Hi Ard, What would you recommend as way to provide these different types of services? Some more new lib classes and instances?
Thanks, Mike > -----Original Message----- > From: Ard Biesheuvel <ard.biesheu...@linaro.org> > Sent: Friday, November 15, 2019 5:29 AM > To: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, > Jian J <jian.j.w...@intel.com> > Cc: Kinney, Michael D <michael.d.kin...@intel.com>; > Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com>; Gao, Liming > <liming....@intel.com>; Ni, Ray <ray...@intel.com> > Subject: Re: [edk2-devel] [PATCH 05/11] > SecurityPkg/RngLibRdSeed: add an instance of RngLib to > make use rdseed > > On Thu, 14 Nov 2019 at 04:39, Wang, Jian J > <jian.j.w...@intel.com> wrote: > > > > Mike, > > > > I figured that rdseed is only needed in cases > demanding highest > > entropy, like seeding other pseudo-RNG. It's not for > general purpose randomness. > > Then I put it in SecurityPkg. But I'm ok to put it > into MdePkg. I have > > no strong opinion for this. > > > > I think it is a bad idea to use the same library > abstraction [RngLib] for exposing > a) entropy sources used for seeding deterministic > random number generators > b) deterministic random number generators themselves > c) low entropy pseudo-RNGs based on timestamp counters, > etc > > given that the use cases don't usually overlap. I.e., > only a DRBG implementation requires a), and exports > RngLib itself based on that. > Use cases that can tolerate c) [like IV generators for > block encryption] are typically disjoint from ones that > require b) [for key generation]. The idea that you can > use RngLib for all of them, and plug arbitrary > instantiations of it into each is misguided IMHO. > > > > > > -----Original Message----- > > > From: Kinney, Michael D > <michael.d.kin...@intel.com> > > > Sent: Thursday, November 14, 2019 12:25 PM > > > To: devel@edk2.groups.io; Wang, Jian J > <jian.j.w...@intel.com>; > > > Kinney, Michael D <michael.d.kin...@intel.com> > > > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao > B > > > <chao.b.zh...@intel.com>; Gao, Liming > <liming....@intel.com>; Ni, > > > Ray <ray...@intel.com> > > > Subject: RE: [edk2-devel] [PATCH 05/11] > SecurityPkg/RngLibRdSeed: > > > add an instance of RngLib to make use rdseed > > > > > > Jian, > > > > > > Why is this lib instance in the SecurityPkg? It > only depends on the > > > MdePkg. Can't non security feature related modules > that want to a > > > random number use this lib without using the > SecurityPkg? Could > > > this lib instance be added to MdePkg? > > > > > > Thanks, > > > > > > Mike > > > > > > > -----Original Message----- > > > > From: devel@edk2.groups.io <devel@edk2.groups.io> > On Behalf Of > > > > Wang, Jian J > > > > Sent: Wednesday, November 13, 2019 6:18 PM > > > > To: devel@edk2.groups.io > > > > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, > Chao B > > > > <chao.b.zh...@intel.com>; Kinney, Michael D > > > > <michael.d.kin...@intel.com>; Gao, Liming > <liming....@intel.com>; > > > > Ni, Ray <ray...@intel.com> > > > > Subject: [edk2-devel] [PATCH 05/11] > > > > SecurityPkg/RngLibRdSeed: add an instance of > RngLib to make use > > > > rdseed > > > > > > > > This version of RngLib makes use of AsmRdSeed to > get > > > > non-deterministic random number, which can be > used for seeding > > > > other software DRNG like rand interface in > openssl. It can be used > > > > only on IA32/X64 processors which supports rdseed > instruction. > > > > > > > > Ref: > > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > > > Cc: Jiewen Yao <jiewen....@intel.com> > > > > Cc: Chao Zhang <chao.b.zh...@intel.com> > > > > Cc: Michael D Kinney <michael.d.kin...@intel.com> > > > > Cc: Liming Gao <liming....@intel.com> > > > > Cc: Ray Ni <ray...@intel.com> > > > > Signed-off-by: Jian J Wang > <jian.j.w...@intel.com> > > > > --- > > > > .../RngLibRdSeed/RngLibRdSeed.inf | > 37 > > > > ++++ > > > > .../RngLibRdSeed/RngLibRdSeed.uni | > 18 ++ > > > > .../RngLibRdSeed/RngRdSeed.c | > 189 > > > > ++++++++++++++++++ > > > > 3 files changed, 244 insertions(+) create mode > 100644 > > > > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > > > > Seed.inf > > > > create mode 100644 > > > > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > > > > Seed.uni > > > > create mode 100644 > > > > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSee > > > > d.c > > > > > > > > diff --git > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > RdSeed.inf > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > RdSeed.inf > > > > new file mode 100644 > > > > index 0000000000..8162408775 > > > > --- /dev/null > > > > +++ > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > RdSeed.inf > > > > @@ -0,0 +1,37 @@ > > > > +## @file > > > > +# Instance of RNG (Random Number Generator) > Library. > > > > +# > > > > +# Rng RdSeed Library that uses CPU RdSeed > instruction > > > > access to > > > > +provide # non-deterministic random number which > can > > > > be used as seed > > > > +for other # software deterministic RNGs. > > > > +# > > > > +# Copyright (c) 2019, Intel Corporation. All > rights > > > > reserved.<BR> # # > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # # > ## > > > > + > > > > +[Defines] > > > > + INF_VERSION = 0x00010029 > > > > + BASE_NAME = RngLibRdSeed > > > > + MODULE_UNI_FILE = > RngLibRdSeed.uni > > > > + FILE_GUID = 8B613B2E- > B944-40F9- > > > > B979-1B60D7CAA73C > > > > + MODULE_TYPE = BASE > > > > + VERSION_STRING = 1.0 > > > > + LIBRARY_CLASS = RngLib > > > > + CONSTRUCTOR = > > > > RngLibRdSeedConstructor > > > > + > > > > +# > > > > +# VALID_ARCHITECTURES = IA32 X64 > > > > +# > > > > + > > > > +[Sources.Ia32, Sources.X64] > > > > + RngRdSeed.c > > > > + > > > > +[Packages] > > > > + MdePkg/MdePkg.dec > > > > + > > > > +[LibraryClasses] > > > > + BaseLib > > > > + DebugLib > > > > diff --git > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > RdSeed.uni > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > RdSeed.uni > > > > new file mode 100644 > > > > index 0000000000..051a3019bc > > > > --- /dev/null > > > > +++ > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLib > > > > RdSeed.uni > > > > @@ -0,0 +1,18 @@ > > > > +// /** @file > > > > +// Instance of RNG (Random Number Generator) > Library. > > > > +// > > > > +// Rng RdSeed Library that uses CPU RdSeed > instruction > > > > access to > > > > +provide // non-deterministic random number which > can > > > > be used as seed > > > > +for other // software deterministic RNGs. > > > > +// > > > > +// Copyright (c) 2019, Intel Corporation. All > rights > > > > reserved.<BR> // > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > // // > > > > **/ > > > > + > > > > + > > > > +#string STR_MODULE_ABSTRACT > #language en- > > > > US "Instance of RNG Library" > > > > + > > > > +#string STR_MODULE_DESCRIPTION > #language en- > > > > US "RngRdSeed Library that uses CPU RdSeed > instruction access to > > > > provide non-deterministic random numbers." > > > > + > > > > diff --git > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdS > > > > eed.c > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdS > > > > eed.c > > > > new file mode 100644 > > > > index 0000000000..0036faa050 > > > > --- /dev/null > > > > +++ > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdS > > > > eed.c > > > > @@ -0,0 +1,189 @@ > > > > +/** @file > > > > + Random number generator services that uses > RdSeed > > > > instruction access > > > > + to provide non-deterministic random numbers, > which > > > > are usually used > > > > + for seeding other pseudo-random number > generators. > > > > + > > > > +Copyright (c) 2019, Intel Corporation. All > rights > > > > reserved.<BR> > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include <Library/BaseLib.h> > > > > +#include <Library/DebugLib.h> > > > > +#include <Library/RngLib.h> > > > > + > > > > +// > > > > +// Bit mask used to determine if RdSeed > instruction is > > > > supported. > > > > +// > > > > +#define RDSEED_MASK BIT18 > > > > + > > > > +// > > > > +// Limited retry number when valid random data > is > > > > returned. > > > > +// It varies between 1 and 100 according to > "Intel(R) > > > > DRGN Software > > > > +Implementation // Guide". Let's use the same > value as > > > > RDRAND in BaseRngLib. > > > > +// > > > > +#define RDSEED_RETRY_LIMIT 10 > > > > + > > > > +/** > > > > + The constructor function checks whether or not > > > > RDSEED instruction is > > > > +supported > > > > + by the host hardware. > > > > + > > > > + The constructor function checks whether or not > > > > RDSEED instruction is supported. > > > > + It will ASSERT() if RDSEED instruction is not > > > > supported. > > > > + > > > > + @retval RETURN_SUCCESS The processor > supports > > > > RDSEED instruction. > > > > + @retval RETURN_UNSUPPORTED RDSEED instruction > is > > > > not supported. > > > > + > > > > +**/ > > > > +RETURN_STATUS > > > > +EFIAPI > > > > +RngLibRdSeedConstructor ( > > > > + VOID > > > > + ) > > > > +{ > > > > + UINT32 RegEbx; > > > > + > > > > + // > > > > + // Determine RDSEED support by examining bit > 18 of > > > > the EBX register > > > > + returned by // CPUID(EAX=7, ECX=0). BIT18 of > EBX > > > > indicates that > > > > + processor support RDSEED // instruction. > > > > + // > > > > + AsmCpuidEx (7, 0, NULL, &RegEbx, NULL, NULL); > if > > > > ((RegEbx & > > > > + RDSEED_MASK) != RDSEED_MASK) { > > > > + ASSERT ((RegEbx & RDSEED_MASK) == > RDSEED_MASK); > > > > + return RETURN_UNSUPPORTED; > > > > + } > > > > + > > > > + return RETURN_SUCCESS; > > > > +} > > > > + > > > > +/** > > > > + Generates a 16-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store > the 16- > > > > bit random value. > > > > + > > > > + @retval TRUE Random number generated > > > > successfully. > > > > + @retval FALSE Failed to generate the > random > > > > number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber16 ( > > > > + OUT UINT16 *Rand > > > > + ) > > > > +{ > > > > + UINT32 Index; > > > > + > > > > + ASSERT (Rand != NULL); > > > > + > > > > + // > > > > + // A loop to fetch a 16 bit random value with > a > > > > retry count limit. > > > > + // > > > > + for (Index = 0; Index < RDSEED_RETRY_LIMIT; > Index++) > > > > { > > > > + if (AsmRdSeed16 (Rand)) { > > > > + return TRUE; > > > > + } > > > > + } > > > > + > > > > + return FALSE; > > > > +} > > > > + > > > > +/** > > > > + Generates a 32-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store > the 32- > > > > bit random value. > > > > + > > > > + @retval TRUE Random number generated > > > > successfully. > > > > + @retval FALSE Failed to generate the > random > > > > number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber32 ( > > > > + OUT UINT32 *Rand > > > > + ) > > > > +{ > > > > + UINT32 Index; > > > > + > > > > + ASSERT (Rand != NULL); > > > > + > > > > + // > > > > + // A loop to fetch a 32 bit random value with > a > > > > retry count limit. > > > > + // > > > > + for (Index = 0; Index < RDSEED_RETRY_LIMIT; > Index++) > > > > { > > > > + if (AsmRdSeed32 (Rand)) { > > > > + return TRUE; > > > > + } > > > > + } > > > > + > > > > + return FALSE; > > > > +} > > > > + > > > > +/** > > > > + Generates a 64-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store > the 64- > > > > bit random value. > > > > + > > > > + @retval TRUE Random number generated > > > > successfully. > > > > + @retval FALSE Failed to generate the > random > > > > number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber64 ( > > > > + OUT UINT64 *Rand > > > > + ) > > > > +{ > > > > + UINT32 Index; > > > > + > > > > + ASSERT (Rand != NULL); > > > > + > > > > + // > > > > + // A loop to fetch a 64 bit random value with > a > > > > retry count limit. > > > > + // > > > > + for (Index = 0; Index < RDSEED_RETRY_LIMIT; > Index++) > > > > { > > > > + if (AsmRdSeed64 (Rand)) { > > > > + return TRUE; > > > > + } > > > > + } > > > > + > > > > + return FALSE; > > > > +} > > > > + > > > > +/** > > > > + Generates a 128-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store > the > > > > 128-bit random value. > > > > + > > > > + @retval TRUE Random number generated > > > > successfully. > > > > + @retval FALSE Failed to generate the > random > > > > number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber128 ( > > > > + OUT UINT64 *Rand > > > > + ) > > > > +{ > > > > + ASSERT (Rand != NULL); > > > > + > > > > + // > > > > + // Read first 64 bits > > > > + // > > > > + if (!GetRandomNumber64 (Rand)) { > > > > + return FALSE; > > > > + } > > > > + > > > > + // > > > > + // Read second 64 bits > > > > + // > > > > + return GetRandomNumber64 (++Rand); } > > > > -- > > > > 2.17.1.windows.2 > > > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#50727): https://edk2.groups.io/g/devel/message/50727 Mute This Topic: https://groups.io/mt/56714084/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
