robin.thoni
/
ipxe
Слідкувати 1
В обрані 0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 11 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
5151 Коміти
2 Гілки
Дерево: 89816af2a4
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '89816af2a4'
${ noResults }
ipxe/src/crypto/hash_df.c

hash_df.c 4.6KB
Історія Неформатований

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. /*

  2.  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

  17.  * 02110-1301, USA.

  18.  *

  19.  * You can also choose to distribute this program under the terms of

  20.  * the Unmodified Binary Distribution Licence (as given in the file

  21.  * COPYING.UBDL), provided that you have satisfied its requirements.

  22.  */

  23. 

  24. FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

  25. 

  26. /** @file

  27.  *

  28.  * Hash-based derivation function (Hash_df)

  29.  *

  30.  * This algorithm is designed to comply with ANS X9.82 Part 3-2007

  31.  * Section 10.5.2.  This standard is not freely available, but most of

  32.  * the text appears to be shared with NIST SP 800-90, which can be

  33.  * downloaded from

  34.  *

  35.  *     http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf

  36.  *

  37.  * Where possible, references are given to both documents.  In the

  38.  * case of any disagreement, ANS X9.82 takes priority over NIST SP

  39.  * 800-90.  (In particular, note that some algorithms that are

  40.  * Approved by NIST SP 800-90 are not Approved by ANS X9.82.)

  41.  */

  42. 

  43. #include <stdint.h>

  44. #include <string.h>

  45. #include <assert.h>

  46. #include <byteswap.h>

  47. #include <ipxe/crypto.h>

  48. #include <ipxe/hash_df.h>

  49. 

  50. /**

  51.  * Distribute entropy throughout a buffer

  52.  *

  53.  * @v hash		Underlying hash algorithm

  54.  * @v input		Input data

  55.  * @v input_len		Length of input data, in bytes

  56.  * @v output		Output buffer

  57.  * @v output_len	Length of output buffer, in bytes

  58.  *

  59.  * This is the Hash_df function defined in ANS X9.82 Part 3-2007

  60.  * Section 10.5.2 (NIST SP 800-90 Section 10.4.1).

  61.  *

  62.  * The number of bits requested is implicit in the length of the

  63.  * output buffer.  Requests must be for an integral number of bytes.

  64.  *

  65.  * The output buffer is filled incrementally with each iteration of

  66.  * the central loop, rather than constructing an overall "temp" and

  67.  * then taking the leftmost(no_of_bits_to_return) bits.

  68.  *

  69.  * There is no way for the Hash_df function to fail.  The returned

  70.  * status SUCCESS is implicit.

  71.  */

  72. void hash_df ( struct digest_algorithm *hash, const void *input,

  73. 	       size_t input_len, void *output, size_t output_len ) {

  74. 	uint8_t context[hash->ctxsize];

  75. 	uint8_t digest[hash->digestsize];

  76. 	size_t frag_len;

  77. 	struct {

  78. 		uint8_t pad[3];

  79. 		uint8_t counter;

  80. 		uint32_t no_of_bits_to_return;

  81. 	} __attribute__ (( packed )) prefix;

  82. 	void *temp;

  83. 	size_t remaining;

  84. 

  85. 	DBGC ( &hash_df, "HASH_DF input:\n" );

  86. 	DBGC_HDA ( &hash_df, 0, input, input_len );

  87. 

  88. 	/* Sanity checks */

  89. 	assert ( input != NULL );

  90. 	assert ( output != NULL );

  91. 

  92. 	/* 1.  temp = the Null string

  93. 	 * 2.  len = ceil ( no_of_bits_to_return / outlen )

  94. 	 *

  95. 	 * (Nothing to do.  We fill the output buffer incrementally,

  96. 	 * rather than constructing the complete "temp" in-memory.

  97. 	 * "len" is implicit in the number of iterations required to

  98. 	 * fill the output buffer, and so is not calculated

  99. 	 * explicitly.)

  100. 	 */

  101. 

  102. 	/* 3.  counter = an 8-bit binary value representing the integer "1" */

  103. 	prefix.counter = 1;

  104. 

  105. 	/* 4.  For i = 1 to len do */

  106. 	for ( temp = output, remaining = output_len ; remaining > 0 ; ) {

  107. 

  108. 		/* Comment: in step 5.1 (sic), no_of_bits_to_return is

  109. 		 * used as a 32-bit string.

  110. 		 *

  111. 		 * 4.1  temp = temp || Hash ( counter || no_of_bits_to_return

  112. 		 *                            || input_string )

  113. 		 */

  114. 		prefix.no_of_bits_to_return = htonl ( output_len * 8 );

  115. 		digest_init ( hash, context );

  116. 		digest_update ( hash, context, &prefix.counter,

  117. 				( sizeof ( prefix ) -

  118. 				  offsetof ( typeof ( prefix ), counter ) ) );

  119. 		digest_update ( hash, context, input, input_len );

  120. 		digest_final ( hash, context, digest );

  121. 

  122. 		/* 4.2  counter = counter + 1 */

  123. 		prefix.counter++;

  124. 

  125. 		/* 5.    requested_bits = Leftmost ( no_of_bits_to_return )

  126. 		 *       of temp

  127. 		 *

  128. 		 * (We fill the output buffer incrementally.)

  129. 		 */

  130. 		frag_len = sizeof ( digest );

  131. 		if ( frag_len > remaining )

  132. 			frag_len = remaining;

  133. 		memcpy ( temp, digest, frag_len );

  134. 		temp += frag_len;

  135. 		remaining -= frag_len;

  136. 	}

  137. 

  138. 	/* 6.  Return SUCCESS and requested_bits */

  139. 	DBGC ( &hash_df, "HASH_DF output:\n" );

  140. 	DBGC_HDA ( &hash_df, 0, output, output_len );

  141. 	return;

  142. }