port hash_tester to this version of novena_eim

2 files changed, 554 insertions, 5 deletions

diff --git a/sw/test-sha256/Makefile b/sw/test-sha256/Makefile
index c513ed0..ee8536e 100755
--- a/sw/test-sha256/Makefile
+++ b/sw/test-sha256/Makefile
@@ -1,11 +1,19 @@
-all: test-sha256
+all: test-sha256 hash_tester
+
+.c.o:
+	gcc -c -Wall -o $@ $<
 
 test-sha256 : test-sha256.o novena-eim.o
 	gcc -o test-sha256 test-sha256.o novena-eim.o
 
-test-sha256.o: test-sha256.c novena-eim.h novena-eim.c
-	gcc -c test-sha256.c
-	gcc -c novena-eim.c
+test-sha256.o: test-sha256.c novena-eim.h
+
+hash_tester : hash_tester.o novena-eim.o
+	gcc -o hash_tester hash_tester.o novena-eim.o
+
+hash_tester.o: hash_tester.c novena-eim.h
+
+novena-eim.o: novena-eim.c novena-eim.h
 
 clean:
-	rm -f *.o test-sha256
+	rm -f *.o test-adder test-sha256 hash_tester
diff --git a/sw/test-sha256/hash_tester.c b/sw/test-sha256/hash_tester.c
new file mode 100644
index 0000000..544e2c5
--- /dev/null
+++ b/sw/test-sha256/hash_tester.c
@@ -0,0 +1,541 @@
+/* 
+ * hash_tester.c
+ * --------------
+ * This program sends several commands to the coretest_hashes subsystem
+ * in order to verify the SHA-1, SHA-256 and SHA-512/x hash function
+ * cores.
+ *
+ * Note: This version of the program talks to the FPGA over an EIM bus.
+ *
+ * The single and dual block test cases are taken from the
+ * NIST KAT document:
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA_All.pdf
+ *
+ * 
+ * Authors: Joachim Strömbergson, Paul Selkirk
+ * Copyright (c) 2014, NORDUnet A/S All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+#include <signal.h>
+
+#include "novena-eim.h"
+
+int debug = 0;
+int quiet = 0;
+int repeat = 0;
+
+/* addresses and codes common to all hash cores */
+#define ADDR_NAME0              0x00
+#define ADDR_NAME1              0x04
+#define ADDR_VERSION            0x08
+#define ADDR_CTRL               0x20
+#define CTRL_INIT_CMD           1
+#define CTRL_NEXT_CMD           2
+#define ADDR_STATUS             0x24
+#define STATUS_READY_BIT        1
+#define STATUS_VALID_BIT        2
+#define ADDR_BLOCK              0x40
+#define ADDR_DIGEST             0x80
+
+/* addresses and codes for the specific hash cores */
+#define SHA256_PREFIX		0x0000
+#define SHA256_ADDR_BASE	EIM_BASE_ADDR + SHA256_PREFIX
+#define SHA256_ADDR_NAME0       SHA256_ADDR_BASE + ADDR_NAME0
+#define SHA256_ADDR_NAME1       SHA256_ADDR_BASE + ADDR_NAME1
+#define SHA256_ADDR_VERSION     SHA256_ADDR_BASE + ADDR_VERSION
+#define SHA256_ADDR_CTRL        SHA256_ADDR_BASE + ADDR_CTRL
+#define SHA256_ADDR_STATUS      SHA256_ADDR_BASE + ADDR_STATUS
+#define SHA256_ADDR_BLOCK       SHA256_ADDR_BASE + ADDR_BLOCK
+#define SHA256_ADDR_DIGEST      SHA256_ADDR_BASE + ADDR_DIGEST
+#define SHA256_BLOCK_LEN        512 / 8
+#define SHA256_DIGEST_LEN       256 / 8
+
+/* SHA-1/SHA-256 One Block Message Sample
+   Input Message: "abc" */
+const uint8_t NIST_512_SINGLE[] =
+{ 0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 };
+
+const uint8_t SHA256_SINGLE_DIGEST[] =
+{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
+  0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
+  0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
+  0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD };
+
+/* SHA-1/SHA-256 Two Block Message Sample
+   Input Message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" */
+const uint8_t NIST_512_DOUBLE0[] =
+{ 0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65,
+  0x63, 0x64, 0x65, 0x66, 0x64, 0x65, 0x66, 0x67,
+  0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69,
+  0x67, 0x68, 0x69, 0x6A, 0x68, 0x69, 0x6A, 0x6B,
+  0x69, 0x6A, 0x6B, 0x6C, 0x6A, 0x6B, 0x6C, 0x6D,
+  0x6B, 0x6C, 0x6D, 0x6E, 0x6C, 0x6D, 0x6E, 0x6F,
+  0x6D, 0x6E, 0x6F, 0x70, 0x6E, 0x6F, 0x70, 0x71,
+  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+const uint8_t NIST_512_DOUBLE1[] =
+{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xC0 };
+
+const uint8_t SHA256_DOUBLE_DIGEST[] =
+{ 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
+  0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
+  0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
+  0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 };
+
+/* ---------------- test-case low-level code ---------------- */
+
+void dump(char *label, const uint8_t *buf, int len)
+{
+    if (debug) {
+	int i;
+	printf("%s [", label);
+	for (i = 0; i < len; ++i)
+	    printf(" %02x", buf[i]);
+	printf(" ]\n");
+    }
+}
+
+int tc_write(off_t offset, const uint8_t *buf, int len)
+{
+    dump("write ", buf, len);
+
+    for (; len > 0; offset += 4, buf += 4, len -= 4) {
+	uint32_t val;
+	val = htonl(*(uint32_t *)buf);
+	eim_write_32(offset, &val);
+    }
+
+    return 0;
+}
+
+int tc_read(off_t offset, uint8_t *buf, int len)
+{
+    uint8_t *rbuf = buf;
+    int rlen = len;
+
+    for (; rlen > 0; offset += 4, rbuf += 4, rlen -= 4) {
+	uint32_t val;
+	eim_read_32(offset, &val);
+	*(uint32_t *)rbuf = ntohl(val);
+    }
+
+    dump("read  ", buf, len);
+
+    return 0;
+}
+
+int tc_expected(off_t offset, const uint8_t *expected, int len)
+{
+    uint8_t *buf;
+    int i;
+
+    buf = malloc(len);
+    if (buf == NULL) {
+        perror("malloc");
+        return 1;
+    }
+    dump("expect", expected, len);
+
+    if (tc_read(offset, buf, len) != 0)
+        goto errout;
+
+    for (i = 0; i < len; ++i)
+        if (buf[i] != expected[i]) {
+            fprintf(stderr, "response byte %d: expected 0x%02x, got 0x%02x\n",
+                    i, expected[i], buf[i]);
+            goto errout;
+        }
+
+    free(buf);
+    return 0;
+errout:
+    free(buf);
+    return 1;
+}
+
+int tc_init(off_t offset)
+{
+    uint8_t buf[4] = { 0, 0, 0, CTRL_INIT_CMD };
+
+    return tc_write(offset, buf, 4);
+}
+
+int tc_next(off_t offset)
+{
+    uint8_t buf[4] = { 0, 0, 0, CTRL_NEXT_CMD };
+
+    return tc_write(offset, buf, 4);
+}
+
+int tc_wait(off_t offset, uint8_t status)
+{
+    uint8_t buf[4];
+
+#if 0
+    do {
+        if (tc_read(offset, buf, 4) != 0)
+            return 1;
+    } while (!(buf[3] & status));
+
+    return 0;
+#else
+    int i;
+    for (i = 0; i < 10; ++i) {
+        if (tc_read(offset, buf, 4) != 0)
+            return 1;
+	if (buf[3] & status)
+	    return 0;
+    }
+    fprintf(stderr, "tc_wait timed out\n");
+    return 1;
+#endif
+}
+        
+int tc_wait_ready(off_t offset)
+{
+    return tc_wait(offset, STATUS_READY_BIT);
+}
+
+int tc_wait_valid(off_t offset)
+{
+    return tc_wait(offset, STATUS_VALID_BIT);
+}
+
+/* ---------------- SHA-1 test cases ---------------- */
+
+/* TC1: Read name and version from SHA-1 core. */
+int TC1(void)
+{
+    return 0;
+}
+
+/* TC2: SHA-1 Single block message test as specified by NIST. */
+int TC2(void)
+{
+    return 0;
+}
+
+/* TC3: SHA-1 Double block message test as specified by NIST. */
+int TC3(void)
+{
+    return 0;
+}
+
+/* ---------------- SHA-256 test cases ---------------- */
+
+/* TC4: Read name and version from SHA-256 core. */
+int TC4(void)
+{
+    uint8_t name0[4]   = { 0x73, 0x68, 0x61, 0x32 };    /* "sha2" */
+    uint8_t name1[4]   = { 0x2d, 0x32, 0x35, 0x36 };    /* "-256" */
+    uint8_t version[4] = { 0x30, 0x2e, 0x38, 0x30 };    /* "0.80" */
+
+    if (!quiet)
+	printf("TC4: Reading name, type and version words from SHA-256 core.\n");
+
+    return
+        tc_expected(SHA256_ADDR_NAME0, name0, 4) ||
+        tc_expected(SHA256_ADDR_NAME1, name1, 4) ||
+        tc_expected(SHA256_ADDR_VERSION, version, 4);
+}
+
+/* TC5: SHA-256 Single block message test as specified by NIST. */
+int TC5()
+{
+    const uint8_t *block = NIST_512_SINGLE;
+    const uint8_t *expected = SHA256_SINGLE_DIGEST;
+
+    if (!quiet)
+	printf("TC5: Single block message test for SHA-256.\n");
+
+    return
+        /* Write block to SHA-256. */
+        tc_write(SHA256_ADDR_BLOCK, block, SHA256_BLOCK_LEN) ||
+        /* Start initial block hashing, wait and check status. */
+        tc_init(SHA256_ADDR_CTRL) ||
+        tc_wait_valid(SHA256_ADDR_STATUS) ||
+        /* Extract the digest. */
+        tc_expected(SHA256_ADDR_DIGEST, expected, SHA256_DIGEST_LEN);
+}
+
+/* TC6: SHA-256 Double block message test as specified by NIST. */
+int TC6()
+{
+    const uint8_t *block[2] = { NIST_512_DOUBLE0, NIST_512_DOUBLE1 };
+    static const uint8_t block0_expected[] = 
+        { 0x85, 0xE6, 0x55, 0xD6, 0x41, 0x7A, 0x17, 0x95,
+          0x33, 0x63, 0x37, 0x6A, 0x62, 0x4C, 0xDE, 0x5C,
+          0x76, 0xE0, 0x95, 0x89, 0xCA, 0xC5, 0xF8, 0x11,
+          0xCC, 0x4B, 0x32, 0xC1, 0xF2, 0x0E, 0x53, 0x3A };
+    const uint8_t *expected = SHA256_DOUBLE_DIGEST;
+
+    if (!quiet)
+	printf("TC6: Double block message test for SHA-256.\n");
+
+    return
+        /* Write first block to SHA-256. */
+        tc_write(SHA256_ADDR_BLOCK, block[0], SHA256_BLOCK_LEN) ||
+        /* Start initial block hashing, wait and check status. */
+        tc_init(SHA256_ADDR_CTRL) ||
+        tc_wait_valid(SHA256_ADDR_STATUS) ||
+        /* Extract the first digest. */
+        tc_expected(SHA256_ADDR_DIGEST, block0_expected, SHA256_DIGEST_LEN) ||
+        /* Write second block to SHA-256. */
+        tc_write(SHA256_ADDR_BLOCK, block[1], SHA256_BLOCK_LEN) ||
+        /* Start next block hashing, wait and check status. */
+        tc_next(SHA256_ADDR_CTRL) ||
+        tc_wait_valid(SHA256_ADDR_STATUS) ||
+        /* Extract the second digest. */
+        tc_expected(SHA256_ADDR_DIGEST, expected, SHA256_DIGEST_LEN);
+}
+
+/* TC7: SHA-256 Huge message test. */
+int TC7()
+{
+    static const uint8_t block[] =
+        { 0xaa, 0x55, 0xaa, 0x55, 0xde, 0xad, 0xbe, 0xef,
+          0x55, 0xaa, 0x55, 0xaa, 0xf0, 0x0f, 0xf0, 0x0f,
+          0xaa, 0x55, 0xaa, 0x55, 0xde, 0xad, 0xbe, 0xef,
+          0x55, 0xaa, 0x55, 0xaa, 0xf0, 0x0f, 0xf0, 0x0f,
+          0xaa, 0x55, 0xaa, 0x55, 0xde, 0xad, 0xbe, 0xef,
+          0x55, 0xaa, 0x55, 0xaa, 0xf0, 0x0f, 0xf0, 0x0f,
+          0xaa, 0x55, 0xaa, 0x55, 0xde, 0xad, 0xbe, 0xef,
+          0x55, 0xaa, 0x55, 0xaa, 0xf0, 0x0f, 0xf0, 0x0f };
+
+    /* final digest after 1000 iterations */
+    static const uint8_t expected[] = 
+        { 0x76, 0x38, 0xf3, 0xbc, 0x50, 0x0d, 0xd1, 0xa6,
+          0x58, 0x6d, 0xd4, 0xd0, 0x1a, 0x15, 0x51, 0xaf,
+          0xd8, 0x21, 0xd2, 0x35, 0x2f, 0x91, 0x9e, 0x28,
+          0xd5, 0x84, 0x2f, 0xab, 0x03, 0xa4, 0x0f, 0x2a };
+
+    int i, n = 1000;
+
+    if (!quiet)
+	printf("TC7: Message with %d blocks test for SHA-256.\n", n);
+
+    /* Write block data to SHA-256. */
+    if (tc_write(SHA256_ADDR_BLOCK, block, SHA256_BLOCK_LEN))
+	return 1;
+
+    /* Start initial block hashing, wait and check status. */
+    if (tc_init(SHA256_ADDR_CTRL) ||
+        tc_wait_ready(SHA256_ADDR_STATUS))
+        return 1;
+
+    /* First block done. Do the rest. */
+    for (i = 1; i < n; ++i) {
+        /* Start next block hashing, wait and check status. */
+        if (tc_next(SHA256_ADDR_CTRL) ||
+            tc_wait_ready(SHA256_ADDR_STATUS))
+            return 1;
+    }
+
+    /* XXX valid is probably set at the same time as ready */
+    if (tc_wait_valid(SHA256_ADDR_STATUS))
+        return 1;
+    /* Extract the final digest. */
+    return tc_expected(SHA256_ADDR_DIGEST, expected, SHA256_DIGEST_LEN);
+}
+
+/* ---------------- SHA-512 test cases ---------------- */
+
+/* TC8: Read name and version from SHA-512 core. */
+int TC8()
+{
+    return 0;
+}
+
+/* TC9: SHA-512 Single block message test as specified by NIST.
+   We do this for all modes. */
+int TC9()
+{
+    return 0;
+}
+
+/* TC10: SHA-512 Double block message test as specified by NIST.
+   We do this for all modes. */
+int TC10()
+{
+    return 0;
+}
+
+/* ---------------- main ---------------- */
+
+unsigned long iter = 0;
+struct timeval tv_start, tv_end;
+void sighandler(int unused)
+{
+    double tv_diff;
+
+    gettimeofday(&tv_end, NULL);
+    tv_diff = (double)(tv_end.tv_sec - tv_start.tv_sec) +
+	(double)(tv_end.tv_usec - tv_start.tv_usec)/1000000;
+    printf("\n%lu iterations in %.3f seconds (%.3f iterations/sec)\n",
+	   iter, tv_diff, (double)iter/tv_diff);
+    exit(0);
+}
+
+int main(int argc, char *argv[])
+{
+    typedef int (*tcfp)(void);
+    tcfp sha1_tests[] = { TC1, TC2, TC3 };
+    tcfp sha256_tests[] = { TC4, TC5, TC6, TC7 };
+    tcfp sha512_tests[] = { TC8, TC9, TC10 };
+    tcfp all_tests[] = { TC1, TC2, TC3, TC4, TC5, TC6, TC7, TC8, TC9, TC10 };
+
+    char *usage = "Usage: %s [-h] [-d] [-q] [-r] tc...\n";
+    int i, j, opt;
+
+    while ((opt = getopt(argc, argv, "h?dqr")) != -1) {
+        switch (opt) {
+        case 'h':
+        case '?':
+            printf(usage, argv[0]);
+            return 0;
+        case 'd':
+            debug = 1;
+            break;
+	case 'q':
+	    quiet = 1;
+	    break;
+	case 'r':
+	    repeat = 1;
+	    break;
+        default:
+            fprintf(stderr, usage, argv[0]);
+            return 1;
+        }
+    }
+
+    // try to setup eim (return value should be 1)
+    printf("Configuring EIM .. ");
+    if (eim_setup() < 1) {
+	printf("ERROR\n");
+	return EXIT_FAILURE;
+    }
+    else {
+	printf("EIM Setup ok.\n");
+    }
+
+    if (repeat) {
+	tcfp tc;
+	if (optind != argc - 1) {
+	    fprintf(stderr, "only one test case can be repeated\n");
+	    return 1;
+	}
+	j = atoi(argv[optind]);
+	if (j <= 0 || j > sizeof(all_tests)/sizeof(all_tests[0])) {
+	    fprintf(stderr, "invalid test number %s\n", argv[optind]);
+	    return 1;
+	}
+	tc = (all_tests[j - 1]);
+	srand(time(NULL));
+	signal(SIGINT, sighandler);
+	gettimeofday(&tv_start, NULL);
+	while (1) {
+	    ++iter;
+	    if ((iter & 0xffff) == 0) {
+		printf(".");
+		fflush(stdout);
+	    }
+	    if (tc() != 0)
+		sighandler(0);
+	}
+	return 0;	/*NOTREACHED*/
+    }
+
+    /* no args == run all tests */
+    if (optind >= argc) {
+        for (j = 0; j < sizeof(all_tests)/sizeof(all_tests[0]); ++j)
+            if (all_tests[j]() != 0)
+                return 1;
+        return 0;
+    }
+
+    for (i = optind; i < argc; ++i) {
+        if (strcmp(argv[i], "sha1") == 0) {
+            for (j = 0; j < sizeof(sha1_tests)/sizeof(sha1_tests[0]); ++j)
+                if (sha1_tests[j]() != 0)
+                    return 1;
+        }
+        else if (strcmp(argv[i], "sha256") == 0) {
+            for (j = 0; j < sizeof(sha256_tests)/sizeof(sha256_tests[0]); ++j)
+                if (sha256_tests[j]() != 0)
+                    return 1;
+        }
+        else if (strcmp(argv[i], "sha512") == 0) {
+            for (j = 0; j < sizeof(sha512_tests)/sizeof(sha512_tests[0]); ++j)
+                if (sha512_tests[j]() != 0)
+                    return 1;
+        }
+        else if (strcmp(argv[i], "all") == 0) {
+            for (j = 0; j < sizeof(all_tests)/sizeof(all_tests[0]); ++j)
+                if (all_tests[j]() != 0)
+                    return 1;
+        }
+        else if (isdigit(argv[i][0]) &&
+                 (((j = atoi(argv[i])) > 0) &&
+                  (j <= sizeof(all_tests)/sizeof(all_tests[0])))) {
+            if (all_tests[j - 1]() != 0)
+                return 1;
+        }
+        else {
+            fprintf(stderr, "unknown test case %s\n", argv[i]);
+            return 1;
+        }
+    }
+
+    return 0;
+}