From 2a5e4e144cbea46784fde638765a9c9068ed2869 Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Tue, 25 Jun 2024 22:19:10 -0400 Subject: [PATCH 05/31] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name RH-Author: Jon Maloy RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099 RH-Acked-by: Gerd Hoffmann RH-Commit: [5/31] 12b8646964435f1a70def57afb9f4565b11c5dc8 JIRA: https://issues.redhat.com/browse/RHEL-21856 CVE: CVE-2022-45237 Upstream: Merged commit 8a89747844a5061791e55a25daedcf895180a794 Author: Sami Mujawar Date: Fri Oct 28 17:32:50 2022 +0200 SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668) Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a common interface to generate entropy on other architectures. GenerateEntropy() is intended to generate high quality entropy. Also move the definition to RngDxeInternals.h Signed-off-by: Pierre Gondois Acked-by: Jiewen Yao Signed-off-by: Jon Maloy --- .../RngDxe/Rand/RdRand.c | 20 ++++++++++++----- .../RngDxe/Rand/RngDxe.c | 7 ++++-- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 2 +- .../RngDxe/RngDxeInternals.h | 22 ++++++++++++++++++- 4 files changed, 41 insertions(+), 10 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c index 83025a47d4..853bf43148 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c @@ -1,15 +1,23 @@ /** @file - Support routines for RDRAND instruction access. - + Support routines for RDRAND instruction access, which will leverage + Intel Secure Key technology to provide high-quality random numbers for use + in applications, or entropy for seeding other random number generators. + Refer to http://software.intel.com/en-us/articles/intel-digital-random-number + -generator-drng-software-implementation-guide/ for more information about Intel + Secure Key technology. + +Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
SPDX-License-Identifier: BSD-2-Clause-Patent **/ +#include +#include #include +#include #include "AesCore.h" -#include "RdRand.h" #include "RngDxeInternals.h" /** @@ -87,9 +95,9 @@ RdRandGetSeed128 ( **/ EFI_STATUS EFIAPI -RdRandGenerateEntropy ( - IN UINTN Length, - OUT UINT8 *Entropy +GenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy ) { EFI_STATUS Status; diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 834123b945..19755b3bfd 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -14,13 +14,16 @@ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
SPDX-License-Identifier: BSD-2-Clause-Patent **/ -#include "RdRand.h" +#include +#include + #include "RngDxeInternals.h" /** @@ -88,7 +91,7 @@ RngGetRNG ( return EFI_INVALID_PARAMETER; } - Status = RdRandGenerateEntropy (RNGValueLength, RNGValue); + Status = GenerateEntropy (RNGValueLength, RNGValue); return Status; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index f330097199..60efb5562e 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -10,6 +10,7 @@ # # Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -36,7 +37,6 @@ [Sources.IA32, Sources.X64] Rand/RngDxe.c Rand/RdRand.c - Rand/RdRand.h Rand/AesCore.c Rand/AesCore.h diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h index 25cccbe92c..fcb8b69153 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h @@ -10,6 +10,8 @@ #ifndef RNGDXE_INTERNALS_H_ #define RNGDXE_INTERNALS_H_ +#include + /** Returns information about the random number generation implementation. @@ -114,4 +116,22 @@ RngGetBytes ( OUT UINT8 *RandBuffer ); -#endif // RNGDXE_INTERNALS_H_ +/** + Generate high-quality entropy source using a TRNG or through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy data. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +GenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ); + +#endif // RNGDXE_INTERNALS_H_ + -- 2.39.3