[rng] Add ANS X9.82 RBG wrapper functions

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/rbg.c

@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+/** @file
+ *
+ * RBG mechanism
+ *
+ * This mechanism is designed to comply with ANS X9.82 Part 4 (April
+ * 2011 Draft) Section 10.  This standard is unfortunately not freely
+ * available.
+ *
+ * The chosen RBG design is that of a DRBG with a live entropy source
+ * with no conditioning function.  Only a single security strength is
+ * supported.  No seedfile is used since there may be no non-volatile
+ * storage available.  The system UUID is used as the personalisation
+ * string.
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <ipxe/init.h>
+#include <ipxe/settings.h>
+#include <ipxe/uuid.h>
+#include <ipxe/crypto.h>
+#include <ipxe/drbg.h>
+#include <ipxe/rbg.h>
+
+/** The RBG */
+struct random_bit_generator rbg;
+
+/**
+ * Start up RBG
+ *
+ * @ret rc		Return status code
+ *
+ * This is the RBG_Startup function defined in ANS X9.82 Part 4 (April
+ * 2011 Draft) Section 9.1.2.2.
+ */
+static int rbg_startup ( void ) {
+	union uuid uuid;
+	int len;
+	int rc;
+
+	/* Try to obtain system UUID for use as personalisation
+	 * string, in accordance with ANS X9.82 Part 3-2007 Section
+	 * 8.5.2.  If no UUID is available, proceed without a
+	 * personalisation string.
+	 */
+	if ( ( len = fetch_uuid_setting ( NULL, &uuid_setting, &uuid ) ) < 0 ) {
+		rc = len;
+		DBGC ( &rbg, "RBG could not fetch personalisation string: "
+		       "%s\n", strerror ( rc ) );
+		len = 0;
+	}
+
+	/* Instantiate DRBG */
+	if ( ( rc = drbg_instantiate ( &rbg.state, &uuid, len ) ) != 0 ) {
+		DBGC ( &rbg, "RBG could not instantiate DRBG: %s\n",
+		       strerror ( rc ) );
+		return rc;
+	}
+
+	return 0;
+}
+
+/**
+ * Shut down RBG
+ *
+ */
+static void rbg_shutdown ( void ) {
+
+	/* Uninstantiate DRBG */
+	drbg_uninstantiate ( &rbg.state );
+}
+
+/** RBG startup function */
+static void rbg_startup_fn ( void ) {
+
+	/* Start up RBG.  There is no way to report an error at this
+	 * stage, but a failed startup will result in an invalid DRBG
+	 * that refuses to generate bits.
+	 */
+	rbg_startup();
+}
+
+/** RBG shutdown function */
+static void rbg_shutdown_fn ( int booting __unused ) {
+
+	/* Shut down RBG */
+	rbg_shutdown();
+}
+
+/** RBG startup table entry */
+struct startup_fn startup_rbg __startup_fn ( STARTUP_NORMAL ) = {
+	.startup = rbg_startup_fn,
+	.shutdown = rbg_shutdown_fn,
+};

src/include/ipxe/rbg.h

@@ -0,0 +1,43 @@
+#ifndef _IPXE_RBG_H
+#define _IPXE_RBG_H
+
+/** @file
+ *
+ * RBG mechanism
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <stdint.h>
+#include <ipxe/drbg.h>
+
+/** An RBG */
+struct random_bit_generator {
+	/** DRBG state */
+	struct drbg_state state;
+};
+
+extern struct random_bit_generator rbg;
+
+/**
+ * Generate bits using RBG
+ *
+ * @v additional	Additional input
+ * @v additional_len	Length of additional input
+ * @v prediction_resist	Prediction resistance is required
+ * @v data		Output buffer
+ * @v len		Length of output buffer
+ * @ret rc		Return status code
+ *
+ * This is the RBG_Generate function defined in ANS X9.82 Part 4
+ * (April 2011 Draft) Section 9.1.2.2.
+ */
+static inline int rbg_generate ( const void *additional, size_t additional_len,
+				 int prediction_resist, void *data,
+				 size_t len ) {
+	return drbg_generate ( &rbg.state, additional, additional_len,
+			       prediction_resist, data, len );
+}
+
+#endif /* _IPXE_RBG_H */