diff options
Diffstat (limited to 'src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand')
5 files changed, 645 insertions, 0 deletions
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c new file mode 100644 index 00000000..7587ed0a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c @@ -0,0 +1,298 @@ +/** @file + Core Primitive Implementation of the Advanced Encryption Standard (AES) algorithm. + Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm + description of AES. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "AesCore.h" + +// +// Number of columns (32-bit words) comprising the State. +// AES_NB is a constant (value = 4) for NIST FIPS-197. +// +#define AES_NB 4 + +// +// Pre-computed AES Forward Table: AesForwardTable[t] = AES_SBOX[t].[02, 01, 01, 03] +// AES_SBOX (AES S-box) is defined in sec 5.1.1 of FIPS PUB 197. +// This is to speed up execution of the cipher by combining SubBytes and +// ShiftRows with MixColumns steps and transforming them into table lookups. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = { + 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, + 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, + 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, + 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, + 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, + 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, + 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, + 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, + 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, + 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, + 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, + 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, + 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, + 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, + 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, + 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, + 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, + 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, + 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, + 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, + 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, + 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, + 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, + 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, + 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, + 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, + 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, + 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, + 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, + 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, + 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, + 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, + 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, + 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, + 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42, + 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, + 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, + 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, + 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, + 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, + 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, + 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, + 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a +}; + +// +// Round constant word array used in AES key expansion. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, + 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 +}; + +// +// Rotates x right n bits (circular right shift operation) +// +#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n)))) + +// +// Loading & Storing 32-bit words in big-endian format: y[3..0] --> x; x --> y[3..0]; +// +#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \ + ((UINT32)((y)[2] & 0xFF) << 8) | ((UINT32)((y)[3] & 0xFF)); } +#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \ + (y)[2] = (UINT8)(((x) >> 8) & 0xFF); (y)[3] = (UINT8)((x) & 0xFF); } + +// +// Wrap macros for AES forward tables lookups +// +#define AES_FT0(x) AesForwardTable[x] +#define AES_FT1(x) ROTATE_RIGHT32(AesForwardTable[x], 8) +#define AES_FT2(x) ROTATE_RIGHT32(AesForwardTable[x], 16) +#define AES_FT3(x) ROTATE_RIGHT32(AesForwardTable[x], 24) + +/// +/// AES Key Schedule which is expanded from symmetric key [Size 60 = 4 * ((Max AES Round, 14) + 1)]. +/// +typedef struct { + UINTN Nk; // Number of Cipher Key (in 32-bit words); + UINT32 EncKey[60]; // Expanded AES encryption key + UINT32 DecKey[60]; // Expanded AES decryption key (Not used here) +} AES_KEY; + +/** + AES Key Expansion. + This function expands the cipher key into encryption schedule. + + @param[in] Key AES symmetric key buffer. + @param[in] KeyLenInBits Key length in bits (128, 192, or 256). + @param[out] AesKey Expanded AES Key schedule for encryption. + + @retval EFI_SUCCESS AES key expansion succeeded. + @retval EFI_INVALID_PARAMETER Unsupported key length. + +**/ +EFI_STATUS +EFIAPI +AesExpandKey ( + IN UINT8 *Key, + IN UINTN KeyLenInBits, + OUT AES_KEY *AesKey + ) +{ + UINTN Nk; + UINTN Nr; + UINTN Nw; + UINTN Index1; + UINTN Index2; + UINTN Index3; + UINT32 *Ek; + UINT32 Temp; + + // + // Nk - Number of 32-bit words comprising the cipher key. (Nk = 4, 6 or 8) + // Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size. + // + Nk = KeyLenInBits >> 5; + if (Nk != 4 && Nk != 6 && Nk != 8) { + return EFI_INVALID_PARAMETER; + } + Nr = Nk + 6; + Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words + AesKey->Nk = Nk; + + // + // Load initial symmetric AES key; + // Note that AES was designed on big-endian systems. + // + Ek = AesKey->EncKey; + for (Index1 = Index2 = 0; Index1 < Nk; Index1++, Index2 += 4) { + LOAD32H (Ek[Index1], Key + Index2); + } + + // + // Initialize the encryption key scheduler + // + for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) { + Temp = Ek[Index2 - 1]; + Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) ^ + (AES_FT3((Temp >> 8) & 0xFF) & 0x00FF0000) ^ + (AES_FT0((Temp) & 0xFF) & 0x0000FF00) ^ + (AES_FT1((Temp >> 24) & 0xFF) & 0x000000FF) ^ + Rcon[Index3]; + if (Nk <= 6) { + // + // If AES Cipher Key is 128 or 192 bits + // + for (Index1 = 1; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { + Ek [Index1 + Index2] = Ek [Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + } + } else { + // + // Different routine for key expansion If Cipher Key is 256 bits, + // + for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) { + Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + } + if (Index2 + 4 < Nw) { + Temp = Ek[Index2 + 3]; + Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 0xFF000000) ^ + (AES_FT3((Temp >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^ + (AES_FT1((Temp) & 0xFF) & 0x000000FF); + } + + for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { + Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + } + } + } + + return EFI_SUCCESS; +} + +/** + Encrypts one single block data (128 bits) with AES algorithm. + + @param[in] Key AES symmetric key buffer. + @param[in] InData One block of input plaintext to be encrypted. + @param[out] OutData Encrypted output ciphertext. + + @retval EFI_SUCCESS AES Block Encryption succeeded. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + +**/ +EFI_STATUS +EFIAPI +AesEncrypt ( + IN UINT8 *Key, + IN UINT8 *InData, + OUT UINT8 *OutData + ) +{ + AES_KEY AesKey; + UINTN Nr; + UINT32 *Ek; + UINT32 State[4]; + UINT32 TempState[4]; + UINT32 *StateX; + UINT32 *StateY; + UINT32 *Temp; + UINTN Index; + UINTN NbIndex; + UINTN Round; + + if ((Key == NULL) || (InData == NULL) || (OutData == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Expands AES Key for encryption. + // + AesExpandKey (Key, 128, &AesKey); + + Nr = AesKey.Nk + 6; + Ek = AesKey.EncKey; + + // + // Initialize the cipher State array with the initial round key + // + for (Index = 0; Index < AES_NB; Index++) { + LOAD32H (State[Index], InData + 4 * Index); + State[Index] ^= Ek[Index]; + } + + NbIndex = AES_NB; + StateX = State; + StateY = TempState; + + // + // AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(), + // ShiftRows() and MixColumns() operations were combined by a sequence of + // table lookups to speed up the execution. + // + for (Round = 1; Round < Nr; Round++) { + StateY[0] = AES_FT0 ((StateX[0] >> 24) ) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3] ) & 0xFF) ^ Ek[NbIndex]; + StateY[1] = AES_FT0 ((StateX[1] >> 24) ) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0] ) & 0xFF) ^ Ek[NbIndex + 1]; + StateY[2] = AES_FT0 ((StateX[2] >> 24) ) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1] ) & 0xFF) ^ Ek[NbIndex + 2]; + StateY[3] = AES_FT0 ((StateX[3] >> 24) ) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2] ) & 0xFF) ^ Ek[NbIndex + 3]; + + NbIndex += 4; + Temp = StateX; StateX = StateY; StateY = Temp; + } + + // + // Apply the final round, which does not include MixColumns() transformation + // + StateY[0] = (AES_FT2 ((StateX[0] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex]; + StateY[1] = (AES_FT2 ((StateX[1] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex + 1]; + StateY[2] = (AES_FT2 ((StateX[2] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex + 2]; + StateY[3] = (AES_FT2 ((StateX[3] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex + 3]; + + // + // Output the transformed result; + // + for (Index = 0; Index < AES_NB; Index++) { + STORE32H (StateY[Index], OutData + 4 * Index); + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h new file mode 100644 index 00000000..11a4d8d4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h @@ -0,0 +1,31 @@ +/** @file + Function prototype for AES Block Cipher support. + +Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __AES_CORE_H__ +#define __AES_CORE_H__ + +/** + Encrypts one single block data (128 bits) with AES algorithm. + + @param[in] Key AES symmetric key buffer. + @param[in] InData One block of input plaintext to be encrypted. + @param[out] OutData Encrypted output ciphertext. + + @retval EFI_SUCCESS AES Block Encryption succeeded. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + +**/ +EFI_STATUS +EFIAPI +AesEncrypt ( + IN UINT8 *Key, + IN UINT8 *InData, + OUT UINT8 *OutData + ); + +#endif // __AES_CORE_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c new file mode 100644 index 00000000..0f7b8295 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c @@ -0,0 +1,128 @@ +/** @file + Support routines for RDRAND instruction access. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include <Library/RngLib.h> + +#include "AesCore.h" +#include "RdRand.h" +#include "RngDxeInternals.h" + +/** + Creates a 128bit random value that is fully forward and backward prediction resistant, + suitable for seeding a NIST SP800-90 Compliant, FIPS 1402-2 certifiable SW DRBG. + This function takes multiple random numbers through RDRAND without intervening + delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the + seed value. + + @param[out] SeedBuffer Pointer to a 128bit buffer to store the random seed. + + @retval EFI_SUCCESS Random seed generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +EFI_STATUS +EFIAPI +RdRandGetSeed128 ( + OUT UINT8 *SeedBuffer + ) +{ + EFI_STATUS Status; + UINT8 RandByte[16]; + UINT8 Key[16]; + UINT8 Ffv[16]; + UINT8 Xored[16]; + UINT32 Index; + UINT32 Index2; + + // + // Chose an arbitrary key and zero the feed_forward_value (FFV) + // + for (Index = 0; Index < 16; Index++) { + Key[Index] = (UINT8) Index; + Ffv[Index] = 0; + } + + // + // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value + // The 10us gaps will ensure multiple reseeds within the HW RNG with a large design margin. + // + for (Index = 0; Index < 32; Index++) { + MicroSecondDelay (10); + Status = RngGetBytes (16, RandByte); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Perform XOR operations on two 128-bit value. + // + for (Index2 = 0; Index2 < 16; Index2++) { + Xored[Index2] = RandByte[Index2] ^ Ffv[Index2]; + } + + AesEncrypt (Key, Xored, Ffv); + } + + for (Index = 0; Index < 16; Index++) { + SeedBuffer[Index] = Ffv[Index]; + } + + return EFI_SUCCESS; +} + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy data. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + EFI_STATUS Status; + UINTN BlockCount; + UINT8 Seed[16]; + UINT8 *Ptr; + + Status = EFI_NOT_READY; + BlockCount = Length / 16; + Ptr = (UINT8 *)Entropy; + + // + // Generate high-quality seed for DRBG Entropy + // + while (BlockCount > 0) { + Status = RdRandGetSeed128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, 16); + + BlockCount--; + Ptr = Ptr + 16; + } + + // + // Populate the remained data as request. + // + Status = RdRandGetSeed128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, (Length % 16)); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h new file mode 100644 index 00000000..0639ffd2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h @@ -0,0 +1,43 @@ +/** @file + Header for the RDRAND APIs used by RNG DXE driver. + + Support API definitions for RDRAND instruction access, which will leverage + Intel Secure Key technology to provide high-quality random numbers for use + in applications, or entropy for seeding other random number generators. + Refer to http://software.intel.com/en-us/articles/intel-digital-random-number + -generator-drng-software-implementation-guide/ for more information about Intel + Secure Key technology. + +Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __RD_RAND_H__ +#define __RD_RAND_H__ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/TimerLib.h> +#include <Protocol/Rng.h> + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy data. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ); + +#endif // __RD_RAND_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c new file mode 100644 index 00000000..800462a1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -0,0 +1,145 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver will use the new RDRAND instruction to produce high-quality, high-performance + entropy and random number. + + RNG Algorithms defined in UEFI 2.4: + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported + (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) + - EFI_RNG_ALGORITHM_RAW - Supported + (Structuring RDRAND invocation can be guaranteed as high-quality entropy source) + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "RdRand.h" +#include "RngDxeInternals.h" + +/** + Produces and returns an RNG value using either the default or specified RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG + algorithm to use. May be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by + RNGValue. The driver shall return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data available to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + + if ((RNGValueLength == 0) || (RNGValue == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = EFI_UNSUPPORTED; + if (RNGAlgorithm == NULL) { + // + // Use the default RNG algorithm if RNGAlgorithm is NULL. + // + RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid; + } + + // + // NIST SP800-90-AES-CTR-256 supported by RDRAND + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { + Status = RngGetBytes (RNGValueLength, RNGValue); + return Status; + } + + // + // The "raw" algorithm is intended to provide entropy directly + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { + // + // When a DRBG is used on the output of a entropy source, + // its security level must be at least 256 bits according to UEFI Spec. + // + if (RNGValueLength < 32) { + return EFI_INVALID_PARAMETER; + } + + Status = RdRandGenerateEntropy (RNGValueLength, RNGValue); + return Status; + } + + // + // Other algorithms were unsupported by this driver. + // + return Status; +} + +/** + Returns information about the random number generation implementation. + + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithms ( + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ) +{ + UINTN RequiredSize; + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; + + RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM); + + if (*RNGAlgorithmListSize < RequiredSize) { + *RNGAlgorithmListSize = RequiredSize; + return EFI_BUFFER_TOO_SMALL; + } + + CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm); + + CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); + + // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED + CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM)); + + *RNGAlgorithmListSize = RequiredSize; + return EFI_SUCCESS; +} |