src/crypto/rbg.c

a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/*
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * This program is free software; you can redistribute it and/or
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * modify it under the terms of the GNU General Public License as
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * published by the Free Software Foundation; either version 2 of the
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * License, or any later version.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * This program is distributed in the hope that it will be useful, but
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * WITHOUT ANY WARRANTY; without even the implied warranty of
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * General Public License for more details.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * You should have received a copy of the GNU General Public License
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * along with this program; if not, write to the Free Software
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncFILE_LICENCE ( GPL2_OR_LATER );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/** @file
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * RBG mechanism
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * This mechanism is designed to comply with ANS X9.82 Part 4 (April
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * 2011 Draft) Section 10.  This standard is unfortunately not freely
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * available.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * The chosen RBG design is that of a DRBG with a live entropy source
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * with no conditioning function.  Only a single security strength is
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * supported.  No seedfile is used since there may be no non-volatile
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * storage available.  The system UUID is used as the personalisation
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * string.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <stdint.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <string.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/init.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/settings.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/uuid.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/crypto.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/drbg.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/rbg.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/** The RBG */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncstruct random_bit_generator rbg;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/**
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Start up RBG
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * @ret rc      Return status code
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * This is the RBG_Startup function defined in ANS X9.82 Part 4 (April
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * 2011 Draft) Section 9.1.2.2.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncstatic int rbg_startup ( void ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    union uuid uuid;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    int len;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    int rc;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Try to obtain system UUID for use as personalisation
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     * string, in accordance with ANS X9.82 Part 3-2007 Section
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     * 8.5.2.  If no UUID is available, proceed without a
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     * personalisation string.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    if ( ( len = fetch_uuid_setting ( NULL, &uuid_setting, &uuid ) ) < 0 ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        rc = len;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        DBGC ( &rbg, "RBG could not fetch personalisation string: "
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync               "%s\n", strerror ( rc ) );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        len = 0;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    }
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Instantiate DRBG */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    if ( ( rc = drbg_instantiate ( &rbg.state, &uuid, len ) ) != 0 ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        DBGC ( &rbg, "RBG could not instantiate DRBG: %s\n",
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync               strerror ( rc ) );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        return rc;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    }
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    return 0;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync}
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/**
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Shut down RBG
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncstatic void rbg_shutdown ( void ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Uninstantiate DRBG */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    drbg_uninstantiate ( &rbg.state );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync}
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/** RBG startup function */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncstatic void rbg_startup_fn ( void ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Start up RBG.  There is no way to report an error at this
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     * stage, but a failed startup will result in an invalid DRBG
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     * that refuses to generate bits.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync     */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    rbg_startup();
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync}
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/** RBG shutdown function */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncstatic void rbg_shutdown_fn ( int booting __unused ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Shut down RBG */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    rbg_shutdown();
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync}
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/** RBG startup table entry */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncstruct startup_fn startup_rbg __startup_fn ( STARTUP_NORMAL ) = {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    .startup = rbg_startup_fn,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    .shutdown = rbg_shutdown_fn,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync};