[rng] Add ANS X9.82 mandatory start-up tests

ANS X9.82 specifies that the start-up tests shall consist of at least
one full cycle of the continuous tests.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 32 insertions, 0 deletions

diff --git a/src/crypto/entropy.c b/src/crypto/entropy.c
index 47848368..ab574a94 100644
--- a/src/crypto/entropy.c
+++ b/src/crypto/entropy.c
@@ -352,6 +352,31 @@ static int get_entropy ( entropy_sample_t *entropy ) {
 }
 
 /**
+ * Calculate number of samples required for startup tests
+ *
+ * @ret num_samples	Number of samples required
+ *
+ * ANS X9.82 Part 2 (October 2011 Draft) Section 8.5.2.1.5 requires
+ * that at least one full cycle of the continuous tests must be
+ * performed at start-up.
+ */
+static inline __attribute__ (( always_inline )) unsigned int
+startup_test_count ( void ) {
+	unsigned int num_samples;
+
+	/* At least max(N,C) samples shall be generated by the noise
+	 * source for start-up testing.
+	 */
+	num_samples = repetition_count_cutoff();
+	if ( num_samples < adaptive_proportion_cutoff() )
+		num_samples = adaptive_proportion_cutoff();
+	linker_assert ( __builtin_constant_p ( num_samples ),
+			startup_test_count_not_constant );
+
+	return num_samples;
+}
+
+/**
  * Create next nonce value
  *
  * @ret nonce		Nonce
@@ -387,6 +412,7 @@ static uint32_t make_next_nonce ( void ) {
  */
 int get_entropy_input_tmp ( unsigned int num_samples, uint8_t *tmp,
 			    size_t tmp_len ) {
+	static unsigned int startup_tested = 0;
 	struct {
 		uint32_t nonce;
 		entropy_sample_t sample;
@@ -398,6 +424,12 @@ int get_entropy_input_tmp ( unsigned int num_samples, uint8_t *tmp,
 	/* Enable entropy gathering */
 	entropy_enable();
 
+	/* Perform mandatory startup tests, if not yet performed */
+	for ( ; startup_tested < startup_test_count() ; startup_tested++ ) {
+		if ( ( rc = get_entropy ( &data.sample ) ) != 0 )
+			goto err_get_entropy;
+	}
+
 	/* 3.  entropy_total = 0
 	 *
 	 * (Nothing to do; the number of entropy samples required has