Browse Source

[rng] Add ANS X9.82 RBG wrapper functions

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 13 years ago
parent
commit
4e0effc6ad
2 changed files with 157 additions and 0 deletions
  1. 114
    0
      src/crypto/rbg.c
  2. 43
    0
      src/include/ipxe/rbg.h

+ 114
- 0
src/crypto/rbg.c View File

1
+/*
2
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17
+ */
18
+
19
+FILE_LICENCE ( GPL2_OR_LATER );
20
+
21
+/** @file
22
+ *
23
+ * RBG mechanism
24
+ *
25
+ * This mechanism is designed to comply with ANS X9.82 Part 4 (April
26
+ * 2011 Draft) Section 10.  This standard is unfortunately not freely
27
+ * available.
28
+ *
29
+ * The chosen RBG design is that of a DRBG with a live entropy source
30
+ * with no conditioning function.  Only a single security strength is
31
+ * supported.  No seedfile is used since there may be no non-volatile
32
+ * storage available.  The system UUID is used as the personalisation
33
+ * string.
34
+ */
35
+
36
+#include <stdint.h>
37
+#include <string.h>
38
+#include <ipxe/init.h>
39
+#include <ipxe/settings.h>
40
+#include <ipxe/uuid.h>
41
+#include <ipxe/crypto.h>
42
+#include <ipxe/drbg.h>
43
+#include <ipxe/rbg.h>
44
+
45
+/** The RBG */
46
+struct random_bit_generator rbg;
47
+
48
+/**
49
+ * Start up RBG
50
+ *
51
+ * @ret rc		Return status code
52
+ *
53
+ * This is the RBG_Startup function defined in ANS X9.82 Part 4 (April
54
+ * 2011 Draft) Section 9.1.2.2.
55
+ */
56
+static int rbg_startup ( void ) {
57
+	union uuid uuid;
58
+	int len;
59
+	int rc;
60
+
61
+	/* Try to obtain system UUID for use as personalisation
62
+	 * string, in accordance with ANS X9.82 Part 3-2007 Section
63
+	 * 8.5.2.  If no UUID is available, proceed without a
64
+	 * personalisation string.
65
+	 */
66
+	if ( ( len = fetch_uuid_setting ( NULL, &uuid_setting, &uuid ) ) < 0 ) {
67
+		rc = len;
68
+		DBGC ( &rbg, "RBG could not fetch personalisation string: "
69
+		       "%s\n", strerror ( rc ) );
70
+		len = 0;
71
+	}
72
+
73
+	/* Instantiate DRBG */
74
+	if ( ( rc = drbg_instantiate ( &rbg.state, &uuid, len ) ) != 0 ) {
75
+		DBGC ( &rbg, "RBG could not instantiate DRBG: %s\n",
76
+		       strerror ( rc ) );
77
+		return rc;
78
+	}
79
+
80
+	return 0;
81
+}
82
+
83
+/**
84
+ * Shut down RBG
85
+ *
86
+ */
87
+static void rbg_shutdown ( void ) {
88
+
89
+	/* Uninstantiate DRBG */
90
+	drbg_uninstantiate ( &rbg.state );
91
+}
92
+
93
+/** RBG startup function */
94
+static void rbg_startup_fn ( void ) {
95
+
96
+	/* Start up RBG.  There is no way to report an error at this
97
+	 * stage, but a failed startup will result in an invalid DRBG
98
+	 * that refuses to generate bits.
99
+	 */
100
+	rbg_startup();
101
+}
102
+
103
+/** RBG shutdown function */
104
+static void rbg_shutdown_fn ( int booting __unused ) {
105
+
106
+	/* Shut down RBG */
107
+	rbg_shutdown();
108
+}
109
+
110
+/** RBG startup table entry */
111
+struct startup_fn startup_rbg __startup_fn ( STARTUP_NORMAL ) = {
112
+	.startup = rbg_startup_fn,
113
+	.shutdown = rbg_shutdown_fn,
114
+};

+ 43
- 0
src/include/ipxe/rbg.h View File

1
+#ifndef _IPXE_RBG_H
2
+#define _IPXE_RBG_H
3
+
4
+/** @file
5
+ *
6
+ * RBG mechanism
7
+ *
8
+ */
9
+
10
+FILE_LICENCE ( GPL2_OR_LATER );
11
+
12
+#include <stdint.h>
13
+#include <ipxe/drbg.h>
14
+
15
+/** An RBG */
16
+struct random_bit_generator {
17
+	/** DRBG state */
18
+	struct drbg_state state;
19
+};
20
+
21
+extern struct random_bit_generator rbg;
22
+
23
+/**
24
+ * Generate bits using RBG
25
+ *
26
+ * @v additional	Additional input
27
+ * @v additional_len	Length of additional input
28
+ * @v prediction_resist	Prediction resistance is required
29
+ * @v data		Output buffer
30
+ * @v len		Length of output buffer
31
+ * @ret rc		Return status code
32
+ *
33
+ * This is the RBG_Generate function defined in ANS X9.82 Part 4
34
+ * (April 2011 Draft) Section 9.1.2.2.
35
+ */
36
+static inline int rbg_generate ( const void *additional, size_t additional_len,
37
+				 int prediction_resist, void *data,
38
+				 size_t len ) {
39
+	return drbg_generate ( &rbg.state, additional, additional_len,
40
+			       prediction_resist, data, len );
41
+}
42
+
43
+#endif /* _IPXE_RBG_H */

Loading…
Cancel
Save