* [edk2-devel] [PATCH v1 01/14] EmulatorPkg: : Add RngDxe to EmulatorPkg
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
` (12 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Andrew Fish, Ray Ni
From: Doug Flick <dougflick@microsoft.com>
This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++++++--
EmulatorPkg/EmulatorPkg.fdf | 6 +++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a33..0a66294cb768 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@ [LibraryClasses]
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -398,6 +398,11 @@ [Components]
EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
EmulatorPkg/TimerDxe/Timer.inf
+ #
+ # Rng Protocol producer
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa6f..d756c144d94d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ [FV.FvRecovery]
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
+#
+# Rng Protocol producer
+#
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
#
# Secure Boot Key Enroll
#
@@ -320,4 +325,3 @@ [Rule.Common.UEFI_APPLICATION.BINARY]
UI STRING="$(MODULE_NAME)" Optional
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
}
-
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118674): https://edk2.groups.io/g/devel/message/118674
Mute This Topic: https://groups.io/mt/105983239/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 01/14] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-10 3:10 ` Ni, Ray
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 03/14] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
` (11 subsequent siblings)
13 siblings, 1 reply; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Andrew Fish, Ray Ni
From: Doug Flick <dougflick@microsoft.com>
This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++++++--
EmulatorPkg/EmulatorPkg.fdf | 5 +++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb768..1c356bc8c732 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@ [LibraryClasses]
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@ [Components]
# Rng Protocol producer
#
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d94d..73d5b0068d3f 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ [FV.FvRecovery]
#
INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Secure Boot Key Enroll
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118675): https://edk2.groups.io/g/devel/message/118675
Mute This Topic: https://groups.io/mt/105983240/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
@ 2024-05-10 3:10 ` Ni, Ray
0 siblings, 0 replies; 23+ messages in thread
From: Ni, Ray @ 2024-05-10 3:10 UTC (permalink / raw)
To: Doug Flick, devel@edk2.groups.io; +Cc: Andrew Fish
[-- Attachment #1: Type: text/plain, Size: 2998 bytes --]
Reviewed-by: Ray Ni <ray.ni@intel.com>
Thanks,
Ray
________________________________
From: Doug Flick <doug.edk2@gmail.com>
Sent: Wednesday, May 8, 2024 23:29
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
Subject: [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
From: Doug Flick <dougflick@microsoft.com>
This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++++++--
EmulatorPkg/EmulatorPkg.fdf | 5 +++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb768..1c356bc8c732 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@ [LibraryClasses]
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@ [Components]
# Rng Protocol producer
#
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d94d..73d5b0068d3f 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ [FV.FvRecovery]
#
INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Secure Boot Key Enroll
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118787): https://edk2.groups.io/g/devel/message/118787
Mute This Topic: https://groups.io/mt/105983240/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 5556 bytes --]
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 03/14] OvmfPkg:PlatformCI: Support virtio-rng-pci
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 01/14] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 04/14] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
` (10 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 00d454954bff..3fe80f5c1caa 100644
--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
+++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
@@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
args += " -net none" # turn off network
args += " -smp 4"
args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # Mount disk with startup.nsh
+ # Provides Rng services to the Guest VM
+ args += " -device virtio-rng-pci"
if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
args += " -display none" # no graphics
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118676): https://edk2.groups.io/g/devel/message/118676
Mute This Topic: https://groups.io/mt/105983241/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 04/14] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (2 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 03/14] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 05/14] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
` (9 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann
From: Doug Flick <dougflick@microsoft.com>
This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 6 +++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++-
OvmfPkg/OvmfPkgX64.dsc | 6 +++++-
OvmfPkg/OvmfXen.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32.fdf | 5 +++++
OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++
OvmfPkg/OvmfPkgX64.fdf | 5 +++++
OvmfPkg/OvmfXen.fdf | 5 +++++
8 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 9db3ebd0e722..7d7729e07729 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -228,7 +228,6 @@ [LibraryClasses]
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
-
#
# Network libraries
#
@@ -857,6 +856,11 @@ [Components]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 43378122925b..1e924ccc5eb4 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -233,7 +233,6 @@ [LibraryClasses]
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
-
#
# Network libraries
#
@@ -871,6 +870,11 @@ [Components.X64]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 157ae6c0e4b0..3637b967b139 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -249,7 +249,6 @@ [LibraryClasses]
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
-
#
# Network libraries
#
@@ -939,6 +938,11 @@ [Components]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index fa1a570e746a..7fc340d1c1df 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -667,6 +667,11 @@ [Components]
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6eb26f7d4613..0d4abb50a8f7 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,11 @@ [FV.DXEFV]
INF MdeModulePkg/Logo/LogoDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 080784f722a7..23a825a01298 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,11 @@ [FV.DXEFV]
INF MdeModulePkg/Logo/LogoDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index c2d3cc901e94..16c7a2b0a132 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -326,6 +326,11 @@ [FV.DXEFV]
INF OvmfPkg/TdxDxe/TdxDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 5770b173168b..41368f37e254 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -314,6 +314,11 @@ [FV.DXEFV]
INF MdeModulePkg/Logo/LogoDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118677): https://edk2.groups.io/g/devel/message/118677
Mute This Topic: https://groups.io/mt/105983242/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 05/14] ArmVirtPkg:PlatformCI: Support virtio-rng-pci
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (3 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 04/14] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 06/14] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
` (8 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
index 0ddaccf9c21f..3abab0914127 100644
--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
+++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager):
args += " -serial stdio"
# Mount disk with startup.nsh
args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk"
+ # Provides Rng services to the Guest VM
+ args += " -device virtio-rng-pci"
# Conditional Args
if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118678): https://edk2.groups.io/g/devel/message/118678
Mute This Topic: https://groups.io/mt/105983244/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 06/14] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (4 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 05/14] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
` (7 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 +++++
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +++++
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +++++
3 files changed, 15 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index f6f78359552d..36cb9bd329e7 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -554,6 +554,11 @@ [Components.common]
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # Hash2 Protocol Support
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# TPM2 support
#
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 668a65ba648f..57aa2b1d1bad 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -461,6 +461,11 @@ [Components.common]
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # Hash2 Protocol Support
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# ACPI Support
#
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index c5d097ffb935..80d420023e6c 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -177,6 +177,11 @@ [FV.FvMain]
INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# TPM2 support
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118679): https://edk2.groups.io/g/devel/message/118679
Mute This Topic: https://groups.io/mt/105983245/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (5 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 06/14] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 16:20 ` Ard Biesheuvel
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 08/14] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
` (6 subsequent siblings)
13 siblings, 1 reply; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Saloni Kasbekar, Zachary Clark-williams
From: Doug Flick <dougflick@microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change Overview:
Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
> OUT UINT32 *Output
> );
>
or (depending on the use case)
>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
> OUT VOID *Output,
> IN UINTN OutputLength
> );
>
This is because the use of
Example:
The following code snippet PseudoRandomU32 () function is used:
>
> UINT32 Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
> DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
> return Status;
> }
>
This also introduces a new PCD to enable/disable the use of the
NIST SP-800-90 approved algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.
>
> PcdEnforceSecureRngAlgorithms
>
If the platform does not have the NIST SP-800-90 approved algorithms
then the driver will assert.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/NetworkPkg.dec | 7 ++
NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 12 +-
NetworkPkg/TcpDxe/TcpDxe.inf | 3 +
NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +-
NetworkPkg/Include/Library/NetLib.h | 40 ++++--
NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +-
NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +-
NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +-
NetworkPkg/DnsDxe/DnsDhcp.c | 10 +-
NetworkPkg/DnsDxe/DnsImpl.c | 11 +-
NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +-
NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++-
NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +--
NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +-
NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +-
NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++-
NetworkPkg/Ip6Dxe/Ip6If.c | 12 +-
NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +-
NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++-
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++++++++++---
NetworkPkg/TcpDxe/TcpDriver.c | 15 ++-
NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +-
NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +-
NetworkPkg/SecurityFixes.yaml | 39 ++++++
27 files changed, 407 insertions(+), 83 deletions(-)
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e7747c..7c4289b77b21 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
#
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
# @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
+ ## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections.
+ # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
+ # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
+ # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
+
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
# 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec10..56e3c3c58540 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
#
# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -49,7 +50,9 @@ [Guids]
gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable
gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable
gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+ gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES
+ gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES
+ gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES
[Protocols]
gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES
@@ -59,3 +62,10 @@ [Protocols]
gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES
gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiRngProtocolGuid ## CONSUMES
+
+[FixedPcd]
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES
+
+[Depex]
+ gEfiRngProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index c0acbdca5700..cf5423f4c537 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -82,5 +82,8 @@ [Protocols]
gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
+[Depex]
+ gEfiHash2ServiceBindingProtocolGuid
+
[UserExtensions.TianoCore."ExtraFiles"]
TcpDxeExtra.uni
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
index a951eee70ec9..91b2cd22613d 100644
--- a/NetworkPkg/IScsiDxe/IScsiMisc.h
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
@@ -2,6 +2,7 @@
Miscellaneous definitions for iSCSI driver.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -202,8 +203,11 @@ IScsiNetNtoi (
@param[in, out] Rand The buffer to contain random numbers.
@param[in] RandLength The length of the Rand buffer.
+ @retval EFI_SUCCESS on success
+ @retval others on error
+
**/
-VOID
+EFI_STATUS
IScsiGenRandom (
IN OUT UINT8 *Rand,
IN UINTN RandLength
diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h
index 8c0e62b3889c..e8108b79db8f 100644
--- a/NetworkPkg/Include/Library/NetLib.h
+++ b/NetworkPkg/Include/Library/NetLib.h
@@ -3,6 +3,7 @@
It provides basic functions for the UEFI network stack.
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr;
#define TICKS_PER_MS 10000U
#define TICKS_PER_SECOND 10000000U
-#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL)
-
/**
Extract a UINT32 from a byte stream.
@@ -580,19 +579,40 @@ NetPutUint32 (
);
/**
- Initialize a random seed using current time and monotonic count.
+ Generate a Random output data given a length.
- Get current time and monotonic count first. Then initialize a random seed
- based on some basic mathematics operation on the hour, day, minute, second,
- nanosecond and year of the current time and the monotonic count value.
+ @param[out] Output - The buffer to store the generated random data.
+ @param[in] OutputLength - The length of the output buffer.
- @return The random seed initialized with current time.
+ @retval EFI_SUCCESS On Success
+ @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+ @return Status code
**/
-UINT32
+EFI_STATUS
EFIAPI
-NetRandomInitSeed (
- VOID
+PseudoRandom (
+ OUT VOID *Output,
+ IN UINTN OutputLength
+ );
+
+/**
+ Generate a 32-bit pseudo-random number.
+
+ @param[out] Output - The buffer to store the generated random number.
+
+ @retval EFI_SUCCESS On Success
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+
+ @return Status code
+**/
+EFI_STATUS
+EFIAPI
+PseudoRandomU32 (
+ OUT UINT32 *Output
);
#define NET_LIST_USER_STRUCT(Entry, Type, Field) \
diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
index bf64e9114e13..5795e23c7d71 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
@@ -2,7 +2,7 @@
Definition of Neighbor Discovery support routines.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -780,10 +780,10 @@ Ip6OnArpResolved (
/**
Update the ReachableTime in IP6 service binding instance data, in milliseconds.
- @param[in, out] IpSb Points to the IP6_SERVICE.
-
+ @retval EFI_SUCCESS ReachableTime Updated
+ @retval others Failed to update ReachableTime
**/
-VOID
+EFI_STATUS
Ip6UpdateReachableTime (
IN OUT IP6_SERVICE *IpSb
);
diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
index 8c37e93be3a8..892caee36846 100644
--- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
+++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
@@ -1,6 +1,7 @@
/** @file
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -189,6 +190,13 @@ Dhcp4CreateService (
{
DHCP_SERVICE *DhcpSb;
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
*Service = NULL;
DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE));
@@ -203,7 +211,7 @@ Dhcp4CreateService (
DhcpSb->Image = ImageHandle;
InitializeListHead (&DhcpSb->Children);
DhcpSb->DhcpState = Dhcp4Stopped;
- DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ());
+ DhcpSb->Xid = Random;
CopyMem (
&DhcpSb->ServiceBinding,
&mDhcp4ServiceBindingTemplate,
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
index b591a4605bc9..e7f2787a98ba 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
@@ -3,7 +3,7 @@
implementation for Dhcp6 Driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -123,6 +123,13 @@ Dhcp6CreateService (
{
DHCP6_SERVICE *Dhcp6Srv;
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
*Service = NULL;
Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE));
@@ -147,7 +154,7 @@ Dhcp6CreateService (
Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE;
Dhcp6Srv->Controller = Controller;
Dhcp6Srv->Image = ImageHandle;
- Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ()));
+ Dhcp6Srv->Xid = (0xffffff & Random);
CopyMem (
&Dhcp6Srv->ServiceBinding,
diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c
index 933565a32df1..9eb3c1d2d81d 100644
--- a/NetworkPkg/DnsDxe/DnsDhcp.c
+++ b/NetworkPkg/DnsDxe/DnsDhcp.c
@@ -2,6 +2,7 @@
Functions implementation related with DHCPv4/v6 for DNS driver.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 (
EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;
BOOLEAN IsDone;
UINTN Index;
+ UINT32 Random;
Image = Instance->Service->ImageHandle;
Controller = Instance->Service->ControllerHandle;
@@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 (
Data = NULL;
InterfaceInfo = NULL;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));
ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));
@@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 (
Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet);
- Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ()));
+ Token.Packet->Dhcp4.Header.Xid = Random;
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);
diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
index d311812800fd..c2629bb8df1f 100644
--- a/NetworkPkg/DnsDxe/DnsImpl.c
+++ b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -2,6 +2,7 @@
DnsDxe support functions implementation.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1963,6 +1964,14 @@ ConstructDNSQuery (
NET_FRAGMENT Frag;
DNS_HEADER *DnsHeader;
DNS_QUERY_SECTION *DnsQuery;
+ EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Messages carried by UDP are restricted to 512 bytes (not counting the IP
@@ -1977,7 +1986,7 @@ ConstructDNSQuery (
// Fill header
//
DnsHeader = (DNS_HEADER *)Frag.Bulk;
- DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ());
+ DnsHeader->Identification = (UINT16)Random;
DnsHeader->Flags.Uint16 = 0x0000;
DnsHeader->Flags.Bits.RD = 1;
DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;
diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
index b22cef4ff587..f964515b0fa6 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
+++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
@@ -2,6 +2,7 @@
Functions implementation related with DHCPv6 for HTTP boot driver.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -951,6 +952,7 @@ HttpBootDhcp6Sarr (
UINT32 OptCount;
UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];
EFI_STATUS Status;
+ UINT32 Random;
Dhcp6 = Private->Dhcp6;
ASSERT (Dhcp6 != NULL);
@@ -961,6 +963,12 @@ HttpBootDhcp6Sarr (
OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer);
ASSERT (OptCount > 0);
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));
if (Retransmit == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -976,7 +984,7 @@ HttpBootDhcp6Sarr (
Config.IaInfoEvent = NULL;
Config.RapidCommit = FALSE;
Config.ReconfigureAccept = FALSE;
- Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ());
+ Config.IaDescriptor.IaId = Random;
Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA;
Config.SolicitRetransmission = Retransmit;
Retransmit->Irt = 4;
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
index b507f11cd45e..bebb1ac29b9c 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -3,6 +3,7 @@
Configuration.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -576,16 +577,24 @@ IScsiCHAPToSendReq (
//
// CHAP_I=<I>
//
- IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
+ Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier);
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);
//
// CHAP_C=<C>
//
- IScsiGenRandom (
- (UINT8 *)AuthData->OutChallenge,
- AuthData->Hash->DigestSize
- );
+ Status = IScsiGenRandom (
+ (UINT8 *)AuthData->OutChallenge,
+ AuthData->Hash->DigestSize
+ );
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
BinToHexStatus = IScsiBinToHex (
(UINT8 *)AuthData->OutChallenge,
AuthData->Hash->DigestSize,
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
index 78dc5c73d35a..2159b8494963 100644
--- a/NetworkPkg/IScsiDxe/IScsiMisc.c
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
@@ -2,6 +2,7 @@
Miscellaneous routines for iSCSI driver.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -474,20 +475,17 @@ IScsiNetNtoi (
@param[in, out] Rand The buffer to contain random numbers.
@param[in] RandLength The length of the Rand buffer.
+ @retval EFI_SUCCESS on success
+ @retval others on error
+
**/
-VOID
+EFI_STATUS
IScsiGenRandom (
IN OUT UINT8 *Rand,
IN UINTN RandLength
)
{
- UINT32 Random;
-
- while (RandLength > 0) {
- Random = NET_RANDOM (NetRandomInitSeed ());
- *Rand++ = (UINT8)(Random);
- RandLength--;
- }
+ return PseudoRandom (Rand, RandLength);
}
/**
diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c
index ec483ff01fa9..683423f38dc7 100644
--- a/NetworkPkg/Ip4Dxe/Ip4Driver.c
+++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c
@@ -2,6 +2,7 @@
The driver binding and service binding protocol for IP4 driver.
Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -549,11 +550,18 @@ Ip4DriverBindingStart (
EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;
UINTN Index;
IP4_CONFIG2_DATA_ITEM *DataItem;
+ UINT32 Random;
IpSb = NULL;
Ip4Cfg2 = NULL;
DataItem = NULL;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
//
// Test for the Ip4 service binding protocol
//
@@ -653,7 +661,7 @@ Ip4DriverBindingStart (
//
// Initialize the IP4 ID
//
- mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ());
+ mIp4Id = (UINT16)Random;
return Status;
diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
index 70e232ce6c4d..4c1354d26cc1 100644
--- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
+++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
@@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance (
UINTN Index;
UINT16 IfIndex;
IP6_CONFIG_DATA_ITEM *DataItem;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);
@@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance (
// The NV variable is not set, so generate a random IAID, and write down the
// fresh new configuration as the NV variable now.
//
- Instance->IaId = NET_RANDOM (NetRandomInitSeed ());
+ Instance->IaId = Random;
for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));
diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c
index b483a7d136d9..cbe011dad472 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Driver.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c
@@ -3,7 +3,7 @@
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -316,7 +316,11 @@ Ip6CreateService (
IpSb->CurHopLimit = IP6_HOP_LIMIT;
IpSb->LinkMTU = IP6_MIN_LINK_MTU;
IpSb->BaseReachableTime = IP6_REACHABLE_TIME;
- Ip6UpdateReachableTime (IpSb);
+ Status = Ip6UpdateReachableTime (IpSb);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
//
// RFC4861 RETRANS_TIMER: 1,000 milliseconds
//
@@ -516,11 +520,18 @@ Ip6DriverBindingStart (
EFI_STATUS Status;
EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;
IP6_CONFIG_DATA_ITEM *DataItem;
+ UINT32 Random;
IpSb = NULL;
Ip6Cfg = NULL;
DataItem = NULL;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
//
// Test for the Ip6 service binding protocol
//
@@ -656,7 +667,7 @@ Ip6DriverBindingStart (
//
// Initialize the IP6 ID
//
- mIp6Id = NET_RANDOM (NetRandomInitSeed ());
+ mIp6Id = Random;
return EFI_SUCCESS;
diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c
index 4629c05f25a0..f3d11c4d2155 100644
--- a/NetworkPkg/Ip6Dxe/Ip6If.c
+++ b/NetworkPkg/Ip6Dxe/Ip6If.c
@@ -2,7 +2,7 @@
Implement IP6 pseudo interface.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -89,6 +89,14 @@ Ip6SetAddress (
IP6_PREFIX_LIST_ENTRY *PrefixEntry;
UINT64 Delay;
IP6_DELAY_JOIN_LIST *DelayNode;
+ EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);
@@ -164,7 +172,7 @@ Ip6SetAddress (
// Thus queue the address to be processed in Duplicate Address Detection module
// after the delay time (in milliseconds).
//
- Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ());
+ Delay = (UINT64)Random;
Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);
Delay = RShiftU64 (Delay, 32);
diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c
index e6b2b653e295..498a11854305 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Mld.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c
@@ -696,7 +696,15 @@ Ip6UpdateDelayTimer (
IN OUT IP6_MLD_GROUP *Group
)
{
- UINT32 Delay;
+ UINT32 Delay;
+ EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// If the Query packet specifies a Maximum Response Delay of zero, perform timer
@@ -715,7 +723,7 @@ Ip6UpdateDelayTimer (
// is less than the remaining value of the running timer.
//
if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) {
- Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ());
+ Group->DelayTimer = Delay / 4294967295UL * Random;
}
return EFI_SUCCESS;
diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
index c10c7017f88d..72aa45c10f3f 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c
@@ -2,7 +2,7 @@
Implementation of Neighbor Discovery support routines.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress;
@param[in, out] IpSb Points to the IP6_SERVICE.
+ @retval EFI_SUCCESS ReachableTime Updated
+ @retval others Failed to update ReachableTime
**/
-VOID
+EFI_STATUS
Ip6UpdateReachableTime (
IN OUT IP6_SERVICE *IpSb
)
{
- UINT32 Random;
+ UINT32 Random;
+ EFI_STATUS Status;
- Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
+ Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED;
IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;
+
+ return EFI_SUCCESS;
}
/**
@@ -972,10 +983,17 @@ Ip6InitDADProcess (
IP6_SERVICE *IpSb;
EFI_STATUS Status;
UINT32 MaxDelayTick;
+ UINT32 Random;
NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);
ASSERT (AddressInfo != NULL);
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
//
// Do nothing if we have already started DAD on the address.
//
@@ -1014,7 +1032,7 @@ Ip6InitDADProcess (
Entry->Transmit = 0;
Entry->Receive = 0;
MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;
- Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5;
+ Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5;
Entry->AddressInfo = AddressInfo;
Entry->Callback = Callback;
Entry->Context = Context;
@@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise (
// in BaseReachableTime and recompute a ReachableTime.
//
IpSb->BaseReachableTime = ReachableTime;
- Ip6UpdateReachableTime (IpSb);
+ Status = Ip6UpdateReachableTime (IpSb);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
+ }
}
if (RetransTimer != 0) {
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index fd4a9e15a892..883714d082ce 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -3,6 +3,7 @@
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
#include <Library/UefiLib.h>
+#include <Protocol/Rng.h>
#define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)
#define DEFAULT_ZERO_START ((UINTN) ~0)
@@ -127,6 +129,24 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
0
};
+//
+// These represent UEFI SPEC & NIST SP-800-90 approved algorithms that should be supported by the RNG protocol
+// and are generally considered secure. This list enforces a minimum set of secure algorithms that must
+// be supported by the RNG protocol.
+//
+// The order of the algorithms in this array is important. The first algorithm that is supported by the RNG
+// protocol will be used to generate the seed for the random number generator.
+// If your platform needs to use a specific algorithm to generate the seed for the random number generator,
+// then you should place that algorithm first in the array.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
+ &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256
+ &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
+ &gEfiRngAlgorithmSp80090Hash256Guid // SP800-90A DRBG Hash using SHA-256
+};
+
+#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
+
/**
Locate the handles that support SNP, then open one of them
to send the syslog packets. The caller isn't required to close
@@ -884,34 +904,107 @@ Ip6Swap128 (
}
/**
- Initialize a random seed using current time and monotonic count.
+ Generate a Random output data given a length.
- Get current time and monotonic count first. Then initialize a random seed
- based on some basic mathematics operation on the hour, day, minute, second,
- nanosecond and year of the current time and the monotonic count value.
+ @param[out] Output - The buffer to store the generated random data.
+ @param[in] OutputLength - The length of the output buffer.
- @return The random seed initialized with current time.
+ @retval EFI_SUCCESS On Success
+ @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+ @return Status code
**/
-UINT32
+EFI_STATUS
EFIAPI
-NetRandomInitSeed (
- VOID
+PseudoRandom (
+ OUT VOID *Output,
+ IN UINTN OutputLength
)
{
- EFI_TIME Time;
- UINT32 Seed;
- UINT64 MonotonicCount;
+ EFI_RNG_PROTOCOL *RngProtocol;
+ EFI_STATUS Status;
+ UINTN AlgorithmIndex;
- gRT->GetTime (&Time, NULL);
- Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second);
- Seed ^= Time.Nanosecond;
- Seed ^= Time.Year << 7;
+ if ((Output == NULL) || (OutputLength == 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
- gBS->GetNextMonotonicCount (&MonotonicCount);
- Seed += (UINT32)MonotonicCount;
+ Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status));
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
- return Seed;
+ if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
+ for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) {
+ Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output);
+ if (!EFI_ERROR (Status)) {
+ //
+ // Secure Algorithm was supported on this platform
+ //
+ return EFI_SUCCESS;
+ } else if (Status == EFI_UNSUPPORTED) {
+ //
+ // Secure Algorithm was not supported on this platform
+ //
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+
+ //
+ // Try the next secure algorithm
+ //
+ continue;
+ } else {
+ //
+ // Some other error occurred
+ //
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+ }
+
+ //
+ // If we get here, we failed to generate random data using any secure algorithm
+ // Platform owner should ensure that at least one secure algorithm is supported
+ //
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+
+ //
+ // Lets try using the default algorithm (which may not be secure)
+ //
+ Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status));
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Generate a 32-bit pseudo-random number.
+
+ @param[out] Output - The buffer to store the generated random number.
+
+ @retval EFI_SUCCESS On Success
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+
+ @return Status code
+**/
+EFI_STATUS
+EFIAPI
+PseudoRandomU32 (
+ OUT UINT32 *Output
+ )
+{
+ return PseudoRandom (Output, sizeof (*Output));
}
/**
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 98a90e02109b..8fe6badd687c 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -2,7 +2,7 @@
The driver binding and service binding protocol for the TCP driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -163,7 +163,13 @@ TcpDriverEntryPoint (
)
{
EFI_STATUS Status;
- UINT32 Seed;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Install the TCP Driver Binding Protocol
@@ -203,9 +209,8 @@ TcpDriverEntryPoint (
//
// Initialize ISS and random port.
//
- Seed = NetRandomInitSeed ();
- mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss;
- mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN));
+ mTcpGlobalIss = Random % mTcpGlobalIss;
+ mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
mTcp6RandomPort = mTcp4RandomPort;
return EFI_SUCCESS;
diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c
index cb917fcfc90f..c7ea16f4cd6f 100644
--- a/NetworkPkg/Udp4Dxe/Udp4Driver.c
+++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c
@@ -1,6 +1,7 @@
/** @file
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -555,6 +556,13 @@ Udp4DriverEntryPoint (
)
{
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Install the Udp4DriverBinding and Udp4ComponentName protocols.
@@ -571,7 +579,7 @@ Udp4DriverEntryPoint (
//
// Initialize the UDP random port.
//
- mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
+ mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
}
return Status;
diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c
index ae96fb996627..edb758d57ca4 100644
--- a/NetworkPkg/Udp6Dxe/Udp6Driver.c
+++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c
@@ -2,7 +2,7 @@
Driver Binding functions and Service Binding functions for the Network driver module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -596,6 +596,13 @@ Udp6DriverEntryPoint (
)
{
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Install the Udp6DriverBinding and Udp6ComponentName protocols.
@@ -614,7 +621,7 @@ Udp6DriverEntryPoint (
// Initialize the UDP random port.
//
mUdp6RandomPort = (UINT16)(
- ((UINT16)NetRandomInitSeed ()) %
+ ((UINT16)Random) %
UDP6_PORT_KNOWN +
UDP6_PORT_KNOWN
);
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
index 91146b78cb1e..452038c2194c 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
@@ -2,7 +2,7 @@
Functions implementation related with DHCPv4 for UefiPxeBc Driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover (
UINT8 VendorOptLen;
UINT32 Xid;
+ Status = PseudoRandomU32 (&Xid);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
Mode = Private->PxeBc.Mode;
Dhcp4 = Private->Dhcp4;
Status = EFI_SUCCESS;
@@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover (
//
// Set fields of the token for the request packet.
//
- Xid = NET_RANDOM (NetRandomInitSeed ());
Token.Packet->Dhcp4.Header.Xid = HTONL (Xid);
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
index 7fd1281c1184..bcabbd221983 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
@@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover (
UINTN ReadSize;
UINT16 OpCode;
UINT16 OpLen;
- UINT32 Xid;
+ UINT32 Random;
EFI_STATUS Status;
UINTN DiscoverLenNeeded;
@@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover (
return EFI_DEVICE_ERROR;
}
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
Discover = AllocateZeroPool (DiscoverLenNeeded);
if (Discover == NULL) {
@@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover (
//
// Build the discover packet by the cached request packet before.
//
- Xid = NET_RANDOM (NetRandomInitSeed ());
- Discover->TransactionId = HTONL (Xid);
+ Discover->TransactionId = HTONL (Random);
Discover->MessageType = Request->Dhcp6.Header.MessageType;
RequestOpt = Request->Dhcp6.Option;
DiscoverOpt = Discover->DhcpOptions;
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
index d84aca7e85ab..4cd915b41157 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
@@ -3,6 +3,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -892,6 +893,13 @@ PxeBcCreateIp6Children (
PXEBC_PRIVATE_PROTOCOL *Id;
EFI_SIMPLE_NETWORK_PROTOCOL *Snp;
UINTN Index;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status));
+ return Status;
+ }
if (Private->Ip6Nic != NULL) {
//
@@ -935,9 +943,9 @@ PxeBcCreateIp6Children (
}
//
- // Generate a random IAID for the Dhcp6 assigned address.
+ // Set a random IAID for the Dhcp6 assigned address.
//
- Private->IaId = NET_RANDOM (NetRandomInitSeed ());
+ Private->IaId = Random;
if (Private->Snp != NULL) {
for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
index fa42025e0d82..20a4555019d9 100644
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -122,3 +122,42 @@ CVE_2023_45235:
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45237:
+ commit_titles:
+ - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
+ cve: CVE-2023-45237
+ date_reported: 2023-08-28 13:56 UTC
+ description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"
+ note:
+ files_impacted:
+ - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
+ - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
+ - NetworkPkg/DnsDxe/DnsDhcp.c
+ - NetworkPkg/DnsDxe/DnsImpl.c
+ - NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
+ - NetworkPkg/IScsiDxe/IScsiCHAP.c
+ - NetworkPkg/IScsiDxe/IScsiMisc.c
+ - NetworkPkg/IScsiDxe/IScsiMisc.h
+ - NetworkPkg/Include/Library/NetLib.h
+ - NetworkPkg/Ip4Dxe/Ip4Driver.c
+ - NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
+ - NetworkPkg/Ip6Dxe/Ip6Driver.c
+ - NetworkPkg/Ip6Dxe/Ip6If.c
+ - NetworkPkg/Ip6Dxe/Ip6Mld.c
+ - NetworkPkg/Ip6Dxe/Ip6Nd.c
+ - NetworkPkg/Ip6Dxe/Ip6Nd.h
+ - NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+ - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+ - NetworkPkg/NetworkPkg.dec
+ - NetworkPkg/TcpDxe/TcpDriver.c
+ - NetworkPkg/Udp4Dxe/Udp4Driver.c
+ - NetworkPkg/Udp6Dxe/Udp6Driver.c
+ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
+ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+ - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4542
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-45237
+ - http://www.openwall.com/lists/oss-security/2024/01/16/2
+ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118680): https://edk2.groups.io/g/devel/message/118680
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
@ 2024-05-08 16:20 ` Ard Biesheuvel
2024-05-08 16:47 ` Doug Flick via groups.io
0 siblings, 1 reply; 23+ messages in thread
From: Ard Biesheuvel @ 2024-05-08 16:20 UTC (permalink / raw)
To: devel, dougflick; +Cc: Saloni Kasbekar, Zachary Clark-williams
On Wed, 8 May 2024 at 17:29, Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> From: Doug Flick <dougflick@microsoft.com>
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
>
> Bug Overview:
> PixieFail Bug #9
> CVE-2023-45237
> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
> CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
>
> Use of a Weak PseudoRandom Number Generator
>
> Change Overview:
>
> Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
>
> >
> > EFI_STATUS
> > EFIAPI
> > PseudoRandomU32 (
> > OUT UINT32 *Output
> > );
> >
>
> or (depending on the use case)
>
> >
> > EFI_STATUS
> > EFIAPI
> > PseudoRandom (
> > OUT VOID *Output,
> > IN UINTN OutputLength
> > );
> >
>
> This is because the use of
>
> Example:
>
> The following code snippet PseudoRandomU32 () function is used:
>
> >
> > UINT32 Random;
> >
> > Status = PseudoRandomU32 (&Random);
> > if (EFI_ERROR (Status)) {
> > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
> __func__, Status));
> > return Status;
> > }
> >
>
> This also introduces a new PCD to enable/disable the use of the
> NIST SP-800-90 approved algorithms for PseudoRandom () and
> instead depend on the default implementation. This may be required for
> some platforms where the UEFI Spec defined algorithms are not available.
>
> >
> > PcdEnforceSecureRngAlgorithms
> >
>
> If the platform does not have the NIST SP-800-90 approved algorithms
> then the driver will assert.
>
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
> ---
> NetworkPkg/NetworkPkg.dec | 7 ++
> NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 12 +-
> NetworkPkg/TcpDxe/TcpDxe.inf | 3 +
> NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +-
> NetworkPkg/Include/Library/NetLib.h | 40 ++++--
> NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +-
> NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +-
> NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +-
> NetworkPkg/DnsDxe/DnsDhcp.c | 10 +-
> NetworkPkg/DnsDxe/DnsImpl.c | 11 +-
> NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +-
> NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++-
> NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +--
> NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +-
> NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +-
> NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++-
> NetworkPkg/Ip6Dxe/Ip6If.c | 12 +-
> NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +-
> NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++-
> NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++++++++++---
> NetworkPkg/TcpDxe/TcpDriver.c | 15 ++-
> NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +-
> NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +-
> NetworkPkg/SecurityFixes.yaml | 39 ++++++
> 27 files changed, 407 insertions(+), 83 deletions(-)
>
> diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
> index e06f35e7747c..7c4289b77b21 100644
> --- a/NetworkPkg/NetworkPkg.dec
> +++ b/NetworkPkg/NetworkPkg.dec
> @@ -5,6 +5,7 @@
> #
> # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) Microsoft Corporation
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> @@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
> gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
>
> + ## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections.
> + # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
> + # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
> + # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
> + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
> +
This conflates 'secure' with 'specified by NIST', which I don't think
is entirely accurate.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118691): https://edk2.groups.io/g/devel/message/118691
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 16:20 ` Ard Biesheuvel
@ 2024-05-08 16:47 ` Doug Flick via groups.io
2024-05-08 16:58 ` Ard Biesheuvel
0 siblings, 1 reply; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 16:47 UTC (permalink / raw)
To: Ard Biesheuvel, devel
[-- Attachment #1: Type: text/plain, Size: 675 bytes --]
I don't disagree.
The intent is not to be limited by NIST specified standards but rather the only UEFI Spec defined algorithms are NIST Standards.
https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#efi-rng-algorithm-definitions
I'm not sure what's the best way to clarify this distinction
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118698): https://edk2.groups.io/g/devel/message/118698
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 1236 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 16:47 ` Doug Flick via groups.io
@ 2024-05-08 16:58 ` Ard Biesheuvel
2024-05-08 18:05 ` Doug Flick via groups.io
0 siblings, 1 reply; 23+ messages in thread
From: Ard Biesheuvel @ 2024-05-08 16:58 UTC (permalink / raw)
To: devel, dougflick
On Wed, 8 May 2024 at 18:47, Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> I don't disagree.
>
> The intent is not to be limited by NIST specified standards but rather the only UEFI Spec defined algorithms are NIST Standards.
>
> https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#efi-rng-algorithm-definitions
>
> I'm not sure what's the best way to clarify this distinction
>
The issue here is that virtio-rng only exposes the 'raw' RNG protocol,
which is what the underlying hardware claims to implement.
This has a special status in the spec, as it can be used as an entropy
source for the NIST algorithms, the security strength of which is
cannot exceed the security strength represented by the size of the
seed consumed from the raw input.
So in that sense, it might be appropriate to treat the raw protocol in
the same way as the NIST ones, and permit them, call them 'secure'
etc. Only when taking the default (ergo unspecified) algorithm should
we conclude that the algorithm may be less strong than what the spec
requires.
What would help is if RngDxe could wrap an implementation of the raw
RNG protocol produced by another driver, and produce the NIST DRBGs
based on that - perhaps I should look into that.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118699): https://edk2.groups.io/g/devel/message/118699
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 16:58 ` Ard Biesheuvel
@ 2024-05-08 18:05 ` Doug Flick via groups.io
2024-05-08 20:40 ` Doug Flick via groups.io
0 siblings, 1 reply; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 18:05 UTC (permalink / raw)
To: Ard Biesheuvel, devel
[-- Attachment #1: Type: text/plain, Size: 593 bytes --]
In that case,
I think that's a fair argument and a simple enough request with limited impact to make.
I'll go ahead and add RAW and drop the commits disabling "Secure Algorithms" from VirtioRngDxe based implementations
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118700): https://edk2.groups.io/g/devel/message/118700
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 1035 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 18:05 ` Doug Flick via groups.io
@ 2024-05-08 20:40 ` Doug Flick via groups.io
2024-05-08 21:19 ` Ard Biesheuvel
0 siblings, 1 reply; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 20:40 UTC (permalink / raw)
To: Doug Flick, devel
[-- Attachment #1: Type: text/plain, Size: 1816 bytes --]
Ard,
I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This however led me to discover a difference in behavior in x86 based platforms and Arm based platforms and I'm usure which is the correct behavior.
On x86 based platforms, if the RngValueLength being requested is less than 32 (256bits). Then it returns EFI_INVALID_PARAMETER (despite the function header not indicating that's possible)
https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L123
and it assumes that "When a Deterministic Random Bit Generator (DRBG) is used on the output of a (raw) entropy source, its security level must be at least 256 bits." means it shouldn't support requests smaller than 32 bytes.
https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol
On Arm based Platforms it doesn't make this assumption and behaves according to the specification.
https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c#L106C35-L106C54
Right now my thought is that x86 machines are making an incorrect assumption where the seed to a DRNG needs to be at least 256 bits by nist recommendations but a caller should be free to request values smaller than 32 bytes.
Would you assume the same before I make a change to the x86 code to remove that check?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118703): https://edk2.groups.io/g/devel/message/118703
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 2759 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 20:40 ` Doug Flick via groups.io
@ 2024-05-08 21:19 ` Ard Biesheuvel
2024-05-08 22:52 ` Michael Brown
0 siblings, 1 reply; 23+ messages in thread
From: Ard Biesheuvel @ 2024-05-08 21:19 UTC (permalink / raw)
To: devel, dougflick
I've always found that logic rather bizarre - there is no way the
implementation of the raw protocol can ensure that the caller uses it
correctly, and so enforcing a minimum read size is pointless and
arbitrary. And as you note, it has no basis in the UEFI spec either.
So this should just be removed imo.
On Wed, 8 May 2024 at 22:40, Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> Ard,
>
> I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This however led me to discover a difference in behavior in x86 based platforms and Arm based platforms and I'm usure which is the correct behavior.
>
> On x86 based platforms, if the RngValueLength being requested is less than 32 (256bits). Then it returns EFI_INVALID_PARAMETER (despite the function header not indicating that's possible) https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L123
>
> and it assumes that "When a Deterministic Random Bit Generator (DRBG) is used on the output of a (raw) entropy source, its security level must be at least 256 bits." means it shouldn't support requests smaller than 32 bytes. https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol
>
> On Arm based Platforms it doesn't make this assumption and behaves according to the specification. https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c#L106C35-L106C54
>
> Right now my thought is that x86 machines are making an incorrect assumption where the seed to a DRNG needs to be at least 256 bits by nist recommendations but a caller should be free to request values smaller than 32 bytes.
>
> Would you assume the same before I make a change to the x86 code to remove that check?
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118704): https://edk2.groups.io/g/devel/message/118704
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-08 21:19 ` Ard Biesheuvel
@ 2024-05-08 22:52 ` Michael Brown
0 siblings, 0 replies; 23+ messages in thread
From: Michael Brown @ 2024-05-08 22:52 UTC (permalink / raw)
To: devel, ardb, dougflick
On 08/05/2024 22:19, Ard Biesheuvel wrote:
> I've always found that logic rather bizarre - there is no way the
> implementation of the raw protocol can ensure that the caller uses it
> correctly, and so enforcing a minimum read size is pointless and
> arbitrary. And as you note, it has no basis in the UEFI spec either.
>
> So this should just be removed imo.
For what it's worth, I agree that it should be removed.
iPXE has the following comment:
/** Minimum number of bytes to request from RNG
*
* The UEFI spec states (for no apparently good reason) that "When a
* Deterministic Random Bit Generator (DRBG) is used on the output of
* a (raw) entropy source, its security level must be at least 256
* bits." The EDK2 codebase (mis)interprets this to mean that the
* call to GetRNG() should fail if given a buffer less than 32 bytes.
*
* Incidentally, nothing in the EFI RNG protocol provides any way to
* report the actual amount of entropy returned by GetRNG().
*/
#define EFIRNG_LEN 32
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118705): https://edk2.groups.io/g/devel/message/118705
Mute This Topic: https://groups.io/mt/105983246/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 08/14] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (6 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 09/14] OvmfPkg: Disable NIST Algorithms NetworkPkg Doug Flick via groups.io
` (5 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Saloni Kasbekar, Zachary Clark-williams
From: Doug Flick <dougflick@microsoft.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
A TCP implementation MUST use the above type of "clock" for clock-
driven selection of initial sequence numbers (MUST-8), and SHOULD
generate its initial sequence numbers with the expression:
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
where M is the 4 microsecond timer, and F() is a pseudorandom
function (PRF) of the connection's identifying parameters ("localip,
localport, remoteip, remoteport") and a secret key ("secretkey")
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
an attacker could still guess at sequence numbers from the ISN used
for some other connection. The PRF could be implemented as a
cryptographic hash of the concatenation of the TCP connection
parameters and some secret data. For discussion of the selection of
a specific hash algorithm and management of the secret key data,
please see Section 3 of [42].
For each connection there is a send sequence number and a receive
sequence number. The initial send sequence number (ISS) is chosen by
the data sending TCP peer, and the initial receive sequence number
(IRS) is learned during the connection-establishing procedure.
For a connection to be established or initialized, the two TCP peers
must synchronize on each other's initial sequence numbers. This is
done in an exchange of connection-establishing segments carrying a
control bit called "SYN" (for synchronize) and the initial sequence
numbers. As a shorthand, segments carrying the SYN bit are also
called "SYNs". Hence, the solution requires a suitable mechanism for
picking an initial sequence number and a slightly involved handshake
to exchange the ISNs.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
NetworkPkg/TcpDxe/TcpFunc.h | 23 +-
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++-
NetworkPkg/TcpDxe/TcpDriver.c | 92 +++++++-
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
NetworkPkg/TcpDxe/TcpMisc.c | 242 ++++++++++++++++++--
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
NetworkPkg/SecurityFixes.yaml | 22 ++
8 files changed, 414 insertions(+), 48 deletions(-)
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c537..76de4cf9ec3d 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -68,7 +69,6 @@ [LibraryClasses]
NetLib
IpIoLib
-
[Protocols]
## SOMETIMES_CONSUMES
## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@ [Protocols]
gEfiIp6ServiceBindingProtocolGuid ## TO_START
gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
+ gEfiHash2ProtocolGuid ## BY_START
+ gEfiHash2ServiceBindingProtocolGuid ## BY_START
+
+[Guids]
+ gEfiHashAlgorithmMD5Guid ## CONSUMES
+ gEfiHashAlgorithmSha256Guid ## CONSUMES
[Depex]
gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff246..c707bee3e548 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@
Declaration of external functions shared in TCP driver.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -36,8 +36,11 @@ VOID
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpInitTcbLocal (
IN OUT TCP_CB *Tcb
);
@@ -128,17 +131,6 @@ TcpCloneTcb (
IN TCP_CB *Tcb
);
-/**
- Compute an ISS to be used by a new connection.
-
- @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
- VOID
- );
-
/**
Get the local mss.
@@ -202,8 +194,11 @@ TcpFormatNetbuf (
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
connection.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpOnAppConnect (
IN OUT TCP_CB *Tcb
);
diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
index c0c9b7f46ebe..4d5566ab9379 100644
--- a/NetworkPkg/TcpDxe/TcpMain.h
+++ b/NetworkPkg/TcpDxe/TcpMain.h
@@ -3,7 +3,7 @@
It is the common head file for all Tcp*.c in TCP driver.
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,6 +13,7 @@
#include <Protocol/ServiceBinding.h>
#include <Protocol/DriverBinding.h>
+#include <Protocol/Hash2.h>
#include <Library/IpIoLib.h>
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
@@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
extern LIST_ENTRY mTcpRunQue;
extern LIST_ENTRY mTcpListenQue;
-extern TCP_SEQNO mTcpGlobalIss;
+extern TCP_SEQNO mTcpGlobalSecret;
extern UINT32 mTcpTick;
///
@@ -45,14 +46,6 @@ extern UINT32 mTcpTick;
#define TCP_EXPIRE_TIME 65535
-///
-/// The implementation selects the initial send sequence number and the unit to
-/// be added when it is increased.
-///
-#define TCP_BASE_ISS 0x4d7e980b
-#define TCP_ISS_INCREMENT_1 2048
-#define TCP_ISS_INCREMENT_2 100
-
typedef union {
EFI_TCP4_CONFIG_DATA Tcp4CfgData;
EFI_TCP6_CONFIG_DATA Tcp6CfgData;
@@ -774,4 +767,50 @@ Tcp6Poll (
IN EFI_TCP6_PROTOCOL *This
);
+/**
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
+ and remote IP addresses and ports.
+
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
+ Where the ISN is computed as follows:
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
+
+ Otherwise:
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
+
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
+ ISN used for some other connection. The PRF could be implemented as a
+ cryptographic hash of the concatenation of the TCP connection parameters and some
+ secret data. For discussion of the selection of a specific hash algorithm and
+ management of the secret key data."
+
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
+ @param[in] LocalPort The local port number of the TCP connection.
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
+ @param[in] RemotePort The remote port number of the TCP connection.
+ @param[out] Isn A pointer to the variable that will receive the Initial
+ Sequence Number (ISN).
+
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
+ retrieved.
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
+ @retval EFI_UNSUPPORTED The operation is not supported.
+
+**/
+EFI_STATUS
+TcpGetIsn (
+ IN UINT8 *LocalIp,
+ IN UINTN LocalIpSize,
+ IN UINT16 LocalPort,
+ IN UINT8 *RemoteIp,
+ IN UINTN RemoteIpSize,
+ IN UINT16 RemotePort,
+ OUT TCP_SEQNO *Isn
+ );
+
#endif
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 8fe6badd687c..40bba4080c87 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
TcpServiceBindingDestroyChild
};
+//
+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
+// if the platform does not provide one.
+//
+EFI_HANDLE mHash2ServiceHandle = NULL;
+
/**
Create and start the heartbeat timer for the TCP driver.
@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
EFI_STATUS Status;
UINT32 Random;
+ //
+ // Initialize the Secret used for hashing TCP sequence numbers
+ //
+ // Normally this should be regenerated periodically, but since
+ // this is only used for UEFI networking and not a general purpose
+ // operating system, it is not necessary to regenerate it.
+ //
+ Status = PseudoRandomU32 (&mTcpGlobalSecret);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
+ //
+ // Get a random number used to generate a random port number
+ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
+ //
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
}
//
- // Initialize ISS and random port.
+ // Initialize the random port.
//
- mTcpGlobalIss = Random % mTcpGlobalIss;
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
mTcp6RandomPort = mTcp4RandomPort;
@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
@retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.
+ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable.
+ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller.
@retval EFI_SUCCESS A new IP6 service binding private was created.
**/
@@ -234,11 +258,13 @@ TcpCreateService (
IN UINT8 IpVersion
)
{
- EFI_STATUS Status;
- EFI_GUID *IpServiceBindingGuid;
- EFI_GUID *TcpServiceBindingGuid;
- TCP_SERVICE_DATA *TcpServiceData;
- IP_IO_OPEN_DATA OpenData;
+ EFI_STATUS Status;
+ EFI_GUID *IpServiceBindingGuid;
+ EFI_GUID *TcpServiceBindingGuid;
+ TCP_SERVICE_DATA *TcpServiceData;
+ IP_IO_OPEN_DATA OpenData;
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
if (IpVersion == IP_VERSION_4) {
IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;
@@ -272,6 +298,33 @@ TcpCreateService (
return EFI_UNSUPPORTED;
}
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
+ if (EFI_ERROR (Status)) {
+ //
+ // If we can't find the Hashing protocol, then we need to create one.
+ //
+
+ //
+ // Platform is expected to publish the hash service binding protocol to support TCP.
+ //
+ Status = gBS->LocateProtocol (
+ &gEfiHash2ServiceBindingProtocolGuid,
+ NULL,
+ (VOID **)&Hash2ServiceBinding
+ );
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ //
+ // Create an instance of the hash protocol for this controller.
+ //
+ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ if (EFI_ERROR (Status)) {
+ return EFI_UNSUPPORTED;
+ }
+ }
+
//
// Create the TCP service data.
//
@@ -423,6 +476,7 @@ TcpDestroyService (
EFI_STATUS Status;
LIST_ENTRY *List;
TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
@@ -439,6 +493,30 @@ TcpDestroyService (
return EFI_SUCCESS;
}
+ //
+ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
+ //
+ if (mHash2ServiceHandle != NULL) {
+ Status = gBS->LocateProtocol (
+ &gEfiHash2ServiceBindingProtocolGuid,
+ NULL,
+ (VOID **)&Hash2ServiceBinding
+ );
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ //
+ // Destroy the instance of the hashing protocol for this controller.
+ //
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ if (EFI_ERROR (Status)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ mHash2ServiceHandle = NULL;
+ }
+
Status = gBS->OpenProtocol (
NicHandle,
ServiceBindingGuid,
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
index 97633a3908be..a5d575ccafeb 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c
+++ b/NetworkPkg/TcpDxe/TcpInput.c
@@ -724,6 +724,7 @@ TcpInput (
TCP_SEQNO Urg;
UINT16 Checksum;
INT32 Usable;
+ EFI_STATUS Status;
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
@@ -872,7 +873,17 @@ TcpInput (
Tcb->LocalEnd.Port = Head->DstPort;
Tcb->RemoteEnd.Port = Head->SrcPort;
- TcpInitTcbLocal (Tcb);
+ Status = TcpInitTcbLocal (Tcb);
+ if (EFI_ERROR (Status)) {
+ DEBUG (
+ (DEBUG_ERROR,
+ "TcpInput: discard a segment because failed to init local end for TCB %p\n",
+ Tcb)
+ );
+
+ goto DISCARD;
+ }
+
TcpInitTcbPeer (Tcb, Seg, &Option);
TcpSetState (Tcb, TCP_SYN_RCVD);
diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
index c93212d47ded..3310306f639c 100644
--- a/NetworkPkg/TcpDxe/TcpMisc.c
+++ b/NetworkPkg/TcpDxe/TcpMisc.c
@@ -3,7 +3,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -20,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
&mTcpListenQue
};
-TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS;
+//
+// The Session secret
+// This must be initialized to a random value at boot time
+//
+TCP_SEQNO mTcpGlobalSecret;
+
+//
+// Union to hold either an IPv4 or IPv6 address
+// This is used to simplify the ISN hash computation
+//
+typedef union {
+ UINT8 IPv4[4];
+ UINT8 IPv6[16];
+} NETWORK_ADDRESS;
+
+//
+// The ISN is computed by hashing this structure
+// It is initialized with the local and remote IP addresses and ports
+// and the secret
+//
+//
+typedef struct {
+ UINT16 LocalPort;
+ UINT16 RemotePort;
+ NETWORK_ADDRESS LocalAddress;
+ NETWORK_ADDRESS RemoteAddress;
+ TCP_SEQNO Secret;
+} ISN_HASH_CTX;
CHAR16 *mTcpStateName[] = {
L"TCP_CLOSED",
@@ -41,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpInitTcbLocal (
IN OUT TCP_CB *Tcb
)
{
+ TCP_SEQNO Isn;
+ EFI_STATUS Status;
+
//
// Compute the checksum of the fixed parts of pseudo header
//
@@ -57,6 +90,16 @@ TcpInitTcbLocal (
0x06,
0
);
+
+ Status = TcpGetIsn (
+ Tcb->LocalEnd.Ip.v4.Addr,
+ sizeof (IPv4_ADDRESS),
+ Tcb->LocalEnd.Port,
+ Tcb->RemoteEnd.Ip.v4.Addr,
+ sizeof (IPv4_ADDRESS),
+ Tcb->RemoteEnd.Port,
+ &Isn
+ );
} else {
Tcb->HeadSum = NetIp6PseudoHeadChecksum (
&Tcb->LocalEnd.Ip.v6,
@@ -64,9 +107,25 @@ TcpInitTcbLocal (
0x06,
0
);
+
+ Status = TcpGetIsn (
+ Tcb->LocalEnd.Ip.v6.Addr,
+ sizeof (IPv6_ADDRESS),
+ Tcb->LocalEnd.Port,
+ Tcb->RemoteEnd.Ip.v6.Addr,
+ sizeof (IPv6_ADDRESS),
+ Tcb->RemoteEnd.Port,
+ &Isn
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
+ ASSERT (FALSE);
+ return Status;
}
- Tcb->Iss = TcpGetIss ();
+ Tcb->Iss = Isn;
Tcb->SndUna = Tcb->Iss;
Tcb->SndNxt = Tcb->Iss;
@@ -82,6 +141,8 @@ TcpInitTcbLocal (
Tcb->RetxmitSeqMax = 0;
Tcb->ProbeTimerOn = FALSE;
+
+ return EFI_SUCCESS;
}
/**
@@ -506,18 +567,162 @@ TcpCloneTcb (
}
/**
- Compute an ISS to be used by a new connection.
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
+ and remote IP addresses and ports.
- @return The resulting ISS.
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
+ Where the ISN is computed as follows:
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
+
+ Otherwise:
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
+
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
+ ISN used for some other connection. The PRF could be implemented as a
+ cryptographic hash of the concatenation of the TCP connection parameters and some
+ secret data. For discussion of the selection of a specific hash algorithm and
+ management of the secret key data."
+
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
+ @param[in] LocalPort The local port number of the TCP connection.
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
+ @param[in] RemotePort The remote port number of the TCP connection.
+ @param[out] Isn A pointer to the variable that will receive the Initial
+ Sequence Number (ISN).
+
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
+ retrieved.
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
+ @retval EFI_UNSUPPORTED The operation is not supported.
**/
-TCP_SEQNO
-TcpGetIss (
- VOID
+EFI_STATUS
+TcpGetIsn (
+ IN UINT8 *LocalIp,
+ IN UINTN LocalIpSize,
+ IN UINT16 LocalPort,
+ IN UINT8 *RemoteIp,
+ IN UINTN RemoteIpSize,
+ IN UINT16 RemotePort,
+ OUT TCP_SEQNO *Isn
)
{
- mTcpGlobalIss += TCP_ISS_INCREMENT_1;
- return mTcpGlobalIss;
+ EFI_STATUS Status;
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
+ EFI_HASH2_OUTPUT HashResult;
+ ISN_HASH_CTX IsnHashCtx;
+ EFI_TIME TimeStamp;
+
+ //
+ // Check that the ISN pointer is valid
+ //
+ if (Isn == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // The local ip may be a v4 or v6 address and may not be NULL
+ //
+ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // the local ip may be a v4 or v6 address
+ //
+ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Locate the Hash Protocol
+ //
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
+
+ //
+ // TcpCreateService(..) is expected to be called prior to this function
+ //
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+
+ //
+ // Initialize the hash algorithm
+ //
+ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
+ return Status;
+ }
+
+ IsnHashCtx.LocalPort = LocalPort;
+ IsnHashCtx.RemotePort = RemotePort;
+ IsnHashCtx.Secret = mTcpGlobalSecret;
+
+ //
+ // Check the IP address family and copy accordingly
+ //
+ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
+ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
+ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
+ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
+ } else {
+ return EFI_INVALID_PARAMETER; // Unsupported address size
+ }
+
+ //
+ // Repeat the process for the remote IP address
+ //
+ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
+ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
+ } else {
+ return EFI_INVALID_PARAMETER; // Unsupported address size
+ }
+
+ //
+ // Compute the hash
+ // Update the hash with the data
+ //
+ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
+ return Status;
+ }
+
+ //
+ // Finalize the hash and retrieve the result
+ //
+ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
+ return Status;
+ }
+
+ Status = gRT->GetTime (&TimeStamp, NULL);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // copy the first 4 bytes of the hash result into the ISN
+ //
+ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
+
+ //
+ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
+ //
+ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
+
+ return Status;
}
/**
@@ -721,17 +926,28 @@ TcpFormatNetbuf (
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
connection.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpOnAppConnect (
IN OUT TCP_CB *Tcb
)
{
- TcpInitTcbLocal (Tcb);
+ EFI_STATUS Status;
+
+ Status = TcpInitTcbLocal (Tcb);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
TcpSetState (Tcb, TCP_SYN_SENT);
TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
TcpToSendData (Tcb, 1);
+
+ return EFI_SUCCESS;
}
/**
diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
index 5d2e124977d9..065b1bdf5feb 100644
--- a/NetworkPkg/TcpDxe/TcpTimer.c
+++ b/NetworkPkg/TcpDxe/TcpTimer.c
@@ -2,7 +2,7 @@
TCP timer related functions.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -483,7 +483,6 @@ TcpTickingDpc (
INT16 Index;
mTcpTick++;
- mTcpGlobalIss += TCP_ISS_INCREMENT_2;
//
// Don't use LIST_FOR_EACH, which isn't delete safe.
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
index 20a4555019d9..4305328425d0 100644
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -122,6 +122,28 @@ CVE_2023_45235:
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45236:
+ commit_titles:
+ - "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Patch"
+ cve: CVE-2023-45236
+ date_reported: 2023-08-28 13:56 UTC
+ description: "Bug 08 - edk2/NetworkPkg: Predictable TCP Initial Sequence Numbers"
+ note:
+ files_impacted:
+ - NetworkPkg/Include/Library/NetLib.h
+ - NetworkPkg/TcpDxe/TcpDriver.c
+ - NetworkPkg/TcpDxe/TcpDxe.inf
+ - NetworkPkg/TcpDxe/TcpFunc.h
+ - NetworkPkg/TcpDxe/TcpInput.c
+ - NetworkPkg/TcpDxe/TcpMain.h
+ - NetworkPkg/TcpDxe/TcpMisc.c
+ - NetworkPkg/TcpDxe/TcpTimer.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4541
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-45236
+ - http://www.openwall.com/lists/oss-security/2024/01/16/2
+ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
CVE_2023_45237:
commit_titles:
- "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118681): https://edk2.groups.io/g/devel/message/118681
Mute This Topic: https://groups.io/mt/105983247/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 09/14] OvmfPkg: Disable NIST Algorithms NetworkPkg
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (7 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 08/14] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 10/14] ArmVirtPkg: : Disables NIST algorithms NetworkPkg Doug Flick via groups.io
` (4 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann
This commit disables enforcement of NIST defined
RNG algorithms. Such that NetworkPkg will accept
"Default" and depend on the platform.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 7 +++++++
OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++
OvmfPkg/OvmfPkgX64.dsc | 7 +++++++
OvmfPkg/OvmfXen.dsc | 7 +++++++
4 files changed, 30 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 7d7729e07729..080d1a93a0ee 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -571,6 +571,13 @@ [PcdsFixedAtBuild]
#
!include NetworkPkg/NetworkPcds.dsc.inc
+ #
+ # Platforms may not support the EDK2 Standard NIST Algorithms
+ # This Pcd allows for platform to override the attempt to use the NIST Algorithms
+ # and falls back to default such that the platform can own the Rng Algorithm
+ #
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000
!if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 1e924ccc5eb4..d62f9ea3fa69 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -571,6 +571,8 @@ [PcdsFixedAtBuild]
#
gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
+
[PcdsFixedAtBuild.IA32]
#
# The NumberOfPages values below are ad-hoc. They are updated sporadically at
@@ -590,6 +592,13 @@ [PcdsFixedAtBuild.X64]
#
!include NetworkPkg/NetworkPcds.dsc.inc
+ #
+ # Platforms may not support the EDK2 Standard NIST Algorithms
+ # This Pcd allows for platform to override the attempt to use the NIST Algorithms
+ # and falls back to default such that the platform can own the Rng Algorithm
+ #
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000
!if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3637b967b139..761c86f73a6b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -601,6 +601,13 @@ [PcdsFixedAtBuild]
#
!include NetworkPkg/NetworkPcds.dsc.inc
+ #
+ # Platforms may not support the EDK2 Standard NIST Algorithms
+ # This Pcd allows for platform to override the attempt to use the NIST Algorithms
+ # and falls back to default such that the platform can own the Rng Algorithm
+ #
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000
!if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 7fc340d1c1df..0b2dac0cdaef 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -443,6 +443,13 @@ [PcdsFixedAtBuild]
#
!include NetworkPkg/NetworkPcds.dsc.inc
+ #
+ # Platforms may not support the EDK2 Standard NIST Algorithms
+ # This Pcd allows for platform to override the attempt to use the NIST Algorithms
+ # and falls back to default such that the platform can own the Rng Algorithm
+ #
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
!ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE)
## Set Xen's debug IO port for PlatformDebugLibIoPort
gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort|0xe9
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118682): https://edk2.groups.io/g/devel/message/118682
Mute This Topic: https://groups.io/mt/105983248/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 10/14] ArmVirtPkg: : Disables NIST algorithms NetworkPkg
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (8 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 09/14] OvmfPkg: Disable NIST Algorithms NetworkPkg Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 11/14] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
` (3 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
The NetworkPkg attempts to use the NIST Algorithms
as defined in the EDK2 specification. If not
available (or if so desired) the platform may
choose to use "Default" and use what is provided by
the platform.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 2bc6a29eb131..00e6b5b5d582 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -382,6 +382,13 @@ [PcdsFixedAtBuild.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE
+ #
+ # Platforms may not support the EDK2 Standard NIST Algorithms
+ # This Pcd allows for platform to override the attempt to use the NIST Algorithms
+ # and falls back to default such that the platform can own the Rng Algorithm
+ #
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
[Components.common]
#
# Ramdisk support
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118683): https://edk2.groups.io/g/devel/message/118683
Mute This Topic: https://groups.io/mt/105983249/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 11/14] MdePkg: : Add MockUefiBootServicesTableLib
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (9 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 10/14] ArmVirtPkg: : Disables NIST algorithms NetworkPkg Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 12/14] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
` (2 subsequent siblings)
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Doug Flick <dougflick@microsoft.com>
This commit adds a mock library for UefiBootServicesTableLib.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Test/MdePkgHostTest.dsc | 1 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf | 32 ++++++++
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h | 78 ++++++++++++++++++++
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp | 69 +++++++++++++++++
4 files changed, 180 insertions(+)
diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index e666636b7c55..6a85d02236a0 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -43,6 +43,7 @@ [Components]
MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+ MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
new file mode 100644
index 000000000000..8b64fd195acd
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -0,0 +1,32 @@
+## @file
+# Mock implementation of the UEFI Boot Services Table Library.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockUefiBootServicesTableLib
+ FILE_GUID = 67EA4614-E276-49EC-9AE6-B97ACCEA676E
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = UefiBootServicesTableLib|HOST_APPLICATION
+
+#
+# VALID_ARCHITECTURES = IA32 X64 EBC
+#
+
+[Sources]
+ MockUefiBootServicesTableLib.cpp
+
+[LibraryClasses]
+ GoogleTestLib
+
+[Packages]
+ MdePkg/MdePkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
new file mode 100644
index 000000000000..d72b941323c1
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -0,0 +1,78 @@
+/** @file
+ Google Test mocks for UefiBootServicesTableLib
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+extern "C" {
+ #include <Uefi.h>
+ #include <Library/UefiBootServicesTableLib.h>
+}
+
+//
+// Declarations to handle usage of the UefiBootServiceTableLib by creating mock
+//
+struct MockUefiBootServicesTableLib {
+ MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_GetMemoryMap,
+ (IN OUT UINTN *MemoryMapSize,
+ OUT EFI_MEMORY_DESCRIPTOR *MemoryMap,
+ OUT UINTN *MapKey,
+ OUT UINTN *DescriptorSize,
+ OUT UINT32 *DescriptorVersion)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CreateEvent,
+ (IN UINT32 Type,
+ IN EFI_TPL NotifyTpl,
+ IN EFI_EVENT_NOTIFY NotifyFunction,
+ IN VOID *NotifyContext,
+ OUT EFI_EVENT *Event)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CloseEvent,
+ (IN EFI_EVENT Event)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_HandleProtocol,
+ (IN EFI_HANDLE Handle,
+ IN EFI_GUID *Protocol,
+ OUT VOID **Interface)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_LocateProtocol,
+ (IN EFI_GUID *Protocol,
+ IN VOID *Registration OPTIONAL,
+ OUT VOID **Interface)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CreateEventEx,
+ (IN UINT32 Type,
+ IN EFI_TPL NotifyTpl,
+ IN EFI_EVENT_NOTIFY NotifyFunction OPTIONAL,
+ IN CONST VOID *NotifyContext OPTIONAL,
+ IN CONST EFI_GUID *EventGroup OPTIONAL,
+ OUT EFI_EVENT *Event)
+ );
+};
+
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
new file mode 100644
index 000000000000..ced6255418a2
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
@@ -0,0 +1,69 @@
+/** @file
+ Google Test mocks for UefiBootServicesTableLib
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <GoogleTest/Library/MockUefiBootServicesTableLib.h>
+
+MOCK_INTERFACE_DEFINITION (MockUefiBootServicesTableLib);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_GetMemoryMap, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEvent, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CloseEvent, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_HandleProtocol, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_LocateProtocol, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEventEx, 6, EFIAPI);
+
+static EFI_BOOT_SERVICES LocalBs = {
+ { 0, 0, 0, 0, 0 }, // EFI_TABLE_HEADER
+ NULL, // EFI_RAISE_TPL
+ NULL, // EFI_RESTORE_TPL
+ NULL, // EFI_ALLOCATE_PAGES
+ NULL, // EFI_FREE_PAGES
+ gBS_GetMemoryMap, // EFI_GET_MEMORY_MAP
+ NULL, // EFI_ALLOCATE_POOL
+ NULL, // EFI_FREE_POOL
+ gBS_CreateEvent, // EFI_CREATE_EVENT
+ NULL, // EFI_SET_TIMER
+ NULL, // EFI_WAIT_FOR_EVENT
+ NULL, // EFI_SIGNAL_EVENT
+ gBS_CloseEvent, // EFI_CLOSE_EVENT
+ NULL, // EFI_CHECK_EVENT
+ NULL, // EFI_INSTALL_PROTOCOL_INTERFACE
+ NULL, // EFI_REINSTALL_PROTOCOL_INTERFACE
+ NULL, // EFI_UNINSTALL_PROTOCOL_INTERFACE
+ gBS_HandleProtocol, // EFI_HANDLE_PROTOCOL
+ NULL, // VOID
+ NULL, // EFI_REGISTER_PROTOCOL_NOTIFY
+ NULL, // EFI_LOCATE_HANDLE
+ NULL, // EFI_LOCATE_DEVICE_PATH
+ NULL, // EFI_INSTALL_CONFIGURATION_TABLE
+ NULL, // EFI_IMAGE_LOAD
+ NULL, // EFI_IMAGE_START
+ NULL, // EFI_EXIT
+ NULL, // EFI_IMAGE_UNLOAD
+ NULL, // EFI_EXIT_BOOT_SERVICES
+ NULL, // EFI_GET_NEXT_MONOTONIC_COUNT
+ NULL, // EFI_STALL
+ NULL, // EFI_SET_WATCHDOG_TIMER
+ NULL, // EFI_CONNECT_CONTROLLER
+ NULL, // EFI_DISCONNECT_CONTROLLER
+ NULL, // EFI_OPEN_PROTOCOL
+ NULL, // EFI_CLOSE_PROTOCOL
+ NULL, // EFI_OPEN_PROTOCOL_INFORMATION
+ NULL, // EFI_PROTOCOLS_PER_HANDLE
+ NULL, // EFI_LOCATE_HANDLE_BUFFER
+ gBS_LocateProtocol, // EFI_LOCATE_PROTOCOL
+ NULL, // EFI_INSTALL_MULTIPLE_PROTOCOL_INTERFACES
+ NULL, // EFI_UNINSTALL_MULTIPLE_PROTOCOL_INTERFACES
+ NULL, // EFI_CALCULATE_CRC32
+ NULL, // EFI_COPY_MEM
+ NULL, // EFI_SET_MEM
+ gBS_CreateEventEx // EFI_CREATE_EVENT_EX
+};
+
+extern "C" {
+ EFI_BOOT_SERVICES *gBS = &LocalBs;
+ EFI_HANDLE gImageHandle = NULL;
+ EFI_SYSTEM_TABLE *gST = NULL;
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118684): https://edk2.groups.io/g/devel/message/118684
Mute This Topic: https://groups.io/mt/105983251/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 12/14] MdePkg: : Adds Protocol for MockRng
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (10 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 11/14] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 13/14] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 14/14] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Doug Flick <dougflick@microsoft.com>
This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48 ++++++++++++++++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 +++++++++
2 files changed, 69 insertions(+)
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
new file mode 100644
index 000000000000..b54f8a234b2f
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -0,0 +1,48 @@
+/** @file
+ This file declares a mock of Rng Protocol.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+
+extern "C" {
+ #include <Uefi.h>
+ #include <Protocol/Rng.h>
+}
+
+struct MockRng {
+ MOCK_INTERFACE_DECLARATION (MockRng);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ GetInfo,
+ (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ )
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ GetRng,
+ (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm,
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+ );
+};
+
+extern "C" {
+ extern EFI_RNG_PROTOCOL *gRngProtocol;
+}
+
+#endif // MOCK_RNG_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
new file mode 100644
index 000000000000..7d8b69cc8673
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
@@ -0,0 +1,21 @@
+/** @file MockRng.cpp
+ Google Test mock for Rng Protocol
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <GoogleTest/Protocol/MockRng.h>
+
+MOCK_INTERFACE_DEFINITION (MockRng);
+MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI);
+
+EFI_RNG_PROTOCOL RNG_PROTOCOL_INSTANCE = {
+ GetInfo, // EFI_RNG_GET_INFO
+ GetRng // EFI_RNG_GET_RNG
+};
+
+extern "C" {
+ EFI_RNG_PROTOCOL *gRngProtocol = &RNG_PROTOCOL_INSTANCE;
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118685): https://edk2.groups.io/g/devel/message/118685
Mute This Topic: https://groups.io/mt/105983252/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 13/14] MdePkg: Add MockHash2 Protocol for testing
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (11 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 12/14] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 14/14] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Doug Flick <dougflick@microsoft.com>
This commit adds a new MockHash2 protocol to the MdePkg. This protocol
is used to test Hash2 protocol consumers.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67 ++++++++++++++++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 ++++++++
2 files changed, 94 insertions(+)
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
new file mode 100644
index 000000000000..b44d341332dc
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -0,0 +1,67 @@
+/** @file
+ This file declares a mock of Hash2 Protocol.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+
+extern "C" {
+ #include <Uefi.h>
+ #include <Protocol/Hash2.h>
+}
+
+struct MockHash2 {
+ MOCK_INTERFACE_DECLARATION (MockHash2);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ GetHashSize,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST EFI_GUID *HashAlgorithm,
+ OUT UINTN *HashSize)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ Hash,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST EFI_GUID *HashAlgorithm,
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize,
+ IN OUT EFI_HASH2_OUTPUT *Hash)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ HashInit,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST EFI_GUID *HashAlgorithm)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ HashUpdate,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ HashFinal,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN OUT EFI_HASH2_OUTPUT *Hash)
+ );
+};
+
+extern "C" {
+ extern EFI_HASH2_PROTOCOL *gHash2Protocol;
+}
+
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
new file mode 100644
index 000000000000..5cf94c43b4a5
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
@@ -0,0 +1,27 @@
+/** @file MockHash2.cpp
+ Google Test mock for Hash2 Protocol
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <GoogleTest/Protocol/MockHash2.h>
+
+MOCK_INTERFACE_DEFINITION (MockHash2);
+MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI);
+
+EFI_HASH2_PROTOCOL HASH2_PROTOCOL_INSTANCE = {
+ GetHashSize, // EFI_HASH2_GET_HASH_SIZE
+ Hash, // EFI_HASH2_HASH
+ HashInit, // EFI_HASH2_HASH_INIT
+ HashUpdate, // EFI_HASH2_HASH_UPDATE
+ HashFinal // EFI_HASH2_HASH_FINAL
+};
+
+extern "C" {
+ EFI_HASH2_PROTOCOL *gHash2Protocol = &HASH2_PROTOCOL_INSTANCE;
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118686): https://edk2.groups.io/g/devel/message/118686
Mute This Topic: https://groups.io/mt/105983253/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [edk2-devel] [PATCH v1 14/14] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
2024-05-08 15:29 [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (12 preceding siblings ...)
2024-05-08 15:29 ` [edk2-devel] [PATCH v1 13/14] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
@ 2024-05-08 15:29 ` Doug Flick via groups.io
13 siblings, 0 replies; 23+ messages in thread
From: Doug Flick via groups.io @ 2024-05-08 15:29 UTC (permalink / raw)
To: devel; +Cc: Saloni Kasbekar, Zachary Clark-williams
From: Doug Flick <dougflick@microsoft.com>
This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 +
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +-
NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 +++++++++++++++++++-
3 files changed, 100 insertions(+), 6 deletions(-)
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52ab..1772afb05815 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@ [Components]
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
<LibraryClasses>
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+ UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
}
# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf61109..8b092d9291d4 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ [Defines]
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
@@ -23,6 +23,7 @@ [Sources]
PxeBcDhcp6GoogleTest.h
../PxeBcDhcp6.c
../PxeBcSupport.c
+ ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
[Packages]
MdePkg/MdePkg.dec
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadfce..61736ff79e83 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
#include <Library/GoogleTestLib.h>
#include <GoogleTest/Library/MockUefiLib.h>
#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
+#include <GoogleTest/Library/MockUefiBootServicesTableLib.h>
+#include <GoogleTest/Protocol/MockRng.h>
extern "C" {
#include <Uefi.h>
@@ -165,7 +167,7 @@ protected:
// Note:
// Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
// properly setup Private structure. Attempting to properly test this function
-// without a signficant refactor is a fools errand. Instead, we will test
+// without a significant refactor is a fools errand. Instead, we will test
// that we can prevent an overflow in the function.
TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
PXEBC_DHCP6_PACKET_CACHE *Cache6 = NULL;
@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
FreePool (Option);
}
}
+
// Test Description
// Test that we can prevent an overflow in the function
TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, AttemptRequestOverFlowExpectFailure) {
class PxeBcDhcp6DiscoverTest : public ::testing::Test {
public:
PXEBC_PRIVATE_DATA Private = { 0 };
+ // create a mock md5 hash
+ UINT8 Md5Hash[16] = { 0 };
+
EFI_UDP6_PROTOCOL Udp6Read;
protected:
MockUefiRuntimeServicesTableLib RtServicesMock;
+ MockUefiBootServicesTableLib BsMock;
+ MockRng RngMock;
// Add any setup code if needed
virtual void
@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
- EXPECT_CALL (RtServicesMock, gRT_GetTime)
- .WillOnce (::testing::Return (0));
+ EXPECT_CALL (BsMock, gBS_LocateProtocol)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ EXPECT_CALL (RngMock, GetRng)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
ASSERT_EQ (
PxeBcDhcp6Discover (
@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
- EXPECT_CALL (RtServicesMock, gRT_GetTime)
- .WillOnce (::testing::Return (0));
+ EXPECT_CALL (BsMock, gBS_LocateProtocol)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ EXPECT_CALL (RngMock, GetRng)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
ASSERT_EQ (
PxeBcDhcp6Discover (
@@ -572,3 +606,61 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
EFI_SUCCESS
);
}
+
+TEST_F (PxeBcDhcp6DiscoverTest, MultipleRequestsAttemptOverflow) {
+ EFI_IPv6_ADDRESS DestIp = { 0 };
+ EFI_DHCP6_PACKET_OPTION RequestOpt = { 0 }; // the data section doesn't really matter
+
+ RequestOpt.OpCode = HTONS (0x1337);
+ RequestOpt.OpLen = HTONS (REQUEST_OPTION_LENGTH); // this length would overflow without a check
+ UINT8 RequestOptBuffer[REQUEST_OPTION_LENGTH] = { 0 };
+
+ // make sure we have enough space for 10 of these options
+ ASSERT_TRUE (REQUEST_OPTION_LENGTH * 10 <= PACKET_SIZE);
+
+ UINT8 Index = 0;
+ EFI_DHCP6_PACKET *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];
+ UINT8 *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
+
+ // let's add 10 of these options - this should overflow
+ for (UINT8 i = 0; i < 10; i++) {
+ CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
+ Cursor += sizeof (RequestOpt) - 1;
+ CopyMem (Cursor, RequestOptBuffer, REQUEST_OPTION_LENGTH);
+ Cursor += REQUEST_OPTION_LENGTH;
+ }
+
+ // Update the packet length
+ Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
+ Packet->Size = PACKET_SIZE;
+
+ // Make sure we're larger than the buffer we're trying to write into
+ ASSERT_TRUE (Packet->Length > sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
+
+ EXPECT_CALL (BsMock, gBS_LocateProtocol)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ EXPECT_CALL (RngMock, GetRng)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ ASSERT_EQ (
+ PxeBcDhcp6Discover (
+ &(PxeBcDhcp6DiscoverTest::Private),
+ 0,
+ NULL,
+ FALSE,
+ (EFI_IP_ADDRESS *)&DestIp
+ ),
+ EFI_OUT_OF_RESOURCES
+ );
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118687): https://edk2.groups.io/g/devel/message/118687
Mute This Topic: https://groups.io/mt/105983255/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 23+ messages in thread