robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[rng] Add dummy entropy source 

Cryptographic random number generation requires an entropy source,
which is used as the input to a Deterministic Random Bit Generator
(DRBG).

iPXE does not currently have a suitable entropy source.  Provide a
dummy source to allow the DRBG code to be implemented.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 years ago
parent
9ec80a3df1
commit
fcc35bf487
2 changed files with 138 additions and 0 deletions
Split View Show Diff Stats
  1. 48
    0
      src/crypto/entropy.c
  2. 90
    0
      src/include/ipxe/entropy.h

+ 48
- 0
src/crypto/entropy.c View File 

@@ -0,0 +1,48 @@
1 
+/*
2 
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 
+ *
4 
+ * This program is free software; you can redistribute it and/or
5 
+ * modify it under the terms of the GNU General Public License as
6 
+ * published by the Free Software Foundation; either version 2 of the
7 
+ * License, or any later version.
8 
+ *
9 
+ * This program is distributed in the hope that it will be useful, but
10 
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11 
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 
+ * General Public License for more details.
13 
+ *
14 
+ * You should have received a copy of the GNU General Public License
15 
+ * along with this program; if not, write to the Free Software
16 
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 
+ */
18 
+
19 
+FILE_LICENCE ( GPL2_OR_LATER );
20 
+
21 
+/** @file
22 
+ *
23 
+ * Entropy source
24 
+ *
25 
+ */
26 
+
27 
+#include <string.h>
28 
+#include <ipxe/entropy.h>
29 
+
30 
+/**
31 
+ * Obtain entropy input
32 
+ *
33 
+ * @v entropy_bits	Minimum amount of entropy, in bits
34 
+ * @v data		Data buffer
35 
+ * @v min_len		Minimum length of entropy input, in bytes
36 
+ * @v max_len		Maximum length of entropy input, in bytes
37 
+ * @ret len		Length of entropy input, in bytes
38 
+ */
39 
+int get_entropy_input ( unsigned int entropy_bits, void *data, size_t min_len,
40 
+			size_t max_len ) {
41 
+
42 
+	/* Placeholder to allow remainder of RBG code to be tested */
43 
+	( void ) entropy_bits;
44 
+	( void ) min_len;
45 
+	memset ( data, 0x01, max_len );
46 
+
47 
+	return max_len;
48 
+}

+ 90
- 0
src/include/ipxe/entropy.h View File 

@@ -0,0 +1,90 @@
1 
+#ifndef _IPXE_ENTROPY_H
2 
+#define _IPXE_ENTROPY_H
3 
+
4 
+/** @file
5 
+ *
6 
+ * Entropy source
7 
+ *
8 
+ */
9 
+
10 
+FILE_LICENCE ( GPL2_OR_LATER );
11 
+
12 
+#include <stdint.h>
13 
+#include <assert.h>
14 
+
15 
+/** min-entropy per entropy sample
16 
+ *
17 
+ * min-entropy is defined in ANS X9.82 Part 1-2006 Section 8.3 and in
18 
+ * NIST SP 800-90 Appendix C.3 as
19 
+ *
20 
+ *    H_min = -log2 ( p_max )
21 
+ *
22 
+ * where p_max is the probability of the most likely sample value.
23 
+ */
24 
+#define MIN_ENTROPY_PER_SAMPLE 0.16
25 
+
26 
+/** Length of each entropy sample (in bits) */
27 
+#define ENTROPY_SAMPLE_LEN_BITS 12
28 
+
29 
+/**
30 
+ * Calculate entropy buffer size
31 
+ *
32 
+ * @v entropy_bits	Amount of entropy required, in bits
33 
+ * @v min_len		Minimum buffer size, in bytes
34 
+ * @v max_len		Maximum buffer size, in bytes
35 
+ * @ret len		Buffer size, in bytes
36 
+ */
37 
+static inline __attribute__ (( const, always_inline )) size_t
38 
+entropy_bufsize ( unsigned int entropy_bits, size_t min_len, size_t max_len ) {
39 
+	unsigned int min_len_bits;
40 
+	double min_samples;
41 
+	double samples;
42 
+	unsigned int samples_int;
43 
+	unsigned int len_bits;
44 
+	size_t len;
45 
+
46 
+	/* Sanity check */
47 
+	linker_assert ( MIN_ENTROPY_PER_SAMPLE <= ENTROPY_SAMPLE_LEN_BITS,
48 
+			min_entropy_per_sample_is_impossibly_high );
49 
+
50 
+	/* Calculate number of samples required to contain sufficient entropy */
51 
+	samples = ( ( entropy_bits * 1.0 ) / MIN_ENTROPY_PER_SAMPLE );
52 
+
53 
+	/* Increase to minimum length if necessary */
54 
+	min_len_bits = ( min_len * 8 );
55 
+	min_samples = ( ( min_len_bits * 1.0 ) / ENTROPY_SAMPLE_LEN_BITS );
56 
+	if ( samples < min_samples )
57 
+		samples = min_samples;
58 
+
59 
+	/* Round up to a whole number of samples.  We don't have the
60 
+	 * ceil() function available, so do the rounding by hand.
61 
+	 */
62 
+	samples_int = samples;
63 
+	if ( samples_int < samples )
64 
+		samples_int++;
65 
+	assert ( samples_int >= samples );
66 
+
67 
+	/* Calculate buffer length in bits */
68 
+	len_bits = ( samples_int * ENTROPY_SAMPLE_LEN_BITS );
69 
+
70 
+	/* Calculate buffer length in bytes (rounding up) */
71 
+	len = ( ( len_bits + 7 ) / 8 );
72 
+
73 
+	/* Check that buffer is within allowed lengths */
74 
+	linker_assert ( len >= min_len, entropy_bufsize_too_short );
75 
+	linker_assert ( len <= max_len, entropy_bufsize_too_long );
76 
+
77 
+	/* Floating-point operations are not allowed in iPXE since we
78 
+	 * never set up a suitable environment.  Abort the build
79 
+	 * unless the calculated length is a compile-time constant.
80 
+	 */
81 
+	linker_assert ( __builtin_constant_p ( len ),
82 
+			entropy_bufsize_not_constant );
83 
+
84 
+	return len;
85 
+}
86 
+
87 
+extern int get_entropy_input ( unsigned int entropy_bits, void *data,
88 
+			       size_t min_len, size_t max_len );
89 
+
90 
+#endif /* _IPXE_ENTROPY_H */

Write Preview
Loading…
Cancel
Save