From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web08.35569.1656664245985433200
 for <devel@edk2.groups.io>;
 Fri, 01 Jul 2022 01:30:46 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A33221042;
	Fri,  1 Jul 2022 01:30:45 -0700 (PDT)
Received: from [192.168.1.11] (unknown [172.31.20.19])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9D1823F792;
	Fri,  1 Jul 2022 01:30:43 -0700 (PDT)
Message-ID: <90ecfac7-6f27-2694-95d9-6a62f863899d@arm.com>
Date: Fri, 1 Jul 2022 10:30:14 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.9.1
Subject: Re: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
 "devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Sami Mujawar <sami.mujawar@arm.com>,
 Leif Lindholm <quic_llindhol@quicinc.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>, Rebecca Cran
 <rebecca@bsdio.com>, "Gao, Liming" <gaoliming@byosoft.com.cn>,
 "Yao, Jiewen" <jiewen.yao@intel.com>, "Wang, Jian J" <jian.j.wang@intel.com>
References: <20220629191848.2619317-1-Pierre.Gondois@arm.com>
 <CO1PR11MB4929FE970332DB8A35B5B0B8D2BA9@CO1PR11MB4929.namprd11.prod.outlook.com>
From: "PierreGondois" <pierre.gondois@arm.com>
In-Reply-To: <CO1PR11MB4929FE970332DB8A35B5B0B8D2BA9@CO1PR11MB4929.namprd11.prod.outlook.com>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Hello Mike,

On 6/30/22 02:15, Kinney, Michael D wrote:
> Hi Pierre,
> 
> Can you add to the Patch #0 Summary and the BZ the difference
> between the existing RngLib and this new DrbgLib?

There was a discussion in late 2020 about the DrbgLib at:
https://edk2.groups.io/g/devel/topic/78823009#71619

The relation between the RngLib and the DrbgLib is available
in slide 11 of:
https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf


I will the same details in the BZ.

> 
> Would you recommend one be implement on top of the other?

The DrbgLib requires to have a True Random Number Generator for
its entropy source, which I don't think the RngLib is guaranteed to be.
The DrbgLib should rely on a TrngLib instead.

> 
> Really glad to see test vectors were used to verify correctness.
> Can you consider adding formal unit tests using the UnitTestFrameworkPkg
> with those test vectors so a unit test failure would be generated if
> maintenance is performed in the future that changes the behavior?

Yes sure, I will add these tests to the UnitTestFrameworkPkg.

Regards,
Pierre

> 
> Thanks,
> 
> Mike
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of PierreGondois
>> Sent: Wednesday, June 29, 2022 12:19 PM
>> To: devel@edk2.groups.io
>> Cc: Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Rebecca Cran <rebecca@bsdio.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; Yao,
>> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
>> Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib
>>
>> From: Pierre Gondois <pierre.gondois@arm.com>
>>
>> Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)
>>
>> Add support for a Deterministic Random Bits Generator (Drbg). The
>> specifications used are the following:
>>
>> - [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
>> 	  for Random Number Generation Using Deterministic Random Bit Generators.
>> 	  (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
>> - [2] NIST Special Publication 800-90B, Recommendation for the Entropy
>> 	  Sources Used for Random Bit Generation.
>> 	  (https://csrc.nist.gov/publications/detail/sp/800-90b/final)
>> - [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
>> 	  Random Bit Generator (RBG) Constructions.
>> 	  (https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
>> - [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
>> 	  Recommendation for Key Management:Part 1 - General.
>>
>> The test vectors available in the CTR_DRBG_AES256 sections of
>> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_noDF.pdf
>> were used for validation.
>>
>> This patch-set can seen at:
>> https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1
>>
>> This patch has the following dependency:
>> - [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
>>    https://edk2.groups.io/g/devel/message/90845
>> - [PATCH v1 0/7] Add AesLib and ArmAesLib
>>    https://edk2.groups.io/g/devel/message/90878
>>
>> Pierre Gondois (9):
>>    MdePkg/DrbgLib: Drbg library interface definition
>>    MdePkg/DrbgLib: Add NULL instance of Drbg Library
>>    MdePkg/DrbgLib: Add BitStream implementation
>>    MdePkg/DrbgLib: Add Get_entropy_input() implementation
>>    MdePkg/DrbgLib: Add common wrappers
>>    MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
>>    MdePkg/DrbgLib: Add Drbg mechanism functions and module
>>    ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
>>    SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm
>>
>>   ArmVirtPkg/ArmVirtKvmTool.dsc                 |    2 +
>>   MdePkg/Include/Library/DrbgLib.h              |  172 +++
>>   MdePkg/Library/DrbgLib/BitStream.c            | 1114 +++++++++++++++++
>>   MdePkg/Library/DrbgLib/BitStream.h            |  366 ++++++
>>   MdePkg/Library/DrbgLib/Common.c               |  249 ++++
>>   MdePkg/Library/DrbgLib/Common.h               |   74 ++
>>   MdePkg/Library/DrbgLib/CtrDrbg.c              |  899 +++++++++++++
>>   MdePkg/Library/DrbgLib/CtrDrbg.h              |  100 ++
>>   MdePkg/Library/DrbgLib/DrbgLib.c              |  628 ++++++++++
>>   MdePkg/Library/DrbgLib/DrbgLib.inf            |   39 +
>>   MdePkg/Library/DrbgLib/DrbgLibInternal.h      |  310 +++++
>>   MdePkg/Library/DrbgLib/GetEntropyInput.c      |   72 ++
>>   MdePkg/Library/DrbgLib/GetEntropyInput.h      |   48 +
>>   MdePkg/Library/DrbgLibNull/DrbgLib.c          |  165 +++
>>   MdePkg/Library/DrbgLibNull/DrbgLibNull.inf    |   21 +
>>   MdePkg/MdePkg.dec                             |    4 +
>>   MdePkg/MdePkg.dsc                             |    2 +
>>   .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  |   75 +-
>>   .../RandomNumberGenerator/RngDxe/RngDxe.inf   |    1 +
>>   SecurityPkg/SecurityPkg.dsc                   |    2 +
>>   20 files changed, 4342 insertions(+), 1 deletion(-)
>>   create mode 100644 MdePkg/Include/Library/DrbgLib.h
>>   create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
>>   create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
>>   create mode 100644 MdePkg/Library/DrbgLib/Common.c
>>   create mode 100644 MdePkg/Library/DrbgLib/Common.h
>>   create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
>>   create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
>>   create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
>>   create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
>>   create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
>>   create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
>>   create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
>>   create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
>>   create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf
>>
>> --
>> 2.25.1
>>
>>
>>
>> -=-=-=-=-=-=
>> Groups.io Links: You receive all messages sent to this group.
>> View/Reply Online (#90898): https://edk2.groups.io/g/devel/message/90898
>> Mute This Topic: https://groups.io/mt/92072283/1643496
>> Group Owner: devel+owner@edk2.groups.io
>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney@intel.com]
>> -=-=-=-=-=-=
>>
>