SecurityPkg: Add support for RngDxe on AARCH64
AARCH64 support has been added to BaseRngLib via the optional ARMv8.5 FEAT_RNG. Refactor RngDxe to support AARCH64, note support for it in the VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc. Signed-off-by: Rebecca Cran <rebecca@nuviainc.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
This commit is contained in:
Rebecca Cran
committed by
mergify[bot]
mergify[bot]
parent
9301e5644c
commit
4e5ecdbac8
@@ -1,34 +1,32 @@
|
||||
/** @file
|
||||
RNG Driver to produce the UEFI Random Number Generator protocol.
|
||||
|
||||
The driver will use the new RDRAND instruction to produce high-quality, high-performance
|
||||
entropy and random number.
|
||||
The driver uses CPU RNG instructions to produce high-quality,
|
||||
high-performance entropy and random number.
|
||||
|
||||
RNG Algorithms defined in UEFI 2.4:
|
||||
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
|
||||
(RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
|
||||
- EFI_RNG_ALGORITHM_RAW - Supported
|
||||
(Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
|
||||
- EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
|
||||
- EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
|
||||
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
|
||||
- EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
|
||||
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
|
||||
- EFI_RNG_ALGORITHM_RAW
|
||||
- EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
|
||||
- EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
|
||||
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID
|
||||
- EFI_RNG_ALGORITHM_X9_31_AES_GUID
|
||||
|
||||
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "RdRand.h"
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
#include <Library/TimerLib.h>
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
//
|
||||
// Supported RNG Algorithms list by this driver.
|
||||
//
|
||||
EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
|
||||
EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
|
||||
EFI_RNG_ALGORITHM_RAW
|
||||
};
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
@@ -62,103 +60,20 @@ RngGetInfo (
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
UINTN RequiredSize;
|
||||
|
||||
if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
RequiredSize = sizeof (mSupportedRngAlgorithms);
|
||||
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||
Status = EFI_BUFFER_TOO_SMALL;
|
||||
//
|
||||
// Return algorithm list supported by driver.
|
||||
//
|
||||
if (RNGAlgorithmList != NULL) {
|
||||
Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
|
||||
} else {
|
||||
//
|
||||
// Return algorithm list supported by driver.
|
||||
//
|
||||
if (RNGAlgorithmList != NULL) {
|
||||
CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);
|
||||
Status = EFI_SUCCESS;
|
||||
} else {
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
*RNGAlgorithmListSize = RequiredSize;
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Produces and returns an RNG value using either the default or specified RNG algorithm.
|
||||
|
||||
@param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||
@param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
|
||||
algorithm to use. May be NULL in which case the function will
|
||||
use its default RNG algorithm.
|
||||
@param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
|
||||
RNGValue. The driver shall return exactly this numbers of bytes.
|
||||
@param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
|
||||
resulting RNG value.
|
||||
|
||||
@retval EFI_SUCCESS The RNG value was returned successfully.
|
||||
@retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
|
||||
this driver.
|
||||
@retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
|
||||
firmware error.
|
||||
@retval EFI_NOT_READY There is not enough random data available to satisfy the length
|
||||
requested by RNGValueLength.
|
||||
@retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
RngGetRNG (
|
||||
IN EFI_RNG_PROTOCOL *This,
|
||||
IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
|
||||
IN UINTN RNGValueLength,
|
||||
OUT UINT8 *RNGValue
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
|
||||
if ((RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Status = EFI_UNSUPPORTED;
|
||||
if (RNGAlgorithm == NULL) {
|
||||
//
|
||||
// Use the default RNG algorithm if RNGAlgorithm is NULL.
|
||||
//
|
||||
RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
}
|
||||
|
||||
//
|
||||
// NIST SP800-90-AES-CTR-256 supported by RDRAND
|
||||
//
|
||||
if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
|
||||
Status = RdRandGetBytes (RNGValueLength, RNGValue);
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// The "raw" algorithm is intended to provide entropy directly
|
||||
//
|
||||
if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
|
||||
//
|
||||
// When a DRBG is used on the output of a entropy source,
|
||||
// its security level must be at least 256 bits according to UEFI Spec.
|
||||
//
|
||||
if (RNGValueLength < 32) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// Other algorithms were unsupported by this driver.
|
||||
//
|
||||
return Status;
|
||||
}
|
||||
|
||||
@@ -204,3 +119,44 @@ RngDriverEntry (
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Calls RDRAND to fill a buffer of arbitrary size with random bytes.
|
||||
|
||||
@param[in] Length Size of the buffer, in bytes, to fill with.
|
||||
@param[out] RandBuffer Pointer to the buffer to store the random result.
|
||||
|
||||
@retval EFI_SUCCESS Random bytes generation succeeded.
|
||||
@retval EFI_NOT_READY Failed to request random bytes.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
RngGetBytes (
|
||||
IN UINTN Length,
|
||||
OUT UINT8 *RandBuffer
|
||||
)
|
||||
{
|
||||
BOOLEAN IsRandom;
|
||||
UINT64 TempRand[2];
|
||||
|
||||
while (Length > 0) {
|
||||
IsRandom = GetRandomNumber128 (TempRand);
|
||||
if (!IsRandom) {
|
||||
return EFI_NOT_READY;
|
||||
}
|
||||
if (Length >= sizeof (TempRand)) {
|
||||
WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
|
||||
RandBuffer += sizeof (UINT64);
|
||||
WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
|
||||
RandBuffer += sizeof (UINT64);
|
||||
Length -= sizeof (TempRand);
|
||||
} else {
|
||||
CopyMem (RandBuffer, TempRand, Length);
|
||||
Length = 0;
|
||||
}
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user