sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Add support for RngDxe on AARCH64

Browse Source 
AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.

Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.

Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
This commit is contained in:
Rebecca Cran
2021-05-10 15:53:08 -06:00
committed by mergify[bot]
parent 9301e5644c
commit 4e5ecdbac8
11 changed files with 481 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

298
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c Normal file
View File

@@ -0,0 +1,298 @@
/** @file
Core Primitive Implementation of the Advanced Encryption Standard (AES) algorithm.
Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm
description of AES.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "AesCore.h"
//
// Number of columns (32-bit words) comprising the State.
// AES_NB is a constant (value = 4) for NIST FIPS-197.
//
#define AES_NB 4
//
// Pre-computed AES Forward Table: AesForwardTable[t] = AES_SBOX[t].[02, 01, 01, 03]
// AES_SBOX (AES S-box) is defined in sec 5.1.1 of FIPS PUB 197.
// This is to speed up execution of the cipher by combining SubBytes and
// ShiftRows with MixColumns steps and transforming them into table lookups.
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = {
0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd,
0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,
0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7,
0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4,
0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1,
0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e,
0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e,
0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46,
0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7,
0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe,
0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a,
0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2,
0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e,
0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256,
0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4,
0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa,
0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1,
0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42,
0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158,
0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22,
0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631,
0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
};
//
// Round constant word array used in AES key expansion.
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000
};
//
// Rotates x right n bits (circular right shift operation)
//
#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n))))
//
// Loading & Storing 32-bit words in big-endian format: y[3..0] --> x; x --> y[3..0];
//
#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \
((UINT32)((y)[2] & 0xFF) << 8) | ((UINT32)((y)[3] & 0xFF)); }
#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \
(y)[2] = (UINT8)(((x) >> 8) & 0xFF); (y)[3] = (UINT8)((x) & 0xFF); }
//
// Wrap macros for AES forward tables lookups
//
#define AES_FT0(x) AesForwardTable[x]
#define AES_FT1(x) ROTATE_RIGHT32(AesForwardTable[x], 8)
#define AES_FT2(x) ROTATE_RIGHT32(AesForwardTable[x], 16)
#define AES_FT3(x) ROTATE_RIGHT32(AesForwardTable[x], 24)
///
/// AES Key Schedule which is expanded from symmetric key [Size 60 = 4 * ((Max AES Round, 14) + 1)].
///
typedef struct {
UINTN Nk; // Number of Cipher Key (in 32-bit words);
UINT32 EncKey[60]; // Expanded AES encryption key
UINT32 DecKey[60]; // Expanded AES decryption key (Not used here)
} AES_KEY;
/**
AES Key Expansion.
This function expands the cipher key into encryption schedule.
@param[in] Key AES symmetric key buffer.
@param[in] KeyLenInBits Key length in bits (128, 192, or 256).
@param[out] AesKey Expanded AES Key schedule for encryption.
@retval EFI_SUCCESS AES key expansion succeeded.
@retval EFI_INVALID_PARAMETER Unsupported key length.
**/
EFI_STATUS
EFIAPI
AesExpandKey (
IN UINT8 *Key,
IN UINTN KeyLenInBits,
OUT AES_KEY *AesKey
)
{
UINTN Nk;
UINTN Nr;
UINTN Nw;
UINTN Index1;
UINTN Index2;
UINTN Index3;
UINT32 *Ek;
UINT32 Temp;
//
// Nk - Number of 32-bit words comprising the cipher key. (Nk = 4, 6 or 8)
// Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size.
//
Nk = KeyLenInBits >> 5;
if (Nk != 4 && Nk != 6 && Nk != 8) {
return EFI_INVALID_PARAMETER;
}
Nr = Nk + 6;
Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words
AesKey->Nk = Nk;
//
// Load initial symmetric AES key;
// Note that AES was designed on big-endian systems.
//
Ek = AesKey->EncKey;
for (Index1 = Index2 = 0; Index1 < Nk; Index1++, Index2 += 4) {
LOAD32H (Ek[Index1], Key + Index2);
}
//
// Initialize the encryption key scheduler
//
for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) {
Temp = Ek[Index2 - 1];
Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) ^
(AES_FT3((Temp >> 8) & 0xFF) & 0x00FF0000) ^
(AES_FT0((Temp) & 0xFF) & 0x0000FF00) ^
(AES_FT1((Temp >> 24) & 0xFF) & 0x000000FF) ^
Rcon[Index3];
if (Nk <= 6) {
//
// If AES Cipher Key is 128 or 192 bits
//
for (Index1 = 1; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) {
Ek [Index1 + Index2] = Ek [Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];
}
} else {
//
// Different routine for key expansion If Cipher Key is 256 bits,
//
for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) {
Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];
}
if (Index2 + 4 < Nw) {
Temp = Ek[Index2 + 3];
Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 0xFF000000) ^
(AES_FT3((Temp >> 16) & 0xFF) & 0x00FF0000) ^
(AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^
(AES_FT1((Temp) & 0xFF) & 0x000000FF);
}
for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) {
Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];
}
}
}
return EFI_SUCCESS;
}
/**
Encrypts one single block data (128 bits) with AES algorithm.
@param[in] Key AES symmetric key buffer.
@param[in] InData One block of input plaintext to be encrypted.
@param[out] OutData Encrypted output ciphertext.
@retval EFI_SUCCESS AES Block Encryption succeeded.
@retval EFI_INVALID_PARAMETER One or more parameters are invalid.
**/
EFI_STATUS
EFIAPI
AesEncrypt (
IN UINT8 *Key,
IN UINT8 *InData,
OUT UINT8 *OutData
)
{
AES_KEY AesKey;
UINTN Nr;
UINT32 *Ek;
UINT32 State[4];
UINT32 TempState[4];
UINT32 *StateX;
UINT32 *StateY;
UINT32 *Temp;
UINTN Index;
UINTN NbIndex;
UINTN Round;
if ((Key == NULL) || (InData == NULL) || (OutData == NULL)) {
return EFI_INVALID_PARAMETER;
}
//
// Expands AES Key for encryption.
//
AesExpandKey (Key, 128, &AesKey);
Nr = AesKey.Nk + 6;
Ek = AesKey.EncKey;
//
// Initialize the cipher State array with the initial round key
//
for (Index = 0; Index < AES_NB; Index++) {
LOAD32H (State[Index], InData + 4 * Index);
State[Index] ^= Ek[Index];
}
NbIndex = AES_NB;
StateX = State;
StateY = TempState;
//
// AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(),
// ShiftRows() and MixColumns() operations were combined by a sequence of
// table lookups to speed up the execution.
//
for (Round = 1; Round < Nr; Round++) {
StateY[0] = AES_FT0 ((StateX[0] >> 24) ) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^
AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3] ) & 0xFF) ^ Ek[NbIndex];
StateY[1] = AES_FT0 ((StateX[1] >> 24) ) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^
AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0] ) & 0xFF) ^ Ek[NbIndex + 1];
StateY[2] = AES_FT0 ((StateX[2] >> 24) ) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^
AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1] ) & 0xFF) ^ Ek[NbIndex + 2];
StateY[3] = AES_FT0 ((StateX[3] >> 24) ) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^
AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2] ) & 0xFF) ^ Ek[NbIndex + 3];
NbIndex += 4;
Temp = StateX; StateX = StateY; StateY = Temp;
}
//
// Apply the final round, which does not include MixColumns() transformation
//
StateY[0] = (AES_FT2 ((StateX[0] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^
(AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3] ) & 0xFF) & 0x000000FF) ^
Ek[NbIndex];
StateY[1] = (AES_FT2 ((StateX[1] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^
(AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0] ) & 0xFF) & 0x000000FF) ^
Ek[NbIndex + 1];
StateY[2] = (AES_FT2 ((StateX[2] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^
(AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1] ) & 0xFF) & 0x000000FF) ^
Ek[NbIndex + 2];
StateY[3] = (AES_FT2 ((StateX[3] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^
(AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2] ) & 0xFF) & 0x000000FF) ^
Ek[NbIndex + 3];
//
// Output the transformed result;
//
for (Index = 0; Index < AES_NB; Index++) {
STORE32H (StateY[Index], OutData + 4 * Index);
}
return EFI_SUCCESS;
}

31
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h Normal file
View File

@@ -0,0 +1,31 @@
/** @file
Function prototype for AES Block Cipher support.
Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __AES_CORE_H__
#define __AES_CORE_H__
/**
Encrypts one single block data (128 bits) with AES algorithm.
@param[in] Key AES symmetric key buffer.
@param[in] InData One block of input plaintext to be encrypted.
@param[out] OutData Encrypted output ciphertext.
@retval EFI_SUCCESS AES Block Encryption succeeded.
@retval EFI_INVALID_PARAMETER One or more parameters are invalid.
**/
EFI_STATUS
EFIAPI
AesEncrypt (
IN UINT8 *Key,
IN UINT8 *InData,
OUT UINT8 *OutData
);
#endif // __AES_CORE_H__

128
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c Normal file
View File

@@ -0,0 +1,128 @@
/** @file
Support routines for RDRAND instruction access.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/RngLib.h>
#include "AesCore.h"
#include "RdRand.h"
#include "RngDxeInternals.h"
/**
Creates a 128bit random value that is fully forward and backward prediction resistant,
suitable for seeding a NIST SP800-90 Compliant, FIPS 1402-2 certifiable SW DRBG.
This function takes multiple random numbers through RDRAND without intervening
delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the
seed value.
@param[out] SeedBuffer Pointer to a 128bit buffer to store the random seed.
@retval EFI_SUCCESS Random seed generation succeeded.
@retval EFI_NOT_READY Failed to request random bytes.
**/
EFI_STATUS
EFIAPI
RdRandGetSeed128 (
OUT UINT8 *SeedBuffer
)
{
EFI_STATUS Status;
UINT8 RandByte[16];
UINT8 Key[16];
UINT8 Ffv[16];
UINT8 Xored[16];
UINT32 Index;
UINT32 Index2;
//
// Chose an arbitrary key and zero the feed_forward_value (FFV)
//
for (Index = 0; Index < 16; Index++) {
Key[Index] = (UINT8) Index;
Ffv[Index] = 0;
}
//
// Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value
// The 10us gaps will ensure multiple reseeds within the HW RNG with a large design margin.
//
for (Index = 0; Index < 32; Index++) {
MicroSecondDelay (10);
Status = RngGetBytes (16, RandByte);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Perform XOR operations on two 128-bit value.
//
for (Index2 = 0; Index2 < 16; Index2++) {
Xored[Index2] = RandByte[Index2] ^ Ffv[Index2];
}
AesEncrypt (Key, Xored, Ffv);
}
for (Index = 0; Index < 16; Index++) {
SeedBuffer[Index] = Ffv[Index];
}
return EFI_SUCCESS;
}
/**
Generate high-quality entropy source through RDRAND.
@param[in] Length Size of the buffer, in bytes, to fill with.
@param[out] Entropy Pointer to the buffer to store the entropy data.
@retval EFI_SUCCESS Entropy generation succeeded.
@retval EFI_NOT_READY Failed to request random data.
**/
EFI_STATUS
EFIAPI
RdRandGenerateEntropy (
IN UINTN Length,
OUT UINT8 *Entropy
)
{
EFI_STATUS Status;
UINTN BlockCount;
UINT8 Seed[16];
UINT8 *Ptr;
Status = EFI_NOT_READY;
BlockCount = Length / 16;
Ptr = (UINT8 *)Entropy;
//
// Generate high-quality seed for DRBG Entropy
//
while (BlockCount > 0) {
Status = RdRandGetSeed128 (Seed);
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, 16);
BlockCount--;
Ptr = Ptr + 16;
}
//
// Populate the remained data as request.
//
Status = RdRandGetSeed128 (Seed);
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, (Length % 16));
return Status;
}

43
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h Normal file
View File

@@ -0,0 +1,43 @@
/** @file
Header for the RDRAND APIs used by RNG DXE driver.
Support API definitions for RDRAND instruction access, which will leverage
Intel Secure Key technology to provide high-quality random numbers for use
in applications, or entropy for seeding other random number generators.
Refer to http://software.intel.com/en-us/articles/intel-digital-random-number
-generator-drng-software-implementation-guide/ for more information about Intel
Secure Key technology.
Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __RD_RAND_H__
#define __RD_RAND_H__
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/TimerLib.h>
#include <Protocol/Rng.h>
/**
Generate high-quality entropy source through RDRAND.
@param[in] Length Size of the buffer, in bytes, to fill with.
@param[out] Entropy Pointer to the buffer to store the entropy data.
@retval EFI_SUCCESS Entropy generation succeeded.
@retval EFI_NOT_READY Failed to request random data.
**/
EFI_STATUS
EFIAPI
RdRandGenerateEntropy (
IN UINTN Length,
OUT UINT8 *Entropy
);
#endif // __RD_RAND_H__

145
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c Normal file
View File

@@ -0,0 +1,145 @@
/** @file
RNG Driver to produce the UEFI Random Number Generator protocol.
The driver will use the new RDRAND instruction to produce high-quality, high-performance
entropy and random number.
RNG Algorithms defined in UEFI 2.4:
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
(RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
- EFI_RNG_ALGORITHM_RAW - Supported
(Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
- EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
- EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
- EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "RdRand.h"
#include "RngDxeInternals.h"
/**
Produces and returns an RNG value using either the default or specified RNG algorithm.
@param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
@param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
algorithm to use. May be NULL in which case the function will
use its default RNG algorithm.
@param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
RNGValue. The driver shall return exactly this numbers of bytes.
@param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
resulting RNG value.
@retval EFI_SUCCESS The RNG value was returned successfully.
@retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
this driver.
@retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
firmware error.
@retval EFI_NOT_READY There is not enough random data available to satisfy the length
requested by RNGValueLength.
@retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
**/
EFI_STATUS
EFIAPI
RngGetRNG (
IN EFI_RNG_PROTOCOL *This,
IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
IN UINTN RNGValueLength,
OUT UINT8 *RNGValue
)
{
EFI_STATUS Status;
if ((RNGValueLength == 0) || (RNGValue == NULL)) {
return EFI_INVALID_PARAMETER;
}
Status = EFI_UNSUPPORTED;
if (RNGAlgorithm == NULL) {
//
// Use the default RNG algorithm if RNGAlgorithm is NULL.
//
RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
}
//
// NIST SP800-90-AES-CTR-256 supported by RDRAND
//
if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
Status = RngGetBytes (RNGValueLength, RNGValue);
return Status;
}
//
// The "raw" algorithm is intended to provide entropy directly
//
if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
//
// When a DRBG is used on the output of a entropy source,
// its security level must be at least 256 bits according to UEFI Spec.
//
if (RNGValueLength < 32) {
return EFI_INVALID_PARAMETER;
}
Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
return Status;
}
//
// Other algorithms were unsupported by this driver.
//
return Status;
}
/**
Returns information about the random number generation implementation.
@param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
On output with a return code of EFI_SUCCESS, the size
in bytes of the data returned in RNGAlgorithmList. On output
with a return code of EFI_BUFFER_TOO_SMALL,
the size of RNGAlgorithmList required to obtain the list.
@param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
with one EFI_RNG_ALGORITHM element for each supported
RNG algorithm. The list must not change across multiple
calls to the same driver. The first algorithm in the list
is the default algorithm for the driver.
@retval EFI_SUCCESS The RNG algorithm list was returned successfully.
@retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
**/
UINTN
EFIAPI
ArchGetSupportedRngAlgorithms (
IN OUT UINTN *RNGAlgorithmListSize,
OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
)
{
UINTN RequiredSize;
EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
if (*RNGAlgorithmListSize < RequiredSize) {
*RNGAlgorithmListSize = RequiredSize;
return EFI_BUFFER_TOO_SMALL;
}
CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
// x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));
*RNGAlgorithmListSize = RequiredSize;
return EFI_SUCCESS;
}