On Thu, 9 May 2024 at 07:56, Doug Flick via groups.io
<dougflick=microsoft....@groups.io> wrote:
>
> Removed from gEfiRngAlgorithmRaw an incorrect assumption that
> Raw cannot return less than 256 bits. The DRNG Algorithms
> should always use a 256 bit seed as per nist standards
> however a caller is free to request less than 256 bits.
> >
> > //
> > // When a DRBG is used on the output of a entropy source,
> > // its security level must be at least 256 bits according to UEFI Spec.
> > //
> > if (RNGValueLength < 32) {
> > return EFI_INVALID_PARAMETER;
> > }
> >
>
> AARCH64 platforms do not have this limitation and this brings both
> implementations into alignment with each other and the spec.
>
> Cc: Jiewen Yao <jiewen....@intel.com>
>
> Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com>
Reviewed-by: Ard Biesheuvel <a...@kernel.org>
As I commented in the other thread, it is not the job of the raw
EFI_RNG_PROTOCOL to ensure that its callers never do anything silly.
Refusing requests for less than 32 bytes is pointless and arbitrary,
as only avoids one very particular potential mistake.
> ---
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 --------
> 1 file changed, 8 deletions(-)
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> index 7e06e16e4be5..5723ed695747 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -116,14 +116,6 @@ RngGetRNG (
> // The "raw" algorithm is intended to provide entropy directly
> //
> if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> - //
> - // When a DRBG is used on the output of a entropy source,
> - // its security level must be at least 256 bits according to UEFI Spec.
> - //
> - if (RNGValueLength < 32) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> Status = GenerateEntropy (RNGValueLength, RNGValue);
> return Status;
> }
> --
> 2.34.1
>
>
>
> ------------
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#118722): https://edk2.groups.io/g/devel/message/118722
> Mute This Topic: https://groups.io/mt/105996584/1131722
> Group Owner: devel+ow...@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [a...@kernel.org]
> ------------
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118830): https://edk2.groups.io/g/devel/message/118830
Mute This Topic: https://groups.io/mt/105996584/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
