[PATCH RESEND v1 0/9] Add DrbgLib


PierreGondois
 

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D3971=
)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendat=
ion
for Random Number Generation Using Deterministic Random Bit Generators=
.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Gui=
delines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib=20
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--=20
2.25.1


Michael D Kinney
 

Hi Pierre,

Can you add to the Patch #0 Summary and the BZ the difference
between the existing RngLib and this new DrbgLib?

Would you recommend one be implement on top of the other?

Really glad to see test vectors were used to verify correctness.
Can you consider adding formal unit tests using the UnitTestFrameworkPkg
with those test vectors so a unit test failure would be generated if
maintenance is performed in the future that changes the behavior?

Thanks,

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of PierreGondois
Sent: Wednesday, June 29, 2022 12:19 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm <quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Kinney, Michael D <michael.d.kinney@...>; Gao, Liming <gaoliming@...>; Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
for Random Number Generation Using Deterministic Random Bit Generators.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--
2.25.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90898): https://edk2.groups.io/g/devel/message/90898
Mute This Topic: https://groups.io/mt/92072283/1643496
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney@...]
-=-=-=-=-=-=


Yao, Jiewen
 

More question:
Please educate me how you plan to include DrbgLib to openssl?
Currently, it is using RngLib.
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/OpensslLib.inf#L634?

Thank you
Yao Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, June 30, 2022 8:16 AM
To: devel@edk2.groups.io; pierre.gondois@...; Kinney, Michael D
<michael.d.kinney@...>
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Gao, Liming
<gaoliming@...>; Yao, Jiewen <jiewen.yao@...>; Wang,
Jian J <jian.j.wang@...>
Subject: RE: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

Hi Pierre,

Can you add to the Patch #0 Summary and the BZ the difference
between the existing RngLib and this new DrbgLib?

Would you recommend one be implement on top of the other?

Really glad to see test vectors were used to verify correctness.
Can you consider adding formal unit tests using the UnitTestFrameworkPkg
with those test vectors so a unit test failure would be generated if
maintenance is performed in the future that changes the behavior?

Thanks,

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
PierreGondois
Sent: Wednesday, June 29, 2022 12:19 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Kinney, Michael D
<michael.d.kinney@...>; Gao, Liming <gaoliming@...>; Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
for Random Number Generation Using Deterministic Random Bit
Generators.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-
Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--
2.25.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90898): https://edk2.groups.io/g/devel/message/90898
Mute This Topic: https://groups.io/mt/92072283/1643496
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[michael.d.kinney@...]
-=-=-=-=-=-=


PierreGondois
 

Hello Mike,

On 6/30/22 02:15, Kinney, Michael D wrote:
Hi Pierre,
Can you add to the Patch #0 Summary and the BZ the difference
between the existing RngLib and this new DrbgLib?
There was a discussion in late 2020 about the DrbgLib at:
https://edk2.groups.io/g/devel/topic/78823009#71619

The relation between the RngLib and the DrbgLib is available
in slide 11 of:
https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf


I will the same details in the BZ.

Would you recommend one be implement on top of the other?
The DrbgLib requires to have a True Random Number Generator for
its entropy source, which I don't think the RngLib is guaranteed to be.
The DrbgLib should rely on a TrngLib instead.

Really glad to see test vectors were used to verify correctness.
Can you consider adding formal unit tests using the UnitTestFrameworkPkg
with those test vectors so a unit test failure would be generated if
maintenance is performed in the future that changes the behavior?
Yes sure, I will add these tests to the UnitTestFrameworkPkg.

Regards,
Pierre

Thanks,
Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of PierreGondois
Sent: Wednesday, June 29, 2022 12:19 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm <quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Kinney, Michael D <michael.d.kinney@...>; Gao, Liming <gaoliming@...>; Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
for Random Number Generation Using Deterministic Random Bit Generators.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--
2.25.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90898): https://edk2.groups.io/g/devel/message/90898
Mute This Topic: https://groups.io/mt/92072283/1643496
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney@...]
-=-=-=-=-=-=


PierreGondois
 

Hello Yao,
On 6/30/22 03:16, Yao, Jiewen wrote:
More question:
Please educate me how you plan to include DrbgLib to openssl?
Currently, it is using RngLib.
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/OpensslLib.inf#L634?
There was a discussion about the DrbgLib in late 2020 at:
https://edk2.groups.io/g/devel/topic/78823009#71619

The interraction between between all the libraries is described in slide 11 of:
https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf

The OpensslLib relies on the RngLib because of this function call:
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/rand_pool.c#L49
Based on the slide 11, it is possible to have a RngLib implementation
using the DrbgLib either through RngDxeLib or through a new
RngLib|RngDrbgLib.

Regards,
Pierre

Thank you
Yao Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, June 30, 2022 8:16 AM
To: devel@edk2.groups.io; pierre.gondois@...; Kinney, Michael D
<michael.d.kinney@...>
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Gao, Liming
<gaoliming@...>; Yao, Jiewen <jiewen.yao@...>; Wang,
Jian J <jian.j.wang@...>
Subject: RE: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

Hi Pierre,

Can you add to the Patch #0 Summary and the BZ the difference
between the existing RngLib and this new DrbgLib?

Would you recommend one be implement on top of the other?

Really glad to see test vectors were used to verify correctness.
Can you consider adding formal unit tests using the UnitTestFrameworkPkg
with those test vectors so a unit test failure would be generated if
maintenance is performed in the future that changes the behavior?

Thanks,

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
PierreGondois
Sent: Wednesday, June 29, 2022 12:19 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Kinney, Michael D
<michael.d.kinney@...>; Gao, Liming <gaoliming@...>; Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
for Random Number Generation Using Deterministic Random Bit
Generators.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-
Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--
2.25.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90898): https://edk2.groups.io/g/devel/message/90898
Mute This Topic: https://groups.io/mt/92072283/1643496
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[michael.d.kinney@...]
-=-=-=-=-=-=


Yao, Jiewen
 

Thanks for the PPT.

It is helpful for me to understand the background. Some questions and suggestions:

1) The PPT jumps from current status (page 7~9) to proposed updates (page 10~12) directly.
I am not sure what is the problem statement. Why we need do the new proposal?

2) Page 11 shows AesLib|AesNiInstructionLib (x64).
Is that something you want to do?
Since X64 already have RDSEED and RDRAND instruction, why this is needed for X64?

3) Page 11 shows AesLib|SoftAesLib.
Many AES software implementation is vulnerable to side channel attack.
Will side channel attack be under consideration?
What is security property you want to maintain with the AesLib API and SoftAesLib implementation?
Or this AesLib interface is only for DrbgLib?
What is the API design goal?

4) Page 11 shows that RngLib is still the only public interface.
My concern is that to introduce more RngLib related lib just confuses the consumer.

I already got lots of questions - "We have RngLib and CrytpoLib/RandomBytes(), which one I should use to generate 8 bytes random data?"

Introducing more lib instance means we will have more questions from consumers in the future, such as
A) We have RngLib, TrngLib, DrbgLib, which one I should use to get random data?
B) We have AesLib and CryptoLib/AesXXX() function, which one I should use to encrypt my data?

So far, I don’t see the immediate need for X64 platform, I would like to recommend put them to ArmPkg only.
As such, the generic consumer only knows the RngLib interface.

Thank you
Yao Jiewen

-----Original Message-----
From: Pierre Gondois <pierre.gondois@...>
Sent: Friday, July 1, 2022 5:50 PM
To: Yao, Jiewen <jiewen.yao@...>; Kinney, Michael D
<michael.d.kinney@...>; devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Gao, Liming
<gaoliming@...>; Wang, Jian J <jian.j.wang@...>
Subject: Re: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

Hello Yao,
On 6/30/22 03:16, Yao, Jiewen wrote:
More question:
Please educate me how you plan to include DrbgLib to openssl?
Currently, it is using RngLib.
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/
OpensslLib.inf#L634?

There was a discussion about the DrbgLib in late 2020 at:
https://edk2.groups.io/g/devel/topic/78823009#71619

The interraction between between all the libraries is described in slide 11 of:
https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
%20Proposed%20update%20to%20RNG%20implementation.pdf

The OpensslLib relies on the RngLib because of this function call:
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/
rand_pool.c#L49
Based on the slide 11, it is possible to have a RngLib implementation
using the DrbgLib either through RngDxeLib or through a new
RngLib|RngDrbgLib.

Regards,
Pierre


Thank you
Yao Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, June 30, 2022 8:16 AM
To: devel@edk2.groups.io; pierre.gondois@...; Kinney, Michael D
<michael.d.kinney@...>
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Gao, Liming
<gaoliming@...>; Yao, Jiewen <jiewen.yao@...>; Wang,
Jian J <jian.j.wang@...>
Subject: RE: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

Hi Pierre,

Can you add to the Patch #0 Summary and the BZ the difference
between the existing RngLib and this new DrbgLib?

Would you recommend one be implement on top of the other?

Really glad to see test vectors were used to verify correctness.
Can you consider adding formal unit tests using the UnitTestFrameworkPkg
with those test vectors so a unit test failure would be generated if
maintenance is performed in the future that changes the behavior?

Thanks,

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
PierreGondois
Sent: Wednesday, June 29, 2022 12:19 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Kinney, Michael D
<michael.d.kinney@...>; Gao, Liming <gaoliming@...>;
Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015,
Recommendation
for Random Number Generation Using Deterministic Random Bit
Generators.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-
Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG
interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--
2.25.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90898):
https://edk2.groups.io/g/devel/message/90898
Mute This Topic: https://groups.io/mt/92072283/1643496
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[michael.d.kinney@...]
-=-=-=-=-=-=


PierreGondois
 

On 7/2/22 08:25, Yao, Jiewen wrote:
Thanks for the PPT.
It is helpful for me to understand the background. Some questions and suggestions:
1) The PPT jumps from current status (page 7~9) to proposed updates (page 10~12) directly.
I am not sure what is the problem statement. Why we need do the new proposal?
The goal is to have a Drbg and its advantages:
- Reproducibility
- A Drbg is supposed to be faster than a Trng
- Just have a Drbg when there is none

Arm (resp. Intel) has specific instructions to get a deterministic/true
random number: RNRD/RNDRRS (resp. RDRAND/RDSEED). Some platforms might not
support these instructions, but still have a TRNG IP.

Another point is that a Drbg library would allow to choose which Drbg
to use. The patch-set currently add support for a Aes-Ctr Drbg.

2) Page 11 shows AesLib|AesNiInstructionLib (x64).
Is that something you want to do?
We didn't plan to add Intel's implementation, but the AesLib interface should
allow to do it seamlessly.

Since X64 already have RDSEED and RDRAND instruction, why this is needed for X64?
Cf. 1), Intel should also benefit from the DrbgLib (provided that Intels's
AesLib/TrngLib libraries are implemented).

3) Page 11 shows AesLib|SoftAesLib.
Many AES software implementation is vulnerable to side channel attack.
Will side channel attack be under consideration?
Side channel attack haven't been studied yet for this implementation. Do
you have specific concerns ?

What is security property you want to maintain with the AesLib API and SoftAesLib implementation?
Or this AesLib interface is only for DrbgLib?
What is the API design goal?
The design goal is to have an AES basic block encryption interface.

The AesLib would also be used in an AES CBC implementation (not done yet).
The OpensslLib already provides an AES CBC implementation, but it is outside
of edk2 project scope.

4) Page 11 shows that RngLib is still the only public interface.
My concern is that to introduce more RngLib related lib just confuses the consumer.
I already got lots of questions - "We have RngLib and CrytpoLib/RandomBytes(), which one I should use to generate 8 bytes random data?"
Introducing more lib instance means we will have more questions from consumers in the future, such as
A) We have RngLib, TrngLib, DrbgLib, which one I should use to get random data?
B) We have AesLib and CryptoLib/AesXXX() function, which one I should use to encrypt my data?
I understand your concern. If we added some documentation about the different
options for each library implementation, would it be better ?

So far, I don’t see the immediate need for X64 platform, I would like to recommend put them to ArmPkg only.
As such, the generic consumer only knows the RngLib interface.
Are you talking about the library interface or/and implementation ?
I will try to see if the ArmPkg maintainers are ok with that.

Thanks for the involvement,
Regards,
Pierre

Thank you
Yao Jiewen

-----Original Message-----
From: Pierre Gondois <pierre.gondois@...>
Sent: Friday, July 1, 2022 5:50 PM
To: Yao, Jiewen <jiewen.yao@...>; Kinney, Michael D
<michael.d.kinney@...>; devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Gao, Liming
<gaoliming@...>; Wang, Jian J <jian.j.wang@...>
Subject: Re: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

Hello Yao,
On 6/30/22 03:16, Yao, Jiewen wrote:
More question:
Please educate me how you plan to include DrbgLib to openssl?
Currently, it is using RngLib.
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/
OpensslLib.inf#L634?

There was a discussion about the DrbgLib in late 2020 at:
https://edk2.groups.io/g/devel/topic/78823009#71619

The interraction between between all the libraries is described in slide 11 of:
https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-
%20Proposed%20update%20to%20RNG%20implementation.pdf

The OpensslLib relies on the RngLib because of this function call:
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/
rand_pool.c#L49
Based on the slide 11, it is possible to have a RngLib implementation
using the DrbgLib either through RngDxeLib or through a new
RngLib|RngDrbgLib.

Regards,
Pierre


Thank you
Yao Jiewen

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, June 30, 2022 8:16 AM
To: devel@edk2.groups.io; pierre.gondois@...; Kinney, Michael D
<michael.d.kinney@...>
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Gao, Liming
<gaoliming@...>; Yao, Jiewen <jiewen.yao@...>; Wang,
Jian J <jian.j.wang@...>
Subject: RE: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

Hi Pierre,

Can you add to the Patch #0 Summary and the BZ the difference
between the existing RngLib and this new DrbgLib?

Would you recommend one be implement on top of the other?

Really glad to see test vectors were used to verify correctness.
Can you consider adding formal unit tests using the UnitTestFrameworkPkg
with those test vectors so a unit test failure would be generated if
maintenance is performed in the future that changes the behavior?

Thanks,

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
PierreGondois
Sent: Wednesday, June 29, 2022 12:19 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@...>; Leif Lindholm
<quic_llindhol@...>; Ard Biesheuvel <ardb+tianocore@...>;
Rebecca Cran <rebecca@...>; Kinney, Michael D
<michael.d.kinney@...>; Gao, Liming <gaoliming@...>;
Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
Subject: [edk2-devel] [PATCH RESEND v1 0/9] Add DrbgLib

From: Pierre Gondois <pierre.gondois@...>

Bugzilla: Bug 3971 (https://bugzilla.tianocore.org/show_bug.cgi?id=3971)

Add support for a Deterministic Random Bits Generator (Drbg). The
specifications used are the following:

- [1] NIST Special Publication 800-90A Revision 1, June 2015,
Recommendation
for Random Number Generation Using Deterministic Random Bit
Generators.
(https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
- [2] NIST Special Publication 800-90B, Recommendation for the Entropy
Sources Used for Random Bit Generation.
(https://csrc.nist.gov/publications/detail/sp/800-90b/final)
- [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
Random Bit Generator (RBG) Constructions.
(https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
- [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
Recommendation for Key Management:Part 1 - General.

The test vectors available in the CTR_DRBG_AES256 sections of
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-
Guidelines/documents/examples/CTR_DRBG_noDF.pdf
were used for validation.

This patch-set can seen at:
https://github.com/PierreARM/edk2/tree/Arm_Drbg_v1

This patch has the following dependency:
- [PATCH v3 00/22] Add Raw algorithm support using Arm FW-TRNG
interface
https://edk2.groups.io/g/devel/message/90845
- [PATCH v1 0/7] Add AesLib and ArmAesLib
https://edk2.groups.io/g/devel/message/90878

Pierre Gondois (9):
MdePkg/DrbgLib: Drbg library interface definition
MdePkg/DrbgLib: Add NULL instance of Drbg Library
MdePkg/DrbgLib: Add BitStream implementation
MdePkg/DrbgLib: Add Get_entropy_input() implementation
MdePkg/DrbgLib: Add common wrappers
MdePkg/DrbgLib: Add Ctr Drbg mechanism functions
MdePkg/DrbgLib: Add Drbg mechanism functions and module
ArmVirtPkg: Kvmtool: Add AesLib/DrbgLib for RngDxe
SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

ArmVirtPkg/ArmVirtKvmTool.dsc | 2 +
MdePkg/Include/Library/DrbgLib.h | 172 +++
MdePkg/Library/DrbgLib/BitStream.c | 1114 +++++++++++++++++
MdePkg/Library/DrbgLib/BitStream.h | 366 ++++++
MdePkg/Library/DrbgLib/Common.c | 249 ++++
MdePkg/Library/DrbgLib/Common.h | 74 ++
MdePkg/Library/DrbgLib/CtrDrbg.c | 899 +++++++++++++
MdePkg/Library/DrbgLib/CtrDrbg.h | 100 ++
MdePkg/Library/DrbgLib/DrbgLib.c | 628 ++++++++++
MdePkg/Library/DrbgLib/DrbgLib.inf | 39 +
MdePkg/Library/DrbgLib/DrbgLibInternal.h | 310 +++++
MdePkg/Library/DrbgLib/GetEntropyInput.c | 72 ++
MdePkg/Library/DrbgLib/GetEntropyInput.h | 48 +
MdePkg/Library/DrbgLibNull/DrbgLib.c | 165 +++
MdePkg/Library/DrbgLibNull/DrbgLibNull.inf | 21 +
MdePkg/MdePkg.dec | 4 +
MdePkg/MdePkg.dsc | 2 +
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
SecurityPkg/SecurityPkg.dsc | 2 +
20 files changed, 4342 insertions(+), 1 deletion(-)
create mode 100644 MdePkg/Include/Library/DrbgLib.h
create mode 100644 MdePkg/Library/DrbgLib/BitStream.c
create mode 100644 MdePkg/Library/DrbgLib/BitStream.h
create mode 100644 MdePkg/Library/DrbgLib/Common.c
create mode 100644 MdePkg/Library/DrbgLib/Common.h
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.c
create mode 100644 MdePkg/Library/DrbgLib/CtrDrbg.h
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLib/DrbgLib.inf
create mode 100644 MdePkg/Library/DrbgLib/DrbgLibInternal.h
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.c
create mode 100644 MdePkg/Library/DrbgLib/GetEntropyInput.h
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLib.c
create mode 100644 MdePkg/Library/DrbgLibNull/DrbgLibNull.inf

--
2.25.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90898):
https://edk2.groups.io/g/devel/message/90898
Mute This Topic: https://groups.io/mt/92072283/1643496
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[michael.d.kinney@...]
-=-=-=-=-=-=