iPXE
Functions
hash_df.c File Reference

Hash-based derivation function (Hash_df) More...

#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <byteswap.h>
#include <ipxe/crypto.h>
#include <ipxe/hash_df.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
void hash_df (struct digest_algorithm *hash, const void *input, size_t input_len, void *output, size_t output_len)
 Distribute entropy throughout a buffer. More...
 

Detailed Description

Hash-based derivation function (Hash_df)

This algorithm is designed to comply with ANS X9.82 Part 3-2007 Section 10.5.2. This standard is not freely available, but most of the text appears to be shared with NIST SP 800-90, which can be downloaded from

http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf

Where possible, references are given to both documents. In the case of any disagreement, ANS X9.82 takes priority over NIST SP 800-90. (In particular, note that some algorithms that are Approved by NIST SP 800-90 are not Approved by ANS X9.82.)

Definition in file hash_df.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ hash_df()

void hash_df ( struct digest_algorithm hash,
const void *  input,
size_t  input_len,
void *  output,
size_t  output_len 
)

Distribute entropy throughout a buffer.

Parameters
hashUnderlying hash algorithm
inputInput data
input_lenLength of input data, in bytes
outputOutput buffer
output_lenLength of output buffer, in bytes

This is the Hash_df function defined in ANS X9.82 Part 3-2007 Section 10.5.2 (NIST SP 800-90 Section 10.4.1).

The number of bits requested is implicit in the length of the output buffer. Requests must be for an integral number of bytes.

The output buffer is filled incrementally with each iteration of the central loop, rather than constructing an overall "temp" and then taking the leftmost(no_of_bits_to_return) bits.

There is no way for the Hash_df function to fail. The returned status SUCCESS is implicit.

Definition at line 84 of file hash_df.c.

85  {
86  uint8_t context[hash->ctxsize];
87  uint8_t digest[hash->digestsize];
88  size_t frag_len;
89  struct {
90  uint8_t pad[3];
91  uint8_t counter;
92  uint32_t no_of_bits_to_return;
93  } __attribute__ (( packed )) prefix;
94  void *temp;
95  size_t remaining;
96 
97  DBGC ( &hash_df, "HASH_DF input:\n" );
98  DBGC_HDA ( &hash_df, 0, input, input_len );
99 
100  /* Sanity checks */
101  assert ( input != NULL );
102  assert ( output != NULL );
103 
104  /* 1. temp = the Null string
105  * 2. len = ceil ( no_of_bits_to_return / outlen )
106  *
107  * (Nothing to do. We fill the output buffer incrementally,
108  * rather than constructing the complete "temp" in-memory.
109  * "len" is implicit in the number of iterations required to
110  * fill the output buffer, and so is not calculated
111  * explicitly.)
112  */
113 
114  /* 3. counter = an 8-bit binary value representing the integer "1" */
115  prefix.counter = 1;
116 
117  /* 4. For i = 1 to len do */
118  for ( temp = output, remaining = output_len ; remaining > 0 ; ) {
119 
120  /* Comment: in step 5.1 (sic), no_of_bits_to_return is
121  * used as a 32-bit string.
122  *
123  * 4.1 temp = temp || Hash ( counter || no_of_bits_to_return
124  * || input_string )
125  */
126  prefix.no_of_bits_to_return = htonl ( output_len * 8 );
127  digest_init ( hash, context );
128  digest_update ( hash, context, &prefix.counter,
129  ( sizeof ( prefix ) -
130  offsetof ( typeof ( prefix ), counter ) ) );
131  digest_update ( hash, context, input, input_len );
132  digest_final ( hash, context, digest );
133 
134  /* 4.2 counter = counter + 1 */
135  prefix.counter++;
136 
137  /* 5. requested_bits = Leftmost ( no_of_bits_to_return )
138  * of temp
139  *
140  * (We fill the output buffer incrementally.)
141  */
142  frag_len = sizeof ( digest );
143  if ( frag_len > remaining )
144  frag_len = remaining;
145  memcpy ( temp, digest, frag_len );
146  temp += frag_len;
147  remaining -= frag_len;
148  }
149 
150  /* 6. Return SUCCESS and requested_bits */
151  DBGC ( &hash_df, "HASH_DF output:\n" );
152  DBGC_HDA ( &hash_df, 0, output, output_len );
153  return;
154 }
#define __attribute__(x)
Definition: compiler.h:10
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition: crypto.h:177
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition: crypto.h:182
#define DBGC(...)
Definition: compiler.h:505
Definition: bnxt_hsi.h:68
char prefix[4]
Definition: vmconsole.c:53
#define offsetof(type, field)
Get offset of a field within a structure.
Definition: stddef.h:24
u32 pad[9]
Padding.
Definition: ar9003_mac.h:90
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
#define htonl(value)
Definition: byteswap.h:133
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define DBGC_HDA(...)
Definition: compiler.h:506
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition: crypto.h:172
pseudo_bit_t hash[0x00010]
Hash algorithm.
Definition: arbel.h:13
void hash_df(struct digest_algorithm *hash, const void *input, size_t input_len, void *output, size_t output_len)
Distribute entropy throughout a buffer.
Definition: hash_df.c:84
unsigned char uint8_t
Definition: stdint.h:10
unsigned int uint32_t
Definition: stdint.h:12
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362

References __attribute__, assert(), DBGC, DBGC_HDA, digest, digest_final(), digest_init(), digest_update(), hash, hash_df(), htonl, memcpy(), NULL, offsetof, pad, and prefix.

Referenced by get_entropy_input_tmp(), and hash_df().