1 files changed, 62 insertions, 106 deletions
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
index 13d3dbd0bf..b959c70536 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
@@ -1,34 +1,32 @@
 /** @file
   RNG Driver to produce the UEFI Random Number Generator protocol.
 
-  The driver will use the new RDRAND instruction to produce high-quality, high-performance
-  entropy and random number.
+  The driver uses CPU RNG instructions to produce high-quality,
+  high-performance entropy and random number.
 
   RNG Algorithms defined in UEFI 2.4:
-   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
-     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
-   - EFI_RNG_ALGORITHM_RAW                    - Supported
-     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
-   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
-   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
-   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
-   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
+   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
+   - EFI_RNG_ALGORITHM_RAW
+   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
+   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
+   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
+   - EFI_RNG_ALGORITHM_X9_31_AES_GUID
 
 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#include "RdRand.h"
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/RngLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
 
-//
-// Supported RNG Algorithms list by this driver.
-//
-EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
-  EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
-  EFI_RNG_ALGORITHM_RAW
-};
+#include "RngDxeInternals.h"
 
 /**
   Returns information about the random number generation implementation.
@@ -62,103 +60,20 @@ RngGetInfo (
   )
 {
   EFI_STATUS    Status;
-  UINTN         RequiredSize;
 
   if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
     return EFI_INVALID_PARAMETER;
   }
 
-  RequiredSize = sizeof (mSupportedRngAlgorithms);
-  if (*RNGAlgorithmListSize < RequiredSize) {
-    Status = EFI_BUFFER_TOO_SMALL;
-  } else {
-    //
-    // Return algorithm list supported by driver.
-    //
-    if (RNGAlgorithmList != NULL) {
-      CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);
-      Status = EFI_SUCCESS;
-    } else {
-      Status = EFI_INVALID_PARAMETER;
-    }
-  }
-  *RNGAlgorithmListSize = RequiredSize;
-
-  return Status;
-}
-
-/**
-  Produces and returns an RNG value using either the default or specified RNG algorithm.
-
-  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
-  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
-                                      algorithm to use. May be NULL in which case the function will
-                                      use its default RNG algorithm.
-  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
-                                      RNGValue. The driver shall return exactly this numbers of bytes.
-  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
-                                      resulting RNG value.
-
-  @retval EFI_SUCCESS                 The RNG value was returned successfully.
-  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
-                                      this driver.
-  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
-                                      firmware error.
-  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
-                                      requested by RNGValueLength.
-  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
-
-**/
-EFI_STATUS
-EFIAPI
-RngGetRNG (
-  IN EFI_RNG_PROTOCOL            *This,
-  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
-  IN UINTN                       RNGValueLength,
-  OUT UINT8                      *RNGValue
-  )
-{
-  EFI_STATUS    Status;
-
-  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  Status = EFI_UNSUPPORTED;
-  if (RNGAlgorithm == NULL) {
-    //
-    // Use the default RNG algorithm if RNGAlgorithm is NULL.
-    //
-    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
-  }
-
   //
-  // NIST SP800-90-AES-CTR-256 supported by RDRAND
+  // Return algorithm list supported by driver.
   //
-  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
-    Status = RdRandGetBytes (RNGValueLength, RNGValue);
-    return Status;
-  }
-
-  //
-  // The "raw" algorithm is intended to provide entropy directly
-  //
-  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
-    //
-    // When a DRBG is used on the output of a entropy source,
-    // its security level must be at least 256 bits according to UEFI Spec.
-    //
-    if (RNGValueLength < 32) {
-      return EFI_INVALID_PARAMETER;
-    }
-
-    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
-    return Status;
+  if (RNGAlgorithmList != NULL) {
+    Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
+  } else {
+    Status = EFI_INVALID_PARAMETER;
   }
 
-  //
-  // Other algorithms were unsupported by this driver.
-  //
   return Status;
 }
 
@@ -204,3 +119,44 @@ RngDriverEntry (
 
   return Status;
 }
+
+
+/**
+  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
+
+  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
+  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
+
+  @retval EFI_SUCCESS        Random bytes generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetBytes (
+  IN UINTN         Length,
+  OUT UINT8        *RandBuffer
+  )
+{
+  BOOLEAN     IsRandom;
+  UINT64      TempRand[2];
+
+  while (Length > 0) {
+    IsRandom = GetRandomNumber128 (TempRand);
+    if (!IsRandom) {
+      return EFI_NOT_READY;
+    }
+    if (Length >= sizeof (TempRand)) {
+      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
+      RandBuffer += sizeof (UINT64);
+      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
+      RandBuffer += sizeof (UINT64);
+      Length -= sizeof (TempRand);
+    } else {
+      CopyMem (RandBuffer, TempRand, Length);
+      Length = 0;
+    }
+  }
+
+  return EFI_SUCCESS;
+}