We currently perform various min-entropy calculations using build-time
floating-point arithmetic. No floating-point code ends up in the
final binary, since the results are eventually converted to integers
and asserted to be compile-time constants.
Though this mechanism is undoubtedly cute, it inhibits us from using
"-mno-sse" to prevent the use of SSE registers by the compiler.
Fix by using fixed-point arithmetic instead.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
ANS X9.82 Part 4 (April 2011 Draft) Section 13.3.4.2 states that "When
using the derivation function based on a hash function, the output
length of the hash function shall meet or exceed the security strength
indicated by the min_entropy parameter in the Get_entropy_input call",
although this criteria is missing from the pseudocode provided in the
same section.
Add a test for this condition, and upgrade from SHA-1 to SHA-256 since
SHA-1 has an output length of 160 bits, which is insufficient for
generating the (128 * 3/2 = 192) bits required when instantiating the
128-bit strength DRBG.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
ANS X9.82 specifies several Approved Sources of Entropy Input (SEI).
One such SEI uses an entropy source as the Source of Entropy Input,
condensing each entropy source output after each GetEntropy call.
This can be implemented relatively cheaply in iPXE and avoids the need
to allocate potentially very large buffers.
(Note that the terms "entropy source" and "Source of Entropy Input"
are not synonyms within the context of ANS X9.82.)
Use the iPXE API mechanism to allow entropy sources to be selected at
compilation time.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Cryptographic random number generation requires an entropy source,
which is used as the input to a Deterministic Random Bit Generator
(DRBG).
iPXE does not currently have a suitable entropy source. Provide a
dummy source to allow the DRBG code to be implemented.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown