[mirror_edk2.git] / CryptoPkg / Library / OpensslLib / rand_pool.c

/** @file\r
  OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI.\r
  The file implement these functions.\r
\r
  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "crypto/rand.h"\r
#include <openssl/aes.h>\r
\r
#include <Uefi.h>\r
#include <Library/RngLib.h>\r
\r
/**\r
  Calls RandomNumber64 to fill\r
  a buffer of arbitrary size with random bytes.\r
  This is a shim layer to RngLib.\r
\r
  @param[in]   Length        Size of the buffer, in bytes,  to fill with.\r
  @param[out]  RandBuffer    Pointer to the buffer to store the random result.\r
\r
  @retval TRUE        Random bytes generation succeeded.\r
  @retval FALSE       Failed to request random bytes.\r
\r
**/\r
STATIC\r
BOOLEAN\r
EFIAPI\r
RandGetBytes (\r
  IN UINTN   Length,\r
  OUT UINT8  *RandBuffer\r
  )\r
{\r
  BOOLEAN  Ret;\r
  UINT64   TempRand;\r
\r
  Ret = FALSE;\r
\r
  if (RandBuffer == NULL) {\r
    DEBUG ((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No random numbers are generated and your system is not secure\n"));\r
    ASSERT (RandBuffer != NULL); // Since we can't generate random numbers, we should assert. Otherwise we will just blow up later.\r
    return Ret;\r
  }\r
\r
  while (Length > 0) {\r
    // Use RngLib to get random number\r
    Ret = GetRandomNumber64 (&TempRand);\r
\r
    if (!Ret) {\r
      return Ret;\r
    }\r
\r
    if (Length >= sizeof (TempRand)) {\r
      *((UINT64 *)RandBuffer) = TempRand;\r
      RandBuffer             += sizeof (UINT64);\r
      Length                 -= sizeof (TempRand);\r
    } else {\r
      CopyMem (RandBuffer, &TempRand, Length);\r
      Length = 0;\r
    }\r
  }\r
\r
  return Ret;\r
}\r
\r
/*\r
 * Add random bytes to the pool to acquire requested amount of entropy\r
 *\r
 * This function is platform specific and tries to acquire the requested\r
 * amount of entropy by polling platform specific entropy sources.\r
 *\r
 * This is OpenSSL required interface.\r
 */\r
size_t\r
rand_pool_acquire_entropy (\r
  RAND_POOL  *pool\r
  )\r
{\r
  BOOLEAN        Ret;\r
  size_t         Bytes_needed;\r
  unsigned char  *Buffer;\r
\r
  Bytes_needed = rand_pool_bytes_needed (pool, 1 /*entropy_factor*/);\r
  if (Bytes_needed > 0) {\r
    Buffer = rand_pool_add_begin (pool, Bytes_needed);\r
\r
    if (Buffer != NULL) {\r
      Ret = RandGetBytes (Bytes_needed, Buffer);\r
      if (FALSE == Ret) {\r
        rand_pool_add_end (pool, 0, 0);\r
      } else {\r
        rand_pool_add_end (pool, Bytes_needed, 8 * Bytes_needed);\r
      }\r
    }\r
  }\r
\r
  return rand_pool_entropy_available (pool);\r
}\r
\r
/*\r
 * Implementation for UEFI\r
 *\r
 * This is OpenSSL required interface.\r
 */\r
int\r
rand_pool_add_nonce_data (\r
  RAND_POOL  *pool\r
  )\r
{\r
  UINT8  data[16];\r
\r
  RandGetBytes (sizeof (data), data);\r
\r
  return rand_pool_add (pool, (unsigned char *)&data, sizeof (data), 0);\r
}\r
\r
/*\r
 * Implementation for UEFI\r
 *\r
 * This is OpenSSL required interface.\r
 */\r
int\r
rand_pool_add_additional_data (\r
  RAND_POOL  *pool\r
  )\r
{\r
  UINT8  data[16];\r
\r
  RandGetBytes (sizeof (data), data);\r
\r
  return rand_pool_add (pool, (unsigned char *)&data, sizeof (data), 0);\r
}\r
\r
/*\r
 * Dummy Implementation for UEFI\r
 *\r
 * This is OpenSSL required interface.\r
 */\r
int\r
rand_pool_init (\r
  VOID\r
  )\r
{\r
  return 1;\r
}\r
\r
/*\r
 * Dummy Implementation for UEFI\r
 *\r
 * This is OpenSSL required interface.\r
 */\r
VOID\r
rand_pool_cleanup (\r
  VOID\r
  )\r
{\r
}\r
\r
/*\r
 * Dummy Implementation for UEFI\r
 *\r
 * This is OpenSSL required interface.\r
 */\r
VOID\r
rand_pool_keep_random_devices_open (\r
  int  keep\r
  )\r
{\r
}\r
Commit	Line	Data
b7396789 XL	1	/** @file\r
	2	OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI.\r
	3	The file implement these functions.\r
	4	\r
b5701a4c MC	5	Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
b5701a4c MC	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
b7396789 XL	7	\r
	8	**/\r
	9	\r
8c30327d	10	#include "crypto/rand.h"\r
b7396789 XL	11	#include <openssl/aes.h>\r
	12	\r
	13	#include <Uefi.h>\r
b5701a4c	14	#include <Library/RngLib.h>\r
b7396789 XL	15	\r
	16	/**\r
	17	Calls RandomNumber64 to fill\r
	18	a buffer of arbitrary size with random bytes.\r
b5701a4c	19	This is a shim layer to RngLib.\r
b7396789 XL	20	\r
	21	@param[in] Length Size of the buffer, in bytes, to fill with.\r
	22	@param[out] RandBuffer Pointer to the buffer to store the random result.\r
	23	\r
b5701a4c MC	24	@retval TRUE Random bytes generation succeeded.\r
b5701a4c MC	25	@retval FALSE Failed to request random bytes.\r
b7396789 XL	26	\r
	27	**/\r
	28	STATIC\r
	29	BOOLEAN\r
	30	EFIAPI\r
	31	RandGetBytes (\r
7c342378 MK	32	IN UINTN Length,\r
7c342378 MK	33	OUT UINT8 *RandBuffer\r
b7396789 XL	34	)\r
b7396789 XL	35	{\r
7c342378 MK	36	BOOLEAN Ret;\r
7c342378 MK	37	UINT64 TempRand;\r
b7396789 XL	38	\r
	39	Ret = FALSE;\r
	40	\r
b5701a4c	41	if (RandBuffer == NULL) {\r
7c342378	42	DEBUG ((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No random numbers are generated and your system is not secure\n"));\r
b5701a4c MC	43	ASSERT (RandBuffer != NULL); // Since we can't generate random numbers, we should assert. Otherwise we will just blow up later.\r
	44	return Ret;\r
	45	}\r
	46	\r
b7396789	47	while (Length > 0) {\r
b5701a4c MC	48	// Use RngLib to get random number\r
	49	Ret = GetRandomNumber64 (&TempRand);\r
	50	\r
b7396789 XL	51	if (!Ret) {\r
	52	return Ret;\r
	53	}\r
7c342378	54	\r
b7396789	55	if (Length >= sizeof (TempRand)) {\r
7c342378 MK	56	((UINT64 )RandBuffer) = TempRand;\r
	57	RandBuffer += sizeof (UINT64);\r
	58	Length -= sizeof (TempRand);\r
	59	} else {\r
b7396789 XL	60	CopyMem (RandBuffer, &TempRand, Length);\r
	61	Length = 0;\r
	62	}\r
	63	}\r
	64	\r
	65	return Ret;\r
	66	}\r
	67	\r
b7396789 XL	68	/*\r
	69	* Add random bytes to the pool to acquire requested amount of entropy\r
	70	*\r
	71	* This function is platform specific and tries to acquire the requested\r
	72	* amount of entropy by polling platform specific entropy sources.\r
	73	*\r
	74	* This is OpenSSL required interface.\r
	75	*/\r
b5701a4c MC	76	size_t\r
b5701a4c MC	77	rand_pool_acquire_entropy (\r
7c342378	78	RAND_POOL *pool\r
b5701a4c	79	)\r
b7396789	80	{\r
b5701a4c MC	81	BOOLEAN Ret;\r
b5701a4c MC	82	size_t Bytes_needed;\r
7c342378	83	unsigned char *Buffer;\r
b7396789	84	\r
b5701a4c MC	85	Bytes_needed = rand_pool_bytes_needed (pool, 1 /entropy_factor/);\r
	86	if (Bytes_needed > 0) {\r
	87	Buffer = rand_pool_add_begin (pool, Bytes_needed);\r
b7396789	88	\r
b5701a4c MC	89	if (Buffer != NULL) {\r
b5701a4c MC	90	Ret = RandGetBytes (Bytes_needed, Buffer);\r
b7396789	91	if (FALSE == Ret) {\r
b5701a4c	92	rand_pool_add_end (pool, 0, 0);\r
7c342378	93	} else {\r
b5701a4c	94	rand_pool_add_end (pool, Bytes_needed, 8 * Bytes_needed);\r
b7396789 XL	95	}\r
	96	}\r
	97	}\r
	98	\r
b5701a4c	99	return rand_pool_entropy_available (pool);\r
b7396789 XL	100	}\r
	101	\r
	102	/*\r
	103	* Implementation for UEFI\r
	104	*\r
	105	* This is OpenSSL required interface.\r
	106	*/\r
b5701a4c MC	107	int\r
b5701a4c MC	108	rand_pool_add_nonce_data (\r
7c342378	109	RAND_POOL *pool\r
b5701a4c	110	)\r
b7396789	111	{\r
7c342378 MK	112	UINT8 data[16];\r
	113	\r
	114	RandGetBytes (sizeof (data), data);\r
b7396789	115	\r
7c342378	116	return rand_pool_add (pool, (unsigned char *)&data, sizeof (data), 0);\r
b7396789 XL	117	}\r
	118	\r
	119	/*\r
	120	* Implementation for UEFI\r
	121	*\r
	122	* This is OpenSSL required interface.\r
	123	*/\r
b5701a4c MC	124	int\r
b5701a4c MC	125	rand_pool_add_additional_data (\r
7c342378	126	RAND_POOL *pool\r
b5701a4c	127	)\r
b7396789	128	{\r
7c342378 MK	129	UINT8 data[16];\r
	130	\r
	131	RandGetBytes (sizeof (data), data);\r
b7396789	132	\r
7c342378	133	return rand_pool_add (pool, (unsigned char *)&data, sizeof (data), 0);\r
b7396789 XL	134	}\r
	135	\r
	136	/*\r
7aa8af45	137	* Dummy Implementation for UEFI\r
b7396789 XL	138	*\r
	139	* This is OpenSSL required interface.\r
	140	*/\r
b5701a4c MC	141	int\r
	142	rand_pool_init (\r
	143	VOID\r
	144	)\r
b7396789 XL	145	{\r
	146	return 1;\r
	147	}\r
	148	\r
	149	/*\r
7aa8af45	150	* Dummy Implementation for UEFI\r
b7396789 XL	151	*\r
	152	* This is OpenSSL required interface.\r
	153	*/\r
b5701a4c	154	VOID\r
7c342378	155	rand_pool_cleanup (\r
b5701a4c MC	156	VOID\r
b5701a4c MC	157	)\r
b7396789 XL	158	{\r
	159	}\r
	160	\r
	161	/*\r
7aa8af45	162	* Dummy Implementation for UEFI\r
b7396789 XL	163	*\r
	164	* This is OpenSSL required interface.\r
	165	*/\r
b5701a4c MC	166	VOID\r
b5701a4c MC	167	rand_pool_keep_random_devices_open (\r
7c342378	168	int keep\r
b5701a4c	169	)\r
b7396789 XL	170	{\r
b7396789 XL	171	}\r