From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH 2/9] CryptoPkg: Add rand function for BaseCryptLibMbedTls
Date: Tue, 16 Apr 2024 15:51:11 +0800 [thread overview]
Message-ID: <20240416075118.4799-3-wenxing.hou@intel.com> (raw)
In-Reply-To: <20240416075118.4799-1-wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add rand function for BaseCryptLibMbedTls.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
CryptoPkg/CryptoPkg.ci.yaml | 1 +
.../BaseCryptLibMbedTls/InternalCryptLib.h | 16 +++
.../BaseCryptLibMbedTls/Rand/CryptRand.c | 105 ++++++++++++++++++
.../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 105 ++++++++++++++++++
4 files changed, 227 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index b601bcf85c..2fbc021c84 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -45,6 +45,7 @@
"Library/Include/stdint.h",
"Library/Include/stubs-32.h",
"Library/Include/inttypes.h",
+ "Library/BaseCryptLibMbedTls/InternalCryptLib.h",
# These directories contain auto-generated OpenSSL content
"Library/OpensslLib",
"Library/IntrinsicLib",
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
index 039aa32028..e2c7e42ecb 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -22,4 +22,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
#include <mbedtls/mbedtls_config.h>
+/**
+ The MbedTLS function f_rng, which MbedtlsRand implements.
+
+ @param[in] rng_state Not used, just for compatibility with mbedlts.
+ @param[out] output Pointer to buffer to receive random value.
+ @param[in] len Size of random bytes to generate.
+
+ @retval 0 Pseudorandom byte stream generated successfully.
+ @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy.
+**/
+INTN
+MbedtlsRand (
+ VOID *rng_state,
+ UINT8 *output,
+ UINTN len
+ );
#endif
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
new file mode 100644
index 0000000000..081b413740
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
@@ -0,0 +1,105 @@
+/** @file
+ Pseudorandom Number Generator Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <Library/RngLib.h>
+
+/**
+ Sets up the seed value for the pseudorandom number generator.
+
+ This function sets up the seed value for the pseudorandom number generator.
+ If Seed is not NULL, then the seed passed in is used.
+ If Seed is NULL, then default seed is used.
+
+ @param[in] Seed Pointer to seed value.
+ If NULL, default seed is used.
+ @param[in] SeedSize Size of seed value.
+ If Seed is NULL, this parameter is ignored.
+
+ @retval TRUE Pseudorandom number generator has enough entropy for random generation.
+ @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+ IN CONST UINT8 *Seed OPTIONAL,
+ IN UINTN SeedSize
+ )
+{
+ return TRUE;
+}
+
+/**
+ Generates a pseudorandom byte stream of the specified size.
+
+ If Output is NULL, then return FALSE.
+
+ @param[out] Output Pointer to buffer to receive random value.
+ @param[in] Size Size of random bytes to generate.
+
+ @retval TRUE Pseudorandom byte stream generated successfully.
+ @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+ OUT UINT8 *Output,
+ IN UINTN Size
+ )
+{
+ BOOLEAN Ret;
+ UINT64 TempRand;
+
+ Ret = FALSE;
+
+ while (Size > 0) {
+ // Use RngLib to get random number
+ Ret = GetRandomNumber64 (&TempRand);
+
+ if (!Ret) {
+ return Ret;
+ }
+
+ if (Size >= sizeof (TempRand)) {
+ *((UINT64 *)Output) = TempRand;
+ Output += sizeof (UINT64);
+ Size -= sizeof (TempRand);
+ } else {
+ CopyMem (Output, &TempRand, Size);
+ Size = 0;
+ }
+ }
+
+ return Ret;
+}
+
+/**
+ The MbedTLS function f_rng, which MbedtlsRand implements.
+
+ @param[in] rng_state Not used, just for compatibility with mbedlts.
+ @param[out] output Pointer to buffer to receive random value.
+ @param[in] len Size of random bytes to generate.
+
+ @retval 0 Pseudorandom byte stream generated successfully.
+ @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy.
+**/
+INTN
+MbedtlsRand (
+ VOID *rng_state,
+ UINT8 *output,
+ UINTN len
+ )
+{
+ BOOLEAN Result;
+
+ Result = RandomBytes (output, len);
+
+ return Result ? 0 : -1;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
new file mode 100644
index 0000000000..081b413740
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
@@ -0,0 +1,105 @@
+/** @file
+ Pseudorandom Number Generator Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <Library/RngLib.h>
+
+/**
+ Sets up the seed value for the pseudorandom number generator.
+
+ This function sets up the seed value for the pseudorandom number generator.
+ If Seed is not NULL, then the seed passed in is used.
+ If Seed is NULL, then default seed is used.
+
+ @param[in] Seed Pointer to seed value.
+ If NULL, default seed is used.
+ @param[in] SeedSize Size of seed value.
+ If Seed is NULL, this parameter is ignored.
+
+ @retval TRUE Pseudorandom number generator has enough entropy for random generation.
+ @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+ IN CONST UINT8 *Seed OPTIONAL,
+ IN UINTN SeedSize
+ )
+{
+ return TRUE;
+}
+
+/**
+ Generates a pseudorandom byte stream of the specified size.
+
+ If Output is NULL, then return FALSE.
+
+ @param[out] Output Pointer to buffer to receive random value.
+ @param[in] Size Size of random bytes to generate.
+
+ @retval TRUE Pseudorandom byte stream generated successfully.
+ @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+ OUT UINT8 *Output,
+ IN UINTN Size
+ )
+{
+ BOOLEAN Ret;
+ UINT64 TempRand;
+
+ Ret = FALSE;
+
+ while (Size > 0) {
+ // Use RngLib to get random number
+ Ret = GetRandomNumber64 (&TempRand);
+
+ if (!Ret) {
+ return Ret;
+ }
+
+ if (Size >= sizeof (TempRand)) {
+ *((UINT64 *)Output) = TempRand;
+ Output += sizeof (UINT64);
+ Size -= sizeof (TempRand);
+ } else {
+ CopyMem (Output, &TempRand, Size);
+ Size = 0;
+ }
+ }
+
+ return Ret;
+}
+
+/**
+ The MbedTLS function f_rng, which MbedtlsRand implements.
+
+ @param[in] rng_state Not used, just for compatibility with mbedlts.
+ @param[out] output Pointer to buffer to receive random value.
+ @param[in] len Size of random bytes to generate.
+
+ @retval 0 Pseudorandom byte stream generated successfully.
+ @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy.
+**/
+INTN
+MbedtlsRand (
+ VOID *rng_state,
+ UINT8 *output,
+ UINTN len
+ )
+{
+ BOOLEAN Result;
+
+ Result = RandomBytes (output, len);
+
+ return Result ? 0 : -1;
+}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117859): https://edk2.groups.io/g/devel/message/117859
Mute This Topic: https://groups.io/mt/105552832/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-04-16 7:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-16 7:51 [edk2-devel] [PATCH 0/9] Add more crypt APIs based on Mbedtls Wenxing Hou
2024-04-16 7:51 ` [edk2-devel] [PATCH 1/9] CryptoPkg: Add AeadAesGcm " Wenxing Hou
2024-04-16 7:51 ` Wenxing Hou [this message]
2024-04-16 7:51 ` [edk2-devel] [PATCH 3/9] CryptoPkg: Add Pem APIs " Wenxing Hou
2024-04-16 7:51 ` [edk2-devel] [PATCH 4/9] CryptoPkg: Add X509 functions " Wenxing Hou
2024-04-16 7:51 ` [edk2-devel] [PATCH 5/9] CryptoPkg: Add Pkcs7 related " Wenxing Hou
2024-04-22 7:52 ` Li, Yi
2024-04-16 7:51 ` [edk2-devel] [PATCH 6/9] CryptoPkg: Add Pkcs5 " Wenxing Hou
2024-04-16 7:51 ` [edk2-devel] [PATCH 7/9] CryptoPkg: Add more RSA related " Wenxing Hou
2024-04-16 7:51 ` [edk2-devel] [PATCH 8/9] CryptoPkg: Add AuthenticodeVerify " Wenxing Hou
2024-04-16 7:51 ` [edk2-devel] [PATCH 9/9] CryptoPkg: Add ImageTimestampVerify " Wenxing Hou
2024-04-22 7:53 ` [edk2-devel] [PATCH 0/9] Add more crypt APIs " Li, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240416075118.4799-3-wenxing.hou@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox