RngDxe: Use DrbgLib in RngDxe for Arm

PierreGondois Wed, 29 Jun 2022 12:19:54 -0700

From: Pierre Gondois <pierre.gond...@arm.com>

Make use of the new DrbgLib and advertise support for the
SP800-90 Ctr 256 bits Drbg. The algorithm will be used for
Arm and AArch64 arch.


Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
---
 .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  | 75 ++++++++++++++++++-
 .../RandomNumberGenerator/RngDxe/RngDxe.inf   |  2 +
 SecurityPkg/SecurityPkg.dsc                   |  5 ++
 3 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c 
b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
index 4775252d30b6..400b0a5e9a7c 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
@@ -25,6 +25,7 @@
 #include <Library/ArmLib.h>
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
+#include <Library/DrbgLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/RngLib.h>
 #include <Library/DebugLib.h>
@@ -39,7 +40,7 @@
 // populated only once.
 // The valid entry with the lowest index will be the default algorithm.
 //
-#define RNG_AVAILABLE_ALGO_MAX  2
+#define RNG_AVAILABLE_ALGO_MAX  3
 STATIC BOOLEAN            mAvailableAlgoArrayInit = FALSE;
 STATIC UINTN              mAvailableAlgoArrayCount;
 STATIC EFI_RNG_ALGORITHM  mAvailableAlgoArray[RNG_AVAILABLE_ALGO_MAX];
@@ -87,11 +88,78 @@ RngInitAvailableAlgoArray (
       sizeof (EFI_RNG_ALGORITHM)
       );
     mAvailableAlgoArrayCount++;
+
+    // SP800-90 Ctr 256 bits Drbg.
+    // Arm implementation is based on the Trng.
+    CopyMem (
+      &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+      &gEfiRngAlgorithmSp80090Ctr256Guid,
+      sizeof (EFI_RNG_ALGORITHM)
+      );
+    mAvailableAlgoArrayCount++;
   }
 
   mAvailableAlgoArrayInit = TRUE;
 }
 
+/** Produces and returns an RNG value using a specified Drbg algorithm.
+
+  @param[in]  DrbgMechanism     The Drbg mechanism to use.
+  @param[in]  RNGValueLength    The length in bytes of the memory buffer 
pointed to by
+                                RNGValue. The driver shall return exactly this 
numbers of bytes.
+  @param[out] RNGValue          A caller-allocated memory buffer filled by the 
driver with the
+                                resulting RNG value.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+RngGetDrbgVal (
+  IN  DRBG_MECHANISM  DrbgMechanism,
+  IN  UINTN           RNGValueLength,
+  OUT UINT8           *RNGValue
+  )
+{
+  EFI_STATUS   Status;
+  STATIC VOID  *DrbgHandle = NULL;
+
+  // Only instantiate once.
+  if (DrbgHandle == NULL) {
+    Status = DrbgInstantiateFn (
+               DrbgMechanism,
+               DrbgEntropyNoCondFn,
+               256,
+               FALSE,
+               NULL,
+               0,
+               &DrbgHandle
+               );
+    if (EFI_ERROR (Status)) {
+      ASSERT_EFI_ERROR (Status);
+      return Status;
+    }
+  }
+
+  // Check overflow.
+  if (RNGValueLength > (MAX_UINTN >> 3)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = DrbgGenerateFn (
+             256,
+             FALSE,
+             NULL,
+             0,
+             RNGValueLength << 3,
+             RNGValue,
+             DrbgHandle
+             );
+  if (EFI_ERROR (Status)) {
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  return Status;
+}
+
 /**
   Produces and returns an RNG value using either the default or specified RNG 
algorithm.
 
@@ -163,6 +231,11 @@ FoundAlgo:
     return GenerateEntropy (RNGValueLength, RNGValue);
   }
 
+  // SP800-90 Ctr 256 bits Drbg
+  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
+    return RngGetDrbgVal (DrbgMechansimCtr, RNGValueLength, RNGValue);
+  }
+
   //
   // Other algorithms are unsupported by this driver.
   //
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf 
b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 599a3085102d..c95e958e7f85 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -62,6 +62,8 @@ [LibraryClasses]
   RngLib
 
 [LibraryClasses.AARCH64, LibraryClasses.ARM]
+  ArmLib
+  DrbgLib
   TrngLib
 
 [Guids]
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 882d639489ea..cc6d6de72cea 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -94,6 +94,11 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64]
   ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
   ArmHvcLib|ArmPkg/Library/ArmHvcLib/ArmHvcLib.inf
 
+  # RngDxe dependencies
+  AesLib|MdePkg/Library/AesLibNull/AesLibNull.inf
+  ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
+  DrbgLib|MdePkg/Library/DrbgLibNull/DrbgLibNull.inf
+
 [LibraryClasses.ARM]
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90909): https://edk2.groups.io/g/devel/message/90909
Mute This Topic: https://groups.io/mt/92072298/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 10/10] SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm

Reply via email to