[Cryptech-Commits] [sw/libhal] 20/58: Refactor hash code prior to adding HMAC (which we need for PBKDF2). Main changes: moving the ten zillion core-related constants from closures into a driver structure, rework API to the more common initialize/update/finalize because it's easier to understand, particularly with HMAC.

git at cryptech.is git at cryptech.is
Tue Jul 7 18:25:04 UTC 2015


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

commit 73a9466319ab4edce0dc82185a422005f57e0f99
Author: Rob Austein <sra at hactrn.net>
Date:   Thu Jun 4 01:28:52 2015 -0400

    Refactor hash code prior to adding HMAC (which we need for PBKDF2).
    Main changes: moving the ten zillion core-related constants from
    closures into a driver structure, rework API to the more common
    initialize/update/finalize because it's easier to understand,
    particularly with HMAC.
---
 cryptech.h        |  76 +++++++--
 hash.c            | 476 ++++++++++++++++++++++++++++++------------------------
 tests/test-hash.c |  85 +++++-----
 3 files changed, 370 insertions(+), 267 deletions(-)

diff --git a/cryptech.h b/cryptech.h
index 9ac73e8..f64d868 100644
--- a/cryptech.h
+++ b/cryptech.h
@@ -479,23 +479,65 @@ extern hal_error_t hal_io_wait_valid(off_t offset);
 extern hal_error_t hal_get_random(void *buffer, const size_t length);
 
 extern void hal_hash_set_debug(int onoff);
-extern hal_error_t hal_hash_sha1_core_present(void);
-extern hal_error_t hal_hash_sha256_core_present(void);
-extern hal_error_t hal_hash_sha512_core_present(void);
-extern size_t hal_hash_state_size(void);
-extern void hal_hash_state_initialize(void *state);
-extern hal_error_t hal_hash_sha1(void *state, const uint8_t * data_buffer, const size_t data_buffer_length,
-				 		   uint8_t *digest_buffer, const size_t digest_buffer_length);
-extern hal_error_t hal_hash_sha256(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
-				   		    uint8_t *digest_buffer, const size_t digest_buffer_length);
-extern hal_error_t hal_hash_sha512_224(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
-				       			uint8_t *digest_buffer, const size_t digest_buffer_length);
-extern hal_error_t hal_hash_sha512_256(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
-				       			uint8_t *digest_buffer, const size_t digest_buffer_length);
-extern hal_error_t hal_hash_sha384(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
-				   		    uint8_t *digest_buffer, const size_t digest_buffer_length);
-extern hal_error_t hal_hash_sha512(void *state, const uint8_t *data_buffer, const size_t data_buffer_length,
-				   		    uint8_t *digest_buffer, const size_t digest_buffer_length);
+
+/*
+ * Public information about a digest algorithm.
+ *
+ * The _state_length values in the descriptor and the typed opaque
+ * pointers in the API are all intended to hide internal details of
+ * the implementation while making memory allocation the caller's
+ * problem.
+ */
+
+typedef struct {
+  size_t block_length;
+  size_t digest_length;
+  size_t hash_state_length;
+  size_t hmac_state_length;
+  const void *driver;
+} hal_hash_descriptor_t;
+
+/*
+ * Typed opaque pointers to internal state.
+ */
+
+typedef struct { void *state; } hal_hash_state_t;
+typedef struct { void *state; } hal_hmac_state_t;
+
+/*
+ * Supported digest algorithms.
+ */
+
+extern const hal_hash_descriptor_t hal_hash_sha1;
+extern const hal_hash_descriptor_t hal_hash_sha256;
+extern const hal_hash_descriptor_t hal_hash_sha512_224;
+extern const hal_hash_descriptor_t hal_hash_sha512_256;
+extern const hal_hash_descriptor_t hal_hash_sha384;
+extern const hal_hash_descriptor_t hal_hash_sha512;
+
+extern hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor);
+
+extern hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor,
+				       hal_hash_state_t *state,
+				       void *state_buffer, const size_t state_length);
+
+extern hal_error_t hal_hash_update(const hal_hash_state_t state,
+				   const uint8_t * data, const size_t length);
+
+extern hal_error_t hal_hash_finalize(const hal_hash_state_t state,
+				     uint8_t *digest, const size_t length);
+
+extern hal_error_t hal_hmac_initialize(const hal_hash_descriptor_t * const descriptor,
+				       hal_hmac_state_t *state,
+				       void *state_buffer, const size_t state_length,
+				       const uint8_t * const key, const size_t key_length);
+
+extern hal_error_t hal_hmac_update(const hal_hmac_state_t state,
+				   const uint8_t * data, const size_t length);
+
+extern hal_error_t hal_hmac_finalize(const hal_hmac_state_t state,
+				     uint8_t *hmac, const size_t length);
+
 
 extern hal_error_t hal_aes_keywrap(const uint8_t *kek, const size_t kek_length,
 				   const uint8_t *plaintext, const size_t plaintext_length,
diff --git a/hash.c b/hash.c
index bd0daa8..3680927 100644
--- a/hash.c
+++ b/hash.c
@@ -48,107 +48,232 @@
 /* Longest digest block we support at the moment */
 #define MAX_BLOCK_LEN           SHA512_BLOCK_LEN
 
-/* Hash state */
+/*
+ * Driver.  This encapsulates whatever per-algorithm voodoo we need
+ * this week.  At the moment, this is mostly Cryptech core addresses,
+ * but this is subject to change without notice.
+ *
+ * Most of the addresses in the current version could be calculated
+ * from a single address (the core base address), but this week's
+ * theory prefers the precomputed composite addresses, and doing it
+ * this way saves some microscopic bit of addition at runtime.
+ * Whatever.  It'll probably all change again once we have a dynamic
+ * memory map, so it's not really worth overthinking at the moment.
+ */
+
 typedef struct {
+  size_t length_length;                 /* Length of the length field */
+  off_t block_addr;                     /* Where to write hash blocks */
+  off_t ctrl_addr;                      /* Control register */
+  off_t status_addr;                    /* Status register */
+  off_t digest_addr;                    /* Where to read digest */
+  off_t name_addr;                      /* Where to read core name */
+  char core_name[8];                    /* Expected name of core */
+  uint8_t ctrl_mode;                    /* Digest mode, for cores that have modes */
+} driver_t;
+
+/*
+ * Hash state.
+ */
+
+typedef struct {
+  const hal_hash_descriptor_t *descriptor;
+  const driver_t *driver;
   uint64_t msg_length_high;             /* Total data hashed in this message */
   uint64_t msg_length_low;              /* (128 bits in SHA-512 cases) */
-  size_t block_length;                  /* Block length for this algorithm */
   uint8_t block[MAX_BLOCK_LEN];         /* Block we're accumulating */
   size_t block_used;                    /* How much of the block we've used */
   unsigned block_count;                 /* Blocks sent */
-} hash_state_t;
+} internal_hash_state_t;
 
-static int debug = 0;
+/*
+ * Drivers and descriptors for known digest algorithms.
+ */
+
+/* Drivers */
+
+static const driver_t sha1_driver = {
+  SHA1_LENGTH_LEN,
+  SHA1_ADDR_BLOCK, SHA1_ADDR_CTRL, SHA1_ADDR_STATUS, SHA1_ADDR_DIGEST,
+  SHA1_ADDR_NAME0, (SHA1_NAME0 SHA1_NAME1),
+  0
+};
+
+static const driver_t sha256_driver = {
+  SHA256_LENGTH_LEN,
+  SHA256_ADDR_BLOCK, SHA256_ADDR_CTRL, SHA256_ADDR_STATUS, SHA256_ADDR_DIGEST,
+  SHA256_ADDR_NAME0, (SHA256_NAME0 SHA256_NAME1),
+  0
+};
+
+static const driver_t sha512_224_driver = {
+  SHA512_LENGTH_LEN,
+  SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+  SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1),
+  MODE_SHA_512_224
+};
+
+static const driver_t sha512_256_driver = {
+  SHA512_LENGTH_LEN,
+  SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+  SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1),
+  MODE_SHA_512_256
+};
+
+static const driver_t sha384_driver = {
+  SHA512_LENGTH_LEN,
+  SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+  SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1),
+  MODE_SHA_384
+};
+
+static const driver_t sha512_driver = {
+  SHA512_LENGTH_LEN,
+  SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
+  SHA512_ADDR_NAME0, (SHA512_NAME0 SHA512_NAME1),
+  MODE_SHA_512
+};
+
+/* Descriptors */
+
+const hal_hash_descriptor_t hal_hash_sha1 = {
+  SHA1_BLOCK_LEN, SHA1_DIGEST_LEN,
+  sizeof(internal_hash_state_t), 0,
+  &sha1_driver
+};
+
+const hal_hash_descriptor_t hal_hash_sha256 = {
+  SHA256_BLOCK_LEN, SHA256_DIGEST_LEN,
+  sizeof(internal_hash_state_t), 0,
+  &sha256_driver
+};
+
+const hal_hash_descriptor_t hal_hash_sha512_224 = {
+  SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
+  sizeof(internal_hash_state_t), 0,
+  &sha512_224_driver
+};
+
+const hal_hash_descriptor_t hal_hash_sha512_256 = {
+  SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
+  sizeof(internal_hash_state_t), 0,
+  &sha512_256_driver
+};
+
+const hal_hash_descriptor_t hal_hash_sha384 = {
+  SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
+  sizeof(internal_hash_state_t), 0,
+  &sha384_driver
+};
+
+const hal_hash_descriptor_t hal_hash_sha512 = {
+  SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
+  sizeof(internal_hash_state_t), 0,
+  &sha512_driver
+};
 
 /*
  * Debugging control.
  */
 
+static int debug = 0;
+
 void hal_hash_set_debug(int onoff)
 {
   debug = onoff;
 }
 
 /*
- * Tell caller how much space to allocate for a hash_state_t.  This
- * lets us hide details that are nobody else's business while letting
- * somebody else deal with memory allocation (and is the way
- * Cryptlib's HAL code works, not by coincidence).
+ * Internal utility to do whatever checking we need of a descriptor,
+ * then extract the driver pointer in a way that works nicely with
+ * initialization of an automatic const pointer.
+ *
+ * Returns the driver pointer on success, NULL on failure.
  */
 
-size_t hal_hash_state_size(void)
+static const driver_t *check_driver(const hal_hash_descriptor_t * const descriptor)
 {
-  return sizeof(hash_state_t);
-}
-
-void hal_hash_state_initialize(void *_state)
-{
-  hash_state_t *state = _state;
-  assert(state != NULL);
-  memset(state, 0, sizeof(*state));
+  return descriptor == NULL ? NULL : descriptor->driver;
 }
 
 /*
  * Report whether cores are present.
  */
 
-hal_error_t hal_hash_sha1_core_present(void)
+hal_error_t hal_hash_core_present(const hal_hash_descriptor_t * const descriptor)
 {
-  return hal_io_expected(SHA1_ADDR_NAME0, (const uint8_t *) (SHA1_NAME0 SHA1_NAME1), 8);
-}
+  const driver_t * const driver = check_driver(descriptor);
 
-hal_error_t hal_hash_sha256_core_present(void)
-{
-  return hal_io_expected(SHA256_ADDR_NAME0, (const uint8_t *) (SHA256_NAME0 SHA256_NAME1), 8);
+  if (driver == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  return hal_io_expected(driver->name_addr,
+                         (const uint8_t *) driver->core_name,
+                         sizeof(driver->core_name));
 }
 
-hal_error_t hal_hash_sha512_core_present(void)
+/*
+ * Initialize hash state.
+ */
+
+hal_error_t hal_hash_initialize(const hal_hash_descriptor_t * const descriptor,
+                                hal_hash_state_t *opaque_state,
+                                void *state_buffer, const size_t state_length)
 {
-  return hal_io_expected(SHA512_ADDR_NAME0, (const uint8_t *) (SHA512_NAME0 SHA512_NAME1), 8);
+  const driver_t * const driver = check_driver(descriptor);
+  internal_hash_state_t *state = state_buffer;
+
+  if (driver == NULL || state == NULL || opaque_state == NULL ||
+      state_length < descriptor->hash_state_length)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  memset(state, 0, sizeof(*state));
+  state->descriptor = descriptor;
+  state->driver = driver;
+
+  opaque_state->state = state;
+
+  return HAL_OK;
 }
 
 /*
  * Send one block to a core.
  */
 
-static hal_error_t hash_write_block(const off_t block_addr,
-                                    const off_t ctrl_addr,
-                                    const off_t status_addr,
-                                    const uint8_t ctrl_mode,
-                                    const hash_state_t * const state)
+static hal_error_t hash_write_block(const internal_hash_state_t * const state)
 {
   uint8_t ctrl_cmd[4];
   hal_error_t err;
 
-  assert(state != NULL && state->block_length % 4 == 0);
+  assert(state != NULL && state->descriptor != NULL && state->driver != NULL);
+  assert(state->descriptor->block_length % 4 == 0);
 
   if (debug)
     fprintf(stderr, "[ %s ]\n", state->block_count == 0 ? "init" : "next");
 
-  if ((err = hal_io_write(block_addr, state->block, state->block_length)) != HAL_OK)
+  if ((err = hal_io_write(state->driver->block_addr, state->block, state->descriptor->block_length)) != HAL_OK)
     return err;
 
   ctrl_cmd[0] = ctrl_cmd[1] = ctrl_cmd[2] = 0;
   ctrl_cmd[3] = state->block_count == 0 ? CTRL_INIT : CTRL_NEXT;  
-  ctrl_cmd[3] |= ctrl_mode;
+  ctrl_cmd[3] |= state->driver->ctrl_mode;
 
   /*
    * Not sure why we're waiting for ready here, but it's what the old
    * (read: tested) code did, so keep that behavior for now.
    */
 
-  if ((err = hal_io_write(ctrl_addr, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK)
+  if ((err = hal_io_write(state->driver->ctrl_addr, ctrl_cmd, sizeof(ctrl_cmd))) != HAL_OK)
     return err;
 
-  return hal_io_wait_valid(status_addr);
+  return hal_io_wait_valid(state->driver->status_addr);
 }
 
 /*
  * Read hash result from core.
  */
 
-static hal_error_t hash_read_digest(const off_t digest_addr,
-                                    const off_t status_addr,
+static hal_error_t hash_read_digest(const driver_t * const driver,
                                     uint8_t *digest,
                                     const size_t digest_length)
 {
@@ -156,211 +281,146 @@ static hal_error_t hash_read_digest(const off_t digest_addr,
 
   assert(digest != NULL && digest_length % 4 == 0);
 
-  if ((err = hal_io_wait_valid(status_addr)) != HAL_OK)
+  if ((err = hal_io_wait_valid(driver->status_addr)) != HAL_OK)
     return err;
 
-  return hal_io_read(digest_addr, digest, digest_length);
+  return hal_io_read(driver->digest_addr, digest, digest_length);
 }
 
 /*
- * Hash data.  All supported hash algorithms use similar block
- * manipulations and padding algorithms, so all can use this method
- * with a few parameters which we handle via closures below.
+ * Add data to hash.
  */
 
-static hal_error_t hash_do_hash(hash_state_t *state,                    /* Opaque state block */
-                                const uint8_t * const data_buffer,	/* Data to be hashed */
-                                size_t data_buffer_length,              /* Length of data_buffer */
-                                uint8_t *digest_buffer,                 /* Returned digest */
-                                const size_t digest_buffer_length,      /* Length of digest_buffer */
-                                const size_t block_length,              /* Length of a block */
-                                const size_t digest_length,             /* Length of resulting digest */
-                                const size_t length_length,             /* Length of the length field */
-                                const off_t block_addr,                 /* Where to write hash blocks */
-                                const off_t ctrl_addr,                  /* Control register */
-                                const off_t status_addr,                /* Status register */
-                                const off_t digest_addr,                /* Where to read digest */
-                                const uint8_t ctrl_mode)                /* Digest mode, for cores that have modes */
+hal_error_t hal_hash_update(hal_hash_state_t opaque_state,      /* Opaque state block */
+                            const uint8_t * const data_buffer,	/* Data to be hashed */
+                            size_t data_buffer_length)          /* Length of data_buffer */
 {
+  internal_hash_state_t *state = opaque_state.state;
+  const uint8_t *p = data_buffer;
   hal_error_t err;
   size_t n;
-  int i;
 
-  if (state == NULL ||
-      (state->block_length != 0 && state->block_length != block_length) ||
-      (data_buffer_length > 0 && data_buffer == NULL) ||
-      (data_buffer_length == 0 && digest_buffer == NULL) ||
-      (digest_buffer != NULL && digest_buffer_length < digest_length))
+  if (state == NULL || data_buffer == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  if (state->block_length == 0)
-    state->block_length = block_length;
-
-  assert(block_length <= sizeof(state->block));
-
-  if (data_buffer_length > 0) {                            /* We have data to hash */
-
-    const uint8_t *p = data_buffer;
-
-    while ((n = state->block_length - state->block_used) <= data_buffer_length) {
-      /*
-       * We have enough data for another complete block.
-       */
-      if (debug)
-        fprintf(stderr, "[ Full block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
-                (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
-      memcpy(state->block + state->block_used, p, n);
-      if ((state->msg_length_low += n) < n)
-        state->msg_length_high++;
-      state->block_used = 0;
-      data_buffer_length -= n;
-      p += n;
-      if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK)
-        return err;
-      state->block_count++;
-    }
-
-    if (data_buffer_length > 0) {
-      /*
-       * Data left over, but not enough for a full block, stash it.
-       */
-      if (debug)
-        fprintf(stderr, "[ Partial block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
-                (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
-      assert(data_buffer_length < n);
-      memcpy(state->block + state->block_used, p, data_buffer_length);
-      if ((state->msg_length_low += data_buffer_length) < data_buffer_length)
-        state->msg_length_high++;
-      state->block_used += data_buffer_length;
-    }
-  }
+  if (data_buffer_length == 0)
+    return HAL_OK;
 
-  else {           /* Done: add padding, then pull result from the core */
-
-    uint64_t bit_length_low  = (state->msg_length_low  << 3);
-    uint64_t bit_length_high = (state->msg_length_high << 3) | (state->msg_length_low >> 61);
-    uint8_t *p;
-
-    /* Initial pad byte */
-    assert(state->block_used < state->block_length);
-    state->block[state->block_used++] = 0x80;
-
-    /* If not enough room for bit count, zero and push current block */
-    if ((n = state->block_length - state->block_used) < length_length) {
-      if (debug)
-        fprintf(stderr, "[ Overflow block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
-                (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
-      if (n > 0)
-        memset(state->block + state->block_used, 0, n);
-      if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK)
-        return err;
-      state->block_count++;
-      state->block_used = 0;
-    }
+  assert(state->descriptor != NULL && state->driver != NULL);
+  assert(state->descriptor->block_length <= sizeof(state->block));
 
-    /* Pad final block */
-    n = state->block_length - state->block_used;
-    assert(n >= length_length);
-    if (n > 0)
-      memset(state->block + state->block_used, 0, n);
+  while ((n = state->descriptor->block_length - state->block_used) <= data_buffer_length) {
+    /*
+     * We have enough data for another complete block.
+     */
     if (debug)
-      fprintf(stderr, "[ Final block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
+      fprintf(stderr, "[ Full block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
               (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
-    p = state->block + state->block_length;
-    for (i = 0; (bit_length_low || bit_length_high) && i < length_length; i++) {
-      *--p = (uint8_t) (bit_length_low & 0xFF);
-      bit_length_low >>= 8;
-      if (bit_length_high) {
-        bit_length_low |= ((bit_length_high & 0xFF) << 56);
-        bit_length_high >>= 8;
-      }
-    }
-
-    /* Push final block */
-    if ((err = hash_write_block(block_addr, ctrl_addr, status_addr, ctrl_mode, state)) != HAL_OK)
+    memcpy(state->block + state->block_used, p, n);
+    if ((state->msg_length_low += n) < n)
+      state->msg_length_high++;
+    state->block_used = 0;
+    data_buffer_length -= n;
+    p += n;
+    if ((err = hash_write_block(state)) != HAL_OK)
       return err;
     state->block_count++;
+  }
 
-    /* All data pushed to core, now we just need to read back the result */
-    if ((err = hash_read_digest(digest_addr, status_addr, digest_buffer, digest_length)) != HAL_OK)
-      return err;
+  if (data_buffer_length > 0) {
+    /*
+     * Data left over, but not enough for a full block, stash it.
+     */
+    if (debug)
+      fprintf(stderr, "[ Partial block, data_buffer_length %lu, used %lu, n %lu, msg_length %llu ]\n",
+              (unsigned long) data_buffer_length, (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+    assert(data_buffer_length < n);
+    memcpy(state->block + state->block_used, p, data_buffer_length);
+    if ((state->msg_length_low += data_buffer_length) < data_buffer_length)
+      state->msg_length_high++;
+    state->block_used += data_buffer_length;
   }
 
   return HAL_OK;
 }
 
 /*
- * Closures to provide the public API.
+ * Finish hash and return digest.
  */
 
-hal_error_t hal_hash_sha1(void *state,
-                          const uint8_t *data_buffer,
-                          const size_t data_buffer_length,
-                          uint8_t *digest_buffer,
-                          const size_t digest_buffer_length)
+hal_error_t hal_hash_finalize(hal_hash_state_t opaque_state,            /* Opaque state block */
+                              uint8_t *digest_buffer,                   /* Returned digest */
+                              const size_t digest_buffer_length)        /* Length of digest_buffer */
 {
-  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
-                      SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, SHA1_LENGTH_LEN,
-                      SHA1_ADDR_BLOCK, SHA1_ADDR_CTRL, SHA1_ADDR_STATUS, SHA1_ADDR_DIGEST, 0);
-}
+  internal_hash_state_t *state = opaque_state.state;
+  uint64_t bit_length_high, bit_length_low;
+  hal_error_t err;
+  uint8_t *p;
+  size_t n;
+  int i;
 
-hal_error_t hal_hash_sha256(void *state,
-                            const uint8_t *data_buffer,
-                            const size_t data_buffer_length,
-                            uint8_t *digest_buffer,
-                            const size_t digest_buffer_length)
-{
-  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
-                      SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, SHA256_LENGTH_LEN,
-                      SHA256_ADDR_BLOCK, SHA256_ADDR_CTRL, SHA256_ADDR_STATUS, SHA256_ADDR_DIGEST, 0);
-}
+  if (state == NULL || digest_buffer == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
 
-hal_error_t hal_hash_sha512_224(void *state,
-                                const uint8_t *data_buffer,
-                                const size_t data_buffer_length,
-                                uint8_t *digest_buffer,
-                                const size_t digest_buffer_length)
-{
-  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
-                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
-                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
-                      MODE_SHA_512_224);
-}
+  assert(state->descriptor != NULL && state->driver != NULL);
 
-hal_error_t hal_hash_sha512_256(void *state,
-                                const uint8_t *data_buffer,
-                                const size_t data_buffer_length,
-                                uint8_t *digest_buffer,
-                                const size_t digest_buffer_length)
-{
-  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
-                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
-                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
-                      MODE_SHA_512_256);
-}
+  if (digest_buffer_length < state->descriptor->digest_length)
+    return HAL_ERROR_BAD_ARGUMENTS;
 
-hal_error_t hal_hash_sha384(void *state,
-                            const uint8_t *data_buffer,
-                            const size_t data_buffer_length,
-                            uint8_t *digest_buffer,
-                            const size_t digest_buffer_length)
-{
-  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
-                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
-                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
-                      MODE_SHA_384);
-}
+  assert(state->descriptor->block_length <= sizeof(state->block));
 
-hal_error_t hal_hash_sha512(void *state,
-                            const uint8_t *data_buffer,
-                            const size_t data_buffer_length,
-                            uint8_t *digest_buffer,
-                            const size_t digest_buffer_length)
-{
-  return hash_do_hash(state, data_buffer, data_buffer_length, digest_buffer, digest_buffer_length,
-                      SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, SHA512_LENGTH_LEN,
-                      SHA512_ADDR_BLOCK, SHA512_ADDR_CTRL, SHA512_ADDR_STATUS, SHA512_ADDR_DIGEST,
-                      MODE_SHA_512);
+  /*
+   * Add padding, then pull result from the core
+   */
+
+  bit_length_low  = (state->msg_length_low  << 3);
+  bit_length_high = (state->msg_length_high << 3) | (state->msg_length_low >> 61);
+
+  /* Initial pad byte */
+  assert(state->block_used < state->descriptor->block_length);
+  state->block[state->block_used++] = 0x80;
+
+  /* If not enough room for bit count, zero and push current block */
+  if ((n = state->descriptor->block_length - state->block_used) < state->driver->length_length) {
+    if (debug)
+      fprintf(stderr, "[ Overflow block, used %lu, n %lu, msg_length %llu ]\n",
+              (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+    if (n > 0)
+      memset(state->block + state->block_used, 0, n);
+    if ((err = hash_write_block(state)) != HAL_OK)
+      return err;
+    state->block_count++;
+    state->block_used = 0;
+  }
+
+  /* Pad final block */
+  n = state->descriptor->block_length - state->block_used;
+  assert(n >= state->driver->length_length);
+  if (n > 0)
+    memset(state->block + state->block_used, 0, n);
+  if (debug)
+    fprintf(stderr, "[ Final block, used %lu, n %lu, msg_length %llu ]\n",
+            (unsigned long) state->block_used, (unsigned long) n, state->msg_length_low);
+  p = state->block + state->descriptor->block_length;
+  for (i = 0; (bit_length_low || bit_length_high) && i < state->driver->length_length; i++) {
+    *--p = (uint8_t) (bit_length_low & 0xFF);
+    bit_length_low >>= 8;
+    if (bit_length_high) {
+      bit_length_low |= ((bit_length_high & 0xFF) << 56);
+      bit_length_high >>= 8;
+    }
+  }
+
+  /* Push final block */
+  if ((err = hash_write_block(state)) != HAL_OK)
+    return err;
+  state->block_count++;
+
+  /* All data pushed to core, now we just need to read back the result */
+  if ((err = hash_read_digest(state->driver, digest_buffer, state->descriptor->digest_length)) != HAL_OK)
+    return err;
+
+  return HAL_OK;
 }
 
 /*
diff --git a/tests/test-hash.c b/tests/test-hash.c
index 671f200..92acdfd 100644
--- a/tests/test-hash.c
+++ b/tests/test-hash.c
@@ -124,32 +124,49 @@ static const uint8_t sha512_double_digest[] = { /* 64 bytes */
   0x87, 0x4b, 0xe9, 0x09
 };
 
-static int _test_hash(hal_error_t (*hash)(void *,
-					  const uint8_t *, const size_t,
-					  uint8_t *, const size_t),
+static int _test_hash(const hal_hash_descriptor_t * const descriptor,
 		      const uint8_t * const data, const size_t data_len,
 		      const uint8_t * const result, const size_t result_len,
 		      const char * const label)
 {
-  uint8_t state[512], digest[512];
+  uint8_t statebuf[512], digest[512];
+  hal_hash_state_t state;
   hal_error_t err;
 
-  assert(hash != NULL && data != NULL && result != NULL && label != NULL);
-
+  assert(descriptor != NULL && data != NULL && result != NULL && label != NULL);
   assert(result_len <= sizeof(digest));
-  assert(hal_hash_state_size() <= sizeof(state));
+  assert(descriptor->hash_state_length <= sizeof(statebuf));
 
   printf("Starting %s test\n", label);
 
-  hal_hash_state_initialize(state);
+  err = hal_hash_core_present(descriptor);
+
+  switch (err) {
+
+  case HAL_OK:
+    break;
+
+  case HAL_ERROR_IO_UNEXPECTED:
+    printf("Core not present, skipping test\n");
+    return 1;
+
+  default:
+    printf("Failed while checking for core: %s\n", hal_error_string(err));
+    return 0;
+  }
+
+  if ((err = hal_hash_initialize(descriptor, &state, statebuf, sizeof(statebuf))) != HAL_OK) {
+    printf("Failed while initializing hash: %s\n", hal_error_string(err));
+    return 0;
+  }
 
-  if ((err = hash(state, data, data_len, NULL, 0)) != HAL_OK) {
-    printf("Failed: %s\n", hal_error_string(err));
+  if ((err = hal_hash_update(state, data, data_len)) != HAL_OK) {
+    printf("Failed while updating hash: %s\n", hal_error_string(err));
     return 0;
   }
 
-  if ((err = hash(state, NULL, 0, digest, sizeof(digest))) != HAL_OK) {
-    printf("Failed: %s\n", hal_error_string(err));
+  if ((err = hal_hash_finalize(state, digest, sizeof(digest))) != HAL_OK) {
+    printf("Failed while finalizing hash: %s\n", hal_error_string(err));
     return 0;
   }
 
@@ -170,46 +187,30 @@ static int _test_hash(hal_error_t (*hash)(void *,
     return 1;
 }
 
-#define test_hash(_hash_, _data_, _result_, _label_) \
-  _test_hash(_hash_, _data_, sizeof(_data_), _result_, sizeof(_result_), _label_)
+#define test_hash(_desc_, _data_, _result_, _label_) \
+  _test_hash(_desc_, _data_, sizeof(_data_), _result_, sizeof(_result_), _label_)
 
 int main (int argc, char *argv[])
 {
   int ok = 1;
 
-  if (hal_hash_sha1_core_present() == HAL_OK) {
-    ok &= test_hash(hal_hash_sha1,   nist_512_single, sha1_single_digest, "SHA-1 single block");
-    ok &= test_hash(hal_hash_sha1,   nist_512_double, sha1_double_digest, "SHA-1 double block");
-  }
-  else {
-    printf("SHA-1 core not present, skipping tests which depend on it\n");
-  }
+  ok &= test_hash(&hal_hash_sha1,   nist_512_single, sha1_single_digest, "SHA-1 single block");
+  ok &= test_hash(&hal_hash_sha1,   nist_512_double, sha1_double_digest, "SHA-1 double block");
 
-  if (hal_hash_sha256_core_present() == HAL_OK) {
-    ok &= test_hash(hal_hash_sha256, nist_512_single, sha256_single_digest, "SHA-256 single block");
-    ok &= test_hash(hal_hash_sha256, nist_512_double, sha256_double_digest, "SHA-256 double block");
-  }
-  else {
-    printf("SHA-256 core not present, skipping tests which depend on it\n");
-  }
-
-  if (hal_hash_sha512_core_present() == HAL_OK) {
+  ok &= test_hash(&hal_hash_sha256, nist_512_single, sha256_single_digest, "SHA-256 single block");
+  ok &= test_hash(&hal_hash_sha256, nist_512_double, sha256_double_digest, "SHA-256 double block");
 
-    ok &= test_hash(hal_hash_sha512_224, nist_1024_single, sha512_224_single_digest, "SHA-512/224 single block");
-    ok &= test_hash(hal_hash_sha512_224, nist_1024_double, sha512_224_double_digest, "SHA-512/224 double block");
+  ok &= test_hash(&hal_hash_sha512_224, nist_1024_single, sha512_224_single_digest, "SHA-512/224 single block");
+  ok &= test_hash(&hal_hash_sha512_224, nist_1024_double, sha512_224_double_digest, "SHA-512/224 double block");
 
-    ok &= test_hash(hal_hash_sha512_256, nist_1024_single, sha512_256_single_digest, "SHA-512/256 single block");
-    ok &= test_hash(hal_hash_sha512_256, nist_1024_double, sha512_256_double_digest, "SHA-512/256 double block");
+  ok &= test_hash(&hal_hash_sha512_256, nist_1024_single, sha512_256_single_digest, "SHA-512/256 single block");
+  ok &= test_hash(&hal_hash_sha512_256, nist_1024_double, sha512_256_double_digest, "SHA-512/256 double block");
       
-    ok &= test_hash(hal_hash_sha384, nist_1024_single, sha384_single_digest, "SHA-384 single block");
-    ok &= test_hash(hal_hash_sha384, nist_1024_double, sha384_double_digest, "SHA-384 double block");
+  ok &= test_hash(&hal_hash_sha384, nist_1024_single, sha384_single_digest, "SHA-384 single block");
+  ok &= test_hash(&hal_hash_sha384, nist_1024_double, sha384_double_digest, "SHA-384 double block");
 
-    ok &= test_hash(hal_hash_sha512, nist_1024_single, sha512_single_digest, "SHA-512 single block");
-    ok &= test_hash(hal_hash_sha512, nist_1024_double, sha512_double_digest, "SHA-512 double block");
-  }
-  else {
-    printf("SHA-512 core not present, skipping tests which depend on it\n");
-  }
+  ok &= test_hash(&hal_hash_sha512, nist_1024_single, sha512_single_digest, "SHA-512 single block");
+  ok &= test_hash(&hal_hash_sha512, nist_1024_double, sha512_double_digest, "SHA-512 double block");
 
   return !ok;
 }



More information about the Commits mailing list