From: Thomas Palmer Date: Fri, 9 Oct 2015 06:03:26 +0000 (+0000) Subject: SecurityPkg: Integrate new RngLib into RngDxe X-Git-Tag: edk2-stable201903~8772 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=3b60842ce780b3c37e4a0b87705e44c5339799df SecurityPkg: Integrate new RngLib into RngDxe Use the new RngLib to provide the IA32/X64 random data for RngDxe. Remove x86 specific functions from RdRand files. Simplify RngDxe by using WriteUnaligned64 for all platforms. Use GetRandomNumber128 in RngDxe to leverage 128 bit support provided by some HW RNG devices. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Palmer Reviewed-by: Samer El-Haj-Mahmoud Reviewed-by: Michael Kinney Reviewed-by: Chao Zhang Reviewed-by: Qin Long git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18591 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c index 7e618dc91f..395b8867c8 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c @@ -2,6 +2,7 @@ Support routines for RDRAND instruction access. Copyright (c) 2013, Intel Corporation. All rights reserved.
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -11,177 +12,11 @@ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ +#include #include "RdRand.h" #include "AesCore.h" -// -// Bit mask used to determine if RdRand instruction is supported. -// -#define RDRAND_MASK 0x40000000 - -/** - Determines whether or not RDRAND instruction is supported by the host hardware. - - @retval EFI_SUCCESS RDRAND instruction supported. - @retval EFI_UNSUPPORTED RDRAND instruction not supported. - -**/ -EFI_STATUS -EFIAPI -IsRdRandSupported ( - VOID - ) -{ - EFI_STATUS Status; - UINT32 RegEax; - UINT32 RegEbx; - UINT32 RegEcx; - UINT32 RegEdx; - BOOLEAN IsIntelCpu; - - Status = EFI_UNSUPPORTED; - IsIntelCpu = FALSE; - - // - // Checks whether the current processor is an Intel product by CPUID. - // - AsmCpuid (0, &RegEax, &RegEbx, &RegEcx, &RegEdx); - if ((CompareMem ((CHAR8 *)(&RegEbx), "Genu", 4) == 0) && - (CompareMem ((CHAR8 *)(&RegEdx), "ineI", 4) == 0) && - (CompareMem ((CHAR8 *)(&RegEcx), "ntel", 4) == 0)) { - IsIntelCpu = TRUE; - } - - if (IsIntelCpu) { - // - // Determine RDRAND support by examining bit 30 of the ECX register returned by CPUID. - // A value of 1 indicates that processor supports RDRAND instruction. - // - AsmCpuid (1, 0, 0, &RegEcx, 0); - - if ((RegEcx & RDRAND_MASK) == RDRAND_MASK) { - Status = EFI_SUCCESS; - } - } - - return Status; -} - -/** - Calls RDRAND to obtain a 16-bit random number. - - @param[out] Rand Buffer pointer to store the random result. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS RDRAND call was successful. - @retval EFI_NOT_READY Failed attempts to call RDRAND. - -**/ -EFI_STATUS -EFIAPI -RdRand16 ( - OUT UINT16 *Rand, - IN BOOLEAN NeedRetry - ) -{ - UINT32 Index; - UINT32 RetryCount; - - if (NeedRetry) { - RetryCount = RETRY_LIMIT; - } else { - RetryCount = 1; - } - - // - // Perform a single call to RDRAND, or enter a loop call until RDRAND succeeds. - // - for (Index = 0; Index < RetryCount; Index++) { - if (RdRand16Step (Rand)) { - return EFI_SUCCESS; - } - } - - return EFI_NOT_READY; -} - -/** - Calls RDRAND to obtain a 32-bit random number. - - @param[out] Rand Buffer pointer to store the random result. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS RDRAND call was successful. - @retval EFI_NOT_READY Failed attempts to call RDRAND. - -**/ -EFI_STATUS -EFIAPI -RdRand32 ( - OUT UINT32 *Rand, - IN BOOLEAN NeedRetry - ) -{ - UINT32 Index; - UINT32 RetryCount; - - if (NeedRetry) { - RetryCount = RETRY_LIMIT; - } else { - RetryCount = 1; - } - - // - // Perform a single call to RDRAND, or enter a loop call until RDRAND succeeds. - // - for (Index = 0; Index < RetryCount; Index++) { - if (RdRand32Step (Rand)) { - return EFI_SUCCESS; - } - } - - return EFI_NOT_READY; -} - -/** - Calls RDRAND to obtain a 64-bit random number. - - @param[out] Rand Buffer pointer to store the random result. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS RDRAND call was successful. - @retval EFI_NOT_READY Failed attempts to call RDRAND. - -**/ -EFI_STATUS -EFIAPI -RdRand64 ( - OUT UINT64 *Rand, - IN BOOLEAN NeedRetry - ) -{ - UINT32 Index; - UINT32 RetryCount; - - if (NeedRetry) { - RetryCount = RETRY_LIMIT; - } else { - RetryCount = 1; - } - - // - // Perform a single call to RDRAND, or enter a loop call until RDRAND succeeds. - // - for (Index = 0; Index < RetryCount; Index++) { - if (RdRand64Step (Rand)) { - return EFI_SUCCESS; - } - } - - return EFI_NOT_READY; -} - /** Calls RDRAND to fill a buffer of arbitrary size with random bytes. @@ -199,80 +34,23 @@ RdRandGetBytes ( OUT UINT8 *RandBuffer ) { - EFI_STATUS Status; - UINT8 *Start; - UINT8 *ResidualStart; - UINTN *BlockStart; - UINTN TempRand; - UINTN Count; - UINTN Residual; - UINTN StartLen; - UINTN BlockNum; - UINTN Index; - - ResidualStart = NULL; - TempRand = 0; + BOOLEAN IsRandom; + UINT64 TempRand[2]; - // - // Compute the address of the first word aligned (32/64-bit) block in the - // destination buffer, depending on whether we are in 32- or 64-bit mode. - // - Start = RandBuffer; - if (((UINT32)(UINTN)Start % (UINT32)sizeof(UINTN)) == 0) { - BlockStart = (UINTN *)Start; - Count = Length; - StartLen = 0; - } else { - BlockStart = (UINTN *)(((UINTN)Start & ~(UINTN)(sizeof(UINTN) - 1)) + (UINTN)sizeof(UINTN)); - Count = Length - (sizeof (UINTN) - (UINT32)((UINTN)Start % sizeof (UINTN))); - StartLen = (UINT32)((UINTN)BlockStart - (UINTN)Start); - } - - // - // Compute the number of word blocks and the remaining number of bytes. - // - Residual = Count % sizeof (UINTN); - BlockNum = Count / sizeof (UINTN); - if (Residual != 0) { - ResidualStart = (UINT8 *) (BlockStart + BlockNum); - } - - // - // Obtain a temporary random number for use in the residuals. Failout if retry fails. - // - if (StartLen > 0) { - Status = RdRandWord ((UINTN *) &TempRand, TRUE); - if (EFI_ERROR (Status)) { - return Status; - } - } - - // - // Populate the starting mis-aligned block. - // - for (Index = 0; Index < StartLen; Index++) { - Start[Index] = (UINT8)(TempRand & 0xff); - TempRand = TempRand >> 8; - } - - // - // Populate the central aligned block. Fail out if retry fails. - // - Status = RdRandGetWords (BlockNum, (UINTN *)(BlockStart)); - if (EFI_ERROR (Status)) { - return Status; - } - // - // Populate the final mis-aligned block. - // - if (Residual > 0) { - Status = RdRandWord ((UINTN *)&TempRand, TRUE); - if (EFI_ERROR (Status)) { - return Status; + while (Length > 0) { + IsRandom = GetRandomNumber128 (TempRand); + if (!IsRandom) { + return EFI_NOT_READY; } - for (Index = 0; Index < Residual; Index++) { - ResidualStart[Index] = (UINT8)(TempRand & 0xff); - TempRand = TempRand >> 8; + if (Length >= sizeof (TempRand)) { + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]); + RandBuffer += sizeof (UINT64); + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]); + RandBuffer += sizeof (UINT64); + Length -= sizeof (TempRand); + } else { + CopyMem (RandBuffer, TempRand, Length); + Length = 0; } } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h index 20fd9fbd3f..d6378778cf 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h @@ -9,6 +9,7 @@ Secure Key technology. Copyright (c) 2013, Intel Corporation. All rights reserved.
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -28,154 +29,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include -// -// The maximun number of retries to obtain one available random number. -// -#define RETRY_LIMIT 10 - -/** - Determines whether or not RDRAND instruction is supported by the host hardware. - - @retval EFI_SUCCESS RDRAND instruction supported. - @retval EFI_UNSUPPORTED RDRAND instruction not supported. - -**/ -EFI_STATUS -EFIAPI -IsRdRandSupported ( - VOID - ); - -/** - Generates a 16-bit random number through RDRAND instruction. - - @param[out] Rand Buffer pointer to store the random result. - - @retval TRUE RDRAND call was successful. - @retval FALSE Failed attempts to call RDRAND. - -**/ -BOOLEAN -EFIAPI -RdRand16Step ( - OUT UINT16 *Rand - ); - -/** - Generates a 32-bit random number through RDRAND instruction. - - @param[out] Rand Buffer pointer to store the random result. - - @retval TRUE RDRAND call was successful. - @retval FALSE Failed attempts to call RDRAND. - -**/ -BOOLEAN -EFIAPI -RdRand32Step ( - OUT UINT32 *Rand - ); - -/** - Generates a 64-bit random number through RDRAND instruction. - - @param[out] Rand Buffer pointer to store the random result. - - @retval TRUE RDRAND call was successful. - @retval FALSE Failed attempts to call RDRAND. - -**/ -BOOLEAN -EFIAPI -RdRand64Step ( - OUT UINT64 *Rand - ); - -/** - Calls RDRAND to obtain a 16-bit random number. - - @param[out] Rand Buffer pointer to store the random result. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS RDRAND call was successful. - @retval EFI_NOT_READY Failed attempts to call RDRAND. - -**/ -EFI_STATUS -EFIAPI -RdRand16 ( - OUT UINT16 *Rand, - IN BOOLEAN NeedRetry - ); - -/** - Calls RDRAND to obtain a 32-bit random number. - - @param[out] Rand Buffer pointer to store the random result. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS RDRAND call was successful. - @retval EFI_NOT_READY Failed attempts to call RDRAND. - -**/ -EFI_STATUS -EFIAPI -RdRand32 ( - OUT UINT32 *Rand, - IN BOOLEAN NeedRetry - ); - -/** - Calls RDRAND to obtain a 64-bit random number. - - @param[out] Rand Buffer pointer to store the random result. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS RDRAND call was successful. - @retval EFI_NOT_READY Failed attempts to call RDRAND. - -**/ -EFI_STATUS -EFIAPI -RdRand64 ( - OUT UINT64 *Rand, - IN BOOLEAN NeedRetry - ); - -/** - Calls RDRAND to request a word-length random number. - - @param[out] Rand Buffer pointer to store the random number. - @param[in] NeedRetry Determine whether or not to loop retry. - - @retval EFI_SUCCESS Random word generation succeeded. - @retval EFI_NOT_READY Failed to request random word. - -**/ -EFI_STATUS -EFIAPI -RdRandWord ( - OUT UINTN *Rand, - IN BOOLEAN NeedRetry - ); - -/** - Calls RDRAND to request multiple word-length random numbers. - - @param[in] Length Size of the buffer, in words, to fill with. - @param[out] RandBuffer Pointer to the buffer to store the random result. - - @retval EFI_SUCCESS Random words generation succeeded. - @retval EFI_NOT_READY Failed to request random words. - -**/ -EFI_STATUS -EFIAPI -RdRandGetWords ( - IN UINTN Length, - OUT UINTN *RandBuffer - ); - /** Calls RDRAND to fill a buffer of arbitrary size with random bytes. @@ -210,4 +63,4 @@ RdRandGenerateEntropy ( OUT UINT8 *Entropy ); -#endif // __RD_RAND_H__ \ No newline at end of file +#endif // __RD_RAND_H__ diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c index 98ef3b357f..32c46ab45f 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -15,6 +15,7 @@ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported Copyright (c) 2013, Intel Corporation. All rights reserved.
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -156,7 +157,7 @@ RngGetRNG ( if (RNGValueLength < 32) { return EFI_INVALID_PARAMETER; } - + Status = RdRandGenerateEntropy (RNGValueLength, RNGValue); return Status; } @@ -196,14 +197,6 @@ RngDriverEntry ( EFI_STATUS Status; EFI_HANDLE Handle; - // - // Verify RdRand support on Platform. - // - Status = IsRdRandSupported (); - if (EFI_ERROR (Status)) { - return Status; - } - // // Install UEFI RNG (Random Number Generator) Protocol // @@ -214,6 +207,6 @@ RngDriverEntry ( &mRngRdRand, NULL ); - + return Status; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index d57c2d8c6f..4d668a170a 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -9,6 +9,7 @@ # Secure Key technology. # # Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -41,16 +42,6 @@ AesCore.c AesCore.h -[Sources.IA32] - IA32/RdRandWord.c - IA32/AsmRdRand.asm - IA32/GccRdRand.c | GCC - -[Sources.X64] - X64/RdRandWord.c - X64/AsmRdRand.asm - X64/GccRdRand.c | GCC - [Packages] MdePkg/MdePkg.dec SecurityPkg/SecurityPkg.dec @@ -62,6 +53,7 @@ DebugLib UefiDriverEntryPoint TimerLib + RngLib [Guids] gEfiRngAlgorithmSp80090Ctr256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG @@ -77,4 +69,4 @@ XCODE:*_*_*_CC_FLAGS = -mmmx -msse [UserExtensions.TianoCore."ExtraFiles"] - RngDxeExtra.uni \ No newline at end of file + RngDxeExtra.uni diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 6e2ca5c0b7..0908b26a7c 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -2,6 +2,7 @@ # Security Module Package for All Architectures. # # Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -61,6 +62,7 @@ TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf [LibraryClasses.common.PEIM] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf @@ -74,6 +76,7 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf [LibraryClasses.common.DXE_DRIVER] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf