iPXE
Functions
hash_df.c File Reference

Hash-based derivation function (Hash_df) More...

#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <byteswap.h>
#include <ipxe/crypto.h>
#include <ipxe/hash_df.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
 FILE_SECBOOT (PERMITTED)
 
void hash_df (struct digest_algorithm *hash, const void *input, size_t input_len, void *output, size_t output_len)
 Distribute entropy throughout a buffer. More...
 

Detailed Description

Hash-based derivation function (Hash_df)

This algorithm is designed to comply with ANS X9.82 Part 3-2007 Section 10.5.2. This standard is not freely available, but most of the text appears to be shared with NIST SP 800-90, which can be downloaded from 

http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf

Where possible, references are given to both documents. In the case of any disagreement, ANS X9.82 takes priority over NIST SP 800-90. (In particular, note that some algorithms that are Approved by NIST SP 800-90 are not Approved by ANS X9.82.)

Definition in file hash_df.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED  )

◆ hash_df()

void hash_df ( struct digest_algorithm hash,
const void *  input,
size_t  input_len,
void *  output,
size_t  output_len 
)

Distribute entropy throughout a buffer.

Parameters
hashUnderlying hash algorithm
inputInput data
input_lenLength of input data, in bytes
outputOutput buffer
output_lenLength of output buffer, in bytes

This is the Hash_df function defined in ANS X9.82 Part 3-2007 Section 10.5.2 (NIST SP 800-90 Section 10.4.1).

The number of bits requested is implicit in the length of the output buffer. Requests must be for an integral number of bytes.

The output buffer is filled incrementally with each iteration of the central loop, rather than constructing an overall "temp" and then taking the leftmost(no_of_bits_to_return) bits.

There is no way for the Hash_df function to fail. The returned status SUCCESS is implicit.

Definition at line 85 of file hash_df.c.

86  {
87  uint8_t context[hash->ctxsize];
88  uint8_t digest[hash->digestsize];
89  size_t frag_len;
90  struct {
91  uint8_t pad[3];
92  uint8_t counter;
93  uint32_t no_of_bits_to_return;
94  } __attribute__ (( packed )) prefix;
95  void *temp;
96  size_t remaining;
97 
98  DBGC ( &hash_df, "HASH_DF input:\n" );
99  DBGC_HDA ( &hash_df, 0, input, input_len );
100 
101  /* Sanity checks */
102  assert ( input != NULL );
103  assert ( output != NULL );
104 
105  /* 1. temp = the Null string
106  * 2. len = ceil ( no_of_bits_to_return / outlen )
107  *
108  * (Nothing to do. We fill the output buffer incrementally,
109  * rather than constructing the complete "temp" in-memory.
110  * "len" is implicit in the number of iterations required to
111  * fill the output buffer, and so is not calculated
112  * explicitly.)
113  */
114 
115  /* 3. counter = an 8-bit binary value representing the integer "1" */
116  prefix.counter = 1;
117 
118  /* 4. For i = 1 to len do */
119  for ( temp = output, remaining = output_len ; remaining > 0 ; ) {
120 
121  /* Comment: in step 5.1 (sic), no_of_bits_to_return is
122  * used as a 32-bit string.
123  *
124  * 4.1 temp = temp || Hash ( counter || no_of_bits_to_return
125  * || input_string )
126  */
127  prefix.no_of_bits_to_return = htonl ( output_len * 8 );
128  digest_init ( hash, context );
129  digest_update ( hash, context, &prefix.counter,
130  ( sizeof ( prefix ) -
131  offsetof ( typeof ( prefix ), counter ) ) );
132  digest_update ( hash, context, input, input_len );
133  digest_final ( hash, context, digest );
134 
135  /* 4.2 counter = counter + 1 */
136  prefix.counter++;
137 
138  /* 5. requested_bits = Leftmost ( no_of_bits_to_return )
139  * of temp
140  *
141  * (We fill the output buffer incrementally.)
142  */
143  frag_len = sizeof ( digest );
144  if ( frag_len > remaining )
145  frag_len = remaining;
146  memcpy ( temp, digest, frag_len );
147  temp += frag_len;
148  remaining -= frag_len;
149  }
150 
151  /* 6. Return SUCCESS and requested_bits */
152  DBGC ( &hash_df, "HASH_DF output:\n" );
153  DBGC_HDA ( &hash_df, 0, output, output_len );
154  return;
155 }
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
hash
pseudo_bit_t hash[0x00010]
Definition: arbel.h:13
digest_update
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition: crypto.h:224
digest_final
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition: crypto.h:230
DBGC
#define DBGC(...)
Definition: compiler.h:505
input
Definition: bnxt_hsi.h:68
prefix
char prefix[4]
Definition: vmconsole.c:53
offsetof
#define offsetof(type, field)
Get offset of a field within a structure.
Definition: stddef.h:25
pad
u32 pad[9]
Padding.
Definition: ar9003_mac.h:47
htonl
#define htonl(value)
Definition: byteswap.h:134
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
digest_init
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition: crypto.h:219
hash_df
void hash_df(struct digest_algorithm *hash, const void *input, size_t input_len, void *output, size_t output_len)
Distribute entropy throughout a buffer.
Definition: hash_df.c:85
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
uint32_t
unsigned int uint32_t
Definition: stdint.h:12
typeof
typeof(acpi_finder=acpi_find)
ACPI table finder.
Definition: acpi.c:48
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:322

References __attribute__, assert(), DBGC, DBGC_HDA, digest_final(), digest_init(), digest_update(), hash, hash_df(), htonl, memcpy(), NULL, offsetof, pad, prefix, and typeof().

Referenced by get_entropy_input(), get_entropy_input_tmp(), and hash_df().

Generated by   doxygen 1.8.15