RBG mechanism. More...

#include <stdint.h>
#include <string.h>
#include <ipxe/init.h>
#include <ipxe/settings.h>
#include <ipxe/uuid.h>
#include <ipxe/crypto.h>
#include <ipxe/drbg.h>
#include <ipxe/rbg.h>

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)

	FILE_SECBOOT (PERMITTED)

static int	rbg_startup (void)
	Start up RBG. More...

int	rbg_generate (const void additional, size_t additional_len, int prediction_resist, void data, size_t len)
	Generate bits using RBG. More...

static void	rbg_shutdown (void)
	Shut down RBG. More...

static void	rbg_startup_fn (void)
	RBG startup function. More...

static void	rbg_shutdown_fn (int booting __unused)
	RBG shutdown function. More...

struct startup_fn startup_rbg	__startup_fn (STARTUP_NORMAL)
	RBG startup table entry. More...

Variables
struct random_bit_generator	rbg
	The RBG. More...

Detailed Description

RBG mechanism.

This mechanism is designed to comply with ANS X9.82 Part 4 (April 2011 Draft) Section 10. This standard is unfortunately not freely available.

The chosen RBG design is that of a DRBG with a live entropy source with no conditioning function. Only a single security strength is supported. No seedfile is used since there may be no non-volatile storage available. The system UUID is used as the personalisation string.

Definition in file rbg.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ rbg_startup()

static int rbg_startup ( void )

static

Start up RBG.

Return values

rc	Return status code

This is the RBG_Startup function defined in ANS X9.82 Part 4 (April 2011 Draft) Section 9.1.2.2.

Definition at line 74 of file rbg.c.

                                 {
         union uuid uuid;
         int len;
         int rc;
 
         /* Record that startup has been attempted (even if unsuccessful) */
         rbg.started = 1;
 
         /* Try to obtain system UUID for use as personalisation
          * string, in accordance with ANS X9.82 Part 3-2007 Section
          * 8.5.2.  If no UUID is available, proceed without a
          * personalisation string.
          */
         if ( ( len = fetch_uuid_setting ( NULL, &uuid_setting, &uuid ) ) < 0 ) {
                 rc = len;
                 DBGC ( &rbg, "RBG could not fetch personalisation string: "
                        "%s\n", strerror ( rc ) );
                 len = 0;
         }
 
         /* Instantiate DRBG */
         if ( ( rc = drbg_instantiate ( &rbg.state, &uuid, len ) ) != 0 ) {
                 DBGC ( &rbg, "RBG could not instantiate DRBG: %s\n",
                        strerror ( rc ) );
                 return rc;
         }
 
         return 0;
 }

References DBGC, drbg_instantiate(), fetch_uuid_setting(), len, NULL, rbg, rc, random_bit_generator::started, random_bit_generator::state, and strerror().

Referenced by rbg_generate(), and rbg_startup_fn().

◆ rbg_generate()

int rbg_generate	(	const void *	additional,
		size_t	additional_len,
		int	prediction_resist,
		void *	data,
		size_t	len
	)

Generate bits using RBG.

Parameters

additional	Additional input
additional_len	Length of additional input
prediction_resist	Prediction resistance is required
data	Output buffer
len	Length of output buffer

Return values

rc	Return status code

This is the RBG_Generate function defined in ANS X9.82 Part 4 (April 2011 Draft) Section 9.1.2.2.

Definition at line 117 of file rbg.c.

                                                                    {
 
         /* Attempt startup, if not already attempted */
         if ( ! rbg.started )
                 rbg_startup();
 
         /* Generate bits.  The DRBG will itself return an error if it
          * is not valid (e.g. due to an instantiation failure).
          */
         return drbg_generate ( &rbg.state, additional, additional_len,
                                prediction_resist, data, len );
 }

References additional, data, drbg_generate(), len, rbg, rbg_startup(), random_bit_generator::started, and random_bit_generator::state.

Referenced by get_random_nz(), tls_generate_random(), and wpa_handle_1_of_4().

◆ rbg_shutdown()

static void rbg_shutdown ( void )

static

Shut down RBG.

Definition at line 135 of file rbg.c.

                                   {
 
         /* Uninstantiate DRBG */
         drbg_uninstantiate ( &rbg.state );
 
         /* Clear startup attempted flag */
         rbg.started = 0;
 }

References drbg_uninstantiate(), rbg, random_bit_generator::started, and random_bit_generator::state.

Referenced by rbg_shutdown_fn().

◆ rbg_startup_fn()

static void rbg_startup_fn ( void )

static

RBG startup function.

Definition at line 145 of file rbg.c.

                                     {
 
         /* Start up RBG (if not already started on demand).  There is
          * no way to report an error at this stage, but a failed
          * startup will result in an invalid DRBG that refuses to
          * generate bits.
          */
         if ( ! rbg.started )
                 rbg_startup();
 }

References rbg, rbg_startup(), and random_bit_generator::started.

◆ rbg_shutdown_fn()

static void rbg_shutdown_fn ( int booting __unused )

static

RBG shutdown function.

Definition at line 157 of file rbg.c.

                                                      {
 
         /* Shut down RBG */
         rbg_shutdown();
 }

References rbg_shutdown().

◆ __startup_fn()

struct startup_fn startup_rbg __startup_fn ( STARTUP_NORMAL )

RBG startup table entry.

Variable Documentation

◆ rbg

struct random_bit_generator rbg

The RBG.

Definition at line 64 of file rbg.c.

Referenced by rbg_generate(), rbg_shutdown(), rbg_startup(), and rbg_startup_fn().

Functions

Variables

Detailed Description

Function Documentation

◆ FILE_LICENCE()

◆ FILE_SECBOOT()

◆ rbg_startup()

◆ rbg_generate()

◆ rbg_shutdown()

◆ rbg_startup_fn()

◆ rbg_shutdown_fn()

◆ __startup_fn()

Variable Documentation

◆ rbg