Cleanup, add smoke test for experimental parameters.

Signed-off-by: Markku-Juhani O. Saarinen <[email protected]>

Author: mjosaarinen

Makefile

@@ -3,10 +3,11 @@
 
 .PHONY: test
 
-XTEST	?=	xfips205
-CSRC	=	$(wildcard *.c) test/xfips205.c
+CSRC	=	$(wildcard *.c)
 OBJS	= 	$(CSRC:.c=.o)
-KATNUM	?=	1
+
+XTEST	?=	xfips205
+XTESTC	?=	test/xfips205.c
 
 CC 		=	gcc
 CFLAGS	:=	-Wall \
@@ -28,7 +29,7 @@ CFLAGS	:=	-Wall \
 LDLIBS	+=
 
 $(XTEST):	$(OBJS)
-	$(CC) $(LDFLAGS) $(CFLAGS) -o $(XTEST) $(OBJS) $(LDLIBS)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@ $(OBJS) $(XTESTC) $(LDLIBS)
 
 %.o:	%.[cS]
 	$(CC) $(CFLAGS) -c $^ -o $@

sha2_256.c

@@ -3,14 +3,15 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
-/* === FIPS 180-4 SHA2-256 Implementation */
+/* === FIPS 180-4 SHA2-256 / Portable C Implementation */
 
 #include <string.h>
 #include "plat_local.h"
 #include "sha2_api.h"
 
-#ifndef SLOTH_SHA256
-/* ( slow / processor implementation fallback ) */
+#ifdef SLH_EXPERIMENTAL
+uint64_t sha2_256_compress_count = 0; /* instrumentation */
+#endif
 
 /* processing step, sets "d" and "h" as a function of all 8 inputs */
 /* and message schedule "mi", round constant "ki" */
@@ -54,6 +55,10 @@ void sha2_256_compress(void *v)
   const uint32_t *mp = sp + 8;
   const uint32_t *kp = ck;
 
+#ifdef SLH_EXPERIMENTAL
+  sha2_256_compress_count++; /* instrumentation */
+#endif
+
   a = sp[0] = rev8_be32(sp[0]);
   b = sp[1] = rev8_be32(sp[1]);
   c = sp[2] = rev8_be32(sp[2]);
@@ -135,8 +140,6 @@ void sha2_256_compress(void *v)
   sp[7] = rev8_be32(sp[7] + h);
 }
 
-#endif
-
 /* initialize */
 
 static void sha2_256_init_h0(sha2_256_t *sha, const uint8_t *h0)

sha2_512.c

@@ -3,14 +3,15 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
-/* === FIPS 180-4 SHA2-512 Implementation */
+/* === FIPS 180-4 SHA2-512 / Portable C Implementation */
 
 #include <string.h>
 #include "plat_local.h"
 #include "sha2_api.h"
 
-#ifndef SLOTH_SHA512
-/* ( slow / processor implementation fallback ) */
+#ifdef SLH_EXPERIMENTAL
+uint64_t sha2_512_compress_count = 0; /* instrumentation */
+#endif
 
 /* processing step, sets "d" and "h" as a function of all 8 inputs */
 /* and message schedule "mi", round constant "ki" */
@@ -85,6 +86,10 @@ void sha2_512_compress(void *v)
   const uint64_t *mp = sp + 8;
   const uint64_t *kp = ck;
 
+#ifdef SLH_EXPERIMENTAL
+  sha2_512_compress_count++; /* instrumentation */
+#endif
+
   /* get state */
   a = sp[0] = rev8_be64(sp[0]);
   b = sp[1] = rev8_be64(sp[1]);
@@ -168,8 +173,6 @@ void sha2_512_compress(void *v)
   sp[7] = rev8_be64(sp[7] + h);
 }
 
-#endif
-
 /* initialize */
 
 static void sha2_512_init_h0(sha2_512_t *sha, const uint8_t *h0)
@@ -235,7 +238,6 @@ void sha2_512_256_init(sha2_512_t *sha)
   sha2_512_init_h0(sha, sha2_512_256_h0);
 }
 
-
 void sha2_512_copy(sha2_512_t *dst, const sha2_512_t *src)
 {
   dst->i = src->i;

sha3_api.c

@@ -4,9 +4,7 @@
  */
 
 /* === FIPS 202: SHA-3 hash and SHAKE eXtensible Output Functions (XOF) */
-/* Hash padding mode code for testing permutation implementations. */
 
-#ifndef SLOTH_NO_SHA3
 #include "sha3_api.h"
 
 /* These functions have not been optimized for performance. */
@@ -111,6 +109,3 @@ void shake(uint8_t *md, size_t md_sz, const void *in, size_t in_sz, size_t r_sz)
   sha3_update(&sha3, in, in_sz);
   shake_out(&sha3, md, md_sz);
 }
-
-/* SLOTH_NO_SHA3 */
-#endif

sha3_api.h

@@ -50,7 +50,7 @@ extern "C"
   void shake_out(sha3_var_t *c, uint8_t *out, size_t out_sz);
 
   /* core permutation */
-  void keccak_f1600(void *st);
+  void keccak_f1600(uint64_t x[25]);
 
 #ifdef __cplusplus
 }

sha3_f1600.c

@@ -5,14 +5,16 @@
 
 /* === FIPS 202 Keccak permutation implementation for a 64-bit target. */
 
-#ifndef SLOTH_KECCAK
-
 #include "plat_local.h"
 #include "sha3_api.h"
 
+#ifdef SLH_EXPERIMENTAL
+uint64_t keccak_f1600_count = 0; /* instrumentation */
+#endif
+
 /* forward permutation */
 
-void keccak_f1600(void *st)
+void keccak_f1600(uint64_t x[25])
 {
   /* round constants */
   static const uint64_t keccak_rc[24] = {
@@ -30,9 +32,12 @@ void keccak_f1600(void *st)
       UINT64_C(0x0000000080000001), UINT64_C(0x8000000080008008)};
 
   int i;
-  uint64_t *x = (uint64_t *)st;
   uint64_t t, y0, y1, y2, y3, y4;
 
+#ifdef SLH_EXPERIMENTAL
+  keccak_f1600_count++; /* instrumentation */
+#endif
+
   /* iteration */
 
   for (i = 0; i < 24; i++)
@@ -148,6 +153,3 @@ void keccak_f1600(void *st)
     x[0] = x[0] ^ keccak_rc[i];
   }
 }
-
-/* SLOTH_KECCAK */
-#endif

slh_adrs.h

@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
-/* === Internal ADRS manipulation functions (Section 4.2) */
+/* === Internal ADRS manipulation functions (FIPS 205 Section 4.3) */
 
 #ifndef _SLH_ADRS_H_
 #define _SLH_ADRS_H_
@@ -156,7 +156,6 @@ static inline void adrs_set_type_and_clear_not_kp(slh_var_t *var, uint32_t y)
   var->adrs->u32[7] = 0;
 }
 
-
 /* === Compressed 22-byte address ADRSc used with SHA-2. */
 static inline void adrsc_22(const slh_var_t *var, uint8_t *ac)
 {