From nobody Tue Feb 10 20:49:08 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+90899+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+90899+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=arm.com
ARC-Seal: i=1; a=rsa-sha256; t=1656530367; cv=none;
	d=zohomail.com; s=zohoarc;
	b=e+vxA8rgeu+mEWVg6nlIWH/3gDEL8UbBDzo5SirzbvG0ErIg4obOBbaJwV3l4agpVWYPFQoozkPmKDqvoGNhQDXZf1x5vLIGmfvkwYH+T8T/iAT5X9YzeX0QdOt9RGTQ86IVf2jZBDEG32gwoJPWPLnGdt3o5ZQDJHIyqJrxiy4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1656530367;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=aXX+3Dn4BaQJBMymn5JgNkPHGli5zexu6Du+8NBjisE=;
	b=H+nOEcWmQeO4BRHKOcgf78zAFaWG20dQSX3gqUd2MdrYff2zKssWDRBG4vZd9gh8TBIWTRIfc57qvg79jCvW8OkChyyZx2K4iezfuUS0xNqeeAR66r1HKfVn3A/NRbFeoVjeAeKsUdmhED16Q2gW1nk5Cb9HKNxCcWcZaH9IqBo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+90899+1787277+3901457@groups.io;
	dmarc=fail header.from=<pierre.gondois@arm.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1656530367466225.83749394709332;
 Wed, 29 Jun 2022 12:19:27 -0700 (PDT)
Return-Path: <bounce+27952+90899+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id KnuAYY1788612xAlkRXjFwf6;
 Wed, 29 Jun 2022 12:19:27 -0700
X-Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web12.15929.1656530366289552746
 for <devel@edk2.groups.io>;
 Wed, 29 Jun 2022 12:19:26 -0700
X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3305714BF;
	Wed, 29 Jun 2022 12:19:26 -0700 (PDT)
X-Received: from pierre123.home (unknown [172.31.20.19])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id F201B3F792;
	Wed, 29 Jun 2022 12:19:23 -0700 (PDT)
From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@arm.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Rebecca Cran <rebecca@bsdio.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [edk2-devel] [PATCH RESEND v1 1/9] MdePkg/DrbgLib: Drbg library
 interface definition
Date: Wed, 29 Jun 2022 21:18:38 +0200
Message-Id: <20220629191848.2619317-2-Pierre.Gondois@arm.com>
In-Reply-To: <20220629191848.2619317-1-Pierre.Gondois@arm.com>
References: <20220629191848.2619317-1-Pierre.Gondois@arm.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com
X-Gm-Message-State: 7UEMlRzAqJm4fVHNmIP8KJC1x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1656530367;
 bh=wEuD5Z+gX9dxghT1S20DOpFatWideF+q1ymvl3b5xA4=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=HYkyCYnMZzDq+1Qzjy4Mx4AlCzXXBrpbUXRPnAVdM/j/p6XyC9TBD57PhHAW1PkfWjO
 DtNFyxMSw5o/B51+gNdnicFNR9Ha3V+UaznkjtNW9t0m7Rccz8QGZ4CEyuERHUYz6omb8
 IUR/CAVryDpIsf4z2iJgtGAbKg0YeORadO8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1656530368207100001
Content-Type: text/plain; charset="utf-8"

From: Pierre Gondois <Pierre.Gondois@arm.com>

The NIST Special Publication 800-90A, 800-90B and 800-90C
details how to implement a Deterministic Random Bits Generator (DRBG).
Add a library interface definition for interacting with a Drbg.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
---
 MdePkg/Include/Library/DrbgLib.h | 172 +++++++++++++++++++++++++++++++
 MdePkg/MdePkg.dec                |   4 +
 2 files changed, 176 insertions(+)
 create mode 100644 MdePkg/Include/Library/DrbgLib.h

diff --git a/MdePkg/Include/Library/DrbgLib.h b/MdePkg/Include/Library/Drbg=
Lib.h
new file mode 100644
index 000000000000..aad46dbec228
--- /dev/null
+++ b/MdePkg/Include/Library/DrbgLib.h
@@ -0,0 +1,172 @@
+/** @file
+  DRBG library.
+
+  Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Reference(s):
+  - [1] NIST Special Publication 800-90A Revision 1, June 2015, Recommenda=
tion
+        for Random Number Generation Using Deterministic Random Bit Genera=
tors.
+        (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
+  - [2] NIST Special Publication 800-90B, Recommendation for the Entropy
+        Sources Used for Random Bit Generation.
+        (https://csrc.nist.gov/publications/detail/sp/800-90b/final)
+  - [3] (Second Draft) NIST Special Publication 800-90C, Recommendation for
+        Random Bit Generator (RBG) Constructions.
+        (https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
+  - [4] NIST Special Publication 800-57 Part 1 Revision 5, May 2020,
+        Recommendation for Key Management:Part 1 - General.
+
+  @par Glossary:
+    - TRNG - True Random Number Generator
+    - Sec  - Security
+    - DRBG - Deterministic Random Bits Generator
+    - CTR  - Counter
+**/
+
+#ifndef DRBG_LIB_H_
+#define DRBG_LIB_H_
+
+/** Drbg Mechanisms.
+*/
+typedef enum {
+  DrbgMechansimHash =3D 0,        ///< Hash (not supported yet)
+  DrbgMechansimHmac,            ///< HMAC (not supported yet)
+  DrbgMechansimCtr,             ///< CTR
+  DrbgMechansimMax              ///< Maximum value.
+} DRBG_MECHANISM;
+
+/** Drbg Entropy sources.
+*/
+typedef enum {
+  /// Cf. [3] s10.3.3.1
+  /// Construction When a Conditioning Function is not Used
+  DrbgEntropyNoCondFn =3D 0,
+  /// Cf. [3] s10.3.3.2 (no supported yet)
+  /// Construction When a Vetted Conditioning Function is Used
+  /// and Full Entropy is Not Required)
+  DrbgEntropyNoFullEntropy,
+  /// Cf. [3] s10.3.3.3 (no supported yet)
+  /// Construction When a Vetted Conditioning Function is Used
+  /// to Obtain Full Entropy Bitstrings
+  DrbgEntropyFullEntropy,
+  /// Maximum value.
+  DrbgEntropyMax
+} DRBG_ENTROPY_SRC;
+
+/** Reseed a DRBG instance.
+
+  Implementation of Reseed_function.
+  Cf. [1] s9.2 'Reseeding a DRBG Instantiation'
+
+  @param  [in] PredResRequest   Indicates whether prediction resistance
+                                is to be provided during the request.
+                                Might not be supported by all Drbgs.
+  @param  [in] AddInput         An optional additional input.
+                                Might not be supported by all Drbgs.
+  @param  [in] AddInputLen      Additional input length (in bits).
+                                Might not be supported by all Drbgs.
+  @param  [in, out] Handle  The Drbg handle.
+
+  @retval EFI_SUCCESS             Success.
+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
+  @retval EFI_OUT_OF_RESOURCES    Out of resources.
+**/
+EFI_STATUS
+EFIAPI
+DrbgReseedFn (
+  IN        BOOLEAN  PredResRequest,
+  IN  CONST CHAR8    *AddInput,
+  IN        UINTN    AddInputLen,
+  IN  OUT   VOID     *Handle
+  );
+
+/** Create a Drbg instance.
+
+  Implementation of Instantiate_function.
+  Cf. [1] s9.1 Instantiating a DRBG
+
+  @param  [in] DrbgMechanism    DRBG mechanism chosen.
+  @param  [in] DrbgEntropySrc   Entropy source chosen.
+  @param  [in] ReqSecStrength   Requested security strength (in bits).
+                                The security strenght granted can be diffe=
rent.
+  @param  [in] PredRes          Prediction resistance flag.
+                                If relevant, instantiate a DRBG that suppo=
rts
+                                prediction resistance.
+                                Might not be supported by all Drbgs.
+  @param  [in] PersStr          Personnalization string.
+                                Might not be supported by all Drbgs.
+  @param  [in] PersStrLen       Personnalization string length (in bits).
+                                Might not be supported by all Drbgs.
+  @param  [out] HandlePtr   Pointer containting the created Drbg handle.
+
+  @retval EFI_SUCCESS             Success.
+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
+  @retval EFI_OUT_OF_RESOURCES    Out of resources.
+**/
+EFI_STATUS
+EFIAPI
+DrbgInstantiateFn (
+  IN        DRBG_MECHANISM    DrbgMechanism,
+  IN        DRBG_ENTROPY_SRC  DrbgEntropySrc,
+  IN        UINTN             ReqSecStrength,
+  IN        BOOLEAN           PredRes,
+  IN  CONST CHAR8             *PersStr,
+  IN        UINTN             PersStrLen,
+  OUT       VOID              **HandlePtr
+  );
+
+/** Generate a random number.
+
+  Implementation of Generate_function.
+  Cf. [1] s9.3.1 The Generate Function
+
+  @param  [in] ReqSecStrength   Requested security strength (in bits).
+                                If the DrbgHandle cannot satisfy the reque=
st,
+                                an error is returned.
+  @param  [in] PredResReq       Request prediction resistance.
+                                If the DrbgHandle cannot satisfy the reque=
st,
+                                an error is returned.
+  @param  [in] AddInput         Additional input.
+                                Might not be supported by all Drbgs.
+  @param  [in] AddInputLen      Additional input length (in bits).
+                                Might not be supported by all Drbgs.
+  @param  [in] ReqNbBits        Number of random bits requested.
+  @param  [in, out] OutBuffer   If success, contains the random bits.
+                                The buffer must be at least ReqNbBits bits
+                                long.
+  @param  [in, out] Handle  The Drbg handle.
+
+  @retval EFI_SUCCESS             Success.
+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
+  @retval EFI_OUT_OF_RESOURCES    Out of resources.
+**/
+EFI_STATUS
+EFIAPI
+DrbgGenerateFn (
+  IN        UINTN    ReqSecStrength,
+  IN        BOOLEAN  PredResReq,
+  IN  CONST CHAR8    *AddInput,
+  IN        UINTN    AddInputLen,
+  IN        UINTN    ReqNbBits,
+  IN  OUT   UINT8    *OutBuffer,
+  IN  OUT   VOID     *Handle
+  );
+
+/** Remove a DRBG instance.
+
+  Implementation of Uninstantiate_function.
+  Cf. [1] s9.4 Removing a DRBG Instantiation
+
+  @param  [in, out] Handle    The Drbg handle.
+
+  @retval EFI_SUCCESS             Success.
+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
+**/
+EFI_STATUS
+EFIAPI
+DrbgUninstantiateFn (
+  IN  OUT VOID  *Handle
+  );
+
+#endif // DRBG_LIB_H_
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 078ae9323ba6..e96f875f1e91 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -284,6 +284,10 @@ [LibraryClasses]
   #
   AesLib|Include/Library/AesLib.h
=20
+  ##  @libraryclass  A library to have a Deterministic Random Bits Generat=
or (DRBG).
+  #
+  DrbgLib|Include/Library/DrbgLib.h
+
 [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
   ##  @libraryclass  Provides services to generate random number.
   #
--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90899): https://edk2.groups.io/g/devel/message/90899
Mute This Topic: https://groups.io/mt/92072284/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-