SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c

   1 /** @file
   2   Support routines for RDRAND instruction access.
   3
   4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
   5 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
   6 SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9 #include <Library/RngLib.h>
  10
  11 #include "AesCore.h"
  12 #include "RdRand.h"
  13 #include "RngDxeInternals.h"
  14
  15 /**
  16   Creates a 128bit random value that is fully forward and backward prediction resistant,
  17   suitable for seeding a NIST SP800-90 Compliant, FIPS 1402-2 certifiable SW DRBG.
  18   This function takes multiple random numbers through RDRAND without intervening
  19   delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the
  20   seed value.
  21
  22   @param[out]  SeedBuffer    Pointer to a 128bit buffer to store the random seed.
  23
  24   @retval EFI_SUCCESS        Random seed generation succeeded.
  25   @retval EFI_NOT_READY      Failed to request random bytes.
  26
  27 **/
  28 EFI_STATUS
  29 EFIAPI
  30 RdRandGetSeed128 (
  31   OUT UINT8        *SeedBuffer
  32   )
  33 {
  34   EFI_STATUS  Status;
  35   UINT8       RandByte[16];
  36   UINT8       Key[16];
  37   UINT8       Ffv[16];
  38   UINT8       Xored[16];
  39   UINT32      Index;
  40   UINT32      Index2;
  41
  42   //
  43   // Chose an arbitrary key and zero the feed_forward_value (FFV)
  44   //
  45   for (Index = 0; Index < 16; Index++) {
  46     Key[Index] = (UINT8) Index;
  47     Ffv[Index] = 0;
  48   }
  49
  50   //
  51   // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value
  52   // The 10us gaps will ensure multiple reseeds within the HW RNG with a large design margin.
  53   //
  54   for (Index = 0; Index < 32; Index++) {
  55     MicroSecondDelay (10);
  56     Status = RngGetBytes (16, RandByte);
  57     if (EFI_ERROR (Status)) {
  58       return Status;
  59     }
  60
  61     //
  62     // Perform XOR operations on two 128-bit value.
  63     //
  64     for (Index2 = 0; Index2 < 16; Index2++) {
  65       Xored[Index2] = RandByte[Index2] ^ Ffv[Index2];
  66     }
  67
  68     AesEncrypt (Key, Xored, Ffv);
  69   }
  70
  71   for (Index = 0; Index < 16; Index++) {
  72     SeedBuffer[Index] = Ffv[Index];
  73   }
  74
  75   return EFI_SUCCESS;
  76 }
  77
  78 /**
  79   Generate high-quality entropy source through RDRAND.
  80
  81   @param[in]   Length        Size of the buffer, in bytes, to fill with.
  82   @param[out]  Entropy       Pointer to the buffer to store the entropy data.
  83
  84   @retval EFI_SUCCESS        Entropy generation succeeded.
  85   @retval EFI_NOT_READY      Failed to request random data.
  86
  87 **/
  88 EFI_STATUS
  89 EFIAPI
  90 RdRandGenerateEntropy (
  91   IN UINTN         Length,
  92   OUT UINT8        *Entropy
  93   )
  94 {
  95   EFI_STATUS  Status;
  96   UINTN       BlockCount;
  97   UINT8       Seed[16];
  98   UINT8       *Ptr;
  99
 100   Status     = EFI_NOT_READY;
 101   BlockCount = Length / 16;
 102   Ptr        = (UINT8 *)Entropy;
 103
 104   //
 105   // Generate high-quality seed for DRBG Entropy
 106   //
 107   while (BlockCount > 0) {
 108     Status = RdRandGetSeed128 (Seed);
 109     if (EFI_ERROR (Status)) {
 110       return Status;
 111     }
 112     CopyMem (Ptr, Seed, 16);
 113
 114     BlockCount--;
 115     Ptr = Ptr + 16;
 116   }
 117
 118   //
 119   // Populate the remained data as request.
 120   //
 121   Status = RdRandGetSeed128 (Seed);
 122   if (EFI_ERROR (Status)) {
 123     return Status;
 124   }
 125   CopyMem (Ptr, Seed, (Length % 16));
 126
 127   return Status;
 128 }