[Cryptech-Commits] [sw/libhal] 02/58: Add csprng and hash modules. Add real error codes instead of magic numbers, and propegate error codes up from lower layers. Whack C++-isms, add parenthesese to a lot of macro expressions for evaluation safety, other minor cleanup.

git at cryptech.is git at cryptech.is
Tue Jul 7 18:24:46 UTC 2015


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

commit fa13a8485ce07aecfbfa481baccfc33565f0be0d
Author: Rob Austein <sra at hactrn.net>
Date:   Wed May 20 16:57:33 2015 -0400

    Add csprng and hash modules.  Add real error codes instead of magic
    numbers, and propegate error codes up from lower layers.  Whack
    C++-isms, add parenthesese to a lot of macro expressions for
    evaluation safety, other minor cleanup.
---
 Makefile.in  |  40 ++--
 configure.ac |  20 +-
 cryptech.h   | 740 +++++++++++++++++++++++++++++++----------------------------
 csprng.c     |  93 ++++++++
 hal_io_eim.c |  65 +++---
 hal_io_i2c.c | 211 ++++++++++-------
 hash.c       | 376 ++++++++++++++++++++++++++++++
 7 files changed, 1043 insertions(+), 502 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 02ce7c7..b03924b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,46 +1,36 @@
 # @configure_input@
 
-INC = cryptech.h
-LIB = libcryptech.a
+INC		= cryptech.h
+LIB		= libcryptech.a
+OBJ		= ${IO_OBJ} csprng.o hash.o
 
-BIN = hash hash_tester trng_extractor trng_tester aes_tester modexp_tester
-
-HAL_IO_OBJ_EIM	= hal_io_eim.o novena-eim.o
-HAL_IO_OBJ_I2C 	= hal_io_i2c.o
-HAL_IO_OBJ	= $(HAL_IO_OBJ_ at FPGA_BUS@)
-
-LIB_OBJ		= $(HAL_IO_OBJ)
+IO_OBJ		= ${IO_OBJ_ at FPGA_BUS@}
+IO_OBJ_EIM	= hal_io_eim.o novena-eim.o
+IO_OBJ_I2C 	= hal_io_i2c.o
 
 CC		= @CC@
 CFLAGS		= @CFLAGS@
 LDFLAGS		= @LDFLAGS@
-LIBS		= @LIBS@
 
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
-bindir		= @bindir@
 includedir	= @includedir@
 libdir		= @libdir@
-sysconfdir	= @sysconfdir@
-
-all: $(LIB) $(BIN)
 
-*.o: $(INC)
+all: ${LIB}
 
-$(BIN): $(LIB)
+${OBJ}: ${INC}
 
-${LIB}: $(LIB_OBJ)
+${LIB}: ${OBJ}
 	ar rcs $@ $^
 
-install: $(LIB) $(BIN) $(INC)
-	install $(LIB) $(libdir)
-	install $(BIN) $(bindir)
-	install $(INC) $(includedir)
+install: ${LIB} ${INC}
+	install ${LIB} ${libdir}
+	install ${INC} ${includedir}
 
 uninstall:
-	cd $(libdir); rm -f $(LIB)
-	cd $(bindir); rm -f ${BIN}
-	cd $(includedir); rm -f $(INC)
+	cd ${libdir}; rm -f ${LIB}
+	cd ${includedir}; rm -f ${INC}
 
 clean:
-	rm -f *.o $(LIB) $(BIN)
+	rm -f ${OBJ} ${LIB}
diff --git a/configure.ac b/configure.ac
index 43db468..07cd236 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,23 +17,13 @@ AC_ARG_VAR([CC],	[C compiler command])
 AC_ARG_VAR([CFLAGS],	[C compiler flags])
 AC_ARG_VAR([LDFLAGS],	[Linker flags])
 
-AS_CASE($FPGA_BUS,
-	[""],[FPGA_BUS=EIM],
-	[EIM|I2C],[],
+AS_CASE($FPGA_BUS, [""],[FPGA_BUS=EIM], [EIM|I2C],[],
 	[AC_MSG_ERROR([Invalid setting of FPGA_BUS, must be "EIM" or "I2C"])])
-
-AS_CASE($CC,
-	[""],[CC="cc"],
-	[])
-	
-AS_CASE($CFLAGS,
-	[""],[CFLAGS="-g -Wall -fPIC"],
-	[])
-	
-AS_CASE($LDFLAGS,
-	[""],[LDFLAGS="-g"],
-	[])
 	
+AS_CASE($CC,      [""],[CC="cc"],		  [])
+AS_CASE($CFLAGS,  [""],[CFLAGS="-g -Wall -fPIC"], [])
+AS_CASE($LDFLAGS, [""],[LDFLAGS="-g"],		  [])
+
 AC_MSG_NOTICE([FPGA bus: $FPGA_BUS])
 AC_MSG_NOTICE([C compiler: $CC])
 AC_MSG_NOTICE([C compiler flags: $CFLAGS])
diff --git a/cryptech.h b/cryptech.h
index 9a10c58..903fbd4 100644
--- a/cryptech.h
+++ b/cryptech.h
@@ -1,124 +1,122 @@
-//======================================================================
-//
-// cryptech.h
-// ----------
-// Memory map and access functions for Cryptech cores.
-//
-//
-// Authors: Joachim Strombergson, Paul Selkirk
-// Copyright (c) 2015, NORDUnet A/S All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-// - Redistributions of source code must retain the above copyright notice,
-//   this list of conditions and the following disclaimer.
-//
-// - Redistributions in binary form must reproduce the above copyright
-//   notice, this list of conditions and the following disclaimer in the
-//   documentation and/or other materials provided with the distribution.
-//
-// - Neither the name of the NORDUnet nor the names of its contributors may
-//   be used to endorse or promote products derived from this software
-//   without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-//======================================================================
-
 /*
+ * cryptech.h
+ * ----------
+ * Memory map and access functions for Cryptech cores.
+ *
+ * Authors: Joachim Strombergson, Paul Selkirk
+ * Copyright (c) 2015, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
 
-Each Cryptech core has a set of 4-byte registers, which are accessed
-through a 16-bit address. The address space is divided as follows:
-  3 bits segment selector       | up to 8 segments
-  5 bits core selector          | up to 32 cores/segment (see note below)
-  8 bits register selector      | up to 256 registers/core (see modexp below)
-
-i.e, the address is structured as:
-sss ccccc rrrrrrrr
-
-The I2C and UART communication channels use this 16-bit address format
-directly in their read and write commands.
-
-The EIM communications channel translates this 16-bit address into a
-32-bit memory-mapped address in the range 0x08000000..807FFFF:
-00001000000000 sss 0 ccccc rrrrrrrr 00
-
-EIM, as implemented on the Novena, uses a 19-bit address space:
-  Bits 18..16 are the semgent selector.
-  Bits 15..10 are the core selector.
-  Bits 9..2 are the register selector.
-  Bits 1..0 are zero, because reads and writes are always word aligned.
-
-Note that EIM can support 64 cores per segment, but we sacrifice one bit
-in order to map it into a 16-bit address space.
-
-*/
-
-
-//------------------------------------------------------------------
-// Default sizes
-//------------------------------------------------------------------
-#define CORE_SIZE               0x100
-#define SEGMENT_SIZE            0x20 * CORE_SIZE
+/*
+ * Each Cryptech core has a set of 4-byte registers, which are accessed
+ * through a 16-bit address. The address space is divided as follows:
+ *   3 bits segment selector       | up to 8 segments
+ *   5 bits core selector          | up to 32 cores/segment (see note below)
+ *   8 bits register selector      | up to 256 registers/core (see modexp below)
+ * 
+ * i.e, the address is structured as:
+ * sss ccccc rrrrrrrr
+ * 
+ * The I2C and UART communication channels use this 16-bit address format
+ * directly in their read and write commands.
+ * 
+ * The EIM communications channel translates this 16-bit address into a
+ * 32-bit memory-mapped address in the range 0x08000000..807FFFF:
+ * 00001000000000 sss 0 ccccc rrrrrrrr 00
+ * 
+ * EIM, as implemented on the Novena, uses a 19-bit address space:
+ *   Bits 18..16 are the semgent selector.
+ *   Bits 15..10 are the core selector.
+ *   Bits 9..2 are the register selector.
+ *   Bits 1..0 are zero, because reads and writes are always word aligned.
+ * 
+ * Note that EIM can support 64 cores per segment, but we sacrifice one bit
+ * in order to map it into a 16-bit address space.
+ */
+
+#ifndef _CRYPTECH_H_
+#define _CRYPTECH_H_
 
 
-//------------------------------------------------------------------
-// Segments
-//------------------------------------------------------------------
-#define SEGMENT_OFFSET_GLOBALS  0 * SEGMENT_SIZE
-#define SEGMENT_OFFSET_HASHES   1 * SEGMENT_SIZE
-#define SEGMENT_OFFSET_RNGS     2 * SEGMENT_SIZE
-#define SEGMENT_OFFSET_CIPHERS  3 * SEGMENT_SIZE
-#define SEGMENT_OFFSET_MATH     4 * SEGMENT_SIZE
+/*
+ * Default sizes.
+ */
+#define CORE_SIZE               (0x100)
+#define SEGMENT_SIZE            (0x20 * CORE_SIZE)
 
 
-//------------------------------------------------------------------
-// Addresses and codes common to all cores
-//------------------------------------------------------------------
-#define ADDR_NAME0              0x00
-#define ADDR_NAME1              0x01
-#define ADDR_VERSION            0x02
-#define ADDR_CTRL               0x08
-#define CTRL_INIT               1
-#define CTRL_NEXT               2
-#define ADDR_STATUS             0x09
-#define STATUS_READY            1
-#define STATUS_VALID            2
+/*
+ * Segments.
+ */
+#define SEGMENT_OFFSET_GLOBALS  (0 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_HASHES   (1 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_RNGS     (2 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_CIPHERS  (3 * SEGMENT_SIZE)
+#define SEGMENT_OFFSET_MATH     (4 * SEGMENT_SIZE)
 
 
-// a handy macro from cryptlib
+/*
+ * Addresses and codes common to all cores.
+ */
+#define ADDR_NAME0              (0x00)
+#define ADDR_NAME1              (0x01)
+#define ADDR_VERSION            (0x02)
+#define ADDR_CTRL               (0x08)
+#define CTRL_INIT               (1)
+#define CTRL_NEXT               (2)
+#define ADDR_STATUS             (0x09)
+#define STATUS_READY            (1)
+#define STATUS_VALID            (2)
+
+
+/* A handy macro from cryptlib */
 #ifndef bitsToBytes
 #define bitsToBytes(x)          (x / 8)
 #endif
 
 
-//------------------------------------------------------------------
-// Board segment.
-// Board-level registers and communication channel registers
-//------------------------------------------------------------------
-#define BOARD_ADDR_BASE         SEGMENT_OFFSET_GLOBALS + (0 * CORE_SIZE)
-#define BOARD_ADDR_NAME0        BOARD_ADDR_BASE + ADDR_NAME0
-#define BOARD_ADDR_NAME1        BOARD_ADDR_BASE + ADDR_NAME1
-#define BOARD_ADDR_VERSION      BOARD_ADDR_BASE + ADDR_VERSION
-#define BOARD_ADDR_DUMMY        BOARD_ADDR_BASE + 0xFF
-
-#define COMM_ADDR_BASE          SEGMENT_OFFSET_GLOBALS + (1 * CORE_SIZE)
-#define COMM_ADDR_NAME0         COMM_ADDR_BASE + ADDR_NAME0
-#define COMM_ADDR_NAME1         COMM_ADDR_BASE + ADDR_NAME1
-#define COMM_ADDR_VERSION       COMM_ADDR_BASE + ADDR_VERSION
-
-// current name and version values
+/*
+ * Board segment.
+ * Board-level registers and communication channel registers.
+ */
+#define BOARD_ADDR_BASE         (SEGMENT_OFFSET_GLOBALS + (0 * CORE_SIZE))
+#define BOARD_ADDR_NAME0        (BOARD_ADDR_BASE + ADDR_NAME0)
+#define BOARD_ADDR_NAME1        (BOARD_ADDR_BASE + ADDR_NAME1)
+#define BOARD_ADDR_VERSION      (BOARD_ADDR_BASE + ADDR_VERSION)
+#define BOARD_ADDR_DUMMY        (BOARD_ADDR_BASE + 0xFF)
+
+#define COMM_ADDR_BASE          (SEGMENT_OFFSET_GLOBALS + (1 * CORE_SIZE))
+#define COMM_ADDR_NAME0         (COMM_ADDR_BASE + ADDR_NAME0)
+#define COMM_ADDR_NAME1         (COMM_ADDR_BASE + ADDR_NAME1)
+#define COMM_ADDR_VERSION       (COMM_ADDR_BASE + ADDR_VERSION)
+
+/* Current name and version values */
 #define NOVENA_BOARD_NAME0      "PVT1"
 #define NOVENA_BOARD_NAME1      "    "
 #define NOVENA_BOARD_VERSION    "0.10"
@@ -132,58 +130,59 @@ in order to map it into a 16-bit address space.
 #define I2C_INTERFACE_VERSION   "0.10"
 
 
-//------------------------------------------------------------------
-// Hashes segment.
-//------------------------------------------------------------------
-// addresses common to all hash cores
-#define ADDR_BLOCK              0x10
-#define ADDR_DIGEST             0x20      // except SHA512
-
-// addresses and codes for the specific hash cores.
-#define SHA1_ADDR_BASE          SEGMENT_OFFSET_HASHES + (0 * CORE_SIZE)
-#define SHA1_ADDR_NAME0         SHA1_ADDR_BASE + ADDR_NAME0
-#define SHA1_ADDR_NAME1         SHA1_ADDR_BASE + ADDR_NAME1
-#define SHA1_ADDR_VERSION       SHA1_ADDR_BASE + ADDR_VERSION
-#define SHA1_ADDR_CTRL          SHA1_ADDR_BASE + ADDR_CTRL
-#define SHA1_ADDR_STATUS        SHA1_ADDR_BASE + ADDR_STATUS
-#define SHA1_ADDR_BLOCK         SHA1_ADDR_BASE + ADDR_BLOCK
-#define SHA1_ADDR_DIGEST        SHA1_ADDR_BASE + ADDR_DIGEST
+/*
+ * Hashes segment.
+ */
+
+/* Addresses common to all hash cores */
+#define ADDR_BLOCK              (0x10)
+#define ADDR_DIGEST             (0x20)      /* except SHA512 */
+
+/* Addresses and codes for the specific hash cores */
+#define SHA1_ADDR_BASE          (SEGMENT_OFFSET_HASHES + (0 * CORE_SIZE))
+#define SHA1_ADDR_NAME0         (SHA1_ADDR_BASE + ADDR_NAME0)
+#define SHA1_ADDR_NAME1         (SHA1_ADDR_BASE + ADDR_NAME1)
+#define SHA1_ADDR_VERSION       (SHA1_ADDR_BASE + ADDR_VERSION)
+#define SHA1_ADDR_CTRL          (SHA1_ADDR_BASE + ADDR_CTRL)
+#define SHA1_ADDR_STATUS        (SHA1_ADDR_BASE + ADDR_STATUS)
+#define SHA1_ADDR_BLOCK         (SHA1_ADDR_BASE + ADDR_BLOCK)
+#define SHA1_ADDR_DIGEST        (SHA1_ADDR_BASE + ADDR_DIGEST)
 #define SHA1_BLOCK_LEN          bitsToBytes(512)
 #define SHA1_LENGTH_LEN         bitsToBytes(64)
 #define SHA1_DIGEST_LEN         bitsToBytes(160)
 
-#define SHA256_ADDR_BASE        SEGMENT_OFFSET_HASHES + (1 * CORE_SIZE)
-#define SHA256_ADDR_NAME0       SHA256_ADDR_BASE + ADDR_NAME0
-#define SHA256_ADDR_NAME1       SHA256_ADDR_BASE + ADDR_NAME1
-#define SHA256_ADDR_VERSION     SHA256_ADDR_BASE + ADDR_VERSION
-#define SHA256_ADDR_CTRL        SHA256_ADDR_BASE + ADDR_CTRL
-#define SHA256_ADDR_STATUS      SHA256_ADDR_BASE + ADDR_STATUS
-#define SHA256_ADDR_BLOCK       SHA256_ADDR_BASE + ADDR_BLOCK
-#define SHA256_ADDR_DIGEST      SHA256_ADDR_BASE + ADDR_DIGEST
+#define SHA256_ADDR_BASE        (SEGMENT_OFFSET_HASHES + (1 * CORE_SIZE))
+#define SHA256_ADDR_NAME0       (SHA256_ADDR_BASE + ADDR_NAME0)
+#define SHA256_ADDR_NAME1       (SHA256_ADDR_BASE + ADDR_NAME1)
+#define SHA256_ADDR_VERSION     (SHA256_ADDR_BASE + ADDR_VERSION)
+#define SHA256_ADDR_CTRL        (SHA256_ADDR_BASE + ADDR_CTRL)
+#define SHA256_ADDR_STATUS      (SHA256_ADDR_BASE + ADDR_STATUS)
+#define SHA256_ADDR_BLOCK       (SHA256_ADDR_BASE + ADDR_BLOCK)
+#define SHA256_ADDR_DIGEST      (SHA256_ADDR_BASE + ADDR_DIGEST)
 #define SHA256_BLOCK_LEN        bitsToBytes(512)
 #define SHA256_LENGTH_LEN       bitsToBytes(64)
 #define SHA256_DIGEST_LEN       bitsToBytes(256)
 
-#define SHA512_ADDR_BASE        SEGMENT_OFFSET_HASHES + (2 * CORE_SIZE)
-#define SHA512_ADDR_NAME0       SHA512_ADDR_BASE + ADDR_NAME0
-#define SHA512_ADDR_NAME1       SHA512_ADDR_BASE + ADDR_NAME1
-#define SHA512_ADDR_VERSION     SHA512_ADDR_BASE + ADDR_VERSION
-#define SHA512_ADDR_CTRL        SHA512_ADDR_BASE + ADDR_CTRL
-#define SHA512_ADDR_STATUS      SHA512_ADDR_BASE + ADDR_STATUS
-#define SHA512_ADDR_BLOCK       SHA512_ADDR_BASE + ADDR_BLOCK
-#define SHA512_ADDR_DIGEST      SHA512_ADDR_BASE + 0x40
+#define SHA512_ADDR_BASE        (SEGMENT_OFFSET_HASHES + (2 * CORE_SIZE))
+#define SHA512_ADDR_NAME0       (SHA512_ADDR_BASE + ADDR_NAME0)
+#define SHA512_ADDR_NAME1       (SHA512_ADDR_BASE + ADDR_NAME1)
+#define SHA512_ADDR_VERSION     (SHA512_ADDR_BASE + ADDR_VERSION)
+#define SHA512_ADDR_CTRL        (SHA512_ADDR_BASE + ADDR_CTRL)
+#define SHA512_ADDR_STATUS      (SHA512_ADDR_BASE + ADDR_STATUS)
+#define SHA512_ADDR_BLOCK       (SHA512_ADDR_BASE + ADDR_BLOCK)
+#define SHA512_ADDR_DIGEST      (SHA512_ADDR_BASE + 0x40)
 #define SHA512_BLOCK_LEN        bitsToBytes(1024)
 #define SHA512_LENGTH_LEN       bitsToBytes(128)
 #define SHA512_224_DIGEST_LEN   bitsToBytes(224)
 #define SHA512_256_DIGEST_LEN   bitsToBytes(256)
 #define SHA384_DIGEST_LEN       bitsToBytes(384)
 #define SHA512_DIGEST_LEN       bitsToBytes(512)
-#define MODE_SHA_512_224        0 << 2
-#define MODE_SHA_512_256        1 << 2
-#define MODE_SHA_384            2 << 2
-#define MODE_SHA_512            3 << 2
+#define MODE_SHA_512_224        (0 << 2)
+#define MODE_SHA_512_256        (1 << 2)
+#define MODE_SHA_384            (2 << 2)
+#define MODE_SHA_512            (3 << 2)
 
-// current name and version values
+/* Current name and version values */
 #define SHA1_NAME0              "sha1"
 #define SHA1_NAME1              "    "
 #define SHA1_VERSION            "0.50"
@@ -197,72 +196,73 @@ in order to map it into a 16-bit address space.
 #define SHA512_VERSION          "0.80"
 
 
-//-----------------------------------------------------------------
-// TRNG segment.
-//-----------------------------------------------------------------
-// addresses and codes for the TRNG cores */
-#define TRNG_ADDR_BASE          SEGMENT_OFFSET_RNGS + (0x00 * CORE_SIZE)
-#define TRNG_ADDR_NAME0         TRNG_ADDR_BASE + ADDR_NAME0
-#define TRNG_ADDR_NAME1         TRNG_ADDR_BASE + ADDR_NAME1
-#define TRNG_ADDR_VERSION       TRNG_ADDR_BASE + ADDR_VERSION
-#define TRNG_ADDR_CTRL          TRNG_ADDR_BASE + 0x10
-#define TRNG_CTRL_DISCARD       1
-#define TRNG_CTRL_TEST_MODE     2
-#define TRNG_ADDR_STATUS        TRNG_ADDR_BASE + 0x11
-// no status bits defined (yet)
-#define TRNG_ADDR_DELAY         TRNG_ADDR_BASE + 0x13
-
-#define ENTROPY1_ADDR_BASE      SEGMENT_OFFSET_RNGS + (0x05 * CORE_SIZE)
-#define ENTROPY1_ADDR_NAME0     ENTROPY1_ADDR_BASE + ADDR_NAME0
-#define ENTROPY1_ADDR_NAME1     ENTROPY1_ADDR_BASE + ADDR_NAME1
-#define ENTROPY1_ADDR_VERSION   ENTROPY1_ADDR_BASE + ADDR_VERSION
-#define ENTROPY1_ADDR_CTRL      ENTROPY1_ADDR_BASE + 0x10
-#define ENTROPY1_CTRL_ENABLE    1
-#define ENTROPY1_ADDR_STATUS    ENTROPY1_ADDR_BASE + 0x11
-#define ENTROPY1_STATUS_VALID   1
-#define ENTROPY1_ADDR_ENTROPY   ENTROPY1_ADDR_BASE + 0x20
-#define ENTROPY1_ADDR_DELTA     ENTROPY1_ADDR_BASE + 0x30
-
-#define ENTROPY2_ADDR_BASE      SEGMENT_OFFSET_RNGS + (0x06 * CORE_SIZE)
-#define ENTROPY2_ADDR_NAME0     ENTROPY2_ADDR_BASE + ADDR_NAME0
-#define ENTROPY2_ADDR_NAME1     ENTROPY2_ADDR_BASE + ADDR_NAME1
-#define ENTROPY2_ADDR_VERSION   ENTROPY2_ADDR_BASE + ADDR_VERSION
-#define ENTROPY2_ADDR_CTRL      ENTROPY2_ADDR_BASE + 0x10
-#define ENTROPY2_CTRL_ENABLE    1
-#define ENTROPY2_ADDR_STATUS    ENTROPY2_ADDR_BASE + 0x11
-#define ENTROPY2_STATUS_VALID   1
-#define ENTROPY2_ADDR_OPA       ENTROPY2_ADDR_BASE + 0x18
-#define ENTROPY2_ADDR_OPB       ENTROPY2_ADDR_BASE + 0x19
-#define ENTROPY2_ADDR_ENTROPY   ENTROPY2_ADDR_BASE + 0x20
-#define ENTROPY2_ADDR_RAW       ENTROPY2_ADDR_BASE + 0x21
-#define ENTROPY2_ADDR_ROSC      ENTROPY2_ADDR_BASE + 0x22
-
-#define MIXER_ADDR_BASE         SEGMENT_OFFSET_RNGS + (0x0a * CORE_SIZE)
-#define MIXER_ADDR_NAME0        MIXER_ADDR_BASE + ADDR_NAME0
-#define MIXER_ADDR_NAME1        MIXER_ADDR_BASE + ADDR_NAME1
-#define MIXER_ADDR_VERSION      MIXER_ADDR_BASE + ADDR_VERSION
-#define MIXER_ADDR_CTRL         MIXER_ADDR_BASE + 0x10
-#define MIXER_CTRL_ENABLE       1
-#define MIXER_CTRL_RESTART      2
-#define MIXER_ADDR_STATUS       MIXER_ADDR_BASE + 0x11
-// no status bits defined (yet)
-#define MIXER_ADDR_TIMEOUT      MIXER_ADDR_BASE + 0x20
-
-#define CSPRNG_ADDR_BASE        SEGMENT_OFFSET_RNGS + (0x0b * CORE_SIZE)
-#define CSPRNG_ADDR_NAME0       CSPRNG_ADDR_BASE + ADDR_NAME0
-#define CSPRNG_ADDR_NAME1       CSPRNG_ADDR_BASE + ADDR_NAME1
-#define CSPRNG_ADDR_VERSION     CSPRNG_ADDR_BASE + ADDR_VERSION
-#define CSPRNG_ADDR_CTRL        CSPRNG_ADDR_BASE + 0x10
-#define CSPRNG_CTRL_ENABLE      1
-#define CSPRNG_CTRL_SEED        2
-#define CSPRNG_ADDR_STATUS      CSPRNG_ADDR_BASE + 0x11
-#define CSPRNG_STATUS_VALID     1
-#define CSPRNG_ADDR_RANDOM      CSPRNG_ADDR_BASE + 0x20
-#define CSPRNG_ADDR_NROUNDS     CSPRNG_ADDR_BASE + 0x40
-#define CSPRNG_ADDR_NBLOCKS_LO  CSPRNG_ADDR_BASE + 0x41
-#define CSPRNG_ADDR_NBLOCKS_HI  CSPRNG_ADDR_BASE + 0x42
-
-// current name and version values
+/*
+ * TRNG segment.
+ */
+
+/* addresses and codes for the TRNG cores */
+#define TRNG_ADDR_BASE          (SEGMENT_OFFSET_RNGS + (0x00 * CORE_SIZE))
+#define TRNG_ADDR_NAME0         (TRNG_ADDR_BASE + ADDR_NAME0)
+#define TRNG_ADDR_NAME1         (TRNG_ADDR_BASE + ADDR_NAME1)
+#define TRNG_ADDR_VERSION       (TRNG_ADDR_BASE + ADDR_VERSION)
+#define TRNG_ADDR_CTRL          (TRNG_ADDR_BASE + 0x10)
+#define TRNG_CTRL_DISCARD       (1)
+#define TRNG_CTRL_TEST_MODE     (2)
+#define TRNG_ADDR_STATUS        (TRNG_ADDR_BASE + 0x11)
+/* No status bits defined (yet) */
+#define TRNG_ADDR_DELAY         (TRNG_ADDR_BASE + 0x13)
+
+#define ENTROPY1_ADDR_BASE      (SEGMENT_OFFSET_RNGS + (0x05 * CORE_SIZE))
+#define ENTROPY1_ADDR_NAME0     (ENTROPY1_ADDR_BASE + ADDR_NAME0)
+#define ENTROPY1_ADDR_NAME1     (ENTROPY1_ADDR_BASE + ADDR_NAME1)
+#define ENTROPY1_ADDR_VERSION   (ENTROPY1_ADDR_BASE + ADDR_VERSION)
+#define ENTROPY1_ADDR_CTRL      (ENTROPY1_ADDR_BASE + 0x10)
+#define ENTROPY1_CTRL_ENABLE    (1)
+#define ENTROPY1_ADDR_STATUS    (ENTROPY1_ADDR_BASE + 0x11)
+#define ENTROPY1_STATUS_VALID   (1)
+#define ENTROPY1_ADDR_ENTROPY   (ENTROPY1_ADDR_BASE + 0x20)
+#define ENTROPY1_ADDR_DELTA     (ENTROPY1_ADDR_BASE + 0x30)
+
+#define ENTROPY2_ADDR_BASE      (SEGMENT_OFFSET_RNGS + (0x06 * CORE_SIZE))
+#define ENTROPY2_ADDR_NAME0     (ENTROPY2_ADDR_BASE + ADDR_NAME0)
+#define ENTROPY2_ADDR_NAME1     (ENTROPY2_ADDR_BASE + ADDR_NAME1)
+#define ENTROPY2_ADDR_VERSION   (ENTROPY2_ADDR_BASE + ADDR_VERSION)
+#define ENTROPY2_ADDR_CTRL      (ENTROPY2_ADDR_BASE + 0x10)
+#define ENTROPY2_CTRL_ENABLE    (1)
+#define ENTROPY2_ADDR_STATUS    (ENTROPY2_ADDR_BASE + 0x11)
+#define ENTROPY2_STATUS_VALID   (1)
+#define ENTROPY2_ADDR_OPA       (ENTROPY2_ADDR_BASE + 0x18)
+#define ENTROPY2_ADDR_OPB       (ENTROPY2_ADDR_BASE + 0x19)
+#define ENTROPY2_ADDR_ENTROPY   (ENTROPY2_ADDR_BASE + 0x20)
+#define ENTROPY2_ADDR_RAW       (ENTROPY2_ADDR_BASE + 0x21)
+#define ENTROPY2_ADDR_ROSC      (ENTROPY2_ADDR_BASE + 0x22)
+
+#define MIXER_ADDR_BASE         (SEGMENT_OFFSET_RNGS + (0x0a * CORE_SIZE))
+#define MIXER_ADDR_NAME0        (MIXER_ADDR_BASE + ADDR_NAME0)
+#define MIXER_ADDR_NAME1        (MIXER_ADDR_BASE + ADDR_NAME1)
+#define MIXER_ADDR_VERSION      (MIXER_ADDR_BASE + ADDR_VERSION)
+#define MIXER_ADDR_CTRL         (MIXER_ADDR_BASE + 0x10)
+#define MIXER_CTRL_ENABLE       (1)
+#define MIXER_CTRL_RESTART      (2)
+#define MIXER_ADDR_STATUS       (MIXER_ADDR_BASE + 0x11)
+/* No status bits defined (yet) */
+#define MIXER_ADDR_TIMEOUT      (MIXER_ADDR_BASE + 0x20)
+
+#define CSPRNG_ADDR_BASE        (SEGMENT_OFFSET_RNGS + (0x0b * CORE_SIZE))
+#define CSPRNG_ADDR_NAME0       (CSPRNG_ADDR_BASE + ADDR_NAME0)
+#define CSPRNG_ADDR_NAME1       (CSPRNG_ADDR_BASE + ADDR_NAME1)
+#define CSPRNG_ADDR_VERSION     (CSPRNG_ADDR_BASE + ADDR_VERSION)
+#define CSPRNG_ADDR_CTRL        (CSPRNG_ADDR_BASE + 0x10)
+#define CSPRNG_CTRL_ENABLE      (1)
+#define CSPRNG_CTRL_SEED        (2)
+#define CSPRNG_ADDR_STATUS      (CSPRNG_ADDR_BASE + 0x11)
+#define CSPRNG_STATUS_VALID     (1)
+#define CSPRNG_ADDR_RANDOM      (CSPRNG_ADDR_BASE + 0x20)
+#define CSPRNG_ADDR_NROUNDS     (CSPRNG_ADDR_BASE + 0x40)
+#define CSPRNG_ADDR_NBLOCKS_LO  (CSPRNG_ADDR_BASE + 0x41)
+#define CSPRNG_ADDR_NBLOCKS_HI  (CSPRNG_ADDR_BASE + 0x42)
+
+/* Current name and version values */
 #define TRNG_NAME0              "trng"
 #define TRNG_NAME1              "    "
 #define TRNG_VERSION            "0.50"
@@ -280,162 +280,208 @@ in order to map it into a 16-bit address space.
 #define CSPRNG_VERSION          "0.50"
 
 
-// -----------------------------------------------------------------
-// CIPHERS segment.
-// -----------------------------------------------------------------
-// aes core.
-#define AES_ADDR_BASE           SEGMENT_OFFSET_CIPHERS + (0 * CORE_SIZE)
-#define AES_ADDR_NAME0          AES_ADDR_BASE + ADDR_NAME0
-#define AES_ADDR_NAME1          AES_ADDR_BASE + ADDR_NAME1
-#define AES_ADDR_VERSION        AES_ADDR_BASE + ADDR_VERSION
-#define AES_ADDR_CTRL           AES_ADDR_BASE + ADDR_CTRL
-#define AES_ADDR_STATUS         AES_ADDR_BASE + ADDR_STATUS
-
-#define AES_ADDR_CONFIG         AES_ADDR_BASE + 0x0a
-#define AES_CONFIG_ENCDEC       1
-#define AES_CONFIG_KEYLEN       2
-
-#define AES_ADDR_KEY0           AES_ADDR_BASE + 0x10
-#define AES_ADDR_KEY1           AES_ADDR_BASE + 0x11
-#define AES_ADDR_KEY2           AES_ADDR_BASE + 0x12
-#define AES_ADDR_KEY3           AES_ADDR_BASE + 0x13
-#define AES_ADDR_KEY4           AES_ADDR_BASE + 0x14
-#define AES_ADDR_KEY5           AES_ADDR_BASE + 0x15
-#define AES_ADDR_KEY6           AES_ADDR_BASE + 0x16
-#define AES_ADDR_KEY7           AES_ADDR_BASE + 0x17
-
-#define AES_ADDR_BLOCK0         AES_ADDR_BASE + 0x20
-#define AES_ADDR_BLOCK1         AES_ADDR_BASE + 0x21
-#define AES_ADDR_BLOCK2         AES_ADDR_BASE + 0x22
-#define AES_ADDR_BLOCK3         AES_ADDR_BASE + 0x23
-
-#define AES_ADDR_RESULT0        AES_ADDR_BASE + 0x30
-#define AES_ADDR_RESULT1        AES_ADDR_BASE + 0x31
-#define AES_ADDR_RESULT2        AES_ADDR_BASE + 0x32
-#define AES_ADDR_RESULT3        AES_ADDR_BASE + 0x33
-
-// current name and version values
+/*
+ * CIPHERS segment.
+ */
+
+/* AES core */
+#define AES_ADDR_BASE           (SEGMENT_OFFSET_CIPHERS + (0 * CORE_SIZE))
+#define AES_ADDR_NAME0          (AES_ADDR_BASE + ADDR_NAME0)
+#define AES_ADDR_NAME1          (AES_ADDR_BASE + ADDR_NAME1)
+#define AES_ADDR_VERSION        (AES_ADDR_BASE + ADDR_VERSION)
+#define AES_ADDR_CTRL           (AES_ADDR_BASE + ADDR_CTRL)
+#define AES_ADDR_STATUS         (AES_ADDR_BASE + ADDR_STATUS)
+
+#define AES_ADDR_CONFIG         (AES_ADDR_BASE + 0x0a)
+#define AES_CONFIG_ENCDEC       (1)
+#define AES_CONFIG_KEYLEN       (2)
+
+#define AES_ADDR_KEY0           (AES_ADDR_BASE + 0x10)
+#define AES_ADDR_KEY1           (AES_ADDR_BASE + 0x11)
+#define AES_ADDR_KEY2           (AES_ADDR_BASE + 0x12)
+#define AES_ADDR_KEY3           (AES_ADDR_BASE + 0x13)
+#define AES_ADDR_KEY4           (AES_ADDR_BASE + 0x14)
+#define AES_ADDR_KEY5           (AES_ADDR_BASE + 0x15)
+#define AES_ADDR_KEY6           (AES_ADDR_BASE + 0x16)
+#define AES_ADDR_KEY7           (AES_ADDR_BASE + 0x17)
+
+#define AES_ADDR_BLOCK0         (AES_ADDR_BASE + 0x20)
+#define AES_ADDR_BLOCK1         (AES_ADDR_BASE + 0x21)
+#define AES_ADDR_BLOCK2         (AES_ADDR_BASE + 0x22)
+#define AES_ADDR_BLOCK3         (AES_ADDR_BASE + 0x23)
+
+#define AES_ADDR_RESULT0        (AES_ADDR_BASE + 0x30)
+#define AES_ADDR_RESULT1        (AES_ADDR_BASE + 0x31)
+#define AES_ADDR_RESULT2        (AES_ADDR_BASE + 0x32)
+#define AES_ADDR_RESULT3        (AES_ADDR_BASE + 0x33)
+
+/* Current name and version values */
 #define AES_CORE_NAME0          "aes "
 #define AES_CORE_NAME1          "    "
 #define AES_CORE_VERSION        "0.80"
 
 
-// Chacha core
-#define CHACHA_ADDR_BASE        SEGMENT_OFFSET_CIPHERS + (1 * CORE_SIZE)
-#define CHACHA_ADDR_NAME0       CHACHA_ADDR_BASE + ADDR_NAME0
-#define CHACHA_ADDR_NAME1       CHACHA_ADDR_BASE + ADDR_NAME1
-#define CHACHA_ADDR_VERSION     CHACHA_ADDR_BASE + ADDR_VERSION
-#define CHACHA_ADDR_CTRL        CHACHA_ADDR_BASE + ADDR_CTRL
-#define CHACHA_ADDR_STATUS      CHACHA_ADDR_BASE + ADDR_STATUS
-
-#define CHACHA_ADDR_KEYLEN      CHACHA_ADDR_BASE + 0x0a
-#define CHACHA_KEYLEN           1
-
-#define CHACHA_ADDR_ROUNDS      CHACHA_ADDR_BASE + 0x0b
-
-#define CHACHA_ADDR_KEY0        CHACHA_ADDR_BASE + 0x10
-#define CHACHA_ADDR_KEY1        CHACHA_ADDR_BASE + 0x11
-#define CHACHA_ADDR_KEY2        CHACHA_ADDR_BASE + 0x12
-#define CHACHA_ADDR_KEY3        CHACHA_ADDR_BASE + 0x13
-#define CHACHA_ADDR_KEY4        CHACHA_ADDR_BASE + 0x14
-#define CHACHA_ADDR_KEY5        CHACHA_ADDR_BASE + 0x15
-#define CHACHA_ADDR_KEY6        CHACHA_ADDR_BASE + 0x16
-#define CHACHA_ADDR_KEY7        CHACHA_ADDR_BASE + 0x17
-
-#define CHACHA_ADDR_IV0         CHACHA_ADDR_BASE + 0x20
-#define CHACHA_ADDR_IV1         CHACHA_ADDR_BASE + 0x21
-
-#define CHACHA_ADDR_DATA_IN0    CHACHA_ADDR_BASE + 0x40
-#define CHACHA_ADDR_DATA_IN1    CHACHA_ADDR_BASE + 0x41
-#define CHACHA_ADDR_DATA_IN2    CHACHA_ADDR_BASE + 0x42
-#define CHACHA_ADDR_DATA_IN3    CHACHA_ADDR_BASE + 0x43
-#define CHACHA_ADDR_DATA_IN4    CHACHA_ADDR_BASE + 0x44
-#define CHACHA_ADDR_DATA_IN5    CHACHA_ADDR_BASE + 0x45
-#define CHACHA_ADDR_DATA_IN6    CHACHA_ADDR_BASE + 0x46
-#define CHACHA_ADDR_DATA_IN7    CHACHA_ADDR_BASE + 0x47
-#define CHACHA_ADDR_DATA_IN8    CHACHA_ADDR_BASE + 0x48
-#define CHACHA_ADDR_DATA_IN9    CHACHA_ADDR_BASE + 0x49
-#define CHACHA_ADDR_DATA_IN10   CHACHA_ADDR_BASE + 0x4a
-#define CHACHA_ADDR_DATA_IN11   CHACHA_ADDR_BASE + 0x4b
-#define CHACHA_ADDR_DATA_IN12   CHACHA_ADDR_BASE + 0x4c
-#define CHACHA_ADDR_DATA_IN13   CHACHA_ADDR_BASE + 0x4d
-#define CHACHA_ADDR_DATA_IN14   CHACHA_ADDR_BASE + 0x4e
-#define CHACHA_ADDR_DATA_IN15   CHACHA_ADDR_BASE + 0x4f
-
-#define CHACHA_ADDR_DATA_OUT0   CHACHA_ADDR_BASE + 0x80
-#define CHACHA_ADDR_DATA_OUT1   CHACHA_ADDR_BASE + 0x81
-#define CHACHA_ADDR_DATA_OUT2   CHACHA_ADDR_BASE + 0x82
-#define CHACHA_ADDR_DATA_OUT3   CHACHA_ADDR_BASE + 0x83
-#define CHACHA_ADDR_DATA_OUT4   CHACHA_ADDR_BASE + 0x84
-#define CHACHA_ADDR_DATA_OUT5   CHACHA_ADDR_BASE + 0x85
-#define CHACHA_ADDR_DATA_OUT6   CHACHA_ADDR_BASE + 0x86
-#define CHACHA_ADDR_DATA_OUT7   CHACHA_ADDR_BASE + 0x87
-#define CHACHA_ADDR_DATA_OUT8   CHACHA_ADDR_BASE + 0x88
-#define CHACHA_ADDR_DATA_OUT9   CHACHA_ADDR_BASE + 0x89
-#define CHACHA_ADDR_DATA_OUT10  CHACHA_ADDR_BASE + 0x8a
-#define CHACHA_ADDR_DATA_OUT11  CHACHA_ADDR_BASE + 0x8b
-#define CHACHA_ADDR_DATA_OUT12  CHACHA_ADDR_BASE + 0x8c
-#define CHACHA_ADDR_DATA_OUT13  CHACHA_ADDR_BASE + 0x8d
-#define CHACHA_ADDR_DATA_OUT14  CHACHA_ADDR_BASE + 0x8e
-#define CHACHA_ADDR_DATA_OUT15  CHACHA_ADDR_BASE + 0x8f
-
-// current name and version values
+/* Chacha core */
+#define CHACHA_ADDR_BASE        (SEGMENT_OFFSET_CIPHERS + (1 * CORE_SIZE))
+#define CHACHA_ADDR_NAME0       (CHACHA_ADDR_BASE + ADDR_NAME0)
+#define CHACHA_ADDR_NAME1       (CHACHA_ADDR_BASE + ADDR_NAME1)
+#define CHACHA_ADDR_VERSION     (CHACHA_ADDR_BASE + ADDR_VERSION)
+#define CHACHA_ADDR_CTRL        (CHACHA_ADDR_BASE + ADDR_CTRL)
+#define CHACHA_ADDR_STATUS      (CHACHA_ADDR_BASE + ADDR_STATUS)
+
+#define CHACHA_ADDR_KEYLEN      (CHACHA_ADDR_BASE + 0x0a)
+#define CHACHA_KEYLEN           (1)
+
+#define CHACHA_ADDR_ROUNDS      (CHACHA_ADDR_BASE + 0x0b)
+
+#define CHACHA_ADDR_KEY0        (CHACHA_ADDR_BASE + 0x10)
+#define CHACHA_ADDR_KEY1        (CHACHA_ADDR_BASE + 0x11)
+#define CHACHA_ADDR_KEY2        (CHACHA_ADDR_BASE + 0x12)
+#define CHACHA_ADDR_KEY3        (CHACHA_ADDR_BASE + 0x13)
+#define CHACHA_ADDR_KEY4        (CHACHA_ADDR_BASE + 0x14)
+#define CHACHA_ADDR_KEY5        (CHACHA_ADDR_BASE + 0x15)
+#define CHACHA_ADDR_KEY6        (CHACHA_ADDR_BASE + 0x16)
+#define CHACHA_ADDR_KEY7        (CHACHA_ADDR_BASE + 0x17)
+
+#define CHACHA_ADDR_IV0         (CHACHA_ADDR_BASE + 0x20)
+#define CHACHA_ADDR_IV1         (CHACHA_ADDR_BASE + 0x21)
+
+#define CHACHA_ADDR_DATA_IN0    (CHACHA_ADDR_BASE + 0x40)
+#define CHACHA_ADDR_DATA_IN1    (CHACHA_ADDR_BASE + 0x41)
+#define CHACHA_ADDR_DATA_IN2    (CHACHA_ADDR_BASE + 0x42)
+#define CHACHA_ADDR_DATA_IN3    (CHACHA_ADDR_BASE + 0x43)
+#define CHACHA_ADDR_DATA_IN4    (CHACHA_ADDR_BASE + 0x44)
+#define CHACHA_ADDR_DATA_IN5    (CHACHA_ADDR_BASE + 0x45)
+#define CHACHA_ADDR_DATA_IN6    (CHACHA_ADDR_BASE + 0x46)
+#define CHACHA_ADDR_DATA_IN7    (CHACHA_ADDR_BASE + 0x47)
+#define CHACHA_ADDR_DATA_IN8    (CHACHA_ADDR_BASE + 0x48)
+#define CHACHA_ADDR_DATA_IN9    (CHACHA_ADDR_BASE + 0x49)
+#define CHACHA_ADDR_DATA_IN10   (CHACHA_ADDR_BASE + 0x4a)
+#define CHACHA_ADDR_DATA_IN11   (CHACHA_ADDR_BASE + 0x4b)
+#define CHACHA_ADDR_DATA_IN12   (CHACHA_ADDR_BASE + 0x4c)
+#define CHACHA_ADDR_DATA_IN13   (CHACHA_ADDR_BASE + 0x4d)
+#define CHACHA_ADDR_DATA_IN14   (CHACHA_ADDR_BASE + 0x4e)
+#define CHACHA_ADDR_DATA_IN15   (CHACHA_ADDR_BASE + 0x4f)
+
+#define CHACHA_ADDR_DATA_OUT0   (CHACHA_ADDR_BASE + 0x80)
+#define CHACHA_ADDR_DATA_OUT1   (CHACHA_ADDR_BASE + 0x81)
+#define CHACHA_ADDR_DATA_OUT2   (CHACHA_ADDR_BASE + 0x82)
+#define CHACHA_ADDR_DATA_OUT3   (CHACHA_ADDR_BASE + 0x83)
+#define CHACHA_ADDR_DATA_OUT4   (CHACHA_ADDR_BASE + 0x84)
+#define CHACHA_ADDR_DATA_OUT5   (CHACHA_ADDR_BASE + 0x85)
+#define CHACHA_ADDR_DATA_OUT6   (CHACHA_ADDR_BASE + 0x86)
+#define CHACHA_ADDR_DATA_OUT7   (CHACHA_ADDR_BASE + 0x87)
+#define CHACHA_ADDR_DATA_OUT8   (CHACHA_ADDR_BASE + 0x88)
+#define CHACHA_ADDR_DATA_OUT9   (CHACHA_ADDR_BASE + 0x89)
+#define CHACHA_ADDR_DATA_OUT10  (CHACHA_ADDR_BASE + 0x8a)
+#define CHACHA_ADDR_DATA_OUT11  (CHACHA_ADDR_BASE + 0x8b)
+#define CHACHA_ADDR_DATA_OUT12  (CHACHA_ADDR_BASE + 0x8c)
+#define CHACHA_ADDR_DATA_OUT13  (CHACHA_ADDR_BASE + 0x8d)
+#define CHACHA_ADDR_DATA_OUT14  (CHACHA_ADDR_BASE + 0x8e)
+#define CHACHA_ADDR_DATA_OUT15  (CHACHA_ADDR_BASE + 0x8f)
+
+/* Current name and version values */
 #define CHACHA_NAME0            "chac"
 #define CHACHA_NAME1            "ha  "
 #define CHACHA_VERSION          "0.80"
 
 
-// -----------------------------------------------------------------
-// MATH segment.
-// -----------------------------------------------------------------
-// Modexp core.
-#define MODEXP_ADDR_BASE        SEGMENT_OFFSET_MATH + (0x00 * CORE_SIZE)
-#define MODEXP_ADDR_NAME0       MODEXP_ADDR_BASE + ADDR_NAME0
-#define MODEXP_ADDR_NAME1       MODEXP_ADDR_BASE + ADDR_NAME1
-#define MODEXP_ADDR_VERSION     MODEXP_ADDR_BASE + ADDR_VERSION
-#define MODEXP_ADDR_CTRL        MODEXP_ADDR_BASE + ADDR_CTRL
-#define MODEXP_CTRL_INIT_BIT    1
-#define MODEXP_CTRL_NEXT_BIT    2
-#define MODEXP_ADDR_STATUS      MODEXP_ADDR_BASE + ADDR_STATUS
+/*
+ * MATH segment.
+ */
+
+/* Modexp core */
+#define MODEXP_ADDR_BASE        (SEGMENT_OFFSET_MATH + (0x00 * CORE_SIZE))
+#define MODEXP_ADDR_NAME0       (MODEXP_ADDR_BASE + ADDR_NAME0)
+#define MODEXP_ADDR_NAME1       (MODEXP_ADDR_BASE + ADDR_NAME1)
+#define MODEXP_ADDR_VERSION     (MODEXP_ADDR_BASE + ADDR_VERSION)
+#define MODEXP_ADDR_CTRL        (MODEXP_ADDR_BASE + ADDR_CTRL)
+#define MODEXP_CTRL_INIT_BIT    (1)
+#define MODEXP_CTRL_NEXT_BIT    (2)
+#define MODEXP_ADDR_STATUS      (MODEXP_ADDR_BASE + ADDR_STATUS)
 
-#define MODEXP_ADDR_DELAY       MODEXP_ADDR_BASE + 0x13
-#define MODEXP_STATUS_READY     1
+#define MODEXP_ADDR_DELAY       (MODEXP_ADDR_BASE + 0x13)
+#define MODEXP_STATUS_READY     (1)
 
-#define MODEXP_MODULUS_LENGTH   MODEXP_ADDR_BASE + 0x20
-#define MODEXP_EXPONENT_LENGTH  MODEXP_ADDR_BASE + 0x21
-#define MODEXP_LENGTH           MODEXP_ADDR_BASE + 0x22
+#define MODEXP_MODULUS_LENGTH   (MODEXP_ADDR_BASE + 0x20)
+#define MODEXP_EXPONENT_LENGTH  (MODEXP_ADDR_BASE + 0x21)
+#define MODEXP_LENGTH           (MODEXP_ADDR_BASE + 0x22)
 
-#define MODEXP_MODULUS_PTR_RST  MODEXP_ADDR_BASE + 0x30
-#define MODEXP_MODULUS_DATA     MODEXP_ADDR_BASE + 0x31
+#define MODEXP_MODULUS_PTR_RST  (MODEXP_ADDR_BASE + 0x30)
+#define MODEXP_MODULUS_DATA     (MODEXP_ADDR_BASE + 0x31)
 
-#define MODEXP_EXPONENT_PTR_RST MODEXP_ADDR_BASE + 0x40
-#define MODEXP_EXPONENT_DATA    MODEXP_ADDR_BASE + 0x41
+#define MODEXP_EXPONENT_PTR_RST (MODEXP_ADDR_BASE + 0x40)
+#define MODEXP_EXPONENT_DATA    (MODEXP_ADDR_BASE + 0x41)
 
-#define MODEXP_MESSAGE_PTR_RST  MODEXP_ADDR_BASE + 0x50
-#define MODEXP_MESSAGE_DATA     MODEXP_ADDR_BASE + 0x51
+#define MODEXP_MESSAGE_PTR_RST  (MODEXP_ADDR_BASE + 0x50)
+#define MODEXP_MESSAGE_DATA     (MODEXP_ADDR_BASE + 0x51)
 
-#define MODEXP_RESULT_PTR_RST   MODEXP_ADDR_BASE + 0x60
-#define MODEXP_RESULT_DATA      MODEXP_ADDR_BASE + 0x61
+#define MODEXP_RESULT_PTR_RST   (MODEXP_ADDR_BASE + 0x60)
+#define MODEXP_RESULT_DATA      (MODEXP_ADDR_BASE + 0x61)
 
 #define MODEXP_NAME0            "mode"
 #define MODEXP_NAME1            "xp  "
 #define MODEXP_VERSION          "0.51"
 
 
-//------------------------------------------------------------------
-// Public I/O functions
-//------------------------------------------------------------------
+/*
+ * C API error codes.
+ */
+
+typedef enum {
+  HAL_OK,			/* All's well */
+  HAL_ERROR_MEMORY,		/* malloc() failure or similar */
+  HAL_ERROR_INCONSISTENT_ARGS,	/* Inconsistent arguments given */
+  HAL_ERROR_IO_SETUP_FAILED,	/* Could not set up I/O with FPGA */
+  HAL_ERROR_IO_TIMEOUT,		/* I/O with FPGA timed out */
+  HAL_ERROR_IO_UNEXPECTED,	/* Unexpected response from FPGA */
+  HAL_ERROR_IO_OS_ERROR,	/* Operating system error talking to FPGA */
+  HAL_ERROR_CSPRNG_ZEROED,	/* CSPRNG is returning zeros (perhaps core not present?) */
+  N_HAL_ERRORS			/* Number of error codes (must be last) */
+} hal_error_t;
+
+
+/*
+ * Public functions.
+ */
+
+/*
+ * Public I/O functions.
+ */
+
 void hal_io_set_debug(int onoff);
-int hal_io_write(off_t offset, const uint8_t *buf, size_t len);
-int hal_io_read(off_t offset, uint8_t *buf, size_t len);
-int hal_io_expected(off_t offset, const uint8_t *expected, size_t len);
-int hal_io_init(off_t offset);
-int hal_io_next(off_t offset);
-int hal_io_wait(off_t offset, uint8_t status, int *count);
-int hal_io_wait_ready(off_t offset);
-int hal_io_wait_valid(off_t offset);
-
-
-//======================================================================
-// EOF cryptech.h
-//======================================================================
+hal_error_t hal_io_write(off_t offset, const uint8_t *buf, size_t len);
+hal_error_t hal_io_read(off_t offset, uint8_t *buf, size_t len);
+hal_error_t hal_io_expected(off_t offset, const uint8_t *expected, size_t len);
+hal_error_t hal_io_init(off_t offset);
+hal_error_t hal_io_next(off_t offset);
+hal_error_t hal_io_wait(off_t offset, uint8_t status, int *count);
+hal_error_t hal_io_wait_ready(off_t offset);
+hal_error_t hal_io_wait_valid(off_t offset);
+
+/*
+ * Higher level public API.
+ */
+
+hal_error_t hal_random(void *buffer, const size_t length);
+
+void hal_hash_set_debug(int onoff);
+hal_error_t hash_sha1_core_present(void);
+hal_error_t hash_sha256_core_present(void);
+hal_error_t hash_sha512_core_present(void);
+size_t hal_hash_state_size(void);
+void hal_hash_state_initialize(void *state);
+hal_error_t hal_hash_sha1(void *state, const uint8_t * data_buffer, const size_t data_buffer_length,
+			  		    uint8_t *digest_buffer, const size_t digest_buffer_length);
+hal_error_t hal_hash_sha256(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
+					     uint8_t *digest_buffer, const size_t digest_buffer_length);
+hal_error_t hal_hash_sha512_224(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
+                                		 uint8_t *digest_buffer, const size_t digest_buffer_length);
+hal_error_t hal_hash_sha512_256(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
+                                		 uint8_t *digest_buffer, const size_t digest_buffer_length);
+hal_error_t hal_hash_sha384(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
+                            		     uint8_t *digest_buffer, const size_t digest_buffer_length);
+hal_error_t hal_hash_sha512(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
+                            		     uint8_t *digest_buffer, const size_t digest_buffer_length);
+
+#endif /* _CRYPTECH_H_ */
diff --git a/csprng.c b/csprng.c
new file mode 100644
index 0000000..f4f835d
--- /dev/null
+++ b/csprng.c
@@ -0,0 +1,93 @@
+/* 
+ * csprng.c
+ * ------------------------------
+ *
+ * HAL interface to Cryptech CSPRNG/TRNG.
+ * 
+ * Authors: Joachim Strömbergson, Paul Selkirk, Rob Austein
+ * Copyright (c) 2014-2015, SUNET
+ * 
+ * Redistribution and use in source and binary forms, with or 
+ * without modification, are permitted provided that the following 
+ * conditions are met: 
+ * 
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in 
+ *    the documentation and/or other materials provided with the 
+ *    distribution. 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#if 0
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#endif
+
+#include "cryptech.h"
+
+#ifndef WAIT_FOR_CSPRNG_VALID
+#define WAIT_FOR_CSPRNG_VALID	1
+#endif
+
+hal_error_t hal_random(void *buffer, const size_t length)
+{
+  uint8_t temp[4], *buf = buffer;
+  hal_error_t err;
+  size_t i;
+
+  for (i = 0; i < length; i += 4) {
+    const int last = (length - i) < 4;
+
+    if (WAIT_FOR_CSPRNG_VALID && (err = hal_io_wait_valid(CSPRNG_ADDR_STATUS)) != HAL_OK)
+      return err;
+
+    if ((err = hal_io_read(CSPRNG_ADDR_RANDOM, (last ? temp : &buf[i]), 4)) != HAL_OK)
+      return err;
+
+    if (last)
+      for (; i < length; i++)
+        buf[i] = temp[i&3];
+  }
+
+  for (i = 0, buf = buffer; i < length; i++, buf++)
+    if (*buf != 0)
+      return HAL_OK;
+
+  return HAL_ERROR_CSPRNG_ZEROED;
+}
+
+/*
+ * "Any programmer who fails to comply with the standard naming, formatting,
+ *  or commenting conventions should be shot.  If it so happens that it is
+ *  inconvenient to shoot him, then he is to be politely requested to recode
+ *  his program in adherence to the above standard."
+ *                      -- Michael Spier, Digital Equipment Corporation
+ *
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/hal_io_eim.c b/hal_io_eim.c
index ebffd24..6f9e159 100644
--- a/hal_io_eim.c
+++ b/hal_io_eim.c
@@ -49,18 +49,19 @@ static int inited = 0;
 
 /* ---------------- EIM low-level code ---------------- */
 
-static int init(void)
+static hal_error_t init(void)
 {
     if (inited)
-        return 0;
+        return HAL_OK;
 
     if (eim_setup() != 0) {
-        fprintf(stderr, "EIM setup failed\n");
-        return -1;
+        if (debug)
+            fprintf(stderr, "[ EIM setup failed ]\n");
+        return HAL_ERROR_IO_SETUP_FAILED;
     }
 
     inited = 1;
-    return 0;
+    return HAL_OK;
 }
 
 /* translate cryptech register number to EIM address
@@ -95,10 +96,12 @@ static void dump(char *label, const uint8_t *buf, size_t len)
     }
 }
 
-int hal_io_write(off_t offset, const uint8_t *buf, size_t len)
+hal_error_t hal_io_write(off_t offset, const uint8_t *buf, size_t len)
 {
-    if (init() != 0)
-        return -1;
+    hal_error_t err;
+
+    if ((err = init()) != HAL_OK)
+        return err;
 
     dump("write ", buf, len);
 
@@ -109,16 +112,17 @@ int hal_io_write(off_t offset, const uint8_t *buf, size_t len)
         eim_write_32(offset, &val);
     }
 
-    return 0;
+    return HAL_OK;
 }
 
-int hal_io_read(off_t offset, uint8_t *buf, size_t len)
+hal_error_t hal_io_read(off_t offset, uint8_t *buf, size_t len)
 {
     uint8_t *rbuf = buf;
     int rlen = len;
+    hal_error_t err;
 
-    if (init() != 0)
-        return -1;
+    if ((err = init()) != HAL_OK)
+        return err;
 
     offset = eim_offset(offset);
     for (; rlen > 0; offset += 4, rbuf += 4, rlen -= 4) {
@@ -129,79 +133,84 @@ int hal_io_read(off_t offset, uint8_t *buf, size_t len)
 
     dump("read  ", buf, len);
 
-    return 0;
+    return HAL_OK;
 }
 
-int hal_io_expected(off_t offset, const uint8_t *expected, size_t len)
+hal_error_t hal_io_expected(off_t offset, const uint8_t *expected, size_t len)
 {
+    hal_error_t err;
     uint8_t *buf;
     int i;
 
     buf = malloc(len);
     if (buf == NULL) {
         perror("malloc");
-        return 1;
+        return HAL_ERROR_MEMORY;
     }
     dump("expect", expected, len);
 
-    if (hal_io_read(offset, buf, len) != 0)
+    if ((err = hal_io_read(offset, buf, len)) != HAL_OK)
         goto errout;
 
-    for (i = 0; i < len; ++i)
+    for (i = 0; i < len; ++i) {
         if (buf[i] != expected[i]) {
             fprintf(stderr, "response byte %d: expected 0x%02x, got 0x%02x\n",
                     i, expected[i], buf[i]);
+	    err = HAL_ERROR_IO_UNEXPECTED;
             goto errout;
         }
+    }
 
     free(buf);
-    return 0;
+    return HAL_OK;
+
 errout:
     free(buf);
-    return 1;
+    return err;
 }
 
-int hal_io_init(off_t offset)
+hal_error_t hal_io_init(off_t offset)
 {
     uint8_t buf[4] = { 0, 0, 0, CTRL_INIT };
 
     return hal_io_write(offset, buf, 4);
 }
 
-int hal_io_next(off_t offset)
+hal_error_t hal_io_next(off_t offset)
 {
     uint8_t buf[4] = { 0, 0, 0, CTRL_NEXT };
 
     return hal_io_write(offset, buf, 4);
 }
 
-int hal_io_wait(off_t offset, uint8_t status, int *count)
+hal_error_t hal_io_wait(off_t offset, uint8_t status, int *count)
 {
+    hal_error_t err;
     uint8_t buf[4];
     int i;
 
     for (i = 1; ; ++i) {
         if (count && (*count > 0) && (i >= *count)) {
             fprintf(stderr, "hal_io_wait timed out\n");
-            return 1;
+            return HAL_ERROR_IO_TIMEOUT;
         }
-        if (hal_io_read(offset, buf, 4) != 0)
-            return -1;
+        if ((err = hal_io_read(offset, buf, 4)) != HAL_OK)
+            return err;
         if (buf[3] & status) {
             if (count)
                 *count = i;
-            return 0;
+            return HAL_OK;
         }
     }
 }
 
-int hal_io_wait_ready(off_t offset)
+hal_error_t hal_io_wait_ready(off_t offset)
 {
     int limit = 256;
     return hal_io_wait(offset, STATUS_READY, &limit);
 }
 
-int hal_io_wait_valid(off_t offset)
+hal_error_t hal_io_wait_valid(off_t offset)
 {
     int limit = 256;
     return hal_io_wait(offset, STATUS_VALID, &limit);
diff --git a/hal_io_i2c.c b/hal_io_i2c.c
index f521e73..54b54fb 100644
--- a/hal_io_i2c.c
+++ b/hal_io_i2c.c
@@ -69,62 +69,82 @@ static void dump(char *label, const uint8_t *buf, size_t len)
 
 static void i2c_close(void)
 {
-    close(i2cfd);
+    (void) close(i2cfd);
 }
 
-static int i2c_open(void)
+static hal_error_t i2c_open(void)
 {
+    int fd = -1;
+
     if (i2cfd >= 0)
-        return 0;
-
-    i2cfd = open(I2C_dev, O_RDWR);
-    if (i2cfd < 0) {
-        fprintf(stderr, "Unable to open %s: ", I2C_dev);
-        perror("");
-        i2cfd = 0;
-        return 1;
+        return HAL_OK;
+
+    /* It's dead, Jim, you can stop kicking it now */
+    if (i2cfd < -1)
+	return HAL_ERROR_IO_SETUP_FAILED;
+
+    fd = open(I2C_dev, O_RDWR);
+    if (fd < 0) {
+        if (debug)
+            perror("Unable to open %s: " I2C_dev);
+	goto fail;
     }
 
-    if (ioctl(i2cfd, I2C_SLAVE, I2C_addr) < 0) {
-        fprintf(stderr, "Unable to set I2C slave device 0x%02x: ", I2C_addr);
-        perror("");
-        return 1;
+    if (ioctl(fd, I2C_SLAVE, I2C_addr) < 0) {
+        if (debug)
+	    perror("Unable to set I2C slave device");
+        goto fail;
     }
 
-    if (atexit(i2c_close) != 0) {
-        fprintf(stderr, "Unable to set I2C atexit handler.");
-        return 1;
+    if (atexit(i2c_close) < 0) {
+	if (debug)
+	    perror("Unable to set I2C atexit handler");
+        goto fail;
     }
 
-    return 0;
+    i2cfd = fd;
+    return HAL_OK;
+
+ fail:
+    if (fd >= 0)
+        close(fd);
+    i2cfd = -2;
+    return HAL_ERROR_IO_SETUP_FAILED;
 }
 
-static int i2c_write(const uint8_t *buf, size_t len)
+static hal_error_t i2c_write(const uint8_t *buf, size_t len)
 {
-    if (i2c_open() != 0)
-        return 1;
+    hal_error_t err;
+
+    if ((err = i2c_open()) != HAL_OK)
+        return err;
 
     dump("write ", buf, len);
 
     if (write(i2cfd, buf, len) != len) {
-        perror("i2c write failed");
-        return 1;
+	if (debug)
+	      perror("i2c write failed");
+        return HAL_ERROR_IO_OS_ERROR;
     }
 
-    return 0;
+    return HAL_OK;
 }
 
-static int i2c_read(uint8_t *b)
+static hal_error_t i2c_read(uint8_t *b)
 {
-    if (i2c_open() != 0)
-        return 1;
+    hal_error_t err;
+
+    if ((err = i2c_open()) != HAL_OK)
+        return err;
 
-    /* read() on the i2c device only returns one byte at a time,
+    /*
+     * read() on the i2c device only returns one byte at a time,
      * and hal_io_get_resp() needs to parse the response one byte at a time
      */
     if (read(i2cfd, b, 1) != 1) {
-        perror("i2c read failed");
-        return 1;
+	if (debug)
+            perror("i2c read failed");
+        return HAL_ERROR_IO_OS_ERROR;
     }
 
     return 0;
@@ -148,7 +168,7 @@ static int i2c_read(uint8_t *b)
 #define UNKNOWN   0xfe
 #define ERROR     0xfd
 
-static int hal_io_send_write_cmd(off_t offset, const uint8_t *data)
+static hal_error_t hal_io_send_write_cmd(off_t offset, const uint8_t *data)
 {
     uint8_t buf[9] = { SOC, WRITE_CMD, (offset >> 8) & 0xff, offset & 0xff,
                        data[0], data[1], data[2], data[3], EOC };
@@ -156,25 +176,27 @@ static int hal_io_send_write_cmd(off_t offset, const uint8_t *data)
     return i2c_write(buf, sizeof(buf));
 }
 
-static int hal_io_send_read_cmd(off_t offset)
+static hal_error_t hal_io_send_read_cmd(off_t offset)
 {
     uint8_t buf[5] = { SOC, READ_CMD, (offset >> 8) & 0xff, offset & 0xff, EOC };
 
     return i2c_write(buf, sizeof(buf));
 }
 
-static int hal_io_get_resp(uint8_t *buf, size_t len)
+static hal_error_t hal_io_get_resp(uint8_t *buf, size_t len)
 {
+    hal_error_t err;
     int i;
 
     for (i = 0; i < len; ++i) {
-        if (i2c_read(&buf[i]) != 0)
-            return 1;
+        if ((err = i2c_read(&buf[i])) != HAL_OK)
+            return err;
         if ((i == 0) && (buf[i] != SOR)) {
             /* we've gotten out of sync, and there's probably nothing we can do */
-            fprintf(stderr, "response byte 0: expected 0x%02x (SOR), got 0x%02x\n",
-                    SOR, buf[0]);
-            return 1;
+	    if (debug)
+		fprintf(stderr, "response byte 0: expected 0x%02x (SOR), got 0x%02x\n",
+			SOR, buf[0]);
+            return HAL_ERROR_IO_UNEXPECTED;
         }
         else if (i == 1) {      /* response code */
             switch (buf[i]) {
@@ -193,18 +215,19 @@ static int hal_io_get_resp(uint8_t *buf, size_t len)
                 break;
             default:
                 /* we've gotten out of sync, and there's probably nothing we can do */
-                fprintf(stderr, "unknown response code 0x%02x\n", buf[i]);
-                return 1;
+		if (debug)
+		    fprintf(stderr, "unknown response code 0x%02x\n", buf[i]);
+                return HAL_ERROR_IO_UNEXPECTED;
             }
         }
     }
 
     dump("read  ", buf, len);
 
-    return 0;
+    return HAL_OK;
 }
 
-static int hal_io_compare(uint8_t *buf, const uint8_t *expected, size_t len)
+static hal_error_t hal_io_compare(uint8_t *buf, const uint8_t *expected, size_t len)
 {
     int i;
 
@@ -213,126 +236,140 @@ static int hal_io_compare(uint8_t *buf, const uint8_t *expected, size_t len)
         if (buf[i] != expected[i]) {
             fprintf(stderr, "response byte %d: expected 0x%02x, got 0x%02x\n",
                     i, expected[i], buf[i]);
-            return 1;
+            return HAL_ERROR_IO_UNEXPECTED;
         }
     }
 
-    return 0;
+    return HAL_OK;
 }
 
-static int hal_io_get_write_resp(off_t offset)
+static hal_error_t hal_io_get_write_resp(off_t offset)
 {
     uint8_t buf[5];
     uint8_t expected[5] = { SOR, WRITE_OK, (offset >> 8) & 0xff, offset & 0xff, EOR };
+    hal_error_t err;
+
+    if ((err = hal_io_get_resp(buf, sizeof(buf))) != HAL_OK)
+	return err;
 
-    return
-        hal_io_get_resp(buf, sizeof(buf)) ||
-        hal_io_compare(buf, expected, sizeof(expected));
+    return hal_io_compare(buf, expected, sizeof(expected));
 }
 
-static int hal_io_get_read_resp(off_t offset, uint8_t *data)
+static hal_error_t hal_io_get_read_resp(off_t offset, uint8_t *data)
 {
     uint8_t buf[9];
     uint8_t expected[4] = { SOR, READ_OK, (offset >> 8) & 0xff, offset & 0xff };
+    hal_error_t err;
+
+    if ((err = hal_io_get_resp(buf, sizeof(buf))) != HAL_OK ||
+        (err = hal_io_compare(buf, expected, 4))  != HAL_OK)
+	return err;
 
-    if ((hal_io_get_resp(buf, sizeof(buf)) != 0) ||
-        (hal_io_compare(buf, expected, 4) != 0) || buf[8] != EOR)
-        return 1;
+    if (buf[8] != EOR)
+        return HAL_ERROR_IO_UNEXPECTED;
 
     data[0] = buf[4];
     data[1] = buf[5];
     data[2] = buf[6];
     data[3] = buf[7];
 
-    return 0;
+    return HAL_OK;
 }
 
-static int hal_io_get_read_resp_expected(off_t offset, const uint8_t *data)
+static hal_error_t hal_io_get_read_resp_expected(off_t offset, const uint8_t *data)
 {
     uint8_t buf[9];
     uint8_t expected[9] = { SOR, READ_OK, (offset >> 8) & 0xff, offset & 0xff,
                             data[0], data[1], data[2], data[3], EOR };
+    hal_error_t err;
 
     dump("expect", expected, 9);
 
-    return (hal_io_get_resp(buf, sizeof(buf)) ||
-            hal_io_compare(buf, expected, sizeof(buf)));
+    if ((err = hal_io_get_resp(buf, sizeof(buf))) != HAL_OK)
+	return err;
+
+    return hal_io_compare(buf, expected, sizeof(buf));
 }
 
-int hal_io_write(off_t offset, const uint8_t *buf, size_t len)
+hal_error_t hal_io_write(off_t offset, const uint8_t *buf, size_t len)
 {
-    for (; len > 0; offset++, buf += 4, len -= 4) {
-        if (hal_io_send_write_cmd(offset, buf) ||
-            hal_io_get_write_resp(offset))
-            return 1;
-    }
+    hal_error_t err;
 
-    return 0;
+    for (; len > 0; offset++, buf += 4, len -= 4)
+	if ((err = hal_io_send_write_cmd(offset, buf)) != HAL_OK ||
+	    (err = hal_io_get_write_resp(offset))      != HAL_OK)
+            return err;
+
+    return HAL_OK;
 }
 
-int hal_io_read(off_t offset, uint8_t *buf, size_t len)
+hal_error_t hal_io_read(off_t offset, uint8_t *buf, size_t len)
 {
-    for (; len > 0; offset++, buf += 4, len -= 4) {
-        if (hal_io_send_read_cmd(offset) ||
-            hal_io_get_read_resp(offset, buf))
-            return 1;
-    }
+    hal_error_t err;
 
-    return 0;
+    for (; len > 0; offset++, buf += 4, len -= 4)
+	if ((err = hal_io_send_read_cmd(offset))      != HAL_OK ||
+	    (err = hal_io_get_read_resp(offset, buf)) != HAL_OK)
+            return err;
+
+    return HAL_OK;
 }
 
-int hal_io_expected(off_t offset, const uint8_t *buf, size_t len)
+hal_error_t hal_io_expected(off_t offset, const uint8_t *buf, size_t len)
 {
-    for (; len > 0; offset++, buf += 4, len -= 4) {
-        if (hal_io_send_read_cmd(offset) ||
-            hal_io_get_read_resp_expected(offset, buf))
-            return 1;
-    }
+    hal_error_t err;
 
-    return 0;
+    for (; len > 0; offset++, buf += 4, len -= 4)
+	if ((err = hal_io_send_read_cmd(offset))	       != HAL_OK ||
+	    (err = hal_io_get_read_resp_expected(offset, buf)) != HAL_OK)
+            return err;
+
+    return HAL_OK;
 }
 
-int hal_io_init(off_t offset)
+hal_error_t hal_io_init(off_t offset)
 {
     uint8_t buf[4] = { 0, 0, 0, CTRL_INIT };
 
     return hal_io_write(offset, buf, 4);
 }
 
-int hal_io_next(off_t offset)
+hal_error_t hal_io_next(off_t offset)
 {
     uint8_t buf[4] = { 0, 0, 0, CTRL_NEXT };
 
     return hal_io_write(offset, buf, 4);
 }
 
-int hal_io_wait(off_t offset, uint8_t status, int *count)
+hal_error_t hal_io_wait(off_t offset, uint8_t status, int *count)
 {
+    hal_error_t err;
     uint8_t buf[4];
     int i;
 
     for (i = 1; ; ++i) {
         if (count && (*count > 0) && (i >= *count)) {
-            fprintf(stderr, "hal_io_wait timed out\n");
-            return 1;
+	    if (debug)
+	        fprintf(stderr, "hal_io_wait timed out\n");
+            return HAL_ERROR_IO_TIMEOUT;
         }
-        if (hal_io_read(offset, buf, 4) != 0)
-            return -1;
+        if ((err = hal_io_read(offset, buf, 4)) != HAL_OK)
+            return err;
         if (buf[3] & status) {
             if (count)
                 *count = i;
-            return 0;
+            return HAL_OK;
         }
     }
 }
 
-int hal_io_wait_ready(off_t offset)
+hal_error_t hal_io_wait_ready(off_t offset)
 {
     int limit = 10;
     return hal_io_wait(offset, STATUS_READY, &limit);
 }
 
-int hal_io_wait_valid(off_t offset)
+hal_error_t hal_io_wait_valid(off_t offset)
 {
     int limit = 10;
     return hal_io_wait(offset, STATUS_VALID, &limit);
diff --git a/hash.c b/hash.c
new file mode 100644
index 0000000..e41bf20
--- /dev/null
+++ b/hash.c
@@ -0,0 +1,376 @@
+/* 
+ * hashes.c
+ * --------
+ *
+ * HAL interface to Cryptech hash cores.
+ * 
+ * Authors: Joachim Strömbergson, Paul Selkirk, Rob Austein
+ * Copyright (c) 2014-2015, SUNET
+ * 
+ * Redistribution and use in source and binary forms, with or 
+ * without modification, are permitted provided that the following 
+ * conditions are met: 
+ * 
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in 
+ *    the documentation and/or other materials provided with the 
+ *    distribution. 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+
+#include "cryptech.h"
+
+/* Longest digest block we support at the moment */
+#define MAX_BLOCK_LEN           SHA512_BLOCK_LEN
+
+/* Hash state */
+typedef struct {
+  uint64_t msg_length_high;             /* Total data hashed in this message */
+  uint64_t msg_length_low;              /* (128 bits in SHA-512 cases) */
+  size_t block_length;                  /* Block length for this algorithm */
+  uint8_t block[MAX_BLOCK_LEN];         /* Block we're accumulating */
+  size_t block_used;                    /* How much of the block we've used */
+  unsigned block_count;                 /* Blocks sent */
+} hash_state_t;
+
+static int debug = 0;
+
+/*
+ * Debugging control.
+ */
+
+void hal_hash_set_debug(int onoff)
+{
+  debug = onoff;
+}
+
+/*
+ * Tell caller how much space to allocate for a hash_state_t.  This
+ * lets us hide details that are nobody else's business while letting
+ * somebody else deal with memory allocation (and is the way
+ * Cryptlib's HAL code works, not by coincidence).
+ */
+
+size_t hal_hash_state_size(void)
+{
+  return sizeof(hash_state_t);
+}
+
+void hal_hash_state_initialize(void *_state)
+{
+  hash_state_t *state = _state;
+  assert(state != NULL);
+  memset(state, 0, sizeof(*state));
+}
+
+/*
+ * Report whether cores are present.
+ */
+
+hal_error_t hash_sha1_core_present(void)
+{
+  return hal_io_expected(SHA1_ADDR_NAME0, (const uint8_t *) (SHA1_NAME0 SHA1_NAME1), 8);
+}
+
+hal_error_t hash_sha256_core_present(void)
+{
+  return hal_io_expected(SHA256_ADDR_NAME0, (const uint8_t *) (SHA256_NAME0 SHA256_NAME1), 8);
+}
+
+hal_error_t hash_sha512_core_present(void)
+{
+  return hal_io_expected(SHA512_ADDR_NAME0, (const uint8_t *) (SHA512_NAME0 SHA512_NAME1), 8);
+}
+
+/*
+ * Send one block to a core.
+ */
+
+static hal_error_t hash_write_block(const off_t block_addr,
+                                    const off_t ctrl_addr,
+                                    const off_t status_addr,
+                                    const uint8_t ctrl_mode,
+                                    const hash_state_t * const state)
+{
+  uint8_t ctrl_cmd[4];
+  hal_error_t err;
+
+  assert(state != NULL && state->block_length % 4 == 0);
+
+  if (debug)
+    fprintf(stderr, "[ %s ]\n", state->block_count == 0 ? "init" : "next");
+
+  if ((err = hal_io_write(block_addr, state->block, state->block_length)) != HAL_OK)
+    return err;
+
+  ctrl_cmd[0] = ctrl_cmd[1] = ctrl_cmd[2] = 0;
+  ctrl_cmd[3] = state->block_count == 0 ? CTRL_INIT : CTRL_NEXT;  
+  ctrl_cmd[3] |= ctrl_mode;
+
+  /*
+   * Not sure why we're waiting for ready here, but it's what the old
+   * (read: tested) code did, so keep that behavior for now.
+   */
+
+  if ((err = hal_io_write(ctrl_addr, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK)
+    return err;
+
+  return hal_io_wait_valid(status_addr);
+}
+
+/*
+ * Read hash result from core.
+ */
+
+static hal_error_t hash_read_digest(const uint8_t digest_addr,
+                                    const uint8_t status_addr,
+                                    uint8_t *digest,
+                                    const size_t digest_length)
+{
+  hal_error_t err;
+
+  assert(digest != NULL && digest_length % 4 == 0);
+
+  if ((err = hal_io_wait_valid(status_addr)) != HAL_OK)
+    return err;
+
+  return hal_io_read(digest_addr, digest, digest_length);
+}
+
+/*
+ * Hash data.  All supported hash algorithms use similar block
+ * manipulations and padding algorithms, so all can use this method
+ * with a few parameters which we handle via closures below.
+ */
+
+static hal_error_t hash_do_hash(hash_state_t *state,                    /* Opaque state block */
+                                const uint8_t * const data_buffer,	/* Data to be hashed */
+                                size_t data_buffer_length,              /* Length of data_buffer */
+                                uint8_t *digest_buffer,                 /* Returned digest */
+                                const size_t digest_buffer_length,      /* Length of digest_buffer */
+                                const size_t block_length,              /* Length of a block */
+                                const size_t digest_length,             /* Length of resulting digest */
+                                const size_t length_length,             /* Length of the length field */
+                                const off_t block_addr,                 /* Where to write hash blocks */
+                                const off_t ctrl_addr,                  /* Control register */
+                                const off_t status_addr,                /* Status register */
+                                const off_t digest_addr,                /* Where to read digest */
+                                const uint8_t ctrl_mode)                /* Digest mode, for cores that have modes */
+{
+  hal_error_t err;
+  size_t n;
+  int i;
+
+  if (state == NULL ||
+      (state->block_length != 0 && state->block_length != block_length) ||
+      (data_buffer_length > 0 && data_buffer == NULL) ||
+      (data_buffer_length == 0 && digest_buffer == NULL) ||
+      (digest_buffer != NULL && digest_buffer_length < digest_length))
+    return HAL_ERROR_INCONSISTENT_ARGS;
+
+  if (state->block_length == 0)
+    state->block_length = block_length;
+
+  assert(block_length <= sizeof(state->block));
+
+  if (data_buffer_length > 0) {                            /* We have data to hash */
+
+    const uint8_t *p = data_buffer;
+
+    while ((n = state->block_length - state->block_used) <= data_buffer_length) {
+      /*
+       * We have enough data for another complete block.
+       */
+      if (debug)
+        fprintf(stderr, "[ Full block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
+                (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+      memcpy(state->block + state->block_used, p, n);
+      if ((state->msg_length_low += n) < n)
+        state->msg_length_high++;
+      state->block_used = 0;
+      data_buffer_length -= n;
+      p += n;
+      if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK)
+        return err;
+      state->block_count++;
+    }
+
+    if (data_buffer_length > 0) {
+      /*
+       * Data left over, but not enough for a full block, stash it.
+       */
+      if (debug)
+        fprintf(stderr, "[ Partial block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
+                (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+      assert(data_buffer_length < n);
+      memcpy(state->block + state->block_used, p, data_buffer_length);
+      if ((state->msg_length_low += data_buffer_length) < data_buffer_length)
+        state->msg_length_high++;
+      state->block_used += data_buffer_length;
+    }
+  }
+
+  else {           /* Done: add padding, then pull result from the core */
+
+    uint64_t bit_length_low  = (state->msg_length_low  << 3);
+    uint64_t bit_length_high = (state->msg_length_high << 3) | (state->msg_length_low >> 61);
+    uint8_t *p;
+
+    /* Initial pad byte */
+    assert(state->block_used < state->block_length);
+    state->block[state->block_used++] = 0x80;
+
+    /* If not enough room for bit count, zero and push current block */
+    if ((n = state->block_length - state->block_used) < length_length) {
+      if (debug)
+        fprintf(stderr, "[ Overflow block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
+                (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+      if (n > 0)
+        memset(state->block + state->block_used, 0, n);
+      if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK)
+        return err;
+      state->block_count++;
+      state->block_used = 0;
+    }
+
+    /* Pad final block */
+    n = state->block_length - state->block_used;
+    assert(n >= length_length);
+    if (n > 0)
+      memset(state->block + state->block_used, 0, n);
+    if (debug)
+      fprintf(stderr, "[ Final block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
+              (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+    p = state->block + state->block_length;
+    for (i = 0; (bit_length_low || bit_length_high) && i < length_length; i++) {
+      *--p = (uint8_t) (bit_length_low & 0xFF);
+      bit_length_low >>= 8;
+      if (bit_length_high) {
+        bit_length_low |= ((bit_length_high & 0xFF) << 56);
+        bit_length_high >>= 8;
+      }
+    }
+
+    /* Push final block */
+    if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK)
+      return err;
+    state->block_count++;
+
+    /* All data pushed to core, now we just need to read back the result */
+    if ((err = hash_read_digest(digest_addr, status_addr, digest_buffer, digest_length)) != HAL_OK)
+      return err;
+  }
+
+  return HAL_OK;
+}
+
+/*
+ * Closures to provide the public API.
+ */
+
+hal_error_t hal_hash_sha1(void *state,
+                          const uint8_t *data_buffer,
+                          const size_t data_buffer_length,
+                          uint8_t *digest_buffer,
+                          const size_t digest_buffer_length)
+{
+  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
+                      SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, SHA1_LENGTH_LEN,
+                      SHA1_ADDR_BLOCK, SHA1_ADDR_CTRL, SHA1_ADDR_STATUS, SHA1_ADDR_DIGEST, 0);
+}
+
+hal_error_t hal_hash_sha256(void *state,
+                            const uint8_t *data_buffer,
+                            const size_t data_buffer_length,
+                            uint8_t *digest_buffer,
+                            const size_t digest_buffer_length)
+{
+  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
+                      SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, SHA256_LENGTH_LEN,
+                      SHA256_ADDR_BLOCK, SHA256_ADDR_CTRL, SHA256_ADDR_STATUS, SHA256_ADDR_DIGEST, 0);
+}
+
+hal_error_t hal_hash_sha512_224(void *state,
+                                const uint8_t *data_buffer,
+                                const size_t data_buffer_length,
+                                uint8_t *digest_buffer,
+                                const size_t digest_buffer_length)
+{
+  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
+                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
+                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+                      MODE_SHA_512_224);
+}
+
+hal_error_t hal_hash_sha512_256(void *state,
+                                const uint8_t *data_buffer,
+                                const size_t data_buffer_length,
+                                uint8_t *digest_buffer,
+                                const size_t digest_buffer_length)
+{
+  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
+                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
+                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+                      MODE_SHA_512_256);
+}
+
+hal_error_t hal_hash_sha384(void *state,
+                            const uint8_t *data_buffer,
+                            const size_t data_buffer_length,
+                            uint8_t *digest_buffer,
+                            const size_t digest_buffer_length)
+{
+  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
+                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
+                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+                      MODE_SHA_384);
+}
+
+hal_error_t hal_hash_sha512(void *state,
+                            const uint8_t *data_buffer,
+                            const size_t data_buffer_length,
+                            uint8_t *digest_buffer,
+                            const size_t digest_buffer_length)
+{
+  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
+                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
+                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+                      MODE_SHA_512);
+}
+
+/*
+ * "Any programmer who fails to comply with the standard naming, formatting,
+ *  or commenting conventions should be shot.  If it so happens that it is
+ *  inconvenient to shoot him, then he is to be politely requested to recode
+ *  his program in adherence to the above standard."
+ *                      -- Michael Spier, Digital Equipment Corporation
+ *
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */



More information about the Commits mailing list