2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
30 * This mechanism is designed to comply with ANS X9.82 Part 4 (April
31 * 2011 Draft) Section 10. This standard is unfortunately not freely
34 * The chosen RBG design is that of a DRBG with a live entropy source
35 * with no conditioning function. Only a single security strength is
36 * supported. No seedfile is used since there may be no non-volatile
37 * storage available. The system UUID is used as the personalisation
43 #include <ipxe/init.h>
44 #include <ipxe/settings.h>
45 #include <ipxe/uuid.h>
46 #include <ipxe/crypto.h>
47 #include <ipxe/drbg.h>
51 struct random_bit_generator rbg;
56 * @ret rc Return status code
58 * This is the RBG_Startup function defined in ANS X9.82 Part 4 (April
59 * 2011 Draft) Section 9.1.2.2.
61 static int rbg_startup ( void ) {
66 /* Try to obtain system UUID for use as personalisation
67 * string, in accordance with ANS X9.82 Part 3-2007 Section
68 * 8.5.2. If no UUID is available, proceed without a
69 * personalisation string.
71 if ( ( len = fetch_uuid_setting ( NULL, &uuid_setting, &uuid ) ) < 0 ) {
73 DBGC ( &rbg, "RBG could not fetch personalisation string: "
74 "%s\n", strerror ( rc ) );
78 /* Instantiate DRBG */
79 if ( ( rc = drbg_instantiate ( &rbg.state, &uuid, len ) ) != 0 ) {
80 DBGC ( &rbg, "RBG could not instantiate DRBG: %s\n",
92 static void rbg_shutdown ( void ) {
94 /* Uninstantiate DRBG */
95 drbg_uninstantiate ( &rbg.state );
98 /** RBG startup function */
99 static void rbg_startup_fn ( void ) {
101 /* Start up RBG. There is no way to report an error at this
102 * stage, but a failed startup will result in an invalid DRBG
103 * that refuses to generate bits.
108 /** RBG shutdown function */
109 static void rbg_shutdown_fn ( int booting __unused ) {
115 /** RBG startup table entry */
116 struct startup_fn startup_rbg __startup_fn ( STARTUP_NORMAL ) = {
117 .startup = rbg_startup_fn,
118 .shutdown = rbg_shutdown_fn,