[rng] Add ANS X9.82 Approved DRBG mechanism

ANS X9.82 specifies that an Approved DRBG must consist of an Approved
algorithm wrapped inside an envelope which handles entropy gathering,
prediction resistance, automatic reseeding and other housekeeping
tasks.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 118 insertions, 0 deletions

diff --git a/src/include/ipxe/drbg.h b/src/include/ipxe/drbg.h
new file mode 100644
index 000000000..a09d136dd
--- /dev/null
+++ b/src/include/ipxe/drbg.h
@@ -0,0 +1,118 @@
+#ifndef _IPXE_DRBG_H
+#define _IPXE_DRBG_H
+
+/** @file
+ *
+ * DRBG mechanism
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <stdint.h>
+#include <ipxe/hmac_drbg.h>
+
+/** Maximum security strength */
+#define DRBG_MAX_SECURITY_STRENGTH HMAC_DRBG_MAX_SECURITY_STRENGTH
+
+/** Security strength */
+#define DRBG_SECURITY_STRENGTH HMAC_DRBG_SECURITY_STRENGTH
+
+/** Minimum entropy input length */
+#define DRBG_MIN_ENTROPY_LEN_BYTES HMAC_DRBG_MIN_ENTROPY_LEN_BYTES
+
+/** Maximum entropy input length */
+#define DRBG_MAX_ENTROPY_LEN_BYTES HMAC_DRBG_MAX_ENTROPY_LEN_BYTES
+
+/** Maximum personalisation string length */
+#define DRBG_MAX_PERSONAL_LEN_BYTES HMAC_DRBG_MAX_PERSONAL_LEN_BYTES
+
+/** Maximum additional input length */
+#define DRBG_MAX_ADDITIONAL_LEN_BYTES HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES
+
+/** Maximum length of generated pseudorandom data per request */
+#define DRBG_MAX_GENERATED_LEN_BYTES HMAC_DRBG_MAX_GENERATED_LEN_BYTES
+
+/** A Deterministic Random Bit Generator */
+struct drbg_state {
+	/** Algorithm internal state */
+	struct hmac_drbg_state internal;
+	/** Reseed required flag */
+	int reseed_required;
+};
+
+/**
+ * Instantiate DRBG algorithm
+ *
+ * @v state		Algorithm state
+ * @v entropy		Entropy input
+ * @v entropy_len	Length of entropy input
+ * @v personal		Personalisation string
+ * @v personal_len	Length of personalisation string
+ *
+ * This is the Instantiate_algorithm function defined in ANS X9.82
+ * Part 3-2007 Section 9.2 (NIST SP 800-90 Section 9.1).
+ */
+static inline void drbg_instantiate_algorithm ( struct drbg_state *state,
+						const void *entropy,
+						size_t entropy_len,
+						const void *personal,
+						size_t personal_len ) {
+	hmac_drbg_instantiate ( &state->internal, entropy, entropy_len,
+				personal, personal_len );
+}
+
+/**
+ * Reseed DRBG algorithm
+ *
+ * @v state		Algorithm state
+ * @v entropy		Entropy input
+ * @v entropy_len	Length of entropy input
+ * @v additional	Additional input
+ * @v additional_len	Length of additional input
+ *
+ * This is the Reseed_algorithm function defined in ANS X9.82
+ * Part 3-2007 Section 9.3 (NIST SP 800-90 Section 9.2).
+ */
+static inline void drbg_reseed_algorithm ( struct drbg_state *state,
+					   const void *entropy,
+					   size_t entropy_len,
+					   const void *additional,
+					   size_t additional_len ) {
+	hmac_drbg_reseed ( &state->internal, entropy, entropy_len,
+			   additional, additional_len );
+}
+
+/**
+ * Generate pseudorandom bits using DRBG algorithm
+ *
+ * @v state		Algorithm state
+ * @v additional	Additional input
+ * @v additional_len	Length of additional input
+ * @v data		Output buffer
+ * @v len		Length of output buffer
+ * @ret rc		Return status code
+ *
+ * This is the Generate_algorithm function defined in ANS X9.82
+ * Part 3-2007 Section 9.4 (NIST SP 800-90 Section 9.3).
+ *
+ * Note that the only permitted error is "reseed required".
+ */
+static inline int drbg_generate_algorithm ( struct drbg_state *state,
+					    const void *additional,
+					    size_t additional_len,
+					    void *data, size_t len ) {
+	return hmac_drbg_generate ( &state->internal, additional,
+				    additional_len, data, len );
+}
+
+extern int drbg_instantiate ( struct drbg_state *state, const void *personal,
+			      size_t personal_len );
+extern int drbg_reseed ( struct drbg_state *state, const void *additional,
+			 size_t additional_len );
+extern int drbg_generate ( struct drbg_state *state, const void *additional,
+			   size_t additional_len, int prediction_resist,
+			   void *data, size_t len );
+extern void drbg_uninstantiate ( struct drbg_state *state );
+
+#endif /* _IPXE_DRBG_H */