From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3F5B2D80144 for ; Wed, 8 May 2024 20:40:14 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=rXhCXfxpIXK5q8J4lued2VHwPk0E10bTOCDEzGWeXwE=; c=relaxed/simple; d=groups.io; h=Subject:To:From:User-Agent:MIME-Version:Date:References:In-Reply-To:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1715200812; v=1; b=hWYSld0OpQLmE+7UZZ5/AL4OhZ516b4ItaGZTQbTpHEvD9k9c9luzxMtW+fdcu+336YNPtKA co/nPEaMDYspIwAxrAKGzRV4s8rZzJ6NaV4IgFRTvj963uJdKnlrOzyGRrDgWEHiz/EECoPtkQA CLBt7mZ+FWDt/Ts8kqqwyQYxegT/XudRWxHu05+qvX5oALum7AHFcWtzchUb/MZ1US74Dyisap4 PyN2aTzOwNw5RkTN/QIT4l7z9ATd36QOjkS0/vHudohGbe6vOSeLLoew8SpUMJIqF4GkhkES415 Wl75V2YGTDK6+lTUIU9fQpK7CiWD6mxACSxnoq5gGXmaw== X-Received: by 127.0.0.2 with SMTP id Dwi9YY7687511x0r0xzY1z4V; Wed, 08 May 2024 13:40:12 -0700 Subject: Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237 To: "Doug Flick" , devel@edk2.groups.io From: "Doug Flick via groups.io" X-Originating-Location: Tacoma, Washington, US (67.160.15.86) X-Originating-Platform: Windows Chrome 124 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Wed, 08 May 2024 13:40:11 -0700 References: <1400.1715191538135525592@groups.io> In-Reply-To: <1400.1715191538135525592@groups.io> Message-ID: <1400.1715200811925539906@groups.io> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 5jYG52274BQxTogm1NfasrAox7686176AA= Content-Type: multipart/alternative; boundary="oQ5oc2ua8Vt4ez4JRw5D" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=hWYSld0O; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io --oQ5oc2ua8Vt4ez4JRw5D Content-Type: text/plain; charset="utf-8"; markup=markdown Content-Transfer-Encoding: quoted-printable Ard, I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This howe= ver led me to discover a difference in behavior in x86 based platforms and = Arm based platforms and I'm usure which is the correct behavior. On x86 based platforms, if the RngValueLength being requested is less than = 32 (256bits). Then it returns EFI_INVALID_PARAMETER (despite the function h= eader not indicating that's possible) https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446= dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L123 and it assumes that "When a Deterministic Random Bit Generator (DRBG) is us= ed on the output of a (raw) entropy source, its security level must be at l= east 256 bits." means it shouldn't support requests smaller than 32 bytes. https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-= generator-protocol=20 On Arm based Platforms it doesn't make this assumption and behaves accordin= g to the specification. https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446= dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c#L106C35-L106C54 Right now my thought is that x86 machines are making an incorrect assumptio= n where the seed to a DRNG needs to be at least 256 bits by nist recommenda= tions but a caller should be free to request values smaller than 32 bytes. Would you assume the same before I make a change to the x86 code to remove = that check? -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118703): https://edk2.groups.io/g/devel/message/118703 Mute This Topic: https://groups.io/mt/105983246/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --oQ5oc2ua8Vt4ez4JRw5D Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Ard,

I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This h= owever led me to discover a difference in behavior in x86 based platforms a= nd Arm based platforms and I'm usure which is the correct behavior.

On x86 based platforms, if the RngValueLength being requested is less th= an 32 (256bits). Then it returns EFI_INVALID_PARAMETER (despite the functio= n header not indicating that's possible) https://github.com/tianocore/edk2/blob/b82c9631da39ca5a= 1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngD= xe.c#L123

and it assumes that "When a Deterministic Random Bit Generator (DRB= G) is used on the output of a (raw) entropy source, its security level must= be at least 256 bits." means it shouldn't support requests smaller th= an 32 bytes. https://uefi.org/specs/UEF= I/2.10/37_Secure_Technologies.html#random-number-generator-protocol

On Arm based Platforms it doesn't make this assumption and behaves accor= ding to the specification. https://github.com/tianocore/edk2/blob/b82c963= 1da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/= ArmRngDxe.c#L106C35-L106C54

Right now my thought is that x86 machines are making an incorrect assump= tion where the seed to a DRNG needs to be at least 256 bits by nist recomme= ndations but a caller should be free to request values smaller than 32 byte= s.

Would you assume the same before I make a change to the x86 code to remo= ve that check?

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#118703) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--oQ5oc2ua8Vt4ez4JRw5D--