[fdt] Add ability to parse a MAC address from a flattened device tree
[ipxe.git] / src / crypto / hash_df.c
1 /*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 *
23 * Alternatively, you may distribute this code in source or binary
24 * form, with or without modification, provided that the following
25 * conditions are met:
26 *
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the above disclaimer.
29 *
30 * 2. Redistributions in binary form must reproduce the above
31 * copyright notice, this list of conditions and the above
32 * disclaimer in the documentation and/or other materials provided
33 * with the distribution.
34 */
35
36 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
37
38 /** @file
39 *
40 * Hash-based derivation function (Hash_df)
41 *
42 * This algorithm is designed to comply with ANS X9.82 Part 3-2007
43 * Section 10.5.2. This standard is not freely available, but most of
44 * the text appears to be shared with NIST SP 800-90, which can be
45 * downloaded from
46 *
47 * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
48 *
49 * Where possible, references are given to both documents. In the
50 * case of any disagreement, ANS X9.82 takes priority over NIST SP
51 * 800-90. (In particular, note that some algorithms that are
52 * Approved by NIST SP 800-90 are not Approved by ANS X9.82.)
53 */
54
55 #include <stdint.h>
56 #include <string.h>
57 #include <assert.h>
58 #include <byteswap.h>
59 #include <ipxe/crypto.h>
60 #include <ipxe/hash_df.h>
61
62 /**
63 * Distribute entropy throughout a buffer
64 *
65 * @v hash Underlying hash algorithm
66 * @v input Input data
67 * @v input_len Length of input data, in bytes
68 * @v output Output buffer
69 * @v output_len Length of output buffer, in bytes
70 *
71 * This is the Hash_df function defined in ANS X9.82 Part 3-2007
72 * Section 10.5.2 (NIST SP 800-90 Section 10.4.1).
73 *
74 * The number of bits requested is implicit in the length of the
75 * output buffer. Requests must be for an integral number of bytes.
76 *
77 * The output buffer is filled incrementally with each iteration of
78 * the central loop, rather than constructing an overall "temp" and
79 * then taking the leftmost(no_of_bits_to_return) bits.
80 *
81 * There is no way for the Hash_df function to fail. The returned
82 * status SUCCESS is implicit.
83 */
84 void hash_df ( struct digest_algorithm *hash, const void *input,
85 size_t input_len, void *output, size_t output_len ) {
86 uint8_t context[hash->ctxsize];
87 uint8_t digest[hash->digestsize];
88 size_t frag_len;
89 struct {
90 uint8_t pad[3];
91 uint8_t counter;
92 uint32_t no_of_bits_to_return;
93 } __attribute__ (( packed )) prefix;
94 void *temp;
95 size_t remaining;
96
97 DBGC ( &hash_df, "HASH_DF input:\n" );
98 DBGC_HDA ( &hash_df, 0, input, input_len );
99
100 /* Sanity checks */
101 assert ( input != NULL );
102 assert ( output != NULL );
103
104 /* 1. temp = the Null string
105 * 2. len = ceil ( no_of_bits_to_return / outlen )
106 *
107 * (Nothing to do. We fill the output buffer incrementally,
108 * rather than constructing the complete "temp" in-memory.
109 * "len" is implicit in the number of iterations required to
110 * fill the output buffer, and so is not calculated
111 * explicitly.)
112 */
113
114 /* 3. counter = an 8-bit binary value representing the integer "1" */
115 prefix.counter = 1;
116
117 /* 4. For i = 1 to len do */
118 for ( temp = output, remaining = output_len ; remaining > 0 ; ) {
119
120 /* Comment: in step 5.1 (sic), no_of_bits_to_return is
121 * used as a 32-bit string.
122 *
123 * 4.1 temp = temp || Hash ( counter || no_of_bits_to_return
124 * || input_string )
125 */
126 prefix.no_of_bits_to_return = htonl ( output_len * 8 );
127 digest_init ( hash, context );
128 digest_update ( hash, context, &prefix.counter,
129 ( sizeof ( prefix ) -
130 offsetof ( typeof ( prefix ), counter ) ) );
131 digest_update ( hash, context, input, input_len );
132 digest_final ( hash, context, digest );
133
134 /* 4.2 counter = counter + 1 */
135 prefix.counter++;
136
137 /* 5. requested_bits = Leftmost ( no_of_bits_to_return )
138 * of temp
139 *
140 * (We fill the output buffer incrementally.)
141 */
142 frag_len = sizeof ( digest );
143 if ( frag_len > remaining )
144 frag_len = remaining;
145 memcpy ( temp, digest, frag_len );
146 temp += frag_len;
147 remaining -= frag_len;
148 }
149
150 /* 6. Return SUCCESS and requested_bits */
151 DBGC ( &hash_df, "HASH_DF output:\n" );
152 DBGC_HDA ( &hash_df, 0, output, output_len );
153 return;
154 }