5 (CHACHA_ADDR_BASE + 0x45)
+#define CHACHA_ADDR_DATA_IN6 (CHACHA_ADDR_BASE + 0x46)
+#define CHACHA_ADDR_DATA_IN7 (CHACHA_ADDR_BASE + 0x47)
+#define CHACHA_ADDR_DATA_IN8 (CHACHA_ADDR_BASE + 0x48)
+#define CHACHA_ADDR_DATA_IN9 (CHACHA_ADDR_BASE + 0x49)
+#define CHACHA_ADDR_DATA_IN10 (CHACHA_ADDR_BASE + 0x4a)
+#define CHACHA_ADDR_DATA_IN11 (CHACHA_ADDR_BASE + 0x4b)
+#define CHACHA_ADDR_DATA_IN12 (CHACHA_ADDR_BASE + 0x4c)
+#define CHACHA_ADDR_DATA_IN13 (CHACHA_ADDR_BASE + 0x4d)
+#define CHACHA_ADDR_DATA_IN14 (CHACHA_ADDR_BASE + 0x4e)
+#define CHACHA_ADDR_DATA_IN15 (CHACHA_ADDR_BASE + 0x4f)
+
+#define CHACHA_ADDR_DATA_OUT0 (CHACHA_ADDR_BASE + 0x80)
+#define CHACHA_ADDR_DATA_OUT1 (CHACHA_ADDR_BASE + 0x81)
+#define CHACHA_ADDR_DATA_OUT2 (CHACHA_ADDR_BASE + 0x82)
+#define CHACHA_ADDR_DATA_OUT3 (CHACHA_ADDR_BASE + 0x83)
+#define CHACHA_ADDR_DATA_OUT4 (CHACHA_ADDR_BASE + 0x84)
+#define CHACHA_ADDR_DATA_OUT5 (CHACHA_ADDR_BASE + 0x85)
+#define CHACHA_ADDR_DATA_OUT6 (CHACHA_ADDR_BASE + 0x86)
+#define CHACHA_ADDR_DATA_OUT7 (CHACHA_ADDR_BASE + 0x87)
+#define CHACHA_ADDR_DATA_OUT8 (CHACHA_ADDR_BASE + 0x88)
+#define CHACHA_ADDR_DATA_OUT9 (CHACHA_ADDR_BASE + 0x89)
+#define CHACHA_ADDR_DATA_OUT10 (CHACHA_ADDR_BASE + 0x8a)
+#define CHACHA_ADDR_DATA_OUT11 (CHACHA_ADDR_BASE + 0x8b)
+#define CHACHA_ADDR_DATA_OUT12 (CHACHA_ADDR_BASE + 0x8c)
+#define CHACHA_ADDR_DATA_OUT13 (CHACHA_ADDR_BASE + 0x8d)
+#define CHACHA_ADDR_DATA_OUT14 (CHACHA_ADDR_BASE + 0x8e)
+#define CHACHA_ADDR_DATA_OUT15 (CHACHA_ADDR_BASE + 0x8f)
+
+/* Current name and version values */
+#define CHACHA_NAME0 "chac"
+#define CHACHA_NAME1 "ha "
+#define CHACHA_VERSION "0.80"
+
+
+/*
+ * MATH segment.
+ */
+
+/* Modexp core */
+#define MODEXP_ADDR_BASE (SEGMENT_OFFSET_MATH + (0x00 * CORE_SIZE))
+#define MODEXP_ADDR_NAME0 (MODEXP_ADDR_BASE + ADDR_NAME0)
+#define MODEXP_ADDR_NAME1 (MODEXP_ADDR_BASE + ADDR_NAME1)
+#define MODEXP_ADDR_VERSION (MODEXP_ADDR_BASE + ADDR_VERSION)
+#define MODEXP_ADDR_CTRL (MODEXP_ADDR_BASE + ADDR_CTRL)
+#define MODEXP_CTRL_INIT_BIT (1)
+#define MODEXP_CTRL_NEXT_BIT (2)
+#define MODEXP_ADDR_STATUS (MODEXP_ADDR_BASE + ADDR_STATUS)
+
+#define MODEXP_ADDR_DELAY (MODEXP_ADDR_BASE + 0x13)
+#define MODEXP_STATUS_READY (1)
+
+#define MODEXP_MODULUS_LENGTH (MODEXP_ADDR_BASE + 0x20)
+#define MODEXP_EXPONENT_LENGTH (MODEXP_ADDR_BASE + 0x21)
+#define MODEXP_LENGTH (MODEXP_ADDR_BASE + 0x22)
+
+#define MODEXP_MODULUS_PTR_RST (MODEXP_ADDR_BASE + 0x30)
+#define MODEXP_MODULUS_DATA (MODEXP_ADDR_BASE + 0x31)
+
+#define MODEXP_EXPONENT_PTR_RST (MODEXP_ADDR_BASE + 0x40)
+#define MODEXP_EXPONENT_DATA (MODEXP_ADDR_BASE + 0x41)
+
+#define MODEXP_MESSAGE_PTR_RST (MODEXP_ADDR_BASE + 0x50)
+#define MODEXP_MESSAGE_DATA (MODEXP_ADDR_BASE + 0x51)
+
+#define MODEXP_RESULT_PTR_RST (MODEXP_ADDR_BASE + 0x60)
+#define MODEXP_RESULT_DATA (MODEXP_ADDR_BASE + 0x61)
+
+#define MODEXP_NAME0 "mode"
+#define MODEXP_NAME1 "xp "
+#define MODEXP_VERSION "0.51"
+
+
+/*
+ * C API error codes. Defined in this form so we can keep the tokens
+ * and error strings together. See errorstrings.c.
+ */
+
+#define HAL_ERROR_LIST \
+ DEFINE_HAL_ERROR(HAL_OK, "No error") \
+ DEFINE_HAL_ERROR(HAL_ERROR_BAD_ARGUMENTS, "Bad arguments given") \
+ DEFINE_HAL_ERROR(HAL_ERROR_UNSUPPORTED_KEY, "Unsupported key type or key length") \
+ DEFINE_HAL_ERROR(HAL_ERROR_IO_SETUP_FAILED, "Could not set up I/O with FPGA") \
+ DEFINE_HAL_ERROR(HAL_ERROR_IO_TIMEOUT, "I/O with FPGA timed out") \
+ DEFINE_HAL_ERROR(HAL_ERROR_IO_UNEXPECTED, "Unexpected response from FPGA") \
+ DEFINE_HAL_ERROR(HAL_ERROR_IO_OS_ERROR, "Operating system error talking to FPGA") \
+ DEFINE_HAL_ERROR(HAL_ERROR_IO_BAD_COUNT, "Bad byte count") \
+ DEFINE_HAL_ERROR(HAL_ERROR_CSPRNG_BROKEN, "CSPRNG is returning nonsense") \
+ DEFINE_HAL_ERROR(HAL_ERROR_KEYWRAP_BAD_MAGIC, "Bad magic number while unwrapping key") \
+ DEFINE_HAL_ERROR(HAL_ERROR_KEYWRAP_BAD_LENGTH, "Length out of range while unwrapping key") \
+ DEFINE_HAL_ERROR(HAL_ERROR_KEYWRAP_BAD_PADDING, "Non-zero padding detected unwrapping key") \
+ DEFINE_HAL_ERROR(HAL_ERROR_IMPOSSIBLE, "\"Impossible\" error") \
+ DEFINE_HAL_ERROR(HAL_ERROR_ALLOCATION_FAILURE, "Memory allocation failed") \
+ DEFINE_HAL_ERROR(HAL_ERROR_RESULT_TOO_LONG, "Result too long for buffer") \
+ DEFINE_HAL_ERROR(HAL_ERROR_ASN1_PARSE_FAILED, "ASN.1 parse failed") \
+ END_OF_HAL_ERROR_LIST
+
+/* Marker to forestall silly line continuation errors */
+#define END_OF_HAL_ERROR_LIST
+
+/* Define the error code enum here. See errorstrings.c for the text strings. */
+#define DEFINE_HAL_ERROR(_code_,_text_) _code_,
+typedef enum { HAL_ERROR_LIST N_HAL_ERRORS } hal_error_t;
+#undef DEFINE_HAL_ERROR
+
+/*
+ * Public functions.
+ */
+
+#include <stdint.h>
+#include <sys/types.h>
+
+extern const char *hal_error_string(const hal_error_t err);
+
+/*
+ * Public I/O functions.
+ */
+
+extern void hal_io_set_debug(int onoff);
+extern hal_error_t hal_io_write(off_t offset, const uint8_t *buf, size_t len);
+extern hal_error_t hal_io_read(off_t offset, uint8_t *buf, size_t len);
+extern hal_error_t hal_io_expected(off_t offset, const uint8_t *expected, size_t len);
+extern hal_error_t hal_io_init(off_t offset);
+extern hal_error_t hal_io_next(off_t offset);
+extern hal_error_t hal_io_wait(off_t offset, uint8_t status, int *count);
+extern hal_error_t hal_io_wait_ready(off_t offset);
+extern hal_error_t hal_io_wait_valid(off_t offset);
+
+/*
+ * Higher level public API.
+ */
+
+/*
+ * Get random bytes from the CSPRNG.
+ */
+
+extern hal_error_t hal_get_random(void *buffer, const size_t length);
+
+/*
+ * Hash and HMAC API.
+ */
+
+/*
+ * Longest hash block and digest we support at the moment.
+ */
+
+#define HAL_MAX_HASH_BLOCK_LENGTH SHA512_BLOCK_LEN
+#define HAL_MAX_HASH_DIGEST_LENGTH SHA512_DIGEST_LEN
+
+/*
+ * Public information about a digest algorithm.
+ *
+ * The _state_length values in the descriptor and the typed opaque
+ * pointers in the API are all intended to hide internal details of
+ * the implementation while making memory allocation the caller's
+ * problem.
+ */
+
+typedef struct {
+ size_t block_length;
+ size_t digest_length;
+ size_t hash_state_length;
+ size_t hmac_state_length;
+ const uint8_t * const digest_algorithm_id;
+ size_t digest_algorithm_id_length;
+ const void *driver;
+} hal_hash_descriptor_t;
+
+/*
+ * Typed opaque pointers to internal state.
+ */
+
+typedef struct { void *state; } hal_hash_state_t;
+typedef struct { void *state; } hal_hmac_state_t;
+
+/*
+ * Supported digest algorithms. These are one-element arrays so that
+ * they can be used as constant pointers.
+ */
+
+extern const hal_hash_descriptor_t hal_hash_sha1[1];
+extern const hal_hash_descriptor_t hal_hash_sha256[1];
+extern const hal_hash_descriptor_t hal_hash_sha512_224[1];
+extern const hal_hash_descriptor_t hal_hash_sha512_256[1];
+extern const hal_hash_descriptor_t hal_hash_sha384[1];
+extern const hal_hash_descriptor_t hal_hash_sha512[1];
+
+/*
+ * Hash and HMAC functions.
+ */
+
+extern void hal_hash_set_debug(int onoff);
+
+extern hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor);
+
+extern hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor,
+ hal_hash_state_t *state,
+ void *state_buffer, const size_t state_length);
+
+extern hal_error_t hal_hash_update(const hal_hash_state_t state,
+ const uint8_t * data, const size_t length);
+
+extern hal_error_t hal_hash_finalize(const hal_hash_state_t state,
+ uint8_t *digest, const size_t length);
+
+extern hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor,
+ hal_hmac_state_t *state,
+ void *state_buffer, const size_t state_length,
+ const uint8_t * const key, const size_t key_length);
+
+extern hal_error_t hal_hmac_update(const hal_hmac_state_t state,
+ const uint8_t * data, const size_t length);
+
+extern hal_error_t hal_hmac_finalize(const hal_hmac_state_t state,
+ uint8_t *hmac, const size_t length);
+
+/*
+ * AES key wrap functions.
+ */
+
+extern hal_error_t hal_aes_keywrap(const uint8_t *kek, const size_t kek_length,
+ const uint8_t *plaintext, const size_t plaintext_length,
+ uint8_t *cyphertext, size_t *ciphertext_length);
+
+extern hal_error_t hal_aes_keyunwrap(const uint8_t *kek, const size_t kek_length,
+ const uint8_t *ciphertext, const size_t ciphertext_length,
+ unsigned char *plaintext, size_t *plaintext_length);
+
+extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length);
+
+/*
+ * PBKDF2 function. Uses HMAC with the specified digest algorithm as
+ * the pseudo-random function (PRF).
+ */
+
+extern hal_error_t hal_pbkdf2(const hal_hash_descriptor_t * const descriptor,
+ const uint8_t * const password, const size_t password_length,
+ const uint8_t * const salt, const size_t salt_length,
+ uint8_t * derived_key, const size_t derived_key_length,
+ unsigned iterations_desired);
+
+/*
+ * Modular exponentiation.
+ */
+
+extern void hal_modexp_set_debug(const int onoff);
+
+extern hal_error_t hal_modexp(const uint8_t * const msg, const size_t msg_len, /* Message */
+ const uint8_t * const exp, const size_t exp_len, /* Exponent */
+ const uint8_t * const mod, const size_t mod_len, /* Modulus */
+ uint8_t * result, const size_t result_len);
+
+
+/*
+ * RSA.
+ */
+
+typedef enum { HAL_RSA_PRIVATE, HAL_RSA_PUBLIC } hal_rsa_key_type_t;
+
+typedef struct { void *key; } hal_rsa_key_t;
+
+extern const size_t hal_rsa_key_t_size;
+
+extern void hal_rsa_set_debug(const int onoff);
+
+extern void hal_rsa_set_blinding(const int onoff);
+
+extern hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
+ hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len);
+
+extern hal_error_t hal_rsa_key_get_modulus(hal_rsa_key_t key,
+ uint8_t *modulus,
+ size_t *modulus_len,
+ const size_t modulus_max);
+
+extern hal_error_t hal_rsa_key_get_public_exponent(hal_rsa_key_t key,
+ uint8_t *public_exponent,
+ size_t *public_exponent_len,
+ const size_t public_exponent_max);
+
+extern void hal_rsa_key_clear(hal_rsa_key_t key);
+
+extern hal_error_t hal_rsa_encrypt(hal_rsa_key_t key,
+ const uint8_t * const input, const size_t input_len,
+ uint8_t * output, const size_t output_len);
+
+extern hal_error_t hal_rsa_decrypt(hal_rsa_key_t key,
+ const uint8_t * const input, const size_t input_len,
+ uint8_t * output, const size_t output_len);
+
+extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const unsigned key_length,
+ const uint8_t * const public_exponent, const size_t public_exponent_len);
+
+extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key,
+ uint8_t *der, size_t *der_len, const size_t der_max);
+
+extern size_t hal_rsa_key_to_der_len(hal_rsa_key_t key);
+
+extern hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const der, const size_t der_len);
+
+#endif /* _HAL_H_ */
+
+/*
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */