From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.15709.1656530385947618012 for ; Wed, 29 Jun 2022 12:19:46 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D6AC614BF; Wed, 29 Jun 2022 12:19:45 -0700 (PDT) Received: from pierre123.home (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8FCD03F792; Wed, 29 Jun 2022 12:19:43 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , Michael D Kinney , Liming Gao , Jiewen Yao , Jian J Wang Subject: [PATCH RESEND v1 9/9] SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm Date: Wed, 29 Jun 2022 21:18:46 +0200 Message-Id: <20220629191848.2619317-10-Pierre.Gondois@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220629191848.2619317-1-Pierre.Gondois@arm.com> References: <20220629191848.2619317-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Pierre Gondois Make use of the new DrbgLib and advertise support for the SP800-90 Ctr 256 bits Drbg. The algorithm will be used for Arm and AArch64 arch. Signed-off-by: Pierre Gondois --- .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 ++++++++++++++++++- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 + SecurityPkg/SecurityPkg.dsc | 2 + 3 files changed, 77 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Secur= ityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index 4775252d30b6..400b0a5e9a7c 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -39,7 +40,7 @@ // populated only once. // The valid entry with the lowest index will be the default algorithm. // -#define RNG_AVAILABLE_ALGO_MAX 2 +#define RNG_AVAILABLE_ALGO_MAX 3 STATIC BOOLEAN mAvailableAlgoArrayInit =3D FALSE; STATIC UINTN mAvailableAlgoArrayCount; STATIC EFI_RNG_ALGORITHM mAvailableAlgoArray[RNG_AVAILABLE_ALGO_MAX]; @@ -87,11 +88,78 @@ RngInitAvailableAlgoArray ( sizeof (EFI_RNG_ALGORITHM) ); mAvailableAlgoArrayCount++; + + // SP800-90 Ctr 256 bits Drbg. + // Arm implementation is based on the Trng. + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &gEfiRngAlgorithmSp80090Ctr256Guid, + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; } =20 mAvailableAlgoArrayInit =3D TRUE; } =20 +/** Produces and returns an RNG value using a specified Drbg algorithm. + + @param[in] DrbgMechanism The Drbg mechanism to use. + @param[in] RNGValueLength The length in bytes of the memory buffer= pointed to by + RNGValue. The driver shall return exactl= y this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled = by the driver with the + resulting RNG value. +**/ +STATIC +EFI_STATUS +EFIAPI +RngGetDrbgVal ( + IN DRBG_MECHANISM DrbgMechanism, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + STATIC VOID *DrbgHandle =3D NULL; + + // Only instantiate once. + if (DrbgHandle =3D=3D NULL) { + Status =3D DrbgInstantiateFn ( + DrbgMechanism, + DrbgEntropyNoCondFn, + 256, + FALSE, + NULL, + 0, + &DrbgHandle + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + + // Check overflow. + if (RNGValueLength > (MAX_UINTN >> 3)) { + return EFI_INVALID_PARAMETER; + } + + Status =3D DrbgGenerateFn ( + 256, + FALSE, + NULL, + 0, + RNGValueLength << 3, + RNGValue, + DrbgHandle + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + /** Produces and returns an RNG value using either the default or specifie= d RNG algorithm. =20 @@ -163,6 +231,11 @@ FoundAlgo: return GenerateEntropy (RNGValueLength, RNGValue); } =20 + // SP800-90 Ctr 256 bits Drbg + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { + return RngGetDrbgVal (DrbgMechansimCtr, RNGValueLength, RNGValue); + } + // // Other algorithms are unsupported by this driver. // diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi= tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 20752e71ac4e..c95e958e7f85 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -63,6 +63,7 @@ [LibraryClasses] =20 [LibraryClasses.AARCH64, LibraryClasses.ARM] ArmLib + DrbgLib TrngLib =20 [Guids] diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 779aa2a061a0..cc6d6de72cea 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -95,7 +95,9 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmHvcLib|ArmPkg/Library/ArmHvcLib/ArmHvcLib.inf =20 # RngDxe dependencies + AesLib|MdePkg/Library/AesLibNull/AesLibNull.inf ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf + DrbgLib|MdePkg/Library/DrbgLibNull/DrbgLibNull.inf =20 [LibraryClasses.ARM] RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf --=20 2.25.1