[Cryptech-Commits] [core/hash/sha3] 01/03: Reformatted

git at cryptech.is git at cryptech.is
Mon Jun 7 19:09:05 UTC 2021


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository core/hash/sha3.

commit 9c5acbbcd7928a2958d370923d9cc0276037f1aa
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Mon May 31 17:29:10 2021 -0400

    Reformatted
---
 src/rtl/sha3.v             | 310 +++++++++---------
 src/rtl/sha3_wrapper.v     |  40 +--
 stm32/sha3_driver_sample.c | 773 +++++++++++++++++++++++----------------------
 3 files changed, 562 insertions(+), 561 deletions(-)

diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v
index ab18ca0..b01d50c 100644
--- a/src/rtl/sha3.v
+++ b/src/rtl/sha3.v
@@ -41,161 +41,161 @@
 `define pilni(i) ((piln>>((23-i)*5)) & 5'h1f)
 `define rndci(i) ((rndc>>((23-i)*64)) & 64'hffffffffffffffff)
 
-`define SHA3_NUM_ROUNDS		5'd24
-
-module sha3(	input	wire				clk,
-											nreset,
-											w,
-				input	wire	[   8:2]	addr,
-				input	wire	[32-1:0]	din,
-				output	reg		[32-1:0]	dout,
-				input	wire				init,
-				input	wire				next,
-				output	wire				ready);
-
-	integer i, j;
-
-	reg	[64-1:0]	blk[0:24],	// input block
-					st [0:24],	// current state
-					stn[0:24],	// new state
-					bc [0: 4],	// intermediate values
-					t;			// temporary variable
-
-	reg	[   4:0]	round;		// counter value
-	
-	
-	localparam	[ 4: 0]	roundlimit = `SHA3_NUM_ROUNDS - 'b1;
-
-		
-	localparam	[24*6-1:0]	rotc =
-		{	6'h01, 6'h03, 6'h06, 6'h0A, 6'h0F, 6'h15,
-			6'h1C, 6'h24, 6'h2D, 6'h37, 6'h02, 6'h0E,
-			6'h1B, 6'h29, 6'h38, 6'h08, 6'h19, 6'h2B,
-			6'h3E, 6'h12, 6'h27, 6'h3D, 6'h14, 6'h2C};
-	
-	localparam	[24*5-1:0]	piln =
-		{	5'h0A, 5'h07, 5'h0B, 5'h11, 5'h12, 5'h03,
-			5'h05, 5'h10, 5'h08, 5'h15, 5'h18, 5'h04,
-			5'h0F, 5'h17, 5'h13, 5'h0D, 5'h0C, 5'h02,
-			5'h14, 5'h0E, 5'h16, 5'h09, 5'h06, 5'h01};
-			
-	localparam	[24*64-1:0]	rndc =
-		{	64'h0000000000000001, 64'h0000000000008082,
-			64'h800000000000808a, 64'h8000000080008000,
-			64'h000000000000808b, 64'h0000000080000001,
-			64'h8000000080008081, 64'h8000000000008009,
-			64'h000000000000008a, 64'h0000000000000088,
-			64'h0000000080008009, 64'h000000008000000a,
-			64'h000000008000808b, 64'h800000000000008b,
-			64'h8000000000008089, 64'h8000000000008003,
-			64'h8000000000008002, 64'h8000000000000080,
-			64'h000000000000800a, 64'h800000008000000a,
-			64'h8000000080008081, 64'h8000000000008080,
-			64'h0000000080000001, 64'h8000000080008008};
-
-	/* input block buffer is mapped to the lower half of the
-	   address space, sponge state is mapped to the upper one */
-	
-	/* the lowest address bit determines what part of 64-bit word to return */
-	 
-	always @(posedge clk)
-		//
-		dout <= addr[8] ?
-			(~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
-			(~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
-
-
-	always @* begin
-		
-			// theta1
-		for (i=0; i<25; i=i+1)
-			stn[i] = st[i];
-			
-		for (i=0; i<5; i=i+1)
-			bc[i] = stn[i] ^ stn[i+5] ^ stn[i+10] ^ stn[i+15] ^ stn[i+20];
-
-			// theta2
-		for (i=0; i<5; i=i+1) begin
-		
-			t = bc[(i+4)%5] ^ `rotl64(bc[(i+1)%5], 1);
-			
-			for(j=i; j<25; j=j+5)
-				stn[j] = t ^ stn[j];
-		end
-		
-			// rophi
-		t = stn[1];
-		for(i=0; i<24; i=i+1) begin
-			j = `pilni(i);
-			{ stn[j], t } = { `rotl64(t, `rotci(i)), stn[j] };
-		end
-			
-			// chi
-		for (j=0; j<25; j=j+5) begin
-		
-			for (i=0; i<5; i=i+1)
-				bc[i] = stn[j + i];
-		
-			for (i=0; i<5; i=i+1)
-				stn[j+i] = stn[j+i] ^ (~bc[(i+1)%5] & bc[(i+2)%5]);
-		end
-		
-			// iota
-		stn[0] = stn[0] ^ `rndci(round);
-	end
-
-		
-		/* ready flag logic */
-		
-	reg	ready_reg = 'b1;
-	assign ready = ready_reg;
-
-	always @(posedge clk or negedge nreset)
-		//
-		if (!nreset)	ready_reg <= 'b1;
-		else begin
-			if (ready)	ready_reg <= !(init || next);
-			else			ready_reg <= !(round < roundlimit);
-		end
-
-		/* state update logic */
-	always @(posedge clk or negedge nreset)
-		//
-		if (!nreset) begin
-
-			for (i=0; i<25; i=i+1) begin
-				st[i]	<= 64'hX;	// wipe state
-				blk[i]	<= 64'h0;	// wipe block
-			end
-
-			round		<= `SHA3_NUM_ROUNDS;
-
-		end else begin
-
-			if (!ready) begin
-
-				for (i=0; i<25; i=i+1)
-					st[i] <= stn[i];
-
-				round <= round + 'd1;
-
-			end else if (init || next) begin
-
-				for (i=0; i<25; i=i+1)
-					st[i] <= init ? blk[i] : st[i] ^ blk[i];	// init has priority over next
-
-				round <= 'd0;
-
-			end				
-
-			if (w && !addr[8])	// only the first half of memory is writeable
-				//
-				case (addr[2])
-					1: blk[addr[7:3]][63:32] <= din;
-					0: blk[addr[7:3]][31: 0] <= din;
-				endcase // case (addr[2])
-
-		end
+`define SHA3_NUM_ROUNDS         5'd24
+
+module sha3(    input wire          clk,
+                input wire          nreset,
+                input wire          w,
+                input wire [ 8:2]   addr,
+                input wire [32-1:0] din,
+                output reg [32-1:0] dout,
+                input wire          init,
+                input wire          next,
+                output wire         ready);
+
+   integer                          i, j;
+
+   reg [64-1:0]                     blk[0:24],  // input block
+                                    st [0:24],  // current state
+                                    stn[0:24],  // new state
+                                    bc [0: 4],  // intermediate values
+                                    t;          // temporary variable
+
+   reg [   4:0]                     round;      // counter value
+
+
+   localparam   [ 4: 0] roundlimit = `SHA3_NUM_ROUNDS - 'b1;
+
+
+   localparam   [24*6-1:0]      rotc =
+                                      { 6'h01, 6'h03, 6'h06, 6'h0A, 6'h0F, 6'h15,
+                                        6'h1C, 6'h24, 6'h2D, 6'h37, 6'h02, 6'h0E,
+                                        6'h1B, 6'h29, 6'h38, 6'h08, 6'h19, 6'h2B,
+                                        6'h3E, 6'h12, 6'h27, 6'h3D, 6'h14, 6'h2C};
+
+   localparam   [24*5-1:0]      piln =
+                                      { 5'h0A, 5'h07, 5'h0B, 5'h11, 5'h12, 5'h03,
+                                        5'h05, 5'h10, 5'h08, 5'h15, 5'h18, 5'h04,
+                                        5'h0F, 5'h17, 5'h13, 5'h0D, 5'h0C, 5'h02,
+                                        5'h14, 5'h0E, 5'h16, 5'h09, 5'h06, 5'h01};
+
+   localparam   [24*64-1:0]     rndc =
+                                      { 64'h0000000000000001, 64'h0000000000008082,
+                                        64'h800000000000808a, 64'h8000000080008000,
+                                        64'h000000000000808b, 64'h0000000080000001,
+                                        64'h8000000080008081, 64'h8000000000008009,
+                                        64'h000000000000008a, 64'h0000000000000088,
+                                        64'h0000000080008009, 64'h000000008000000a,
+                                        64'h000000008000808b, 64'h800000000000008b,
+                                        64'h8000000000008089, 64'h8000000000008003,
+                                        64'h8000000000008002, 64'h8000000000000080,
+                                        64'h000000000000800a, 64'h800000008000000a,
+                                        64'h8000000080008081, 64'h8000000000008080,
+                                        64'h0000000080000001, 64'h8000000080008008};
+
+   /* input block buffer is mapped to the lower half of the
+    address space, sponge state is mapped to the upper one */
+
+   /* the lowest address bit determines what part of 64-bit word to return */
+
+   always @(posedge clk)
+     //
+     dout <= addr[8] ?
+             (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
+             (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
+
+
+   always @* begin
+
+      // theta1
+      for (i=0; i<25; i=i+1)
+        stn[i] = st[i];
+
+      for (i=0; i<5; i=i+1)
+        bc[i] = stn[i] ^ stn[i+5] ^ stn[i+10] ^ stn[i+15] ^ stn[i+20];
+
+      // theta2
+      for (i=0; i<5; i=i+1) begin
+
+         t = bc[(i+4)%5] ^ `rotl64(bc[(i+1)%5], 1);
+
+         for(j=i; j<25; j=j+5)
+           stn[j] = t ^ stn[j];
+      end
+
+      // rophi
+      t = stn[1];
+      for(i=0; i<24; i=i+1) begin
+         j = `pilni(i);
+         { stn[j], t } = { `rotl64(t, `rotci(i)), stn[j] };
+      end
+
+      // chi
+      for (j=0; j<25; j=j+5) begin
+
+         for (i=0; i<5; i=i+1)
+           bc[i] = stn[j + i];
+
+         for (i=0; i<5; i=i+1)
+           stn[j+i] = stn[j+i] ^ (~bc[(i+1)%5] & bc[(i+2)%5]);
+      end
+
+      // iota
+      stn[0] = stn[0] ^ `rndci(round);
+   end
+
+
+   /* ready flag logic */
+
+   reg  ready_reg = 'b1;
+   assign ready = ready_reg;
+
+   always @(posedge clk or negedge nreset)
+     //
+     if (!nreset)       ready_reg <= 'b1;
+     else begin
+        if (ready)      ready_reg <= !(init || next);
+        else            ready_reg <= !(round < roundlimit);
+     end
+
+   /* state update logic */
+   always @(posedge clk or negedge nreset)
+     //
+     if (!nreset) begin
+
+        for (i=0; i<25; i=i+1) begin
+           st[i]        <= 64'hX;       // wipe state
+           blk[i]       <= 64'h0;       // wipe block
+        end
+
+        round           <= `SHA3_NUM_ROUNDS;
+
+     end else begin
+
+        if (!ready) begin
+
+           for (i=0; i<25; i=i+1)
+             st[i] <= stn[i];
+
+           round <= round + 'd1;
+
+        end else if (init || next) begin
+
+           for (i=0; i<25; i=i+1)
+             st[i] <= init ? blk[i] : st[i] ^ blk[i];   // init has priority over next
+
+           round <= 'd0;
+
+        end
+
+        if (w && !addr[8])      // only the first half of memory is writeable
+          //
+          case (addr[2])
+            1: blk[addr[7:3]][63:32] <= din;
+            0: blk[addr[7:3]][31: 0] <= din;
+          endcase // case (addr[2])
+
+     end
 
 
 endmodule // sha3
diff --git a/src/rtl/sha3_wrapper.v b/src/rtl/sha3_wrapper.v
index 9140b08..c19f64f 100644
--- a/src/rtl/sha3_wrapper.v
+++ b/src/rtl/sha3_wrapper.v
@@ -48,8 +48,8 @@ module sha3_wrapper
    // Address Decoder
    //
    localparam ADDR_MSB_REGS = 1'b0;
-	localparam ADDR_MSB_CORE = 1'b1;
-	
+   localparam ADDR_MSB_CORE = 1'b1;
+
    wire [0:0] addr_msb = address[7];
    wire [6:0] addr_lsb = address[6:0];
 
@@ -71,7 +71,7 @@ module sha3_wrapper
    localparam ADDR_CONTROL      = 5'h08;               // {next, init}
    localparam ADDR_STATUS       = 5'h09;               // {valid, ready}
 
-	localparam CONTROL_INIT_BIT  = 0;
+   localparam CONTROL_INIT_BIT  = 0;
    localparam CONTROL_NEXT_BIT  = 1;
 
 // localparam STATUS_READY_BIT  = 0; -- hardcoded to always read 1
@@ -86,17 +86,17 @@ module sha3_wrapper
    // Registers
    //
    reg [ 1:0] reg_control;
-	reg [ 1:0] reg_control_prev;
-	
-	
-	//
-	// Flags
-	//
-	wire reg_control_init_posedge =
-		reg_control[CONTROL_INIT_BIT] & ~reg_control_prev[CONTROL_INIT_BIT];
+   reg [ 1:0] reg_control_prev;
+
+
+   //
+   // Flags
+   //
+   wire       reg_control_init_posedge =
+              reg_control[CONTROL_INIT_BIT] & ~reg_control_prev[CONTROL_INIT_BIT];
 
-	wire reg_control_next_posedge =
-		reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT];
+   wire       reg_control_next_posedge =
+              reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT];
 
 
    //
@@ -109,11 +109,11 @@ module sha3_wrapper
    // SHA-3
    //
    sha3 sha3_inst
-	(
+     (
       .clk                      (clk),
-		.nreset                   (rst_n),
+      .nreset                   (rst_n),
 
-		.init							  (reg_control_init_posedge),
+      .init                     (reg_control_init_posedge),
       .next                     (reg_control_next_posedge),
 
       .ready                    (reg_status_valid),
@@ -122,7 +122,7 @@ module sha3_wrapper
       .addr                     (addr_lsb),
       .din                      (write_data),
       .dout                     (read_data_core)
-	);
+      );
 
 
    //
@@ -136,8 +136,8 @@ module sha3_wrapper
    //
    always @(posedge clk)
      //
-     if (!rst_n)	reg_control_prev <= 2'b00;
-	  else			reg_control_prev <= reg_control;
+     if (!rst_n)        reg_control_prev <= 2'b00;
+          else          reg_control_prev <= reg_control;
 
 
    //
@@ -188,7 +188,7 @@ module sha3_wrapper
    reg addr_msb_last;
    always @(posedge clk) addr_msb_last <= addr_msb;
 
-	assign read_data = (addr_msb_last == ADDR_MSB_REGS) ? tmp_read_data : read_data_core;
+   assign read_data = (addr_msb_last == ADDR_MSB_REGS) ? tmp_read_data : read_data_core;
 
 
 endmodule
diff --git a/stm32/sha3_driver_sample.c b/stm32/sha3_driver_sample.c
index 8dcc333..7344ce1 100644
--- a/stm32/sha3_driver_sample.c
+++ b/stm32/sha3_driver_sample.c
@@ -33,162 +33,162 @@
  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
- 
-		/*
-		 * Note, that the test program needs a custom bitstream without
-		 * the core selector, where the DUT is at offset 0.
-		 */
 
-		// stm32 headers
+/*
+ * Note, that the test program needs a custom bitstream without
+ * the core selector, where the DUT is at offset 0.
+ */
+
+// stm32 headers
 #include <string.h>
 #include "stm-init.h"
 #include "stm-led.h"
 #include "stm-fmc.h"
 
-		// locations of core registers
-#define CORE_ADDR_NAME0						(0x00 << 2)
-#define CORE_ADDR_NAME1						(0x01 << 2)
-#define CORE_ADDR_VERSION					(0x02 << 2)
-#define CORE_ADDR_CONTROL					(0x08 << 2)
-#define CORE_ADDR_STATUS					(0x09 << 2)
-
-		// control and status register bit maps
-#define CORE_CONTROL_BIT_INIT		0x00000001
-#define CORE_CONTROL_BIT_NEXT		0x00000002
-
-#define CORE_STATUS_BIT_READY		0x00000001
-#define CORE_STATUS_BIT_VALID		0x00000002
-
-		// locations of banks (operand buffers)
-#define CORE_ADDR_BANK_BLOCK		0x200
-#define CORE_ADDR_BANK_STATE		0x300
-
-		// sha-3 parameters
-#define SHA3_STATE_BITS				1600
-#define SHA3_STATE_BYTES			(SHA3_STATE_BITS / 8)
-		
-#define SHA3_PADDING_SUFFIX		0x06
-#define SHA3_PADDING_FINAL		0x80
-		
-#define SHA3_224_BLOCK_BITS		1152
-#define SHA3_256_BLOCK_BITS		1088
-#define SHA3_384_BLOCK_BITS		 832
-#define SHA3_512_BLOCK_BITS		 576
-
-#define SHA3_224_OUTPUT_BITS	 224
-#define SHA3_256_OUTPUT_BITS	 256
-#define SHA3_384_OUTPUT_BITS	 384
-#define SHA3_512_OUTPUT_BITS	 512
-
-		/*
-		 * test vectors - hashes of empty message
-		 *
-		 * https://en.wikipedia.org/wiki/SHA-3#Examples_of_SHA-3_variants
-		 *
-		 */
-#define SHA3_224_HASH_EMPTY_MSG											\
-	{0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,	\
-	 0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,	\
-	 0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,	\
-	 0x5b, 0x5a, 0x6b, 0xc7}
-
-#define SHA3_256_HASH_EMPTY_MSG											\
-	{0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,	\
-	 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,	\
-	 0xf5, 0x80,	0xff,0x4d, 0xe4, 0x3b, 0x49, 0xfa,	\
-	 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a}
-
-#define SHA3_384_HASH_EMPTY_MSG											\
-	{0x0c, 0x63, 0xa7, 0x5b, 0x84, 0x5e, 0x4f, 0x7d,	\
-	 0x01, 0x10, 0x7d, 0x85, 0x2e, 0x4c, 0x24, 0x85,	\
-	 0xc5, 0x1a, 0x50, 0xaa, 0xaa, 0x94, 0xfc, 0x61,	\
-	 0x99, 0x5e, 0x71, 0xbb, 0xee, 0x98, 0x3a, 0x2a,	\
-	 0xc3, 0x71, 0x38, 0x31, 0x26, 0x4a, 0xdb, 0x47,	\
-	 0xfb, 0x6b, 0xd1, 0xe0, 0x58, 0xd5, 0xf0, 0x04}
-	 
-#define SHA3_512_HASH_EMPTY_MSG											\
-	{0xa6, 0x9f, 0x73, 0xcc, 0xa2, 0x3a, 0x9a, 0xc5,	\
-	 0xc8, 0xb5, 0x67, 0xdc, 0x18, 0x5a, 0x75, 0x6e,	\
-	 0x97, 0xc9, 0x82, 0x16, 0x4f, 0xe2, 0x58, 0x59,	\
-	 0xe0, 0xd1, 0xdc, 0xc1, 0x47, 0x5c, 0x80, 0xa6,	\
-	 0x15, 0xb2, 0x12, 0x3a, 0xf1, 0xf5, 0xf9, 0x4c,	\
-	 0x11, 0xe3, 0xe9, 0x40, 0x2c, 0x3a, 0xc5, 0x58,	\
-	 0xf5, 0x00, 0x19, 0x9d, 0x95, 0xb6, 0xd3, 0xe3,	\
-	 0x01, 0x75, 0x85, 0x86, 0x28, 0x1d, 0xcd, 0x26}
-	 
-	 /*
-	  * test vectors - hashes of short message "abc"
-	  *
-	  * https://www.di-mgt.com.au/sha_testvectors.html
-	  *
-	  */
-#define SHA3_224_HASH_SHORT_MSG											\
-	{0xe6, 0x42, 0x82, 0x4c, 0x3f, 0x8c, 0xf2, 0x4a,	\
-	 0xd0, 0x92, 0x34, 0xee, 0x7d, 0x3c, 0x76, 0x6f,	\
-	 0xc9, 0xa3, 0xa5, 0x16, 0x8d, 0x0c, 0x94, 0xad,	\
-	 0x73, 0xb4, 0x6f, 0xdf}
-	
-#define SHA3_256_HASH_SHORT_MSG											\
-	{0x3a, 0x98, 0x5d, 0xa7, 0x4f, 0xe2, 0x25, 0xb2,	\
-	 0x04, 0x5c, 0x17, 0x2d, 0x6b, 0xd3, 0x90, 0xbd,	\
-	 0x85, 0x5f, 0x08, 0x6e, 0x3e, 0x9d, 0x52, 0x5b,	\
-	 0x46, 0xbf, 0xe2, 0x45, 0x11, 0x43, 0x15, 0x32}
-	 
-#define SHA3_384_HASH_SHORT_MSG											\
-	{0xec, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6f, 0xc9,	\
-	 0x26, 0x45, 0x9f, 0x58, 0xe2, 0xc6, 0xad, 0x8d,	\
-	 0xf9, 0xb4, 0x73, 0xcb, 0x0f, 0xc0, 0x8c, 0x25,	\
-	 0x96, 0xda, 0x7c, 0xf0, 0xe4, 0x9b, 0xe4, 0xb2,	\
-	 0x98, 0xd8, 0x8c, 0xea, 0x92, 0x7a, 0xc7, 0xf5,	\
-	 0x39, 0xf1, 0xed, 0xf2, 0x28, 0x37, 0x6d, 0x25}
-	 
-#define SHA3_512_HASH_SHORT_MSG											\
-	{0xb7, 0x51, 0x85, 0x0b, 0x1a, 0x57, 0x16, 0x8a,	\
-	 0x56, 0x93, 0xcd, 0x92, 0x4b, 0x6b, 0x09, 0x6e,	\
-	 0x08, 0xf6, 0x21, 0x82, 0x74, 0x44, 0xf7, 0x0d,	\
-	 0x88, 0x4f, 0x5d, 0x02, 0x40, 0xd2, 0x71, 0x2e,	\
-	 0x10, 0xe1, 0x16, 0xe9, 0x19, 0x2a, 0xf3, 0xc9,	\
-	 0x1a, 0x7e, 0xc5, 0x76, 0x47, 0xe3, 0x93, 0x40,	\
-	 0x57, 0x34, 0x0b, 0x4c, 0xf4, 0x08, 0xd5, 0xa5,	\
-	 0x65, 0x92, 0xf8, 0x27, 0x4e, 0xec, 0x53, 0xf0}
-
-	 /*
-	  * test vectors - hashes of long message (see below)
-	  *
-	  * https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines/example-values
-	  *
-	  */
-	 
-#define SHA3_224_HASH_LONG_MSG											\
-	{0x93, 0x76, 0x81, 0x6A, 0xBA, 0x50, 0x3F, 0x72,	\
-	 0xF9, 0x6C, 0xE7, 0xEB, 0x65, 0xAC, 0x09, 0x5D,	\
-	 0xEE, 0xE3, 0xBE, 0x4B, 0xF9, 0xBB, 0xC2, 0xA1,	\
-	 0xCB, 0x7E, 0x11, 0xE0}
-	 
-#define SHA3_256_HASH_LONG_MSG											\
-	{0x79, 0xF3, 0x8A, 0xDE, 0xC5, 0xC2, 0x03, 0x07,	\
-	 0xA9, 0x8E, 0xF7, 0x6E, 0x83, 0x24, 0xAF, 0xBF,	\
-	 0xD4, 0x6C, 0xFD, 0x81, 0xB2, 0x2E, 0x39, 0x73,	\
-	 0xC6, 0x5F, 0xA1, 0xBD, 0x9D, 0xE3, 0x17, 0x87}
-	 
-#define SHA3_384_HASH_LONG_MSG											\
-	{0x18, 0x81, 0xDE, 0x2C, 0xA7, 0xE4, 0x1E, 0xF9,	\
-	 0x5D, 0xC4, 0x73, 0x2B, 0x8F, 0x5F, 0x00, 0x2B,	\
-	 0x18, 0x9C, 0xC1, 0xE4, 0x2B, 0x74, 0x16, 0x8E,	\
-	 0xD1, 0x73, 0x26, 0x49, 0xCE, 0x1D, 0xBC, 0xDD,	\
-	 0x76, 0x19, 0x7A, 0x31, 0xFD, 0x55, 0xEE, 0x98,	\
-	 0x9F, 0x2D, 0x70, 0x50, 0xDD, 0x47, 0x3E, 0x8F}
-		
-#define SHA3_512_HASH_LONG_MSG											\
-	{0xE7, 0x6D, 0xFA, 0xD2, 0x20, 0x84, 0xA8, 0xB1,	\
-	 0x46, 0x7F, 0xCF, 0x2F, 0xFA, 0x58, 0x36, 0x1B,	\
-	 0xEC, 0x76, 0x28, 0xED, 0xF5, 0xF3, 0xFD, 0xC0,	\
-	 0xE4, 0x80, 0x5D, 0xC4, 0x8C, 0xAE, 0xEC, 0xA8,	\
-	 0x1B, 0x7C, 0x13, 0xC3, 0x0A, 0xDF, 0x52, 0xA3,	\
-	 0x65, 0x95, 0x84, 0x73, 0x9A, 0x2D, 0xF4, 0x6B,	\
-	 0xE5, 0x89, 0xC5, 0x1C, 0xA1, 0xA4, 0xA8, 0x41,	\
-	 0x6D, 0xF6, 0x54, 0x5A, 0x1C, 0xE8, 0xBA, 0x00}
-	 
+// locations of core registers
+#define CORE_ADDR_NAME0                 (0x00 << 2)
+#define CORE_ADDR_NAME1                 (0x01 << 2)
+#define CORE_ADDR_VERSION               (0x02 << 2)
+#define CORE_ADDR_CONTROL               (0x08 << 2)
+#define CORE_ADDR_STATUS                (0x09 << 2)
+
+// control and status register bit maps
+#define CORE_CONTROL_BIT_INIT           0x00000001
+#define CORE_CONTROL_BIT_NEXT           0x00000002
+
+#define CORE_STATUS_BIT_READY           0x00000001
+#define CORE_STATUS_BIT_VALID           0x00000002
+
+// locations of banks (operand buffers)
+#define CORE_ADDR_BANK_BLOCK            0x200
+#define CORE_ADDR_BANK_STATE            0x300
+
+// sha-3 parameters
+#define SHA3_STATE_BITS                 1600
+#define SHA3_STATE_BYTES                (SHA3_STATE_BITS / 8)
+
+#define SHA3_PADDING_SUFFIX             0x06
+#define SHA3_PADDING_FINAL              0x80
+
+#define SHA3_224_BLOCK_BITS             1152
+#define SHA3_256_BLOCK_BITS             1088
+#define SHA3_384_BLOCK_BITS              832
+#define SHA3_512_BLOCK_BITS              576
+
+#define SHA3_224_OUTPUT_BITS             224
+#define SHA3_256_OUTPUT_BITS             256
+#define SHA3_384_OUTPUT_BITS             384
+#define SHA3_512_OUTPUT_BITS             512
+
+/*
+ * test vectors - hashes of empty message
+ *
+ * https://en.wikipedia.org/wiki/SHA-3#Examples_of_SHA-3_variants
+ *
+ */
+#define SHA3_224_HASH_EMPTY_MSG                         \
+    {0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,    \
+     0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,    \
+     0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,    \
+     0x5b, 0x5a, 0x6b, 0xc7}
+
+#define SHA3_256_HASH_EMPTY_MSG                         \
+    {0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,    \
+     0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,    \
+     0xf5, 0x80,0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,     \
+     0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a}
+
+#define SHA3_384_HASH_EMPTY_MSG                         \
+    {0x0c, 0x63, 0xa7, 0x5b, 0x84, 0x5e, 0x4f, 0x7d,    \
+     0x01, 0x10, 0x7d, 0x85, 0x2e, 0x4c, 0x24, 0x85,    \
+     0xc5, 0x1a, 0x50, 0xaa, 0xaa, 0x94, 0xfc, 0x61,    \
+     0x99, 0x5e, 0x71, 0xbb, 0xee, 0x98, 0x3a, 0x2a,    \
+     0xc3, 0x71, 0x38, 0x31, 0x26, 0x4a, 0xdb, 0x47,    \
+     0xfb, 0x6b, 0xd1, 0xe0, 0x58, 0xd5, 0xf0, 0x04}
+
+#define SHA3_512_HASH_EMPTY_MSG                         \
+    {0xa6, 0x9f, 0x73, 0xcc, 0xa2, 0x3a, 0x9a, 0xc5,    \
+     0xc8, 0xb5, 0x67, 0xdc, 0x18, 0x5a, 0x75, 0x6e,    \
+     0x97, 0xc9, 0x82, 0x16, 0x4f, 0xe2, 0x58, 0x59,    \
+     0xe0, 0xd1, 0xdc, 0xc1, 0x47, 0x5c, 0x80, 0xa6,    \
+     0x15, 0xb2, 0x12, 0x3a, 0xf1, 0xf5, 0xf9, 0x4c,    \
+     0x11, 0xe3, 0xe9, 0x40, 0x2c, 0x3a, 0xc5, 0x58,    \
+     0xf5, 0x00, 0x19, 0x9d, 0x95, 0xb6, 0xd3, 0xe3,    \
+     0x01, 0x75, 0x85, 0x86, 0x28, 0x1d, 0xcd, 0x26}
+
+/*
+ * test vectors - hashes of short message "abc"
+ *
+ * https://www.di-mgt.com.au/sha_testvectors.html
+ *
+ */
+#define SHA3_224_HASH_SHORT_MSG                         \
+    {0xe6, 0x42, 0x82, 0x4c, 0x3f, 0x8c, 0xf2, 0x4a,    \
+     0xd0, 0x92, 0x34, 0xee, 0x7d, 0x3c, 0x76, 0x6f,    \
+     0xc9, 0xa3, 0xa5, 0x16, 0x8d, 0x0c, 0x94, 0xad,    \
+     0x73, 0xb4, 0x6f, 0xdf}
+
+#define SHA3_256_HASH_SHORT_MSG                         \
+    {0x3a, 0x98, 0x5d, 0xa7, 0x4f, 0xe2, 0x25, 0xb2,    \
+     0x04, 0x5c, 0x17, 0x2d, 0x6b, 0xd3, 0x90, 0xbd,    \
+     0x85, 0x5f, 0x08, 0x6e, 0x3e, 0x9d, 0x52, 0x5b,    \
+     0x46, 0xbf, 0xe2, 0x45, 0x11, 0x43, 0x15, 0x32}
+
+#define SHA3_384_HASH_SHORT_MSG                         \
+    {0xec, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6f, 0xc9,    \
+     0x26, 0x45, 0x9f, 0x58, 0xe2, 0xc6, 0xad, 0x8d,    \
+     0xf9, 0xb4, 0x73, 0xcb, 0x0f, 0xc0, 0x8c, 0x25,    \
+     0x96, 0xda, 0x7c, 0xf0, 0xe4, 0x9b, 0xe4, 0xb2,    \
+     0x98, 0xd8, 0x8c, 0xea, 0x92, 0x7a, 0xc7, 0xf5,    \
+     0x39, 0xf1, 0xed, 0xf2, 0x28, 0x37, 0x6d, 0x25}
+
+#define SHA3_512_HASH_SHORT_MSG                         \
+    {0xb7, 0x51, 0x85, 0x0b, 0x1a, 0x57, 0x16, 0x8a,    \
+     0x56, 0x93, 0xcd, 0x92, 0x4b, 0x6b, 0x09, 0x6e,    \
+     0x08, 0xf6, 0x21, 0x82, 0x74, 0x44, 0xf7, 0x0d,    \
+     0x88, 0x4f, 0x5d, 0x02, 0x40, 0xd2, 0x71, 0x2e,    \
+     0x10, 0xe1, 0x16, 0xe9, 0x19, 0x2a, 0xf3, 0xc9,    \
+     0x1a, 0x7e, 0xc5, 0x76, 0x47, 0xe3, 0x93, 0x40,    \
+     0x57, 0x34, 0x0b, 0x4c, 0xf4, 0x08, 0xd5, 0xa5,    \
+     0x65, 0x92, 0xf8, 0x27, 0x4e, 0xec, 0x53, 0xf0}
+
+/*
+ * test vectors - hashes of long message (see below)
+ *
+ * https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines/example-values
+ *
+ */
+
+#define SHA3_224_HASH_LONG_MSG                          \
+    {0x93, 0x76, 0x81, 0x6A, 0xBA, 0x50, 0x3F, 0x72,    \
+     0xF9, 0x6C, 0xE7, 0xEB, 0x65, 0xAC, 0x09, 0x5D,    \
+     0xEE, 0xE3, 0xBE, 0x4B, 0xF9, 0xBB, 0xC2, 0xA1,    \
+     0xCB, 0x7E, 0x11, 0xE0}
+
+#define SHA3_256_HASH_LONG_MSG                          \
+    {0x79, 0xF3, 0x8A, 0xDE, 0xC5, 0xC2, 0x03, 0x07,    \
+     0xA9, 0x8E, 0xF7, 0x6E, 0x83, 0x24, 0xAF, 0xBF,    \
+     0xD4, 0x6C, 0xFD, 0x81, 0xB2, 0x2E, 0x39, 0x73,    \
+     0xC6, 0x5F, 0xA1, 0xBD, 0x9D, 0xE3, 0x17, 0x87}
+
+#define SHA3_384_HASH_LONG_MSG                          \
+    {0x18, 0x81, 0xDE, 0x2C, 0xA7, 0xE4, 0x1E, 0xF9,    \
+     0x5D, 0xC4, 0x73, 0x2B, 0x8F, 0x5F, 0x00, 0x2B,    \
+     0x18, 0x9C, 0xC1, 0xE4, 0x2B, 0x74, 0x16, 0x8E,    \
+     0xD1, 0x73, 0x26, 0x49, 0xCE, 0x1D, 0xBC, 0xDD,    \
+     0x76, 0x19, 0x7A, 0x31, 0xFD, 0x55, 0xEE, 0x98,    \
+     0x9F, 0x2D, 0x70, 0x50, 0xDD, 0x47, 0x3E, 0x8F}
+
+#define SHA3_512_HASH_LONG_MSG                          \
+    {0xE7, 0x6D, 0xFA, 0xD2, 0x20, 0x84, 0xA8, 0xB1,    \
+     0x46, 0x7F, 0xCF, 0x2F, 0xFA, 0x58, 0x36, 0x1B,    \
+     0xEC, 0x76, 0x28, 0xED, 0xF5, 0xF3, 0xFD, 0xC0,    \
+     0xE4, 0x80, 0x5D, 0xC4, 0x8C, 0xAE, 0xEC, 0xA8,    \
+     0x1B, 0x7C, 0x13, 0xC3, 0x0A, 0xDF, 0x52, 0xA3,    \
+     0x65, 0x95, 0x84, 0x73, 0x9A, 0x2D, 0xF4, 0x6B,    \
+     0xE5, 0x89, 0xC5, 0x1C, 0xA1, 0xA4, 0xA8, 0x41,    \
+     0x6D, 0xF6, 0x54, 0x5A, 0x1C, 0xE8, 0xBA, 0x00}
+
 static const uint8_t hash_224_empty_msg[SHA3_224_OUTPUT_BITS / 8] = SHA3_224_HASH_EMPTY_MSG;
 static const uint8_t hash_256_empty_msg[SHA3_256_OUTPUT_BITS / 8] = SHA3_256_HASH_EMPTY_MSG;
 static const uint8_t hash_384_empty_msg[SHA3_384_OUTPUT_BITS / 8] = SHA3_384_HASH_EMPTY_MSG;
@@ -203,271 +203,272 @@ static const uint8_t hash_224_long_msg[SHA3_224_OUTPUT_BITS / 8] = SHA3_224_HASH
 static const uint8_t hash_256_long_msg[SHA3_256_OUTPUT_BITS / 8] = SHA3_256_HASH_LONG_MSG;
 static const uint8_t hash_384_long_msg[SHA3_384_OUTPUT_BITS / 8] = SHA3_384_HASH_LONG_MSG;
 static const uint8_t hash_512_long_msg[SHA3_512_OUTPUT_BITS / 8] = SHA3_512_HASH_LONG_MSG;
-	 
-	 /* short message, will always fit in single block */
+
+/* short message, will always fit in single block */
 static const char msg_short[] = "abc";
-	 
-	 /* long message, guaranteed to _not_ fit in one block */
+
+/* long message, guaranteed to _not_ fit in one block */
 static const char msg_long[] =
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
-	"\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3";
-
-
-		/*
-		 * prototypes
-		 */
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3"
+    "\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3\xA3";
+
+
+/*
+ * prototypes
+ */
 void toggle_yellow_led(void);
 
-int test_sha3(	const uint8_t		*msg,
-								uint32_t 				 num_msg_bytes,
-								uint32_t				 num_block_bits,
-								const uint8_t		*hash,
-								uint32_t				 num_hash_bits);
+int test_sha3(const uint8_t *msg,
+              uint32_t num_msg_bytes,
+              uint32_t num_block_bits,
+              const uint8_t *hash,
+              uint32_t num_hash_bits);
 
-void sha3_absorb(	uint32_t	*state,
-									uint32_t	 num_block_bytes,
-									uint32_t	 block_number);
+void sha3_absorb(uint32_t *state,
+                 uint32_t num_block_bytes,
+                 uint32_t block_number);
 
-								
-		/*
-		 * test routine
-		 */
+
+/*
+ * test routine
+ */
 int main()
 {
-		int ok;
-	
+    int ok;
+
     stm_init();
     fmc_init();
-	
-				// turn on the green led
+
+    // turn on the green led
     led_on(LED_GREEN);
     led_off(LED_RED);
     led_off(LED_YELLOW);
     led_off(LED_BLUE);
 
-				// check, that core is present
-		uint32_t core_name0;
-		uint32_t core_name1;
-		uint32_t core_version;
-	
-		fmc_read_32(CORE_ADDR_NAME0,   &core_name0);
-		fmc_read_32(CORE_ADDR_NAME1,   &core_name1);
-		fmc_read_32(CORE_ADDR_VERSION, &core_version);
-			
-				// must be "sha3", "    " [four spaces], "0.10"
-		if (	(core_name0   != 0x73686133) ||
-					(core_name1   != 0x20202020) ||
-					(core_version != 0x302E3130))
-		{
-				led_off(LED_GREEN);
-				led_on(LED_RED);
-				while (1);
-		}
-				
-			// repeat forever
-		while (1)
-		{			
-						// fresh start
-				ok = 1;
-
-						// test with empty message
-				ok = ok && test_sha3(NULL, 0, SHA3_224_BLOCK_BITS, hash_224_empty_msg, SHA3_224_OUTPUT_BITS);
-				ok = ok && test_sha3(NULL, 0, SHA3_256_BLOCK_BITS, hash_256_empty_msg, SHA3_256_OUTPUT_BITS);
-				ok = ok && test_sha3(NULL, 0, SHA3_384_BLOCK_BITS, hash_384_empty_msg, SHA3_384_OUTPUT_BITS);
-				ok = ok && test_sha3(NULL, 0, SHA3_512_BLOCK_BITS, hash_512_empty_msg, SHA3_512_OUTPUT_BITS);
-			
-						// test with the short message ("abc")
-				ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_224_BLOCK_BITS, hash_224_short_msg, SHA3_224_OUTPUT_BITS);
-				ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_256_BLOCK_BITS, hash_256_short_msg, SHA3_256_OUTPUT_BITS);
-				ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_384_BLOCK_BITS, hash_384_short_msg, SHA3_384_OUTPUT_BITS);
-				ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_512_BLOCK_BITS, hash_512_short_msg, SHA3_512_OUTPUT_BITS);
-			
-						// test with the long message
-				ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_224_BLOCK_BITS, hash_224_long_msg, SHA3_224_OUTPUT_BITS);
-				ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_256_BLOCK_BITS, hash_256_long_msg, SHA3_256_OUTPUT_BITS);
-				ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_384_BLOCK_BITS, hash_384_long_msg, SHA3_384_OUTPUT_BITS);
-				ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_512_BLOCK_BITS, hash_512_long_msg, SHA3_512_OUTPUT_BITS);
-			
-						// turn on the red led to indicate something went wrong
-				if (!ok)
-				{		led_off(LED_GREEN);
-						led_on(LED_RED);
-				}
-				
-						// indicate, that we're alive doing something...
-				toggle_yellow_led();
-		}
+    // check, that core is present
+    uint32_t core_name0;
+    uint32_t core_name1;
+    uint32_t core_version;
+
+    fmc_read_32(CORE_ADDR_NAME0,   &core_name0);
+    fmc_read_32(CORE_ADDR_NAME1,   &core_name1);
+    fmc_read_32(CORE_ADDR_VERSION, &core_version);
+
+    // must be "sha3", "    " [four spaces], "0.10"
+    if ((core_name0   != 0x73686133) ||
+        (core_name1   != 0x20202020) ||
+        (core_version != 0x302E3130))
+    {
+        led_off(LED_GREEN);
+        led_on(LED_RED);
+        while (1);
+    }
+
+    // repeat forever
+    while (1)
+    {
+        // fresh start
+        ok = 1;
+
+        // test with empty message
+        ok = ok && test_sha3(NULL, 0, SHA3_224_BLOCK_BITS, hash_224_empty_msg, SHA3_224_OUTPUT_BITS);
+        ok = ok && test_sha3(NULL, 0, SHA3_256_BLOCK_BITS, hash_256_empty_msg, SHA3_256_OUTPUT_BITS);
+        ok = ok && test_sha3(NULL, 0, SHA3_384_BLOCK_BITS, hash_384_empty_msg, SHA3_384_OUTPUT_BITS);
+        ok = ok && test_sha3(NULL, 0, SHA3_512_BLOCK_BITS, hash_512_empty_msg, SHA3_512_OUTPUT_BITS);
+
+        // test with the short message ("abc")
+        ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_224_BLOCK_BITS, hash_224_short_msg, SHA3_224_OUTPUT_BITS);
+        ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_256_BLOCK_BITS, hash_256_short_msg, SHA3_256_OUTPUT_BITS);
+        ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_384_BLOCK_BITS, hash_384_short_msg, SHA3_384_OUTPUT_BITS);
+        ok = ok && test_sha3((uint8_t *)msg_short, strlen(msg_short), SHA3_512_BLOCK_BITS, hash_512_short_msg, SHA3_512_OUTPUT_BITS);
+
+        // test with the long message
+        ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_224_BLOCK_BITS, hash_224_long_msg, SHA3_224_OUTPUT_BITS);
+        ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_256_BLOCK_BITS, hash_256_long_msg, SHA3_256_OUTPUT_BITS);
+        ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_384_BLOCK_BITS, hash_384_long_msg, SHA3_384_OUTPUT_BITS);
+        ok = ok && test_sha3((uint8_t *)msg_long, strlen(msg_long), SHA3_512_BLOCK_BITS, hash_512_long_msg, SHA3_512_OUTPUT_BITS);
+
+        // turn on the red led to indicate something went wrong
+        if (!ok)
+        {
+            led_off(LED_GREEN);
+            led_on(LED_RED);
+        }
+
+        // indicate, that we're alive doing something...
+        toggle_yellow_led();
+    }
 }
 
 
-int test_sha3(	const uint8_t		*msg,
-								uint32_t 				 num_msg_bytes,
-								uint32_t				 num_block_bits,
-								const uint8_t		*hash,
-								uint32_t				 num_hash_bits)
+int test_sha3(const uint8_t *msg,
+              uint32_t num_msg_bytes,
+              uint32_t num_block_bits,
+              const uint8_t *hash,
+              uint32_t num_hash_bits)
 {
-		/* calculate digest of 'msg' and compare it against known reference 'hash' */
-	
-			// counter
-		uint32_t i;
-	
-			// buffer for input block, consists of 32-bit words to ease copying over FMC
-		uint32_t block32[SHA3_STATE_BYTES / 4];
-		
-			// byte pointer, handy for storing one byte at a time
-		uint8_t *block = (uint8_t *)&block32;
-	
-			// handy values
-		uint32_t num_block_bytes = num_block_bits >> 3;	// /8
-		uint32_t num_hash_bytes = num_hash_bits >> 3;		// /8
-
-			// counters
-		uint32_t block_number	= 0;	// number of blocks absorbed (we need this, because for the
-																// very first block we toggle the 'init' control bit, for all the
-																// subsequent blocks we toggle the 'next' bit)
-	
-		uint32_t block_offset = 0;	// current byte position in the input block (we need this to
-																// apply padding properly)
-		
-			// first wipe entire input block...
-		for (i=0; i<(SHA3_STATE_BYTES / sizeof(uint32_t)); i++)
-			block32[i] = 0;
-		
-			// ...then absorb all the bytes...
-		while (num_msg_bytes)
-		{
-					// store the next byte
-				block[block_offset] = msg[0];
-			
-				msg++;						// advance pointer
-				block_offset++;		// increment block offset
-				num_msg_bytes--;	// reduce remaining byte count
-			
-					// check, whether we've already filled entire block
-				if (block_offset == num_block_bytes)
-				{
-							// absorb part of message accumulated in block
-						sha3_absorb(block32, num_block_bytes, block_number);
-					
-						block_number++;		// increment processed block count
-						block_offset = 0;	// start filling a new block
-				}
-			
-		}
-		
-			// ...and finally apply padding
-		
-			// Now do the required padding, block_offset points to the very first empty byte in block
-			// (there should be at least 1 empty byte now, because we would have processed completely
-			// filled block earlier while absorbing bytes).
-		
-			/* Padding involves three steps:
-		   *
-		   * 1. Add "011" bit string (0x06) to the message ("01" is SHA-3 domain suffix, "1" is actual padding)
-		   * 2. Add zero or more "0" bits until the message is exactly 1 bit short of full block
-		   * 3. Add final "1" bit (0x80) to make the message length a multiple of block size
-		   *
-		   */
-		
-			// add "011" part
-		block[block_offset] = SHA3_PADDING_SUFFIX;
-		
-			// wipe all the remaining bytes in block (if there are any)
-		while (block_offset < (num_block_bytes - 1))
-		{
-				block_offset++;
-				block[block_offset] = 0x00;
-		}
-		
-		
-			// add the final "1" part. note, that we must use |=, not just =,
-			// because we could have added no extra null bytes and state[block_offset]
-			// might already contain the suffix, we should not overwrite it.
-		block[block_offset] |= SHA3_PADDING_FINAL;
-		
-			// absorb the last block with padding
-		sha3_absorb(block32, num_block_bytes, block_number);
-		
-			// read state from core...
-		for (i=0; i<(num_hash_bytes / sizeof(uint32_t)); i++)
-			fmc_read_32(CORE_ADDR_BANK_STATE + i * sizeof(uint32_t), block32 + i);
-	
-			// ...and now compare state to known good hash
-		for (i=0; i<num_hash_bytes; i++)	
-			if (block[i] != hash[i]) return 0;
-		
-			// everything went just fine
-		return 1;
+    /* calculate digest of 'msg' and compare it against known reference 'hash' */
+
+    // counter
+    uint32_t i;
+
+    // buffer for input block, consists of 32-bit words to ease copying over FMC
+    uint32_t block32[SHA3_STATE_BYTES / 4];
+
+    // byte pointer, handy for storing one byte at a time
+    uint8_t *block = (uint8_t *)&block32;
+
+    // handy values
+    uint32_t num_block_bytes = num_block_bits >> 3;     // /8
+    uint32_t num_hash_bytes = num_hash_bits >> 3;       // /8
+
+    // counters
+    uint32_t block_number       = 0;    // number of blocks absorbed (we need this, because for the
+    // very first block we toggle the 'init' control bit, for all the
+    // subsequent blocks we toggle the 'next' bit)
+
+    uint32_t block_offset = 0;  // current byte position in the input block (we need this to
+    // apply padding properly)
+
+    // first wipe entire input block...
+    for (i=0; i<(SHA3_STATE_BYTES / sizeof(uint32_t)); i++)
+        block32[i] = 0;
+
+    // ...then absorb all the bytes...
+    while (num_msg_bytes)
+    {
+        // store the next byte
+        block[block_offset] = msg[0];
+
+        msg++;                                          // advance pointer
+        block_offset++;         // increment block offset
+        num_msg_bytes--;        // reduce remaining byte count
+
+        // check, whether we've already filled entire block
+        if (block_offset == num_block_bytes)
+        {
+            // absorb part of message accumulated in block
+            sha3_absorb(block32, num_block_bytes, block_number);
+
+            block_number++;             // increment processed block count
+            block_offset = 0;   // start filling a new block
+        }
+
+    }
+
+    // ...and finally apply padding
+
+    // Now do the required padding, block_offset points to the very first empty byte in block
+    // (there should be at least 1 empty byte now, because we would have processed completely
+    // filled block earlier while absorbing bytes).
+
+    /* Padding involves three steps:
+     *
+     * 1. Add "011" bit string (0x06) to the message ("01" is SHA-3 domain suffix, "1" is actual padding)
+     * 2. Add zero or more "0" bits until the message is exactly 1 bit short of full block
+     * 3. Add final "1" bit (0x80) to make the message length a multiple of block size
+     *
+     */
+
+    // add "011" part
+    block[block_offset] = SHA3_PADDING_SUFFIX;
+
+    // wipe all the remaining bytes in block (if there are any)
+    while (block_offset < (num_block_bytes - 1))
+    {
+        block_offset++;
+        block[block_offset] = 0x00;
+    }
+
+
+    // add the final "1" part. note, that we must use |=, not just =,
+    // because we could have added no extra null bytes and state[block_offset]
+    // might already contain the suffix, we should not overwrite it.
+    block[block_offset] |= SHA3_PADDING_FINAL;
+
+    // absorb the last block with padding
+    sha3_absorb(block32, num_block_bytes, block_number);
+
+    // read state from core...
+    for (i=0; i<(num_hash_bytes / sizeof(uint32_t)); i++)
+        fmc_read_32(CORE_ADDR_BANK_STATE + i * sizeof(uint32_t), block32 + i);
+
+    // ...and now compare state to known good hash
+    for (i=0; i<num_hash_bytes; i++)
+        if (block[i] != hash[i]) return 0;
+
+    // everything went just fine
+    return 1;
 }
 
 
-		//
-		// absorb one block of data into the sponge
-		//
+//
+// absorb one block of data into the sponge
+//
 void sha3_absorb(uint32_t *block, uint32_t num_block_bytes, uint32_t block_number)
 {
-		uint32_t i;						// word counter
-		uint32_t ctrl, sts;		// control register, status register
-	
-			// copy 32-bit words from state into core's input block buffer
-		for (i=0; i<(num_block_bytes / sizeof(uint32_t)); i++)
-				fmc_write_32(CORE_ADDR_BANK_BLOCK + i * sizeof(uint32_t), block + i);
-	
-			// note, that the very first block needs special handling: 'init' bit copies
-			// input block into core's state, 'next' bit xor's current core's state with input block
-	
-			// block has enough space for entire core state, lower words are filled with
-			// message and upper words remain zeroes. When the very first block is absorbed
-			// into the sponge, we need to initialize *all* the core's state bits, because the
-			// upper part of core's state may contain leftovers from previously absorbed data.
-	
-			// for subsequent blocks we don't need to copy the upper null part of block into the input
-			// bank, because we've already filled it with zeroes for the very first block
-	
-		if (block_number == 0)
-		{
-				for (; i<(SHA3_STATE_BYTES / sizeof(uint32_t)); i++)
-					fmc_write_32(CORE_ADDR_BANK_BLOCK + i * sizeof(uint32_t), block + i);
-		}
-	
-			// CONTROL = 0
-		ctrl = 0;
-		fmc_write_32(CORE_ADDR_CONTROL, &ctrl);
-					
-			// determine what control bit to set ('init' for the very first block,
-			// 'next' for all the subsequent blocks)
-		ctrl = (block_number > 0) ? CORE_CONTROL_BIT_NEXT : CORE_CONTROL_BIT_INIT;
-		fmc_write_32(CORE_ADDR_CONTROL, &ctrl);
-	
-			// wait for 'valid' bit to be set
-		sts = 0;
-		while (!(sts & CORE_STATUS_BIT_VALID))
-				fmc_read_32(CORE_ADDR_STATUS, &sts);
+    uint32_t i;                 // word counter
+    uint32_t ctrl, sts;         // control register, status register
+
+    // copy 32-bit words from state into core's input block buffer
+    for (i=0; i<(num_block_bytes / sizeof(uint32_t)); i++)
+        fmc_write_32(CORE_ADDR_BANK_BLOCK + i * sizeof(uint32_t), block + i);
+
+    // note, that the very first block needs special handling: 'init' bit copies
+    // input block into core's state, 'next' bit xor's current core's state with input block
+
+    // block has enough space for entire core state, lower words are filled with
+    // message and upper words remain zeroes. When the very first block is absorbed
+    // into the sponge, we need to initialize *all* the core's state bits, because the
+    // upper part of core's state may contain leftovers from previously absorbed data.
+
+    // for subsequent blocks we don't need to copy the upper null part of block into the input
+    // bank, because we've already filled it with zeroes for the very first block
+
+    if (block_number == 0)
+    {
+        for (; i<(SHA3_STATE_BYTES / sizeof(uint32_t)); i++)
+            fmc_write_32(CORE_ADDR_BANK_BLOCK + i * sizeof(uint32_t), block + i);
+    }
+
+    // CONTROL = 0
+    ctrl = 0;
+    fmc_write_32(CORE_ADDR_CONTROL, &ctrl);
+
+    // determine what control bit to set ('init' for the very first block,
+    // 'next' for all the subsequent blocks)
+    ctrl = (block_number > 0) ? CORE_CONTROL_BIT_NEXT : CORE_CONTROL_BIT_INIT;
+    fmc_write_32(CORE_ADDR_CONTROL, &ctrl);
+
+    // wait for 'valid' bit to be set
+    sts = 0;
+    while (!(sts & CORE_STATUS_BIT_VALID))
+        fmc_read_32(CORE_ADDR_STATUS, &sts);
 }
 
 
-		//
-		// toggle the yellow led to indicate that we're not stuck somewhere
-		//
+//
+// toggle the yellow led to indicate that we're not stuck somewhere
+//
 void toggle_yellow_led(void)
 {
-		static int led_state = 0;
-	
-		led_state = !led_state;
-	
-		if (led_state) led_on(LED_YELLOW);
-		else           led_off(LED_YELLOW);
+    static int led_state = 0;
+
+    led_state = !led_state;
+
+    if (led_state) led_on(LED_YELLOW);
+    else           led_off(LED_YELLOW);
 }
 
 
-		//
-		// end of file
-		//
+//
+// end of file
+//



More information about the Commits mailing list