summaryrefslogtreecommitdiffstats
path: root/src/include/ipxe/entropy.h
Commit message (Collapse)AuthorAgeFilesLines
* [efi] Add EFI entropy sourceMichael Brown2015-04-141-0/+1
| | | | | Originally-implemented-by: Jarrod Johnson <jbjohnso@us.ibm.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [legal] Relicense files under GPL2_OR_LATER_OR_UBDLMichael Brown2015-03-021-1/+1
| | | | | | | Relicense files for which I am the sole author (as identified by util/relicense.pl). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Add Linux entropy source using /dev/randomMichael Brown2012-03-181-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Allow entropy_enable() to return an errorMichael Brown2012-03-181-1/+2
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Use SHA-256 for Hash_df, and validate the hash function strengthMichael Brown2012-03-061-5/+12
| | | | | | | | | | | | | | | | ANS X9.82 Part 4 (April 2011 Draft) Section 13.3.4.2 states that "When using the derivation function based on a hash function, the output length of the hash function shall meet or exceed the security strength indicated by the min_entropy parameter in the Get_entropy_input call", although this criteria is missing from the pseudocode provided in the same section. Add a test for this condition, and upgrade from SHA-1 to SHA-256 since SHA-1 has an output length of 160 bits, which is insufficient for generating the (128 * 3/2 = 192) bits required when instantiating the 128-bit strength DRBG. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Allow hash_df() to accept multiple underlying hash algorithmsMichael Brown2012-03-061-1/+12
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Add ANS X9.82 Approved Source of Entropy InputMichael Brown2012-02-211-47/+161
| | | | | | | | | | | | | | | | ANS X9.82 specifies several Approved Sources of Entropy Input (SEI). One such SEI uses an entropy source as the Source of Entropy Input, condensing each entropy source output after each GetEntropy call. This can be implemented relatively cheaply in iPXE and avoids the need to allocate potentially very large buffers. (Note that the terms "entropy source" and "Source of Entropy Input" are not synonyms within the context of ANS X9.82.) Use the iPXE API mechanism to allow entropy sources to be selected at compilation time. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Add dummy entropy sourceMichael Brown2012-01-231-0/+90
Cryptographic random number generation requires an entropy source, which is used as the input to a Deterministic Random Bit Generator (DRBG). iPXE does not currently have a suitable entropy source. Provide a dummy source to allow the DRBG code to be implemented. Signed-off-by: Michael Brown <mcb30@ipxe.org>
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-07 03:25:03 +0100