From 8deeda7ce01e64978c9167eb449f2e2828705886 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Mon, 11 Mar 2024 20:47:18 +0800 Subject: CryptoPkg: Add rand function for BaseCryptLibMbedTls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../Library/BaseCryptLibMbedTls/InternalCryptLib.h | 16 +++ .../Library/BaseCryptLibMbedTls/Rand/CryptRand.c | 114 +++++++++++++++++++++ .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 114 +++++++++++++++++++++ 4 files changed, 246 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c (limited to 'CryptoPkg') diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 86f784a1d2..111df8e78b 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -3139,6 +3139,8 @@ DhComputeKey ( If Seed is NULL, then default seed is used. If this interface is not supported, then return FALSE. + RandomSeed has not been implemented in BaseCryptoLibMbedTls. + @param[in] Seed Pointer to seed value. If NULL, default seed is used. @param[in] SeedSize Size of seed value. diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h index 039aa32028..a30666cef4 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -22,4 +22,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // #include +/** + The MbedTLS function f_rng, which MbedtlsRand implements. + + @param[in] RngState Not used, just for compatibility with mbedlts. + @param[out] Output Pointer to buffer to receive random value. + @param[in] Len Size of random bytes to generate. + + @retval 0 Pseudorandom byte stream generated successfully. + @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy. +**/ +INT32 +MbedtlsRand ( + VOID *RngState, + UINT8 *Output, + UINTN Len + ); #endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c new file mode 100644 index 0000000000..e01aabc0de --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c @@ -0,0 +1,114 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Sets up the seed value for the pseudorandom number generator. + + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + return TRUE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of random bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + BOOLEAN Ret; + volatile UINT64 TempRand; + + // + // Check input parameters. + // + if ((Output == NULL) || (Size > INT_MAX)) { + return FALSE; + } + + Ret = FALSE; + + while (Size > 0) { + // Use RngLib to get random number + Ret = GetRandomNumber64 ((UINT64 *)&TempRand); + + if (!Ret) { + TempRand = 0; + return Ret; + } + + if (Size >= sizeof (TempRand)) { + *((UINT64 *)Output) = TempRand; + Output += sizeof (UINT64); + Size -= sizeof (TempRand); + } else { + CopyMem (Output, (VOID *)&TempRand, Size); + Size = 0; + } + } + + TempRand = 0; + return Ret; +} + +/** + The MbedTLS function f_rng, which MbedtlsRand implements. + + @param[in] RngState Not used, just for compatibility with mbedlts. + @param[out] Output Pointer to buffer to receive random value. + @param[in] Len Size of random bytes to generate. + + @retval 0 Pseudorandom byte stream generated successfully. + @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy. +**/ +INT32 +MbedtlsRand ( + VOID *RngState, + UINT8 *Output, + UINTN Len + ) +{ + BOOLEAN Result; + + Result = RandomBytes (Output, Len); + + return Result ? 0 : -1; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c new file mode 100644 index 0000000000..e01aabc0de --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c @@ -0,0 +1,114 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation over MbedTLS. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Sets up the seed value for the pseudorandom number generator. + + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + return TRUE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of random bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + BOOLEAN Ret; + volatile UINT64 TempRand; + + // + // Check input parameters. + // + if ((Output == NULL) || (Size > INT_MAX)) { + return FALSE; + } + + Ret = FALSE; + + while (Size > 0) { + // Use RngLib to get random number + Ret = GetRandomNumber64 ((UINT64 *)&TempRand); + + if (!Ret) { + TempRand = 0; + return Ret; + } + + if (Size >= sizeof (TempRand)) { + *((UINT64 *)Output) = TempRand; + Output += sizeof (UINT64); + Size -= sizeof (TempRand); + } else { + CopyMem (Output, (VOID *)&TempRand, Size); + Size = 0; + } + } + + TempRand = 0; + return Ret; +} + +/** + The MbedTLS function f_rng, which MbedtlsRand implements. + + @param[in] RngState Not used, just for compatibility with mbedlts. + @param[out] Output Pointer to buffer to receive random value. + @param[in] Len Size of random bytes to generate. + + @retval 0 Pseudorandom byte stream generated successfully. + @retval Non-0 Pseudorandom number generator fails to generate due to lack of entropy. +**/ +INT32 +MbedtlsRand ( + VOID *RngState, + UINT8 *Output, + UINTN Len + ) +{ + BOOLEAN Result; + + Result = RandomBytes (Output, Len); + + return Result ? 0 : -1; +} -- cgit v1.2.3