[Cryptech-Commits] [sw/libhal] branch master updated: SHA-224 driver and soft core.
git at cryptech.is
git at cryptech.is
Wed Jun 1 03:42:49 UTC 2016
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.
The following commit(s) were added to refs/heads/master by this push:
new 00f3181 SHA-224 driver and soft core.
00f3181 is described below
commit 00f3181d2411068353efd6a5aadb3e70f064db2a
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue May 31 23:40:17 2016 -0400
SHA-224 driver and soft core.
---
hal.h | 4 +++-
hash.c | 55 ++++++++++++++++++++++++++++++++++++-----------------
tests/test-hash.c | 15 +++++++++++++++
verilog_constants.h | 14 +++++++++-----
4 files changed, 65 insertions(+), 23 deletions(-)
diff --git a/hal.h b/hal.h
index f62c89e..12ed579 100644
--- a/hal.h
+++ b/hal.h
@@ -79,7 +79,7 @@
#define SHA1_VERSION "0.50"
#define SHA256_NAME "sha2-256"
-#define SHA256_VERSION "0.81"
+#define SHA256_VERSION "1.80"
#define SHA512_NAME "sha2-512"
#define SHA512_VERSION "0.80"
@@ -233,6 +233,7 @@ typedef struct hal_hash_driver hal_hash_driver_t;
typedef enum {
hal_digest_algorithm_none,
hal_digest_algorithm_sha1,
+ hal_digest_algorithm_sha224,
hal_digest_algorithm_sha256,
hal_digest_algorithm_sha512_224,
hal_digest_algorithm_sha512_256,
@@ -266,6 +267,7 @@ typedef struct hal_hmac_state hal_hmac_state_t;
*/
extern const hal_hash_descriptor_t hal_hash_sha1[1];
+extern const hal_hash_descriptor_t hal_hash_sha224[1];
extern const hal_hash_descriptor_t hal_hash_sha256[1];
extern const hal_hash_descriptor_t hal_hash_sha512_224[1];
extern const hal_hash_descriptor_t hal_hash_sha512_256[1];
diff --git a/hash.c b/hash.c
index 1c82af5..225a99d 100644
--- a/hash.c
+++ b/hash.c
@@ -136,24 +136,28 @@ static const hal_hash_driver_t sha1_driver = {
SHA1_LENGTH_LEN, SHA1_ADDR_BLOCK, SHA1_ADDR_DIGEST, 0, sw_hash_core_sha1, sizeof(uint32_t)
};
+static const hal_hash_driver_t sha224_driver = {
+ SHA256_LENGTH_LEN, SHA256_ADDR_BLOCK, SHA256_ADDR_DIGEST, SHA256_MODE_SHA_224, sw_hash_core_sha256, sizeof(uint32_t)
+};
+
static const hal_hash_driver_t sha256_driver = {
- SHA256_LENGTH_LEN, SHA256_ADDR_BLOCK, SHA256_ADDR_DIGEST, 0, sw_hash_core_sha256, sizeof(uint32_t)
+ SHA256_LENGTH_LEN, SHA256_ADDR_BLOCK, SHA256_ADDR_DIGEST, SHA256_MODE_SHA_256, sw_hash_core_sha256, sizeof(uint32_t)
};
static const hal_hash_driver_t sha512_224_driver = {
- SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_512_224, sw_hash_core_sha512, sizeof(uint64_t)
+ SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, SHA512_MODE_SHA_512_224, sw_hash_core_sha512, sizeof(uint64_t)
};
static const hal_hash_driver_t sha512_256_driver = {
- SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_512_256, sw_hash_core_sha512, sizeof(uint64_t)
+ SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, SHA512_MODE_SHA_512_256, sw_hash_core_sha512, sizeof(uint64_t)
};
static const hal_hash_driver_t sha384_driver = {
- SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_384, sw_hash_core_sha512, sizeof(uint64_t)
+ SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, SHA512_MODE_SHA_384, sw_hash_core_sha512, sizeof(uint64_t)
};
static const hal_hash_driver_t sha512_driver = {
- SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, MODE_SHA_512, sw_hash_core_sha512, sizeof(uint64_t)
+ SHA512_LENGTH_LEN, SHA512_ADDR_BLOCK, SHA512_ADDR_DIGEST, SHA512_MODE_SHA_512, sw_hash_core_sha512, sizeof(uint64_t)
};
/*
@@ -175,6 +179,7 @@ static const uint8_t
dalgid_sha256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 },
dalgid_sha384[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00 },
dalgid_sha512[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00 },
+ dalgid_sha224[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00 },
dalgid_sha512_224[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x05, 0x00 },
dalgid_sha512_256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00 };
@@ -193,6 +198,14 @@ const hal_hash_descriptor_t hal_hash_sha1[1] = {{
&sha1_driver, SHA1_NAME, 0
}};
+const hal_hash_descriptor_t hal_hash_sha224[1] = {{
+ hal_digest_algorithm_sha256,
+ SHA256_BLOCK_LEN, SHA224_DIGEST_LEN,
+ sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
+ dalgid_sha224, sizeof(dalgid_sha224),
+ &sha224_driver, SHA256_NAME, 1
+}};
+
const hal_hash_descriptor_t hal_hash_sha256[1] = {{
hal_digest_algorithm_sha256,
SHA256_BLOCK_LEN, SHA256_DIGEST_LEN,
@@ -1000,22 +1013,30 @@ static hal_error_t sw_hash_core_sha1(hal_hash_state_t *state)
}
/*
- * Software implementation of SHA-256 block algorithm; doesn't support truncated variants because
- * the Cryptech Verilog implementation doesn't.
+ * Software implementation of SHA-256 block algorithm, including support for same truncated variants
+ * that the Cryptech Verilog SHA-256 core supports.
*/
static hal_error_t sw_hash_core_sha256(hal_hash_state_t *state)
{
- static const uint32_t iv[8] = {0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
- 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL};
+ static const uint32_t sha224_iv[8] = {0xC1059ED8UL, 0x367CD507UL, 0x3070DD17UL, 0xF70E5939UL,
+ 0xFFC00B31UL, 0x68581511UL, 0x64F98FA7UL, 0xBEFA4FA4UL};
+
+ static const uint32_t sha256_iv[8] = {0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
+ 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL};
if (state == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
uint32_t *H = (uint32_t *) state->core_state, S[8], W[64];
- if (state->block_count == 0)
- memcpy(H, iv, sizeof(iv));
+ if (state->block_count == 0) {
+ switch (state->driver_ctrl_mode & SHA256_MODE_MASK) {
+ case SHA256_MODE_SHA_224: memcpy(H, sha224_iv, sizeof(sha224_iv)); break;
+ case SHA256_MODE_SHA_256: memcpy(H, sha256_iv, sizeof(sha256_iv)); break;
+ default: return HAL_ERROR_IMPOSSIBLE;
+ }
+ }
memcpy(S, H, sizeof(S));
@@ -1067,12 +1088,12 @@ static hal_error_t sw_hash_core_sha512(hal_hash_state_t *state)
uint64_t *H = (uint64_t *) state->core_state, S[8], W[80];
if (state->block_count == 0) {
- switch (state->driver->ctrl_mode & MODE_SHA_MASK) {
- case MODE_SHA_512_224: memcpy(H, sha512_224_iv, sizeof(sha512_224_iv)); break;
- case MODE_SHA_512_256: memcpy(H, sha512_256_iv, sizeof(sha512_256_iv)); break;
- case MODE_SHA_384: memcpy(H, sha384_iv, sizeof(sha384_iv)); break;
- case MODE_SHA_512: memcpy(H, sha512_iv, sizeof(sha512_iv)); break;
- default: return HAL_ERROR_IMPOSSIBLE;
+ switch (state->driver->ctrl_mode & SHA512_MODE_MASK) {
+ case SHA512_MODE_SHA_512_224: memcpy(H, sha512_224_iv, sizeof(sha512_224_iv)); break;
+ case SHA512_MODE_SHA_512_256: memcpy(H, sha512_256_iv, sizeof(sha512_256_iv)); break;
+ case SHA512_MODE_SHA_384: memcpy(H, sha384_iv, sizeof(sha384_iv)); break;
+ case SHA512_MODE_SHA_512: memcpy(H, sha512_iv, sizeof(sha512_iv)); break;
+ default: return HAL_ERROR_IMPOSSIBLE;
}
}
diff --git a/tests/test-hash.c b/tests/test-hash.c
index e8c6a01..65ddf15 100644
--- a/tests/test-hash.c
+++ b/tests/test-hash.c
@@ -53,6 +53,12 @@ static const uint8_t sha1_single_digest[] = { /* 20 bytes */
0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d
};
+static const uint8_t sha224_single_digest[] = { /* 28 bytes */
+ 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, 0x86, 0x42, 0xa4, 0x77,
+ 0xbd, 0xa2, 0x55, 0xb3, 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
+ 0xe3, 0x6c, 0x9d, 0xa7
+};
+
static const uint8_t sha256_single_digest[] = { /* 32 bytes */
0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
@@ -73,6 +79,12 @@ static const uint8_t sha1_double_digest[] = { /* 20 bytes */
0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1
};
+static const uint8_t sha224_double_digest[] = { /* 28 bytes */
+ 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, 0x5d, 0xba, 0x5d, 0xa1,
+ 0xfd, 0x89, 0x01, 0x50, 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
+ 0x52, 0x52, 0x25, 0x25
+};
+
static const uint8_t sha256_double_digest[] = { /* 32 bytes */
0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93,
0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
@@ -655,6 +667,9 @@ int main (int argc, char *argv[])
ok &= test_hash(sha1_core, hal_hash_sha1, nist_512_single, sha1_single_digest, "SHA-1 single block");
ok &= test_hash(sha1_core, hal_hash_sha1, nist_512_double, sha1_double_digest, "SHA-1 double block");
+ ok &= test_hash(sha256_core, hal_hash_sha224, nist_512_single, sha224_single_digest, "SHA-224 single block");
+ ok &= test_hash(sha256_core, hal_hash_sha224, nist_512_double, sha224_double_digest, "SHA-224 double block");
+
ok &= test_hash(sha256_core, hal_hash_sha256, nist_512_single, sha256_single_digest, "SHA-256 single block");
ok &= test_hash(sha256_core, hal_hash_sha256, nist_512_double, sha256_double_digest, "SHA-256 double block");
diff --git a/verilog_constants.h b/verilog_constants.h
index 43b7a0c..085b973 100644
--- a/verilog_constants.h
+++ b/verilog_constants.h
@@ -67,7 +67,11 @@
#define SHA256_ADDR_DIGEST (0x20)
#define SHA256_BLOCK_LEN bitsToBytes(512)
#define SHA256_LENGTH_LEN bitsToBytes(64)
+#define SHA224_DIGEST_LEN bitsToBytes(224)
#define SHA256_DIGEST_LEN bitsToBytes(256)
+#define SHA256_MODE_SHA_224 (0 << 2)
+#define SHA256_MODE_SHA_256 (1 << 2)
+#define SHA256_MODE_MASK (1 << 2)
#define SHA512_ADDR_BLOCK (0x10)
#define SHA512_ADDR_DIGEST (0x40)
@@ -77,11 +81,11 @@
#define SHA512_256_DIGEST_LEN bitsToBytes(256)
#define SHA384_DIGEST_LEN bitsToBytes(384)
#define SHA512_DIGEST_LEN bitsToBytes(512)
-#define MODE_SHA_512_224 (0 << 2)
-#define MODE_SHA_512_256 (1 << 2)
-#define MODE_SHA_384 (2 << 2)
-#define MODE_SHA_512 (3 << 2)
-#define MODE_SHA_MASK (3 << 2)
+#define SHA512_MODE_SHA_512_224 (0 << 2)
+#define SHA512_MODE_SHA_512_256 (1 << 2)
+#define SHA512_MODE_SHA_384 (2 << 2)
+#define SHA512_MODE_SHA_512 (3 << 2)
+#define SHA512_MODE_MASK (3 << 2)
/*
* RNG cores.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list