--- /dev/null
+/** @file\r
+ RNG Driver to produce the UEFI Random Number Generator protocol.\r
+\r
+ The driver will use the RNDR instruction to produce random numbers.\r
+\r
+ RNG Algorithms defined in UEFI 2.4:\r
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID\r
+ - EFI_RNG_ALGORITHM_RAW - Unsupported\r
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID\r
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID\r
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported\r
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported\r
+\r
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>\r
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/TimerLib.h>\r
+#include <Protocol/Rng.h>\r
+\r
+#include "RngDxeInternals.h"\r
+\r
+/**\r
+ Produces and returns an RNG value using either the default or specified RNG algorithm.\r
+\r
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.\r
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG\r
+ algorithm to use. May be NULL in which case the function will\r
+ use its default RNG algorithm.\r
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by\r
+ RNGValue. The driver shall return exactly this numbers of bytes.\r
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the\r
+ resulting RNG value.\r
+\r
+ @retval EFI_SUCCESS The RNG value was returned successfully.\r
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by\r
+ this driver.\r
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or\r
+ firmware error.\r
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length\r
+ requested by RNGValueLength.\r
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RngGetRNG (\r
+ IN EFI_RNG_PROTOCOL *This,\r
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL\r
+ IN UINTN RNGValueLength,\r
+ OUT UINT8 *RNGValue\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if (RNGAlgorithm == NULL) {\r
+ //\r
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.\r
+ //\r
+ RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);\r
+ }\r
+\r
+ if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {\r
+ Status = RngGetBytes (RNGValueLength, RNGValue);\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Other algorithms are unsupported by this driver.\r
+ //\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Returns information about the random number generation implementation.\r
+\r
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.\r
+ On output with a return code of EFI_SUCCESS, the size\r
+ in bytes of the data returned in RNGAlgorithmList. On output\r
+ with a return code of EFI_BUFFER_TOO_SMALL,\r
+ the size of RNGAlgorithmList required to obtain the list.\r
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver\r
+ with one EFI_RNG_ALGORITHM element for each supported\r
+ RNG algorithm. The list must not change across multiple\r
+ calls to the same driver. The first algorithm in the list\r
+ is the default algorithm for the driver.\r
+\r
+ @retval EFI_SUCCESS The RNG algorithm list was returned successfully.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+ArchGetSupportedRngAlgorithms (\r
+ IN OUT UINTN *RNGAlgorithmListSize,\r
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList\r
+ )\r
+{\r
+ UINTN RequiredSize;\r
+ EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;\r
+\r
+ RequiredSize = sizeof (EFI_RNG_ALGORITHM);\r
+\r
+ if (*RNGAlgorithmListSize < RequiredSize) {\r
+ *RNGAlgorithmListSize = RequiredSize;\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
+\r
+ CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);\r
+\r
+ CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));\r
+\r
+ *RNGAlgorithmListSize = RequiredSize;\r
+ return EFI_SUCCESS;\r
+}\r
+++ /dev/null
-/** @file\r
- Core Primitive Implementation of the Advanced Encryption Standard (AES) algorithm.\r
- Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm\r
- description of AES.\r
-\r
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#include "AesCore.h"\r
-\r
-//\r
-// Number of columns (32-bit words) comprising the State.\r
-// AES_NB is a constant (value = 4) for NIST FIPS-197.\r
-//\r
-#define AES_NB 4\r
-\r
-//\r
-// Pre-computed AES Forward Table: AesForwardTable[t] = AES_SBOX[t].[02, 01, 01, 03]\r
-// AES_SBOX (AES S-box) is defined in sec 5.1.1 of FIPS PUB 197.\r
-// This is to speed up execution of the cipher by combining SubBytes and\r
-// ShiftRows with MixColumns steps and transforming them into table lookups.\r
-//\r
-GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = {\r
- 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd,\r
- 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,\r
- 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,\r
- 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,\r
- 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7,\r
- 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,\r
- 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4,\r
- 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,\r
- 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1,\r
- 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,\r
- 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e,\r
- 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,\r
- 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e,\r
- 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,\r
- 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46,\r
- 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,\r
- 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7,\r
- 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,\r
- 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe,\r
- 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,\r
- 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a,\r
- 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,\r
- 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2,\r
- 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,\r
- 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e,\r
- 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,\r
- 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256,\r
- 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,\r
- 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4,\r
- 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,\r
- 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa,\r
- 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,\r
- 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1,\r
- 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,\r
- 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42,\r
- 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,\r
- 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158,\r
- 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,\r
- 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22,\r
- 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,\r
- 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631,\r
- 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,\r
- 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a\r
-};\r
-\r
-//\r
-// Round constant word array used in AES key expansion.\r
-//\r
-GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = {\r
- 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,\r
- 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000\r
-};\r
-\r
-//\r
-// Rotates x right n bits (circular right shift operation)\r
-//\r
-#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n))))\r
-\r
-//\r
-// Loading & Storing 32-bit words in big-endian format: y[3..0] --> x; x --> y[3..0];\r
-//\r
-#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \\r
- ((UINT32)((y)[2] & 0xFF) << 8) | ((UINT32)((y)[3] & 0xFF)); }\r
-#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \\r
- (y)[2] = (UINT8)(((x) >> 8) & 0xFF); (y)[3] = (UINT8)((x) & 0xFF); }\r
-\r
-//\r
-// Wrap macros for AES forward tables lookups\r
-//\r
-#define AES_FT0(x) AesForwardTable[x]\r
-#define AES_FT1(x) ROTATE_RIGHT32(AesForwardTable[x], 8)\r
-#define AES_FT2(x) ROTATE_RIGHT32(AesForwardTable[x], 16)\r
-#define AES_FT3(x) ROTATE_RIGHT32(AesForwardTable[x], 24)\r
-\r
-///\r
-/// AES Key Schedule which is expanded from symmetric key [Size 60 = 4 * ((Max AES Round, 14) + 1)].\r
-///\r
-typedef struct {\r
- UINTN Nk; // Number of Cipher Key (in 32-bit words);\r
- UINT32 EncKey[60]; // Expanded AES encryption key\r
- UINT32 DecKey[60]; // Expanded AES decryption key (Not used here)\r
-} AES_KEY;\r
-\r
-/**\r
- AES Key Expansion.\r
- This function expands the cipher key into encryption schedule.\r
-\r
- @param[in] Key AES symmetric key buffer.\r
- @param[in] KeyLenInBits Key length in bits (128, 192, or 256).\r
- @param[out] AesKey Expanded AES Key schedule for encryption.\r
-\r
- @retval EFI_SUCCESS AES key expansion succeeded.\r
- @retval EFI_INVALID_PARAMETER Unsupported key length.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-AesExpandKey (\r
- IN UINT8 *Key,\r
- IN UINTN KeyLenInBits,\r
- OUT AES_KEY *AesKey\r
- )\r
-{\r
- UINTN Nk;\r
- UINTN Nr;\r
- UINTN Nw;\r
- UINTN Index1;\r
- UINTN Index2;\r
- UINTN Index3;\r
- UINT32 *Ek;\r
- UINT32 Temp;\r
-\r
- //\r
- // Nk - Number of 32-bit words comprising the cipher key. (Nk = 4, 6 or 8)\r
- // Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size.\r
- //\r
- Nk = KeyLenInBits >> 5;\r
- if (Nk != 4 && Nk != 6 && Nk != 8) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
- Nr = Nk + 6;\r
- Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words\r
- AesKey->Nk = Nk;\r
-\r
- //\r
- // Load initial symmetric AES key;\r
- // Note that AES was designed on big-endian systems.\r
- //\r
- Ek = AesKey->EncKey;\r
- for (Index1 = Index2 = 0; Index1 < Nk; Index1++, Index2 += 4) {\r
- LOAD32H (Ek[Index1], Key + Index2);\r
- }\r
-\r
- //\r
- // Initialize the encryption key scheduler\r
- //\r
- for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) {\r
- Temp = Ek[Index2 - 1];\r
- Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) ^\r
- (AES_FT3((Temp >> 8) & 0xFF) & 0x00FF0000) ^\r
- (AES_FT0((Temp) & 0xFF) & 0x0000FF00) ^\r
- (AES_FT1((Temp >> 24) & 0xFF) & 0x000000FF) ^\r
- Rcon[Index3];\r
- if (Nk <= 6) {\r
- //\r
- // If AES Cipher Key is 128 or 192 bits\r
- //\r
- for (Index1 = 1; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) {\r
- Ek [Index1 + Index2] = Ek [Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];\r
- }\r
- } else {\r
- //\r
- // Different routine for key expansion If Cipher Key is 256 bits,\r
- //\r
- for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) {\r
- Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];\r
- }\r
- if (Index2 + 4 < Nw) {\r
- Temp = Ek[Index2 + 3];\r
- Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 0xFF000000) ^\r
- (AES_FT3((Temp >> 16) & 0xFF) & 0x00FF0000) ^\r
- (AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^\r
- (AES_FT1((Temp) & 0xFF) & 0x000000FF);\r
- }\r
-\r
- for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) {\r
- Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];\r
- }\r
- }\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Encrypts one single block data (128 bits) with AES algorithm.\r
-\r
- @param[in] Key AES symmetric key buffer.\r
- @param[in] InData One block of input plaintext to be encrypted.\r
- @param[out] OutData Encrypted output ciphertext.\r
-\r
- @retval EFI_SUCCESS AES Block Encryption succeeded.\r
- @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-AesEncrypt (\r
- IN UINT8 *Key,\r
- IN UINT8 *InData,\r
- OUT UINT8 *OutData\r
- )\r
-{\r
- AES_KEY AesKey;\r
- UINTN Nr;\r
- UINT32 *Ek;\r
- UINT32 State[4];\r
- UINT32 TempState[4];\r
- UINT32 *StateX;\r
- UINT32 *StateY;\r
- UINT32 *Temp;\r
- UINTN Index;\r
- UINTN NbIndex;\r
- UINTN Round;\r
-\r
- if ((Key == NULL) || (InData == NULL) || (OutData == NULL)) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- //\r
- // Expands AES Key for encryption.\r
- //\r
- AesExpandKey (Key, 128, &AesKey);\r
-\r
- Nr = AesKey.Nk + 6;\r
- Ek = AesKey.EncKey;\r
-\r
- //\r
- // Initialize the cipher State array with the initial round key\r
- //\r
- for (Index = 0; Index < AES_NB; Index++) {\r
- LOAD32H (State[Index], InData + 4 * Index);\r
- State[Index] ^= Ek[Index];\r
- }\r
-\r
- NbIndex = AES_NB;\r
- StateX = State;\r
- StateY = TempState;\r
-\r
- //\r
- // AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(),\r
- // ShiftRows() and MixColumns() operations were combined by a sequence of\r
- // table lookups to speed up the execution.\r
- //\r
- for (Round = 1; Round < Nr; Round++) {\r
- StateY[0] = AES_FT0 ((StateX[0] >> 24) ) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^\r
- AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3] ) & 0xFF) ^ Ek[NbIndex];\r
- StateY[1] = AES_FT0 ((StateX[1] >> 24) ) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^\r
- AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0] ) & 0xFF) ^ Ek[NbIndex + 1];\r
- StateY[2] = AES_FT0 ((StateX[2] >> 24) ) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^\r
- AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1] ) & 0xFF) ^ Ek[NbIndex + 2];\r
- StateY[3] = AES_FT0 ((StateX[3] >> 24) ) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^\r
- AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2] ) & 0xFF) ^ Ek[NbIndex + 3];\r
-\r
- NbIndex += 4;\r
- Temp = StateX; StateX = StateY; StateY = Temp;\r
- }\r
-\r
- //\r
- // Apply the final round, which does not include MixColumns() transformation\r
- //\r
- StateY[0] = (AES_FT2 ((StateX[0] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^\r
- (AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3] ) & 0xFF) & 0x000000FF) ^\r
- Ek[NbIndex];\r
- StateY[1] = (AES_FT2 ((StateX[1] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^\r
- (AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0] ) & 0xFF) & 0x000000FF) ^\r
- Ek[NbIndex + 1];\r
- StateY[2] = (AES_FT2 ((StateX[2] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^\r
- (AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1] ) & 0xFF) & 0x000000FF) ^\r
- Ek[NbIndex + 2];\r
- StateY[3] = (AES_FT2 ((StateX[3] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^\r
- (AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2] ) & 0xFF) & 0x000000FF) ^\r
- Ek[NbIndex + 3];\r
-\r
- //\r
- // Output the transformed result;\r
- //\r
- for (Index = 0; Index < AES_NB; Index++) {\r
- STORE32H (StateY[Index], OutData + 4 * Index);\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
+++ /dev/null
-/** @file\r
- Function prototype for AES Block Cipher support.\r
-\r
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#ifndef __AES_CORE_H__\r
-#define __AES_CORE_H__\r
-\r
-/**\r
- Encrypts one single block data (128 bits) with AES algorithm.\r
-\r
- @param[in] Key AES symmetric key buffer.\r
- @param[in] InData One block of input plaintext to be encrypted.\r
- @param[out] OutData Encrypted output ciphertext.\r
-\r
- @retval EFI_SUCCESS AES Block Encryption succeeded.\r
- @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-AesEncrypt (\r
- IN UINT8 *Key,\r
- IN UINT8 *InData,\r
- OUT UINT8 *OutData\r
- );\r
-\r
-#endif // __AES_CORE_H__\r
--- /dev/null
+/** @file\r
+ Core Primitive Implementation of the Advanced Encryption Standard (AES) algorithm.\r
+ Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm\r
+ description of AES.\r
+\r
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "AesCore.h"\r
+\r
+//\r
+// Number of columns (32-bit words) comprising the State.\r
+// AES_NB is a constant (value = 4) for NIST FIPS-197.\r
+//\r
+#define AES_NB 4\r
+\r
+//\r
+// Pre-computed AES Forward Table: AesForwardTable[t] = AES_SBOX[t].[02, 01, 01, 03]\r
+// AES_SBOX (AES S-box) is defined in sec 5.1.1 of FIPS PUB 197.\r
+// This is to speed up execution of the cipher by combining SubBytes and\r
+// ShiftRows with MixColumns steps and transforming them into table lookups.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = {\r
+ 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd,\r
+ 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,\r
+ 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,\r
+ 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,\r
+ 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7,\r
+ 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,\r
+ 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4,\r
+ 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,\r
+ 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1,\r
+ 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,\r
+ 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e,\r
+ 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,\r
+ 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e,\r
+ 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,\r
+ 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46,\r
+ 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,\r
+ 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7,\r
+ 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,\r
+ 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe,\r
+ 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,\r
+ 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a,\r
+ 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,\r
+ 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2,\r
+ 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,\r
+ 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e,\r
+ 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,\r
+ 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256,\r
+ 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,\r
+ 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4,\r
+ 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,\r
+ 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa,\r
+ 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,\r
+ 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1,\r
+ 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,\r
+ 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42,\r
+ 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,\r
+ 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158,\r
+ 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,\r
+ 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22,\r
+ 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,\r
+ 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631,\r
+ 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,\r
+ 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a\r
+};\r
+\r
+//\r
+// Round constant word array used in AES key expansion.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = {\r
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,\r
+ 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000\r
+};\r
+\r
+//\r
+// Rotates x right n bits (circular right shift operation)\r
+//\r
+#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n))))\r
+\r
+//\r
+// Loading & Storing 32-bit words in big-endian format: y[3..0] --> x; x --> y[3..0];\r
+//\r
+#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \\r
+ ((UINT32)((y)[2] & 0xFF) << 8) | ((UINT32)((y)[3] & 0xFF)); }\r
+#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \\r
+ (y)[2] = (UINT8)(((x) >> 8) & 0xFF); (y)[3] = (UINT8)((x) & 0xFF); }\r
+\r
+//\r
+// Wrap macros for AES forward tables lookups\r
+//\r
+#define AES_FT0(x) AesForwardTable[x]\r
+#define AES_FT1(x) ROTATE_RIGHT32(AesForwardTable[x], 8)\r
+#define AES_FT2(x) ROTATE_RIGHT32(AesForwardTable[x], 16)\r
+#define AES_FT3(x) ROTATE_RIGHT32(AesForwardTable[x], 24)\r
+\r
+///\r
+/// AES Key Schedule which is expanded from symmetric key [Size 60 = 4 * ((Max AES Round, 14) + 1)].\r
+///\r
+typedef struct {\r
+ UINTN Nk; // Number of Cipher Key (in 32-bit words);\r
+ UINT32 EncKey[60]; // Expanded AES encryption key\r
+ UINT32 DecKey[60]; // Expanded AES decryption key (Not used here)\r
+} AES_KEY;\r
+\r
+/**\r
+ AES Key Expansion.\r
+ This function expands the cipher key into encryption schedule.\r
+\r
+ @param[in] Key AES symmetric key buffer.\r
+ @param[in] KeyLenInBits Key length in bits (128, 192, or 256).\r
+ @param[out] AesKey Expanded AES Key schedule for encryption.\r
+\r
+ @retval EFI_SUCCESS AES key expansion succeeded.\r
+ @retval EFI_INVALID_PARAMETER Unsupported key length.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AesExpandKey (\r
+ IN UINT8 *Key,\r
+ IN UINTN KeyLenInBits,\r
+ OUT AES_KEY *AesKey\r
+ )\r
+{\r
+ UINTN Nk;\r
+ UINTN Nr;\r
+ UINTN Nw;\r
+ UINTN Index1;\r
+ UINTN Index2;\r
+ UINTN Index3;\r
+ UINT32 *Ek;\r
+ UINT32 Temp;\r
+\r
+ //\r
+ // Nk - Number of 32-bit words comprising the cipher key. (Nk = 4, 6 or 8)\r
+ // Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size.\r
+ //\r
+ Nk = KeyLenInBits >> 5;\r
+ if (Nk != 4 && Nk != 6 && Nk != 8) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ Nr = Nk + 6;\r
+ Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words\r
+ AesKey->Nk = Nk;\r
+\r
+ //\r
+ // Load initial symmetric AES key;\r
+ // Note that AES was designed on big-endian systems.\r
+ //\r
+ Ek = AesKey->EncKey;\r
+ for (Index1 = Index2 = 0; Index1 < Nk; Index1++, Index2 += 4) {\r
+ LOAD32H (Ek[Index1], Key + Index2);\r
+ }\r
+\r
+ //\r
+ // Initialize the encryption key scheduler\r
+ //\r
+ for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) {\r
+ Temp = Ek[Index2 - 1];\r
+ Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) ^\r
+ (AES_FT3((Temp >> 8) & 0xFF) & 0x00FF0000) ^\r
+ (AES_FT0((Temp) & 0xFF) & 0x0000FF00) ^\r
+ (AES_FT1((Temp >> 24) & 0xFF) & 0x000000FF) ^\r
+ Rcon[Index3];\r
+ if (Nk <= 6) {\r
+ //\r
+ // If AES Cipher Key is 128 or 192 bits\r
+ //\r
+ for (Index1 = 1; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) {\r
+ Ek [Index1 + Index2] = Ek [Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];\r
+ }\r
+ } else {\r
+ //\r
+ // Different routine for key expansion If Cipher Key is 256 bits,\r
+ //\r
+ for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) {\r
+ Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];\r
+ }\r
+ if (Index2 + 4 < Nw) {\r
+ Temp = Ek[Index2 + 3];\r
+ Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 0xFF000000) ^\r
+ (AES_FT3((Temp >> 16) & 0xFF) & 0x00FF0000) ^\r
+ (AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^\r
+ (AES_FT1((Temp) & 0xFF) & 0x000000FF);\r
+ }\r
+\r
+ for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) {\r
+ Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];\r
+ }\r
+ }\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Encrypts one single block data (128 bits) with AES algorithm.\r
+\r
+ @param[in] Key AES symmetric key buffer.\r
+ @param[in] InData One block of input plaintext to be encrypted.\r
+ @param[out] OutData Encrypted output ciphertext.\r
+\r
+ @retval EFI_SUCCESS AES Block Encryption succeeded.\r
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AesEncrypt (\r
+ IN UINT8 *Key,\r
+ IN UINT8 *InData,\r
+ OUT UINT8 *OutData\r
+ )\r
+{\r
+ AES_KEY AesKey;\r
+ UINTN Nr;\r
+ UINT32 *Ek;\r
+ UINT32 State[4];\r
+ UINT32 TempState[4];\r
+ UINT32 *StateX;\r
+ UINT32 *StateY;\r
+ UINT32 *Temp;\r
+ UINTN Index;\r
+ UINTN NbIndex;\r
+ UINTN Round;\r
+\r
+ if ((Key == NULL) || (InData == NULL) || (OutData == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Expands AES Key for encryption.\r
+ //\r
+ AesExpandKey (Key, 128, &AesKey);\r
+\r
+ Nr = AesKey.Nk + 6;\r
+ Ek = AesKey.EncKey;\r
+\r
+ //\r
+ // Initialize the cipher State array with the initial round key\r
+ //\r
+ for (Index = 0; Index < AES_NB; Index++) {\r
+ LOAD32H (State[Index], InData + 4 * Index);\r
+ State[Index] ^= Ek[Index];\r
+ }\r
+\r
+ NbIndex = AES_NB;\r
+ StateX = State;\r
+ StateY = TempState;\r
+\r
+ //\r
+ // AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(),\r
+ // ShiftRows() and MixColumns() operations were combined by a sequence of\r
+ // table lookups to speed up the execution.\r
+ //\r
+ for (Round = 1; Round < Nr; Round++) {\r
+ StateY[0] = AES_FT0 ((StateX[0] >> 24) ) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^\r
+ AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3] ) & 0xFF) ^ Ek[NbIndex];\r
+ StateY[1] = AES_FT0 ((StateX[1] >> 24) ) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^\r
+ AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0] ) & 0xFF) ^ Ek[NbIndex + 1];\r
+ StateY[2] = AES_FT0 ((StateX[2] >> 24) ) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^\r
+ AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1] ) & 0xFF) ^ Ek[NbIndex + 2];\r
+ StateY[3] = AES_FT0 ((StateX[3] >> 24) ) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^\r
+ AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2] ) & 0xFF) ^ Ek[NbIndex + 3];\r
+\r
+ NbIndex += 4;\r
+ Temp = StateX; StateX = StateY; StateY = Temp;\r
+ }\r
+\r
+ //\r
+ // Apply the final round, which does not include MixColumns() transformation\r
+ //\r
+ StateY[0] = (AES_FT2 ((StateX[0] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^\r
+ (AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3] ) & 0xFF) & 0x000000FF) ^\r
+ Ek[NbIndex];\r
+ StateY[1] = (AES_FT2 ((StateX[1] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^\r
+ (AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0] ) & 0xFF) & 0x000000FF) ^\r
+ Ek[NbIndex + 1];\r
+ StateY[2] = (AES_FT2 ((StateX[2] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^\r
+ (AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1] ) & 0xFF) & 0x000000FF) ^\r
+ Ek[NbIndex + 2];\r
+ StateY[3] = (AES_FT2 ((StateX[3] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^\r
+ (AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2] ) & 0xFF) & 0x000000FF) ^\r
+ Ek[NbIndex + 3];\r
+\r
+ //\r
+ // Output the transformed result;\r
+ //\r
+ for (Index = 0; Index < AES_NB; Index++) {\r
+ STORE32H (StateY[Index], OutData + 4 * Index);\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
--- /dev/null
+/** @file\r
+ Function prototype for AES Block Cipher support.\r
+\r
+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef __AES_CORE_H__\r
+#define __AES_CORE_H__\r
+\r
+/**\r
+ Encrypts one single block data (128 bits) with AES algorithm.\r
+\r
+ @param[in] Key AES symmetric key buffer.\r
+ @param[in] InData One block of input plaintext to be encrypted.\r
+ @param[out] OutData Encrypted output ciphertext.\r
+\r
+ @retval EFI_SUCCESS AES Block Encryption succeeded.\r
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AesEncrypt (\r
+ IN UINT8 *Key,\r
+ IN UINT8 *InData,\r
+ OUT UINT8 *OutData\r
+ );\r
+\r
+#endif // __AES_CORE_H__\r
--- /dev/null
+/** @file\r
+ Support routines for RDRAND instruction access.\r
+\r
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+#include <Library/RngLib.h>\r
+\r
+#include "AesCore.h"\r
+#include "RdRand.h"\r
+#include "RngDxeInternals.h"\r
+\r
+/**\r
+ Creates a 128bit random value that is fully forward and backward prediction resistant,\r
+ suitable for seeding a NIST SP800-90 Compliant, FIPS 1402-2 certifiable SW DRBG.\r
+ This function takes multiple random numbers through RDRAND without intervening\r
+ delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the\r
+ seed value.\r
+\r
+ @param[out] SeedBuffer Pointer to a 128bit buffer to store the random seed.\r
+\r
+ @retval EFI_SUCCESS Random seed generation succeeded.\r
+ @retval EFI_NOT_READY Failed to request random bytes.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RdRandGetSeed128 (\r
+ OUT UINT8 *SeedBuffer\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 RandByte[16];\r
+ UINT8 Key[16];\r
+ UINT8 Ffv[16];\r
+ UINT8 Xored[16];\r
+ UINT32 Index;\r
+ UINT32 Index2;\r
+\r
+ //\r
+ // Chose an arbitrary key and zero the feed_forward_value (FFV)\r
+ //\r
+ for (Index = 0; Index < 16; Index++) {\r
+ Key[Index] = (UINT8) Index;\r
+ Ffv[Index] = 0;\r
+ }\r
+\r
+ //\r
+ // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value\r
+ // The 10us gaps will ensure multiple reseeds within the HW RNG with a large design margin.\r
+ //\r
+ for (Index = 0; Index < 32; Index++) {\r
+ MicroSecondDelay (10);\r
+ Status = RngGetBytes (16, RandByte);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Perform XOR operations on two 128-bit value.\r
+ //\r
+ for (Index2 = 0; Index2 < 16; Index2++) {\r
+ Xored[Index2] = RandByte[Index2] ^ Ffv[Index2];\r
+ }\r
+\r
+ AesEncrypt (Key, Xored, Ffv);\r
+ }\r
+\r
+ for (Index = 0; Index < 16; Index++) {\r
+ SeedBuffer[Index] = Ffv[Index];\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Generate high-quality entropy source through RDRAND.\r
+\r
+ @param[in] Length Size of the buffer, in bytes, to fill with.\r
+ @param[out] Entropy Pointer to the buffer to store the entropy data.\r
+\r
+ @retval EFI_SUCCESS Entropy generation succeeded.\r
+ @retval EFI_NOT_READY Failed to request random data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RdRandGenerateEntropy (\r
+ IN UINTN Length,\r
+ OUT UINT8 *Entropy\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BlockCount;\r
+ UINT8 Seed[16];\r
+ UINT8 *Ptr;\r
+\r
+ Status = EFI_NOT_READY;\r
+ BlockCount = Length / 16;\r
+ Ptr = (UINT8 *)Entropy;\r
+\r
+ //\r
+ // Generate high-quality seed for DRBG Entropy\r
+ //\r
+ while (BlockCount > 0) {\r
+ Status = RdRandGetSeed128 (Seed);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ CopyMem (Ptr, Seed, 16);\r
+\r
+ BlockCount--;\r
+ Ptr = Ptr + 16;\r
+ }\r
+\r
+ //\r
+ // Populate the remained data as request.\r
+ //\r
+ Status = RdRandGetSeed128 (Seed);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ CopyMem (Ptr, Seed, (Length % 16));\r
+\r
+ return Status;\r
+}\r
--- /dev/null
+/** @file\r
+ Header for the RDRAND APIs used by RNG DXE driver.\r
+\r
+ Support API definitions for RDRAND instruction access, which will leverage\r
+ Intel Secure Key technology to provide high-quality random numbers for use\r
+ in applications, or entropy for seeding other random number generators.\r
+ Refer to http://software.intel.com/en-us/articles/intel-digital-random-number\r
+ -generator-drng-software-implementation-guide/ for more information about Intel\r
+ Secure Key technology.\r
+\r
+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef __RD_RAND_H__\r
+#define __RD_RAND_H__\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/TimerLib.h>\r
+#include <Protocol/Rng.h>\r
+\r
+/**\r
+ Generate high-quality entropy source through RDRAND.\r
+\r
+ @param[in] Length Size of the buffer, in bytes, to fill with.\r
+ @param[out] Entropy Pointer to the buffer to store the entropy data.\r
+\r
+ @retval EFI_SUCCESS Entropy generation succeeded.\r
+ @retval EFI_NOT_READY Failed to request random data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RdRandGenerateEntropy (\r
+ IN UINTN Length,\r
+ OUT UINT8 *Entropy\r
+ );\r
+\r
+#endif // __RD_RAND_H__\r
--- /dev/null
+/** @file\r
+ RNG Driver to produce the UEFI Random Number Generator protocol.\r
+\r
+ The driver will use the new RDRAND instruction to produce high-quality, high-performance\r
+ entropy and random number.\r
+\r
+ RNG Algorithms defined in UEFI 2.4:\r
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported\r
+ (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)\r
+ - EFI_RNG_ALGORITHM_RAW - Supported\r
+ (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)\r
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported\r
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported\r
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported\r
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported\r
+\r
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "RdRand.h"\r
+#include "RngDxeInternals.h"\r
+\r
+/**\r
+ Produces and returns an RNG value using either the default or specified RNG algorithm.\r
+\r
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.\r
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG\r
+ algorithm to use. May be NULL in which case the function will\r
+ use its default RNG algorithm.\r
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by\r
+ RNGValue. The driver shall return exactly this numbers of bytes.\r
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the\r
+ resulting RNG value.\r
+\r
+ @retval EFI_SUCCESS The RNG value was returned successfully.\r
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by\r
+ this driver.\r
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or\r
+ firmware error.\r
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length\r
+ requested by RNGValueLength.\r
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RngGetRNG (\r
+ IN EFI_RNG_PROTOCOL *This,\r
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL\r
+ IN UINTN RNGValueLength,\r
+ OUT UINT8 *RNGValue\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ Status = EFI_UNSUPPORTED;\r
+ if (RNGAlgorithm == NULL) {\r
+ //\r
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.\r
+ //\r
+ RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;\r
+ }\r
+\r
+ //\r
+ // NIST SP800-90-AES-CTR-256 supported by RDRAND\r
+ //\r
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {\r
+ Status = RngGetBytes (RNGValueLength, RNGValue);\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // The "raw" algorithm is intended to provide entropy directly\r
+ //\r
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {\r
+ //\r
+ // When a DRBG is used on the output of a entropy source,\r
+ // its security level must be at least 256 bits according to UEFI Spec.\r
+ //\r
+ if (RNGValueLength < 32) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Other algorithms were unsupported by this driver.\r
+ //\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Returns information about the random number generation implementation.\r
+\r
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.\r
+ On output with a return code of EFI_SUCCESS, the size\r
+ in bytes of the data returned in RNGAlgorithmList. On output\r
+ with a return code of EFI_BUFFER_TOO_SMALL,\r
+ the size of RNGAlgorithmList required to obtain the list.\r
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver\r
+ with one EFI_RNG_ALGORITHM element for each supported\r
+ RNG algorithm. The list must not change across multiple\r
+ calls to the same driver. The first algorithm in the list\r
+ is the default algorithm for the driver.\r
+\r
+ @retval EFI_SUCCESS The RNG algorithm list was returned successfully.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+ArchGetSupportedRngAlgorithms (\r
+ IN OUT UINTN *RNGAlgorithmListSize,\r
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList\r
+ )\r
+{\r
+ UINTN RequiredSize;\r
+ EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;\r
+\r
+ RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);\r
+\r
+ if (*RNGAlgorithmListSize < RequiredSize) {\r
+ *RNGAlgorithmListSize = RequiredSize;\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
+\r
+ CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);\r
+\r
+ CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));\r
+\r
+ // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED\r
+ CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));\r
+\r
+ *RNGAlgorithmListSize = RequiredSize;\r
+ return EFI_SUCCESS;\r
+}\r
+++ /dev/null
-/** @file\r
- Support routines for RDRAND instruction access.\r
-\r
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-#include <Library/RngLib.h>\r
-\r
-#include "RdRand.h"\r
-#include "AesCore.h"\r
-\r
-/**\r
- Calls RDRAND to fill a buffer of arbitrary size with random bytes.\r
-\r
- @param[in] Length Size of the buffer, in bytes, to fill with.\r
- @param[out] RandBuffer Pointer to the buffer to store the random result.\r
-\r
- @retval EFI_SUCCESS Random bytes generation succeeded.\r
- @retval EFI_NOT_READY Failed to request random bytes.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-RdRandGetBytes (\r
- IN UINTN Length,\r
- OUT UINT8 *RandBuffer\r
- )\r
-{\r
- BOOLEAN IsRandom;\r
- UINT64 TempRand[2];\r
-\r
- while (Length > 0) {\r
- IsRandom = GetRandomNumber128 (TempRand);\r
- if (!IsRandom) {\r
- return EFI_NOT_READY;\r
- }\r
- if (Length >= sizeof (TempRand)) {\r
- WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);\r
- RandBuffer += sizeof (UINT64);\r
- WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);\r
- RandBuffer += sizeof (UINT64);\r
- Length -= sizeof (TempRand);\r
- } else {\r
- CopyMem (RandBuffer, TempRand, Length);\r
- Length = 0;\r
- }\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Creates a 128bit random value that is fully forward and backward prediction resistant,\r
- suitable for seeding a NIST SP800-90 Compliant, FIPS 1402-2 certifiable SW DRBG.\r
- This function takes multiple random numbers through RDRAND without intervening\r
- delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the\r
- seed value.\r
-\r
- @param[out] SeedBuffer Pointer to a 128bit buffer to store the random seed.\r
-\r
- @retval EFI_SUCCESS Random seed generation succeeded.\r
- @retval EFI_NOT_READY Failed to request random bytes.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-RdRandGetSeed128 (\r
- OUT UINT8 *SeedBuffer\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINT8 RandByte[16];\r
- UINT8 Key[16];\r
- UINT8 Ffv[16];\r
- UINT8 Xored[16];\r
- UINT32 Index;\r
- UINT32 Index2;\r
-\r
- //\r
- // Chose an arbitrary key and zero the feed_forward_value (FFV)\r
- //\r
- for (Index = 0; Index < 16; Index++) {\r
- Key[Index] = (UINT8) Index;\r
- Ffv[Index] = 0;\r
- }\r
-\r
- //\r
- // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value\r
- // The 10us gaps will ensure multiple reseeds within the HW RNG with a large design margin.\r
- //\r
- for (Index = 0; Index < 32; Index++) {\r
- MicroSecondDelay (10);\r
- Status = RdRandGetBytes (16, RandByte);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
-\r
- //\r
- // Perform XOR operations on two 128-bit value.\r
- //\r
- for (Index2 = 0; Index2 < 16; Index2++) {\r
- Xored[Index2] = RandByte[Index2] ^ Ffv[Index2];\r
- }\r
-\r
- AesEncrypt (Key, Xored, Ffv);\r
- }\r
-\r
- for (Index = 0; Index < 16; Index++) {\r
- SeedBuffer[Index] = Ffv[Index];\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Generate high-quality entropy source through RDRAND.\r
-\r
- @param[in] Length Size of the buffer, in bytes, to fill with.\r
- @param[out] Entropy Pointer to the buffer to store the entropy data.\r
-\r
- @retval EFI_SUCCESS Entropy generation succeeded.\r
- @retval EFI_NOT_READY Failed to request random data.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-RdRandGenerateEntropy (\r
- IN UINTN Length,\r
- OUT UINT8 *Entropy\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN BlockCount;\r
- UINT8 Seed[16];\r
- UINT8 *Ptr;\r
-\r
- Status = EFI_NOT_READY;\r
- BlockCount = Length / 16;\r
- Ptr = (UINT8 *)Entropy;\r
-\r
- //\r
- // Generate high-quality seed for DRBG Entropy\r
- //\r
- while (BlockCount > 0) {\r
- Status = RdRandGetSeed128 (Seed);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
- CopyMem (Ptr, Seed, 16);\r
-\r
- BlockCount--;\r
- Ptr = Ptr + 16;\r
- }\r
-\r
- //\r
- // Populate the remained data as request.\r
- //\r
- Status = RdRandGetSeed128 (Seed);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
- CopyMem (Ptr, Seed, (Length % 16));\r
-\r
- return Status;\r
-}\r
+++ /dev/null
-/** @file\r
- Header for the RDRAND APIs used by RNG DXE driver.\r
-\r
- Support API definitions for RDRAND instruction access, which will leverage\r
- Intel Secure Key technology to provide high-quality random numbers for use\r
- in applications, or entropy for seeding other random number generators.\r
- Refer to http://software.intel.com/en-us/articles/intel-digital-random-number\r
- -generator-drng-software-implementation-guide/ for more information about Intel\r
- Secure Key technology.\r
-\r
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>\r
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#ifndef __RD_RAND_H__\r
-#define __RD_RAND_H__\r
-\r
-#include <Library/BaseLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/TimerLib.h>\r
-#include <Protocol/Rng.h>\r
-\r
-/**\r
- Calls RDRAND to fill a buffer of arbitrary size with random bytes.\r
-\r
- @param[in] Length Size of the buffer, in bytes, to fill with.\r
- @param[out] RandBuffer Pointer to the buffer to store the random result.\r
-\r
- @retval EFI_SUCCESS Random bytes generation succeeded.\r
- @retval EFI_NOT_READY Failed to request random bytes.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-RdRandGetBytes (\r
- IN UINTN Length,\r
- OUT UINT8 *RandBuffer\r
- );\r
-\r
-/**\r
- Generate high-quality entropy source through RDRAND.\r
-\r
- @param[in] Length Size of the buffer, in bytes, to fill with.\r
- @param[out] Entropy Pointer to the buffer to store the entropy data.\r
-\r
- @retval EFI_SUCCESS Entropy generation succeeded.\r
- @retval EFI_NOT_READY Failed to request random data.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-RdRandGenerateEntropy (\r
- IN UINTN Length,\r
- OUT UINT8 *Entropy\r
- );\r
-\r
-#endif // __RD_RAND_H__\r
/** @file\r
RNG Driver to produce the UEFI Random Number Generator protocol.\r
\r
- The driver will use the new RDRAND instruction to produce high-quality, high-performance\r
- entropy and random number.\r
+ The driver uses CPU RNG instructions to produce high-quality,\r
+ high-performance entropy and random number.\r
\r
RNG Algorithms defined in UEFI 2.4:\r
- - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported\r
- (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)\r
- - EFI_RNG_ALGORITHM_RAW - Supported\r
- (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)\r
- - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported\r
- - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported\r
- - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported\r
- - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported\r
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID\r
+ - EFI_RNG_ALGORITHM_RAW\r
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID\r
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID\r
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID\r
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID\r
\r
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
-#include "RdRand.h"\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/RngLib.h>\r
+#include <Library/TimerLib.h>\r
+#include <Protocol/Rng.h>\r
\r
-//\r
-// Supported RNG Algorithms list by this driver.\r
-//\r
-EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {\r
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,\r
- EFI_RNG_ALGORITHM_RAW\r
-};\r
+#include "RngDxeInternals.h"\r
\r
/**\r
Returns information about the random number generation implementation.\r
)\r
{\r
EFI_STATUS Status;\r
- UINTN RequiredSize;\r
\r
if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- RequiredSize = sizeof (mSupportedRngAlgorithms);\r
- if (*RNGAlgorithmListSize < RequiredSize) {\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- } else {\r
- //\r
- // Return algorithm list supported by driver.\r
- //\r
- if (RNGAlgorithmList != NULL) {\r
- CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);\r
- Status = EFI_SUCCESS;\r
- } else {\r
- Status = EFI_INVALID_PARAMETER;\r
- }\r
- }\r
- *RNGAlgorithmListSize = RequiredSize;\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- Produces and returns an RNG value using either the default or specified RNG algorithm.\r
-\r
- @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.\r
- @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG\r
- algorithm to use. May be NULL in which case the function will\r
- use its default RNG algorithm.\r
- @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by\r
- RNGValue. The driver shall return exactly this numbers of bytes.\r
- @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the\r
- resulting RNG value.\r
-\r
- @retval EFI_SUCCESS The RNG value was returned successfully.\r
- @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by\r
- this driver.\r
- @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or\r
- firmware error.\r
- @retval EFI_NOT_READY There is not enough random data available to satisfy the length\r
- requested by RNGValueLength.\r
- @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-RngGetRNG (\r
- IN EFI_RNG_PROTOCOL *This,\r
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL\r
- IN UINTN RNGValueLength,\r
- OUT UINT8 *RNGValue\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = EFI_UNSUPPORTED;\r
- if (RNGAlgorithm == NULL) {\r
- //\r
- // Use the default RNG algorithm if RNGAlgorithm is NULL.\r
- //\r
- RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;\r
- }\r
-\r
//\r
- // NIST SP800-90-AES-CTR-256 supported by RDRAND\r
+ // Return algorithm list supported by driver.\r
//\r
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {\r
- Status = RdRandGetBytes (RNGValueLength, RNGValue);\r
- return Status;\r
- }\r
-\r
- //\r
- // The "raw" algorithm is intended to provide entropy directly\r
- //\r
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {\r
- //\r
- // When a DRBG is used on the output of a entropy source,\r
- // its security level must be at least 256 bits according to UEFI Spec.\r
- //\r
- if (RNGValueLength < 32) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);\r
- return Status;\r
+ if (RNGAlgorithmList != NULL) {\r
+ Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);\r
+ } else {\r
+ Status = EFI_INVALID_PARAMETER;\r
}\r
\r
- //\r
- // Other algorithms were unsupported by this driver.\r
- //\r
return Status;\r
}\r
\r
\r
return Status;\r
}\r
+\r
+\r
+/**\r
+ Calls RDRAND to fill a buffer of arbitrary size with random bytes.\r
+\r
+ @param[in] Length Size of the buffer, in bytes, to fill with.\r
+ @param[out] RandBuffer Pointer to the buffer to store the random result.\r
+\r
+ @retval EFI_SUCCESS Random bytes generation succeeded.\r
+ @retval EFI_NOT_READY Failed to request random bytes.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RngGetBytes (\r
+ IN UINTN Length,\r
+ OUT UINT8 *RandBuffer\r
+ )\r
+{\r
+ BOOLEAN IsRandom;\r
+ UINT64 TempRand[2];\r
+\r
+ while (Length > 0) {\r
+ IsRandom = GetRandomNumber128 (TempRand);\r
+ if (!IsRandom) {\r
+ return EFI_NOT_READY;\r
+ }\r
+ if (Length >= sizeof (TempRand)) {\r
+ WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);\r
+ RandBuffer += sizeof (UINT64);\r
+ WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);\r
+ RandBuffer += sizeof (UINT64);\r
+ Length -= sizeof (TempRand);\r
+ } else {\r
+ CopyMem (RandBuffer, TempRand, Length);\r
+ Length = 0;\r
+ }\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
#\r
# The following information is for reference only and not required by the build tools.\r
#\r
-# VALID_ARCHITECTURES = IA32 X64\r
+# VALID_ARCHITECTURES = IA32 X64 AARCH64\r
#\r
\r
[Sources.common]\r
RngDxe.c\r
- RdRand.c\r
- RdRand.h\r
- AesCore.c\r
- AesCore.h\r
+ RngDxeInternals.h\r
+\r
+[Sources.IA32, Sources.X64]\r
+ Rand/RngDxe.c\r
+ Rand/RdRand.c\r
+ Rand/RdRand.h\r
+ Rand/AesCore.c\r
+ Rand/AesCore.h\r
+\r
+[Sources.AARCH64]\r
+ AArch64/RngDxe.c\r
\r
[Packages]\r
MdePkg/MdePkg.dec\r
RngLib\r
\r
[Guids]\r
+ gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG\r
+ gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG\r
gEfiRngAlgorithmSp80090Ctr256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG\r
+ gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG\r
+ gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG\r
gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG\r
\r
[Protocols]\r
gEfiRngProtocolGuid ## PRODUCES\r
\r
+[Pcd]\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES\r
+\r
[Depex]\r
TRUE\r
\r
--- /dev/null
+/** @file\r
+ Function prototypes for UEFI Random Number Generator protocol support.\r
+\r
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef RNGDXE_INTERNALS_H_\r
+#define RNGDXE_INTERNALS_H_\r
+\r
+/**\r
+ Returns information about the random number generation implementation.\r
+\r
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.\r
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.\r
+ On output with a return code of EFI_SUCCESS, the size\r
+ in bytes of the data returned in RNGAlgorithmList. On output\r
+ with a return code of EFI_BUFFER_TOO_SMALL,\r
+ the size of RNGAlgorithmList required to obtain the list.\r
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver\r
+ with one EFI_RNG_ALGORITHM element for each supported\r
+ RNG algorithm. The list must not change across multiple\r
+ calls to the same driver. The first algorithm in the list\r
+ is the default algorithm for the driver.\r
+\r
+ @retval EFI_SUCCESS The RNG algorithm list was returned successfully.\r
+ @retval EFI_UNSUPPORTED The services is not supported by this driver.\r
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a\r
+ hardware or firmware error.\r
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RngGetInfo (\r
+ IN EFI_RNG_PROTOCOL *This,\r
+ IN OUT UINTN *RNGAlgorithmListSize,\r
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList\r
+ );\r
+\r
+/**\r
+ Produces and returns an RNG value using either the default or specified RNG algorithm.\r
+\r
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.\r
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG\r
+ algorithm to use. May be NULL in which case the function will\r
+ use its default RNG algorithm.\r
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by\r
+ RNGValue. The driver shall return exactly this numbers of bytes.\r
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the\r
+ resulting RNG value.\r
+\r
+ @retval EFI_SUCCESS The RNG value was returned successfully.\r
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by\r
+ this driver.\r
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or\r
+ firmware error.\r
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length\r
+ requested by RNGValueLength.\r
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RngGetRNG (\r
+ IN EFI_RNG_PROTOCOL *This,\r
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL\r
+ IN UINTN RNGValueLength,\r
+ OUT UINT8 *RNGValue\r
+ );\r
+\r
+/**\r
+ Returns information about the random number generation implementation.\r
+\r
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.\r
+ On output with a return code of EFI_SUCCESS, the size\r
+ in bytes of the data returned in RNGAlgorithmList. On output\r
+ with a return code of EFI_BUFFER_TOO_SMALL,\r
+ the size of RNGAlgorithmList required to obtain the list.\r
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver\r
+ with one EFI_RNG_ALGORITHM element for each supported\r
+ RNG algorithm. The list must not change across multiple\r
+ calls to the same driver. The first algorithm in the list\r
+ is the default algorithm for the driver.\r
+\r
+ @retval EFI_SUCCESS The RNG algorithm list was returned successfully.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+ArchGetSupportedRngAlgorithms (\r
+ IN OUT UINTN *RNGAlgorithmListSize,\r
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList\r
+ );\r
+\r
+/**\r
+ Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.\r
+\r
+ @param[in] Length Size of the buffer, in bytes, to fill with.\r
+ @param[out] RandBuffer Pointer to the buffer to store the random result.\r
+\r
+ @retval EFI_SUCCESS Random bytes generation succeeded.\r
+ @retval EFI_NOT_READY Failed to request random bytes.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RngGetBytes (\r
+ IN UINTN Length,\r
+ OUT UINT8 *RandBuffer\r
+ );\r
+\r
+#endif // RNGDXE_INTERNALS_H_\r
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030\r
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031\r
\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032\r
+\r
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
## Image verification policy for OptionRom. Only following values are valid:<BR><BR>\r
# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]\r
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
\r
+[Components.IA32, Components.X64, Components.AARCH64]\r
+ #\r
+ # Random Number Generator\r
+ #\r
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf\r
+\r
[Components.IA32, Components.X64]\r
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
\r
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf\r
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf\r
\r
- #\r
- # Random Number Generator\r
- #\r
- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf\r
-\r
#\r
# Opal Password solution\r
#\r