From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.35942.1656669037958901506 for ; Fri, 01 Jul 2022 02:50:38 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D1FF4113E; Fri, 1 Jul 2022 02:50:37 -0700 (PDT) Received: from [192.168.1.11] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 86A063F66F; Fri, 1 Jul 2022 02:50:35 -0700 (PDT) Message-ID: <64f6d993-84b2-2250-8495-4ee5849eff5a@arm.com> Date: Fri, 1 Jul 2022 11:49:56 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib To: "Yao, Jiewen" , "Kinney, Michael D" , "devel@edk2.groups.io" Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , "Gao, Liming" , "Wang, Jian J" References: <20220629191848.2619317-1-Pierre.Gondois@arm.com> From: "PierreGondois" In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello Yao, On 6/30/22 03:16, Yao, Jiewen wrote: > More question: > Please educate me how you plan to include DrbgLib to openssl? > Currently, it is using RngLib. > https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/OpensslLib.inf#L634? There was a discussion about the DrbgLib in late 2020 at: https://edk2.groups.io/g/devel/topic/78823009#71619 The interraction between between all the libraries is described in slide 11 of: https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf The OpensslLib relies on the RngLib because of this function call: https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/rand_pool.c#L49 Based on the slide 11, it is possible to have a RngLib implementation using the DrbgLib either through RngDxeLib or through a new RngLib|RngDrbgLib. Regards, Pierre > > Thank you > Yao Jiewen > >> -----Original Message----- >> From: Kinney, Michael D >> Sent: Thursday, June 30, 2022 8:16 AM >> To: devel@edk2.groups.io; pierre.gondois@arm.com; Kinney, Michael D >> >> Cc: Sami Mujawar ; Leif Lindholm >> ; Ard Biesheuvel ; >> Rebecca Cran ; Gao, Liming >> ; Yao, Jiewen ; Wang, >> Jian J >> Subject: RE: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib >> >> Hi Pierre, >> >> Can you add to the Patch #0 Summary and the BZ the difference >> between the existing RngLib and this new DrbgLib? >> >> Would you recommend one be implement on top of the other? >> >> Really glad to see test vectors were used to verify correctness. >> Can you consider adding formal unit tests using the UnitTestFrameworkPkg >> with those test vectors so a unit test failure would be generated if >> maintenance is performed in the future that changes the behavior? >> >> Thanks, >> >> Mike >> >>> -----Original Message----- >>> From: devel@edk2.groups.io On Behalf Of >> PierreGondois >>> Sent: Wednesday, June 29, 2022 12:19 PM >>> To: devel@edk2.groups.io >>> Cc: Sami Mujawar ; Leif Lindholm >> ; Ard Biesheuvel ; >>> Rebecca Cran ; Kinney, Michael D >> ; Gao, Liming ; Yao, >>> Jiewen ; Wang, Jian J >>> Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib >>> >>> From: Pierre Gondois >>> >>> Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971) >>> >>> Add support for a Deterministic Random Bits Generator (Drbg). The >>> specifications used are the following: >>> >>> - [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation >>> for Random Number Generation Using Deterministic Random Bit >> Generators. >>> (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final) >>> - [2] NIST Special Publication 800-90B, Recommendation for the Entropy >>> Sources Used for Random Bit Generation. >>> (https://csrc.nist.gov/publications/detail/sp/800-90b/final) >>> - [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for >>> Random Bit Generator (RBG) Constructions. >>> (https://csrc.nist.gov/publications/detail/sp/800-90c/draft) >>> - [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020, >>> Recommendation for Key Management:Part 1 - General. >>> >>> The test vectors available in the CTR_DRBG_AES256 sections of >>> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and- >> Guidelines/documents/examples/CTR_DRBG_noDF.pdf >>> were used for validation. >>> >>> This patch-set can seen at: >>> https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1 >>> >>> This patch has the following dependency: >>> - [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface >>> https://edk2.groups.io/g/devel/message/90845 >>> - [PATCH v1 0/7] Add AesLib and ArmAesLib >>> https://edk2.groups.io/g/devel/message/90878 >>> >>> Pierre Gondois (9): >>> MdePkg/DrbgLib: Drbg library interface definition >>> MdePkg/DrbgLib: Add NULL instance of Drbg Library >>> MdePkg/DrbgLib: Add BitStream implementation >>> MdePkg/DrbgLib: Add Get_entropy_input() implementation >>> MdePkg/DrbgLib: Add common wrappers >>> MdePkg/DrbgLib: Add Ctr Drbg mechanism functions >>> MdePkg/DrbgLib: Add Drbg mechanism functions and module >>> ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe >>> SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm >>> >>> ArmVirtPkg/ArmVirtKvmTool.dsc | 2 + >>> MdePkg/Include/Library/DrbgLib.h | 172 +++ >>> MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++ >>> MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++ >>> MdePkg/Library/DrbgLib/Common.c | 249 ++++ >>> MdePkg/Library/DrbgLib/Common.h | 74 ++ >>> MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++ >>> MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++ >>> MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++ >>> MdePkg/Library/DrbgLib/DrbgLib.inf | 39 + >>> MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++ >>> MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++ >>> MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 + >>> MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++ >>> MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 + >>> MdePkg/MdePkg.dec | 4 + >>> MdePkg/MdePkg.dsc | 2 + >>> .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +- >>> .../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 + >>> SecurityPkg/SecurityPkg.dsc | 2 + >>> 20 files changed, 4342 insertions(+), 1 deletion(-) >>> create mode 100644 MdePkg/Include/Library/DrbgLib.h >>> create mode 100644 MdePkg/Library/DrbgLib/BitStream.c >>> create mode 100644 MdePkg/Library/DrbgLib/BitStream.h >>> create mode 100644 MdePkg/Library/DrbgLib/Common.c >>> create mode 100644 MdePkg/Library/DrbgLib/Common.h >>> create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c >>> create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h >>> create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c >>> create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf >>> create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h >>> create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c >>> create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h >>> create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c >>> create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf >>> >>> -- >>> 2.25.1 >>> >>> >>> >>> -=-=-=-=-=-= >>> Groups.io Links: You receive all messages sent to this group. >>> View/Reply Online (#90898): https://edk2.groups.io/g/devel/message/90898 >>> Mute This Topic: https://groups.io/mt/92072283/1643496 >>> Group Owner: devel+owner@edk2.groups.io >>> Unsubscribe: https://edk2.groups.io/g/devel/unsub >> [michael.d.kinney@intel.com] >>> -=-=-=-=-=-= >>> >