From: "PierreGondois" <pierre.gondois@arm.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
Doug Flick <dougflick@microsoft.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Subject: Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
Date: Mon, 13 May 2024 17:53:18 +0200 [thread overview]
Message-ID: <a1171241-5678-4f5f-803d-73aad72909f7@arm.com> (raw)
In-Reply-To: <MW4PR11MB5872E62FE762D1275C9E0A5B8CE02@MW4PR11MB5872.namprd11.prod.outlook.com>
Hello,
The patch looks good to me:
Reviewed-by: Pierre Gondois <pierre.gondois@arm.com>
Regards,
Pierre
On 5/11/24 02:24, Yao, Jiewen wrote:
> Thanks to confirm that.
>
> I am OK on what you have said.
>
> Since the ARM part is added by Pierre Gondois pierre.gondois@arm.com <mailto:pierre.gondois@arm.com>, I will let him comment if there is any concern on the change for ARM.
>
> Thank you
>
> Yao, Jiewen
>
> *From:* Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
> *Sent:* Saturday, May 11, 2024 5:12 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> *Subject:* Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
>
> So, I'm trying to consult with some RNG experts because I'm by no means an expert and anything I say should be taken with huge grain of salt. When I get the experts take, I'll share it.
>
> Basically, the way I read this code is that it by no means tries to enforce any entropy requirement outside of what you ask for.
>
> My understanding is the 256 Bit Entropy requirements comes from when you are using a DRNG algorithm such as:
>
> |#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \|
>
> |{0xa7af67cb, 0x603b, 0x4d42,\|
>
> |{0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96}}|
>
> ||
>
> |#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \|
>
> |{0xc5149b43, 0xae85, 0x4f53,\|
>
> |{0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7}}|
>
> ||
>
> |#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \|
>
> |{0x44f0de6e, 0x4d8c, 0x4045, \|
>
> |{0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e}}|
>
> "When a Deterministic Random Bit Generator (DRBG) is used on the output of a (raw) entropy source, its security level must be at least 256 bits."
>
> https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol <https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol>
>
> That is, the seed of these algorithms must be at a minimum 256 bits from your entropy source.
>
> Now when you call for instance EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
>
> On an INTEL CPU it uses the Intel RDRAND Instruction
>
> https://github.com/tianocore/edk2/blob/4b6ee06a090d956f80b4a92fb9bf03098a372f39/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L108C45-L108C51 <https://github.com/tianocore/edk2/blob/4b6ee06a090d956f80b4a92fb9bf03098a372f39/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L108C45-L108C51>
>
> Which from what I can tell the generator takes pairs of 256-bit raw entropy samples generated by the hardware entropy source and applies them to an Advanced Encryption Standard (AES) (in CBC-MAC mode) conditioner which reduces them to a single 256-bit conditioned entropy sample.
>
> https://en.wikipedia.org/wiki/RDRAND <https://en.wikipedia.org/wiki/RDRAND>
>
> https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html <https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html>
>
> Which means, if you are implementing these algorithms in software, you must comply with the 256 bit entropy requirement for your source. However in our case the CPU is performing that requirement for us.
>
> Again I'm no expert. So if an expert is reading this and I'm completely wrong please let me know :)
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118869): https://edk2.groups.io/g/devel/message/118869
Mute This Topic: https://groups.io/mt/105996584/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-05-13 15:53 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 5:56 [edk2-devel] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 01/13] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-10 3:10 ` Ni, Ray
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 02/13] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-09 8:45 ` Ard Biesheuvel
2024-05-09 8:45 ` Ard Biesheuvel
2024-05-09 18:21 ` Doug Flick via groups.io
2024-05-10 0:54 ` 回复: " gaoliming via groups.io
2024-05-10 17:13 ` [edk2-devel] " Doug Flick via groups.io
2024-05-11 8:40 ` Ard Biesheuvel
2024-05-13 9:22 ` Gerd Hoffmann
2024-05-13 17:24 ` Ard Biesheuvel
2024-05-17 3:27 ` Doug Flick via groups.io
2024-05-17 7:27 ` Ard Biesheuvel
2024-05-17 9:48 ` Gerd Hoffmann
2024-05-24 3:02 ` 回复: " gaoliming via groups.io
2024-05-14 19:55 ` Pedro Falcato
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 04/13] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 05/13] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 06/13] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
2024-05-10 10:23 ` Yao, Jiewen
2024-05-10 21:12 ` Doug Flick via groups.io
2024-05-11 0:24 ` Yao, Jiewen
2024-05-13 15:53 ` PierreGondois [this message]
2024-05-11 8:26 ` Ard Biesheuvel
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
2024-05-13 14:30 ` Ard Biesheuvel
2024-05-15 19:14 ` Saloni Kasbekar
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 09/13] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
2024-05-15 21:38 ` Saloni Kasbekar
2024-05-21 19:28 ` Doug Flick via groups.io
2024-05-24 1:24 ` 回复: " gaoliming via groups.io
2024-05-24 4:23 ` Saloni Kasbekar
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 10/13] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 11/13] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 12/13] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 13/13] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
2024-05-24 4:24 ` Saloni Kasbekar
2024-05-09 9:40 ` 回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-09 18:26 ` [edk2-devel] " Doug Flick via groups.io
2024-05-15 0:41 ` 回复: " gaoliming via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1171241-5678-4f5f-803d-73aad72909f7@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox