From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.web12.313.1573839319227903302 for ; Fri, 15 Nov 2019 09:35:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=SWHSg568; spf=pass (domain: linaro.org, ip: 209.85.128.46, mailfrom: ard.biesheuvel@linaro.org) Received: by mail-wm1-f46.google.com with SMTP id c22so11303428wmd.1 for ; Fri, 15 Nov 2019 09:35:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ScyEHgdpcOFqCvxc0hqZffMum47wl5YExyCqqVPd8cM=; b=SWHSg568O61b3rq40jzZQcaDi7abewMVvvUnleeArP//CMZsFll9DzEn8I6MTnFM3N yI/gDDDlWLaxe1OuaRJc/BlfKnhDAt/KvhMik0/0UhGYL0ySoArfeTELWiYZl4zqMBwH THhKoQYFxKuMuwrwWXzhakx4f1hJlR8llOdnLv4TaYzIJ6Q4KPWAZzw1qsqvT/7/z0gE aPJ2svwI/b4WuxGjQlzearhRpwSJJnTxhPO/iLHsID7SIY07HYuetpDWDgjKDCT7oO/J F/c8ExF51BP2djiDHygclnR/0+xRF1xZl3apcj7drJp7OXsZTzzg1nCDNMbZrYXRh/Ft AJhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ScyEHgdpcOFqCvxc0hqZffMum47wl5YExyCqqVPd8cM=; b=csEDfp1fquzrSVjODzNgloaExWqgsk+18T30wN5RCdBw+hqBWei/MyCf8+SKh5K65L hDcdAcZOHIZzjWTqDpA+YMHanojZxjzTdTyUrKvZmYiJo6Sj8dQcWsKEOFuon5yMUt64 eRYLFRSRsn/4CaW8jJmdzXHumwIzXkuFefgW5K910MBZ1Rmii1p8ChfPImkkwRUxVDft KmwU16Sanvg0kY/28hVTuLU7FAfSH7E1jEU3gc4pZbANHgJ20g171BSJS1p25nRP8Ets qIeq7dNwn4b2v+N3+KEYi5zjY4NPN4RQ1HbRm5RLMmqTulny2sLpXl/7Gf4Rt7eKaRMZ JPhw== X-Gm-Message-State: APjAAAW89/OPHVE5GuJf5EJanbXiZ4yS02ReiuRsdpipDM4OsfH2ABvK GiTApYvSjtvhb6Fx2CLgbHC3tzH0JNaCyLCLMWemwQ== X-Google-Smtp-Source: APXvYqx619/+Bg3N2DQGT5q4vOh61ZKo/GdxN1rDVtiCSTJiIrZh1GoBSQQvib556Buiz+DLhrDlVfJcgcvQH/+4H8s= X-Received: by 2002:a7b:c392:: with SMTP id s18mr14477752wmj.61.1573839317591; Fri, 15 Nov 2019 09:35:17 -0800 (PST) MIME-Version: 1.0 References: <20191114021743.3876-1-jian.j.wang@intel.com> <20191114021743.3876-6-jian.j.wang@intel.com> In-Reply-To: From: "Ard Biesheuvel" Date: Fri, 15 Nov 2019 17:35:09 +0000 Message-ID: Subject: Re: [edk2-devel] [PATCH 05/11] SecurityPkg/RngLibRdSeed: add an instance of RngLib to make use rdseed To: "Kinney, Michael D" Cc: edk2-devel-groups-io , "Wang, Jian J" , "Yao, Jiewen" , "Zhang, Chao B" , "Gao, Liming" , "Ni, Ray" Content-Type: text/plain; charset="UTF-8" On Fri, 15 Nov 2019 at 17:21, Kinney, Michael D wrote: > > Hi Ard, > > What would you recommend as way to provide these different > types of services? Some more new lib classes and instances? > Basically, yes. RngLib could be backed by RDRAND, or by a fully generic DRBG implementation which depends on EntropySourceLib. EntropySourceLib could be backed by RDSEED, by another arch-specific method, or [assuming we can prove it works] a generic jitter entropy library. BlockEncryptionIvLib could be implemented using a counter and a CRC library, or backed by RngLib, depending on the execution context. For DXE phase, I think it would actually make sense to have a single driver consuming EntropySourceLib and implementing the DRBG, and then expose that via a EDK2 specific protocol that is consumed by DxeRngLib. For the x86 implementation of EFI_RNG_PROTOCOL, which currently has some dreadful code to harvest entropy from RDRAND, we could actually instantiate in different ways (and expose varying subsets of the GUIDed DRBG flavours) depending on whether it has a working RngLib only, or has a working EntropySourceLib as well. > > -----Original Message----- > > From: Ard Biesheuvel > > Sent: Friday, November 15, 2019 5:29 AM > > To: edk2-devel-groups-io ; Wang, > > Jian J > > Cc: Kinney, Michael D ; > > Yao, Jiewen ; Zhang, Chao B > > ; Gao, Liming > > ; Ni, Ray > > Subject: Re: [edk2-devel] [PATCH 05/11] > > SecurityPkg/RngLibRdSeed: add an instance of RngLib to > > make use rdseed > > > > On Thu, 14 Nov 2019 at 04:39, Wang, Jian J > > wrote: > > > > > > Mike, > > > > > > I figured that rdseed is only needed in cases > > demanding highest > > > entropy, like seeding other pseudo-RNG. It's not for > > general purpose randomness. > > > Then I put it in SecurityPkg. But I'm ok to put it > > into MdePkg. I have > > > no strong opinion for this. > > > > > > > I think it is a bad idea to use the same library > > abstraction [RngLib] for exposing > > a) entropy sources used for seeding deterministic > > random number generators > > b) deterministic random number generators themselves > > c) low entropy pseudo-RNGs based on timestamp counters, > > etc > > > > given that the use cases don't usually overlap. I.e., > > only a DRBG implementation requires a), and exports > > RngLib itself based on that. > > Use cases that can tolerate c) [like IV generators for > > block encryption] are typically disjoint from ones that > > require b) [for key generation]. The idea that you can > > use RngLib for all of them, and plug arbitrary > > instantiations of it into each is misguided IMHO. > > > > > > > > > > -----Original Message----- > > > > From: Kinney, Michael D > > > > > > Sent: Thursday, November 14, 2019 12:25 PM > > > > To: devel@edk2.groups.io; Wang, Jian J > > ; > > > > Kinney, Michael D > > > > Cc: Yao, Jiewen ; Zhang, Chao > > B > > > > ; Gao, Liming > > ; Ni, > > > > Ray > > > > Subject: RE: [edk2-devel] [PATCH 05/11] > > SecurityPkg/RngLibRdSeed: > > > > add an instance of RngLib to make use rdseed > > > > > > > > Jian, > > > > > > > > Why is this lib instance in the SecurityPkg? It > > only depends on the > > > > MdePkg. Can't non security feature related modules > > that want to a > > > > random number use this lib without using the > > SecurityPkg? Could > > > > this lib instance be added to MdePkg? > > > > > > > > Thanks, > > > > > > > > Mike > > > > > > > > > -----Original Message----- > > > > > From: devel@edk2.groups.io > > On Behalf Of > > > > > Wang, Jian J > > > > > Sent: Wednesday, November 13, 2019 6:18 PM > > > > > To: devel@edk2.groups.io > > > > > Cc: Yao, Jiewen ; Zhang, > > Chao B > > > > > ; Kinney, Michael D > > > > > ; Gao, Liming > > ; > > > > > Ni, Ray > > > > > Subject: [edk2-devel] [PATCH 05/11] > > > > > SecurityPkg/RngLibRdSeed: add an instance of > > RngLib to make use > > > > > rdseed > > > > > > > > > > This version of RngLib makes use of AsmRdSeed to > > get > > > > > non-deterministic random number, which can be > > used for seeding > > > > > other software DRNG like rand interface in > > openssl. It can be used > > > > > only on IA32/X64 processors which supports rdseed > > instruction. > > > > > > > > > > Ref: > > > > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > > > > Cc: Jiewen Yao > > > > > Cc: Chao Zhang > > > > > Cc: Michael D Kinney > > > > > Cc: Liming Gao > > > > > Cc: Ray Ni > > > > > Signed-off-by: Jian J Wang > > > > > > > --- > > > > > .../RngLibRdSeed/RngLibRdSeed.inf | > > 37 > > > > > ++++ > > > > > .../RngLibRdSeed/RngLibRdSeed.uni | > > 18 ++ > > > > > .../RngLibRdSeed/RngRdSeed.c | > > 189 > > > > > ++++++++++++++++++ > > > > > 3 files changed, 244 insertions(+) create mode > > 100644 > > > > > > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > > > > > Seed.inf > > > > > create mode 100644 > > > > > > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > > > > > Seed.uni > > > > > create mode 100644 > > > > > > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSee > > > > > d.c > > > > > > > > > > diff --git > > > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > > RdSeed.inf > > > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > > RdSeed.inf > > > > > new file mode 100644 > > > > > index 0000000000..8162408775 > > > > > --- /dev/null > > > > > +++ > > > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > > RdSeed.inf > > > > > @@ -0,0 +1,37 @@ > > > > > +## @file > > > > > +# Instance of RNG (Random Number Generator) > > Library. > > > > > +# > > > > > +# Rng RdSeed Library that uses CPU RdSeed > > instruction > > > > > access to > > > > > +provide # non-deterministic random number which > > can > > > > > be used as seed > > > > > +for other # software deterministic RNGs. > > > > > +# > > > > > +# Copyright (c) 2019, Intel Corporation. All > > rights > > > > > reserved.
# # > > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # # > > ## > > > > > + > > > > > +[Defines] > > > > > + INF_VERSION = 0x00010029 > > > > > + BASE_NAME = RngLibRdSeed > > > > > + MODULE_UNI_FILE = > > RngLibRdSeed.uni > > > > > + FILE_GUID = 8B613B2E- > > B944-40F9- > > > > > B979-1B60D7CAA73C > > > > > + MODULE_TYPE = BASE > > > > > + VERSION_STRING = 1.0 > > > > > + LIBRARY_CLASS = RngLib > > > > > + CONSTRUCTOR = > > > > > RngLibRdSeedConstructor > > > > > + > > > > > +# > > > > > +# VALID_ARCHITECTURES = IA32 X64 > > > > > +# > > > > > + > > > > > +[Sources.Ia32, Sources.X64] > > > > > + RngRdSeed.c > > > > > + > > > > > +[Packages] > > > > > + MdePkg/MdePkg.dec > > > > > + > > > > > +[LibraryClasses] > > > > > + BaseLib > > > > > + DebugLib > > > > > diff --git > > > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > > RdSeed.uni > > > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > > RdSeed.uni > > > > > new file mode 100644 > > > > > index 0000000000..051a3019bc > > > > > --- /dev/null > > > > > +++ > > > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > > RdSeed.uni > > > > > @@ -0,0 +1,18 @@ > > > > > +// /** @file > > > > > +// Instance of RNG (Random Number Generator) > > Library. > > > > > +// > > > > > +// Rng RdSeed Library that uses CPU RdSeed > > instruction > > > > > access to > > > > > +provide // non-deterministic random number which > > can > > > > > be used as seed > > > > > +for other // software deterministic RNGs. > > > > > +// > > > > > +// Copyright (c) 2019, Intel Corporation. All > > rights > > > > > reserved.
// > > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > // // > > > > > **/ > > > > > + > > > > > + > > > > > +#string STR_MODULE_ABSTRACT > > #language en- > > > > > US "Instance of RNG Library" > > > > > + > > > > > +#string STR_MODULE_DESCRIPTION > > #language en- > > > > > US "RngRdSeed Library that uses CPU RdSeed > > instruction access to > > > > > provide non-deterministic random numbers." > > > > > + > > > > > diff --git > > > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdS > > > > > eed.c > > > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdS > > > > > eed.c > > > > > new file mode 100644 > > > > > index 0000000000..0036faa050 > > > > > --- /dev/null > > > > > +++ > > > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdS > > > > > eed.c > > > > > @@ -0,0 +1,189 @@ > > > > > +/** @file > > > > > + Random number generator services that uses > > RdSeed > > > > > instruction access > > > > > + to provide non-deterministic random numbers, > > which > > > > > are usually used > > > > > + for seeding other pseudo-random number > > generators. > > > > > + > > > > > +Copyright (c) 2019, Intel Corporation. All > > rights > > > > > reserved.
> > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > + > > > > > +**/ > > > > > + > > > > > +#include > > > > > +#include > > > > > +#include > > > > > + > > > > > +// > > > > > +// Bit mask used to determine if RdSeed > > instruction is > > > > > supported. > > > > > +// > > > > > +#define RDSEED_MASK BIT18 > > > > > + > > > > > +// > > > > > +// Limited retry number when valid random data > > is > > > > > returned. > > > > > +// It varies between 1 and 100 according to > > "Intel(R) > > > > > DRGN Software > > > > > +Implementation // Guide". Let's use the same > > value as > > > > > RDRAND in BaseRngLib. > > > > > +// > > > > > +#define RDSEED_RETRY_LIMIT 10 > > > > > + > > > > > +/** > > > > > + The constructor function checks whether or not > > > > > RDSEED instruction is > > > > > +supported > > > > > + by the host hardware. > > > > > + > > > > > + The constructor function checks whether or not > > > > > RDSEED instruction is supported. > > > > > + It will ASSERT() if RDSEED instruction is not > > > > > supported. > > > > > + > > > > > + @retval RETURN_SUCCESS The processor > > supports > > > > > RDSEED instruction. > > > > > + @retval RETURN_UNSUPPORTED RDSEED instruction > > is > > > > > not supported. > > > > > + > > > > > +**/ > > > > > +RETURN_STATUS > > > > > +EFIAPI > > > > > +RngLibRdSeedConstructor ( > > > > > + VOID > > > > > + ) > > > > > +{ > > > > > + UINT32 RegEbx; > > > > > + > > > > > + // > > > > > + // Determine RDSEED support by examining bit > > 18 of > > > > > the EBX register > > > > > + returned by // CPUID(EAX=7, ECX=0). BIT18 of > > EBX > > > > > indicates that > > > > > + processor support RDSEED // instruction. > > > > > + // > > > > > + AsmCpuidEx (7, 0, NULL, &RegEbx, NULL, NULL); > > if > > > > > ((RegEbx & > > > > > + RDSEED_MASK) != RDSEED_MASK) { > > > > > + ASSERT ((RegEbx & RDSEED_MASK) == > > RDSEED_MASK); > > > > > + return RETURN_UNSUPPORTED; > > > > > + } > > > > > + > > > > > + return RETURN_SUCCESS; > > > > > +} > > > > > + > > > > > +/** > > > > > + Generates a 16-bit random number. > > > > > + > > > > > + if Rand is NULL, then ASSERT(). > > > > > + > > > > > + @param[out] Rand Buffer pointer to store > > the 16- > > > > > bit random value. > > > > > + > > > > > + @retval TRUE Random number generated > > > > > successfully. > > > > > + @retval FALSE Failed to generate the > > random > > > > > number. > > > > > + > > > > > +**/ > > > > > +BOOLEAN > > > > > +EFIAPI > > > > > +GetRandomNumber16 ( > > > > > + OUT UINT16 *Rand > > > > > + ) > > > > > +{ > > > > > + UINT32 Index; > > > > > + > > > > > + ASSERT (Rand != NULL); > > > > > + > > > > > + // > > > > > + // A loop to fetch a 16 bit random value with > > a > > > > > retry count limit. > > > > > + // > > > > > + for (Index = 0; Index < RDSEED_RETRY_LIMIT; > > Index++) > > > > > { > > > > > + if (AsmRdSeed16 (Rand)) { > > > > > + return TRUE; > > > > > + } > > > > > + } > > > > > + > > > > > + return FALSE; > > > > > +} > > > > > + > > > > > +/** > > > > > + Generates a 32-bit random number. > > > > > + > > > > > + if Rand is NULL, then ASSERT(). > > > > > + > > > > > + @param[out] Rand Buffer pointer to store > > the 32- > > > > > bit random value. > > > > > + > > > > > + @retval TRUE Random number generated > > > > > successfully. > > > > > + @retval FALSE Failed to generate the > > random > > > > > number. > > > > > + > > > > > +**/ > > > > > +BOOLEAN > > > > > +EFIAPI > > > > > +GetRandomNumber32 ( > > > > > + OUT UINT32 *Rand > > > > > + ) > > > > > +{ > > > > > + UINT32 Index; > > > > > + > > > > > + ASSERT (Rand != NULL); > > > > > + > > > > > + // > > > > > + // A loop to fetch a 32 bit random value with > > a > > > > > retry count limit. > > > > > + // > > > > > + for (Index = 0; Index < RDSEED_RETRY_LIMIT; > > Index++) > > > > > { > > > > > + if (AsmRdSeed32 (Rand)) { > > > > > + return TRUE; > > > > > + } > > > > > + } > > > > > + > > > > > + return FALSE; > > > > > +} > > > > > + > > > > > +/** > > > > > + Generates a 64-bit random number. > > > > > + > > > > > + if Rand is NULL, then ASSERT(). > > > > > + > > > > > + @param[out] Rand Buffer pointer to store > > the 64- > > > > > bit random value. > > > > > + > > > > > + @retval TRUE Random number generated > > > > > successfully. > > > > > + @retval FALSE Failed to generate the > > random > > > > > number. > > > > > + > > > > > +**/ > > > > > +BOOLEAN > > > > > +EFIAPI > > > > > +GetRandomNumber64 ( > > > > > + OUT UINT64 *Rand > > > > > + ) > > > > > +{ > > > > > + UINT32 Index; > > > > > + > > > > > + ASSERT (Rand != NULL); > > > > > + > > > > > + // > > > > > + // A loop to fetch a 64 bit random value with > > a > > > > > retry count limit. > > > > > + // > > > > > + for (Index = 0; Index < RDSEED_RETRY_LIMIT; > > Index++) > > > > > { > > > > > + if (AsmRdSeed64 (Rand)) { > > > > > + return TRUE; > > > > > + } > > > > > + } > > > > > + > > > > > + return FALSE; > > > > > +} > > > > > + > > > > > +/** > > > > > + Generates a 128-bit random number. > > > > > + > > > > > + if Rand is NULL, then ASSERT(). > > > > > + > > > > > + @param[out] Rand Buffer pointer to store > > the > > > > > 128-bit random value. > > > > > + > > > > > + @retval TRUE Random number generated > > > > > successfully. > > > > > + @retval FALSE Failed to generate the > > random > > > > > number. > > > > > + > > > > > +**/ > > > > > +BOOLEAN > > > > > +EFIAPI > > > > > +GetRandomNumber128 ( > > > > > + OUT UINT64 *Rand > > > > > + ) > > > > > +{ > > > > > + ASSERT (Rand != NULL); > > > > > + > > > > > + // > > > > > + // Read first 64 bits > > > > > + // > > > > > + if (!GetRandomNumber64 (Rand)) { > > > > > + return FALSE; > > > > > + } > > > > > + > > > > > + // > > > > > + // Read second 64 bits > > > > > + // > > > > > + return GetRandomNumber64 (++Rand); } > > > > > -- > > > > > 2.17.1.windows.2 > > > > > > > > > > > > > > > > > > > > > > > > > > >