robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3921 Commits
2 Branches
Tree: a99d5d5aca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a99d5d5aca'
${ noResults }
ipxe/src/crypto/hash_df.c

hash_df.c 4.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. /*

  2.  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  17.  */

  18. 

  19. FILE_LICENCE ( GPL2_OR_LATER );

  20. 

  21. /** @file

  22.  *

  23.  * Hash-based derivation function (Hash_df)

  24.  *

  25.  * This algorithm is designed to comply with ANS X9.82 Part 3-2007

  26.  * Section 10.5.2.  This standard is not freely available, but most of

  27.  * the text appears to be shared with NIST SP 800-90, which can be

  28.  * downloaded from

  29.  *

  30.  *     http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf

  31.  *

  32.  * Where possible, references are given to both documents.  In the

  33.  * case of any disagreement, ANS X9.82 takes priority over NIST SP

  34.  * 800-90.  (In particular, note that some algorithms that are

  35.  * Approved by NIST SP 800-90 are not Approved by ANS X9.82.)

  36.  */

  37. 

  38. #include <stdint.h>

  39. #include <string.h>

  40. #include <byteswap.h>

  41. #include <ipxe/crypto.h>

  42. #include <ipxe/hash_df.h>

  43. 

  44. /**

  45.  * Distribute entropy throughout a buffer

  46.  *

  47.  * @v input		Input data

  48.  * @v input_len		Length of input data, in bytes

  49.  * @v output		Output buffer

  50.  * @v output_len	Length of output buffer, in bytes

  51.  *

  52.  * This is the Hash_df function defined in ANS X9.82 Part 3-2007

  53.  * Section 10.5.2 (NIST SP 800-90 Section 10.4.1).

  54.  *

  55.  * The number of bits requested is implicit in the length of the

  56.  * output buffer.  Requests must be for an integral number of bytes.

  57.  *

  58.  * The output buffer is filled incrementally with each iteration of

  59.  * the central loop, rather than constructing an overall "temp" and

  60.  * then taking the leftmost(no_of_bits_to_return) bits.

  61.  *

  62.  * There is no way for the Hash_df function to fail.  The returned

  63.  * status SUCCESS is implicit.

  64.  */

  65. void hash_df ( const void *input, size_t input_len, void *output,

  66. 	      size_t output_len ) {

  67. 	uint8_t context[HASH_DF_CTX_SIZE];

  68. 	uint8_t digest[HASH_DF_OUTLEN_BYTES];

  69. 	size_t frag_len;

  70. 	struct {

  71. 		uint8_t pad[3];

  72. 		uint8_t counter;

  73. 		uint32_t no_of_bits_to_return;

  74. 	} __attribute__ (( packed )) prefix;

  75. 	void *temp;

  76. 	size_t remaining;

  77. 

  78. 	DBGC ( &hash_df, "HASH_DF input:\n" );

  79. 	DBGC_HDA ( &hash_df, 0, input, input_len );

  80. 

  81. 	/* Sanity checks */

  82. 	assert ( input != NULL );

  83. 	assert ( output != NULL );

  84. 

  85. 	/* 1.  temp = the Null string

  86. 	 * 2.  len = ceil ( no_of_bits_to_return / outlen )

  87. 	 *

  88. 	 * (Nothing to do.  We fill the output buffer incrementally,

  89. 	 * rather than constructing the complete "temp" in-memory.

  90. 	 * "len" is implicit in the number of iterations required to

  91. 	 * fill the output buffer, and so is not calculated

  92. 	 * explicitly.)

  93. 	 */

  94. 

  95. 	/* 3.  counter = an 8-bit binary value representing the integer "1" */

  96. 	prefix.counter = 1;

  97. 

  98. 	/* 4.  For i = 1 to len do */

  99. 	for ( temp = output, remaining = output_len ; remaining > 0 ; ) {

  100. 

  101. 		/* Comment: in step 5.1 (sic), no_of_bits_to_return is

  102. 		 * used as a 32-bit string.

  103. 		 *

  104. 		 * 4.1  temp = temp || Hash ( counter || no_of_bits_to_return

  105. 		 *                            || input_string )

  106. 		 */

  107. 		prefix.no_of_bits_to_return = htonl ( output_len * 8 );

  108. 		digest_init ( &hash_df_algorithm, context );

  109. 		digest_update ( &hash_df_algorithm, context, &prefix.counter,

  110. 				( sizeof ( prefix ) -

  111. 				  offsetof ( typeof ( prefix ), counter ) ) );

  112. 		digest_update ( &hash_df_algorithm, context, input, input_len );

  113. 		digest_final ( &hash_df_algorithm, context, digest );

  114. 

  115. 		/* 4.2  counter = counter + 1 */

  116. 		prefix.counter++;

  117. 

  118. 		/* 5.    requested_bits = Leftmost ( no_of_bits_to_return )

  119. 		 *       of temp

  120. 		 *

  121. 		 * (We fill the output buffer incrementally.)

  122. 		 */

  123. 		frag_len = sizeof ( digest );

  124. 		if ( frag_len > remaining )

  125. 			frag_len = remaining;

  126. 		memcpy ( temp, digest, frag_len );

  127. 		temp += frag_len;

  128. 		remaining -= frag_len;

  129. 	}

  130. 

  131. 	/* 6.  Return SUCCESS and requested_bits */

  132. 	DBGC ( &hash_df, "HASH_DF output:\n" );

  133. 	DBGC_HDA ( &hash_df, 0, output, output_len );

  134. 	return;

  135. }