robin.thoni
/
ipxe
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 11 Wiki Actividad
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4038 Commits
2 Ramas
Árbol: a6d49c17c9
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'a6d49c17c9'
${ noResults }
ipxe/src/crypto/hash_df.c

hash_df.c 4.4KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. /*

  2.  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  17.  */

  18. 

  19. FILE_LICENCE ( GPL2_OR_LATER );

  20. 

  21. /** @file

  22.  *

  23.  * Hash-based derivation function (Hash_df)

  24.  *

  25.  * This algorithm is designed to comply with ANS X9.82 Part 3-2007

  26.  * Section 10.5.2.  This standard is not freely available, but most of

  27.  * the text appears to be shared with NIST SP 800-90, which can be

  28.  * downloaded from

  29.  *

  30.  *     http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf

  31.  *

  32.  * Where possible, references are given to both documents.  In the

  33.  * case of any disagreement, ANS X9.82 takes priority over NIST SP

  34.  * 800-90.  (In particular, note that some algorithms that are

  35.  * Approved by NIST SP 800-90 are not Approved by ANS X9.82.)

  36.  */

  37. 

  38. #include <stdint.h>

  39. #include <string.h>

  40. #include <assert.h>

  41. #include <byteswap.h>

  42. #include <ipxe/crypto.h>

  43. #include <ipxe/hash_df.h>

  44. 

  45. /**

  46.  * Distribute entropy throughout a buffer

  47.  *

  48.  * @v hash		Underlying hash algorithm

  49.  * @v input		Input data

  50.  * @v input_len		Length of input data, in bytes

  51.  * @v output		Output buffer

  52.  * @v output_len	Length of output buffer, in bytes

  53.  *

  54.  * This is the Hash_df function defined in ANS X9.82 Part 3-2007

  55.  * Section 10.5.2 (NIST SP 800-90 Section 10.4.1).

  56.  *

  57.  * The number of bits requested is implicit in the length of the

  58.  * output buffer.  Requests must be for an integral number of bytes.

  59.  *

  60.  * The output buffer is filled incrementally with each iteration of

  61.  * the central loop, rather than constructing an overall "temp" and

  62.  * then taking the leftmost(no_of_bits_to_return) bits.

  63.  *

  64.  * There is no way for the Hash_df function to fail.  The returned

  65.  * status SUCCESS is implicit.

  66.  */

  67. void hash_df ( struct digest_algorithm *hash, const void *input,

  68. 	       size_t input_len, void *output, size_t output_len ) {

  69. 	uint8_t context[hash->ctxsize];

  70. 	uint8_t digest[hash->digestsize];

  71. 	size_t frag_len;

  72. 	struct {

  73. 		uint8_t pad[3];

  74. 		uint8_t counter;

  75. 		uint32_t no_of_bits_to_return;

  76. 	} __attribute__ (( packed )) prefix;

  77. 	void *temp;

  78. 	size_t remaining;

  79. 

  80. 	DBGC ( &hash_df, "HASH_DF input:\n" );

  81. 	DBGC_HDA ( &hash_df, 0, input, input_len );

  82. 

  83. 	/* Sanity checks */

  84. 	assert ( input != NULL );

  85. 	assert ( output != NULL );

  86. 

  87. 	/* 1.  temp = the Null string

  88. 	 * 2.  len = ceil ( no_of_bits_to_return / outlen )

  89. 	 *

  90. 	 * (Nothing to do.  We fill the output buffer incrementally,

  91. 	 * rather than constructing the complete "temp" in-memory.

  92. 	 * "len" is implicit in the number of iterations required to

  93. 	 * fill the output buffer, and so is not calculated

  94. 	 * explicitly.)

  95. 	 */

  96. 

  97. 	/* 3.  counter = an 8-bit binary value representing the integer "1" */

  98. 	prefix.counter = 1;

  99. 

  100. 	/* 4.  For i = 1 to len do */

  101. 	for ( temp = output, remaining = output_len ; remaining > 0 ; ) {

  102. 

  103. 		/* Comment: in step 5.1 (sic), no_of_bits_to_return is

  104. 		 * used as a 32-bit string.

  105. 		 *

  106. 		 * 4.1  temp = temp || Hash ( counter || no_of_bits_to_return

  107. 		 *                            || input_string )

  108. 		 */

  109. 		prefix.no_of_bits_to_return = htonl ( output_len * 8 );

  110. 		digest_init ( hash, context );

  111. 		digest_update ( hash, context, &prefix.counter,

  112. 				( sizeof ( prefix ) -

  113. 				  offsetof ( typeof ( prefix ), counter ) ) );

  114. 		digest_update ( hash, context, input, input_len );

  115. 		digest_final ( hash, context, digest );

  116. 

  117. 		/* 4.2  counter = counter + 1 */

  118. 		prefix.counter++;

  119. 

  120. 		/* 5.    requested_bits = Leftmost ( no_of_bits_to_return )

  121. 		 *       of temp

  122. 		 *

  123. 		 * (We fill the output buffer incrementally.)

  124. 		 */

  125. 		frag_len = sizeof ( digest );

  126. 		if ( frag_len > remaining )

  127. 			frag_len = remaining;

  128. 		memcpy ( temp, digest, frag_len );

  129. 		temp += frag_len;

  130. 		remaining -= frag_len;

  131. 	}

  132. 

  133. 	/* 6.  Return SUCCESS and requested_bits */

  134. 	DBGC ( &hash_df, "HASH_DF output:\n" );

  135. 	DBGC_HDA ( &hash_df, 0, output, output_len );

  136. 	return;

  137. }