From nobody Tue Feb 10 09:40:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90909+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90909+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1656530392; cv=none; d=zohomail.com; s=zohoarc; b=WfDTjhRYnlm/ybNQOBUpCNED1zBbQYNq7kYknFGicZfxLtr4LLpi1+m5LoDbVbJH/DiH6D1BXySiMgHIL+WSVWuUNTF6imAOJjK6OONActLT84evEZZPXZAWL1BUi0Cc5/IKUpS3yfsfitnbcssSXhOxWDItv+Y0hM/bpreVwbQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1656530392; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=pttYByayLirZjNsLQ3BbTGKrQQwHdcaHvvT2re2nZr8=; b=htVOyYg1/mDaSDl4jnDWP9jbVovetipvQGv9gH4Mt3U2cLHX/6Dq5FAwbsFo29guJfYRI5K+UlNM/oGBs3ccEZLEMpQAO57ATUfCnatMFo2O189XAgwDRvQpZACxk+3IG5X/0q9QCgxAyhHW2GvsdIzKx8fk11SOL5RXOm2P5oI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90909+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1656530391947184.9762534254637; Wed, 29 Jun 2022 12:19:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ogSHYY1788612x63320PONQQ; Wed, 29 Jun 2022 12:19:51 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.15711.1656530390968349415 for ; Wed, 29 Jun 2022 12:19:51 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D387614BF; Wed, 29 Jun 2022 12:19:50 -0700 (PDT) X-Received: from pierre123.home (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 71AA03F792; Wed, 29 Jun 2022 12:19:48 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , Michael D Kinney , Liming Gao , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH v1 10/10] SecurityPkg/RngDxe: Use DrbgLib in RngDxe for Arm Date: Wed, 29 Jun 2022 21:18:48 +0200 Message-Id: <20220629191848.2619317-12-Pierre.Gondois@arm.com> In-Reply-To: <20220629191848.2619317-1-Pierre.Gondois@arm.com> References: <20220629191848.2619317-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: bnuyYDNefOYyu4gIZIZbaWZux1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1656530391; bh=i5KhbicFEKmIt1tG3bAnTLtUK/v/Ay0BTAXYmj4m5mc=; h=Cc:Date:From:Reply-To:Subject:To; b=xBJYFV10zkMUe7xC+/X83LNoS1MRyN/3JlA57197wR97+9z3rVisK7LI2TkBhUik8kq elqxOhLzmhzY2Pw+cqIFzVcNh9+kXLcefslGYgFqSQbaj/AbXAakvrI7UlqDxefWIbrUk QNYxb53L3r48rnhduuNcIPEkd1QjQY3TBb8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1656530394270100003 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois Make use of the new DrbgLib and advertise support for the SP800-90 Ctr 256 bits Drbg. The algorithm will be used for Arm and AArch64 arch. Signed-off-by: Pierre Gondois --- .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 75 ++++++++++++++++++- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 2 + SecurityPkg/SecurityPkg.dsc | 5 ++ 3 files changed, 81 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index 4775252d30b6..400b0a5e9a7c 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -39,7 +40,7 @@ // populated only once. // The valid entry with the lowest index will be the default algorithm. // -#define RNG_AVAILABLE_ALGO_MAX 2 +#define RNG_AVAILABLE_ALGO_MAX 3 STATIC BOOLEAN mAvailableAlgoArrayInit =3D FALSE; STATIC UINTN mAvailableAlgoArrayCount; STATIC EFI_RNG_ALGORITHM mAvailableAlgoArray[RNG_AVAILABLE_ALGO_MAX]; @@ -87,11 +88,78 @@ RngInitAvailableAlgoArray ( sizeof (EFI_RNG_ALGORITHM) ); mAvailableAlgoArrayCount++; + + // SP800-90 Ctr 256 bits Drbg. + // Arm implementation is based on the Trng. + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &gEfiRngAlgorithmSp80090Ctr256Guid, + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; } =20 mAvailableAlgoArrayInit =3D TRUE; } =20 +/** Produces and returns an RNG value using a specified Drbg algorithm. + + @param[in] DrbgMechanism The Drbg mechanism to use. + @param[in] RNGValueLength The length in bytes of the memory buffer p= ointed to by + RNGValue. The driver shall return exactly = this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by= the driver with the + resulting RNG value. +**/ +STATIC +EFI_STATUS +EFIAPI +RngGetDrbgVal ( + IN DRBG_MECHANISM DrbgMechanism, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + STATIC VOID *DrbgHandle =3D NULL; + + // Only instantiate once. + if (DrbgHandle =3D=3D NULL) { + Status =3D DrbgInstantiateFn ( + DrbgMechanism, + DrbgEntropyNoCondFn, + 256, + FALSE, + NULL, + 0, + &DrbgHandle + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + + // Check overflow. + if (RNGValueLength > (MAX_UINTN >> 3)) { + return EFI_INVALID_PARAMETER; + } + + Status =3D DrbgGenerateFn ( + 256, + FALSE, + NULL, + 0, + RNGValueLength << 3, + RNGValue, + DrbgHandle + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + /** Produces and returns an RNG value using either the default or specified = RNG algorithm. =20 @@ -163,6 +231,11 @@ FoundAlgo: return GenerateEntropy (RNGValueLength, RNGValue); } =20 + // SP800-90 Ctr 256 bits Drbg + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { + return RngGetDrbgVal (DrbgMechansimCtr, RNGValueLength, RNGValue); + } + // // Other algorithms are unsupported by this driver. // diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 599a3085102d..c95e958e7f85 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -62,6 +62,8 @@ [LibraryClasses] RngLib =20 [LibraryClasses.AARCH64, LibraryClasses.ARM] + ArmLib + DrbgLib TrngLib =20 [Guids] diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 882d639489ea..cc6d6de72cea 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -94,6 +94,11 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf ArmHvcLib|ArmPkg/Library/ArmHvcLib/ArmHvcLib.inf =20 + # RngDxe dependencies + AesLib|MdePkg/Library/AesLibNull/AesLibNull.inf + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf + DrbgLib|MdePkg/Library/DrbgLibNull/DrbgLibNull.inf + [LibraryClasses.ARM] RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90909): https://edk2.groups.io/g/devel/message/90909 Mute This Topic: https://groups.io/mt/92072298/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-