From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.15827.1656530373964459523 for ; Wed, 29 Jun 2022 12:19:34 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DE60414BF; Wed, 29 Jun 2022 12:19:33 -0700 (PDT) Received: from pierre123.home (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 72ABD3F792; Wed, 29 Jun 2022 12:19:31 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , Michael D Kinney , Liming Gao , Jiewen Yao , Jian J Wang Subject: [PATCH RESEND v1 4/9] MdePkg/DrbgLib: Add Get_entropy_input() implementation Date: Wed, 29 Jun 2022 21:18:41 +0200 Message-Id: <20220629191848.2619317-5-Pierre.Gondois@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220629191848.2619317-1-Pierre.Gondois@arm.com> References: <20220629191848.2619317-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Pierre Gondois NIST Special Publication 800-90C, s10.3.3 'Get_entropy_input Constructions for Accessing Entropy Sources' specifies multiple way to implement the Get_entropy_input() function. Implement s10.3.3.1 'Construction When a Conditioning Function is not Used' in a separate file to let room for other potential implementations. Signed-off-by: Pierre Gondois --- MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++++++++++++++++++++++++ MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 ++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h diff --git a/MdePkg/Library/DrbgLib/GetEntropyInput.c b/MdePkg/Library/Dr= bgLib/GetEntropyInput.c new file mode 100644 index 000000000000..6257bc9093dd --- /dev/null +++ b/MdePkg/Library/DrbgLib/GetEntropyInput.c @@ -0,0 +1,72 @@ +/** @file + GetEntropyInput function implementation. + + Copyright (c) 2022, Arm Limited. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Reference(s): + - [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommen= dation + for Random Number Generation Using Deterministic Random Bit Gene= rators. + (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/fina= l) + - [2] NIST Special Publication 800-90B, Recommendation for the Entropy + Sources Used for Random Bit Generation. + (https://csrc.nist.gov/publications/detail/sp/800-90b/final) + - [3] (Second Draft) NIST Special Publication 800-90C, Recommendation = for + Random Bit Generator (RBG) Constructions. + (https://csrc.nist.gov/publications/detail/sp/800-90c/draft) + + @par Glossary: + - TRNG - True Random Number Generator + - Sec - Security + - DRBG - Deterministic Random Bits Generator + - CTR - Counter +**/ + +#include +#include + +#include "Common.h" + +/** GetEntropyInput implementation (no conditionning function). + + Cf. [3] 10.3.3.1 Construction When a Conditioning Function is not Used + + @param [in] DrbgHandle The Drbg hanble. + @param [in] MinEntropy Minimum entropy. + @param [out] EntropyBitsStream Stream containing the generated entrop= y. + + @retval EFI_SUCCESS Success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_OUT_OF_RESOURCES Out of resources. +**/ +EFI_STATUS +EFIAPI +GetEntropyInputNoCondFn ( + IN DRBG_HANDLE DrbgHandle, + IN UINTN MinEntropy, + OUT BIT_STREAM **EntropyBitsStream + ) +{ + EFI_STATUS Status; + + if ((DrbgHandle =3D=3D NULL) || + (EntropyBitsStream =3D=3D NULL) || + (*EntropyBitsStream !=3D NULL)) + { + ASSERT (DrbgHandle !=3D NULL); + ASSERT (EntropyBitsStream !=3D NULL); + ASSERT (*EntropyBitsStream =3D=3D NULL); + return EFI_INVALID_PARAMETER; + } + + // 1. (status, entropy_bitstring) =3D Get_Entropy(min_entropy, max_len= gth). + // 2. If (status !=3D SUCCESS), then return (status, Null). + // 3. Return SUCCESS, entropy_bitstring. + Status =3D GetEntropy (DrbgHandle, MinEntropy, EntropyBitsStream); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + // Fall through. + } + + return Status; +} diff --git a/MdePkg/Library/DrbgLib/GetEntropyInput.h b/MdePkg/Library/Dr= bgLib/GetEntropyInput.h new file mode 100644 index 000000000000..336fbc3826c0 --- /dev/null +++ b/MdePkg/Library/DrbgLib/GetEntropyInput.h @@ -0,0 +1,48 @@ +/** @file + GetEntropyInput function implementation. + + Copyright (c) 2022, Arm Limited. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Reference(s): + - [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommen= dation + for Random Number Generation Using Deterministic Random Bit Gene= rators. + (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/fina= l) + - [2] NIST Special Publication 800-90B, Recommendation for the Entropy + Sources Used for Random Bit Generation. + (https://csrc.nist.gov/publications/detail/sp/800-90b/final) + - [3] (Second Draft) NIST Special Publication 800-90C, Recommendation = for + Random Bit Generator (RBG) Constructions. + (https://csrc.nist.gov/publications/detail/sp/800-90c/draft) + + @par Glossary: + - TRNG - True Random Number Generator + - Sec - Security + - DRBG - Deterministic Random Bits Generator + - CTR - Counter +**/ + +#ifndef GET_ENTROPY_INPUT_H_ +#define GET_ENTROPY_INPUT_H_ + +/** GetEntropyInput implementation (no conditionning function). + + Cf. [3] 10.3.3.1 Construction When a Conditioning Function is not Used + + @param [in] DrbgHandle The Drbg hanble. + @param [in] MinEntropy Minimum entropy. + @param [out] EntropyBitsStream Stream containing the generated entrop= y. + + @retval EFI_SUCCESS Success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_OUT_OF_RESOURCES Out of resources. +**/ +EFI_STATUS +EFIAPI +GetEntropyInputNoCondFn ( + IN DRBG_HANDLE DrbgHandle, + IN UINTN MinEntropy, + OUT BIT_STREAM **EntropyBitsStream + ); + +#endif // GET_ENTROPY_INPUT_H_ --=20 2.25.1