docs/master/_dxe_rng_lib_8c_source.html

#include <Uefi.h>

#include <Library/UefiBootServicesTableLib.h>

#include <Library/BaseMemoryLib.h>

#include <Library/DebugLib.h>

#include <Library/MemoryAllocationLib.h>

#include <Library/RngLib.h>

#include <Protocol/Rng.h>


STATIC EFI_RNG_PROTOCOL  *mRngProtocol;

STATIC UINTN             mFirstAlgo = MAX_UINTN;


typedef struct {

  EFI_GUID       *Guid;


  CONST CHAR8    *Name;


  BOOLEAN        Available;

} SECURE_RNG_ALGO_ARRAY;


//

// These represent UEFI SPEC defined algorithms that should be supported by

// the RNG protocol and are generally considered secure.

//

static GLOBAL_REMOVE_IF_UNREFERENCED SECURE_RNG_ALGO_ARRAY  mSecureHashAlgorithms[] = {

 #ifdef MDE_CPU_AARCH64

  {

    &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG (through RNDR instr.)

    "ARM-RNDR",

    FALSE,

  },

 #endif

  {

    &gEfiRngAlgorithmSp80090Ctr256Guid,  // SP800-90A DRBG CTR using AES-256

    "DRBG-CTR",

    FALSE,

  },

  {

    &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256

    "DRBG-HMAC",

    FALSE,

  },

  {

    &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256

    "DRBG-Hash",

    FALSE,

  },

  {

    &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG)

    "TRNG",

    FALSE,

  },

};


EFI_STATUS

EFIAPI

DxeRngLibConstructor (

  IN EFI_HANDLE        ImageHandle,

  IN EFI_SYSTEM_TABLE  *SystemTable

  )

{

  EFI_STATUS         Status;

  UINTN              RngArraySize;

  UINTN              RngArrayCnt;

  UINT32             Index;

  UINT32             Index1;

  EFI_RNG_ALGORITHM  *RngArray;


  Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&mRngProtocol);

  if (EFI_ERROR (Status) || (mRngProtocol == NULL)) {

    DEBUG ((DEBUG_ERROR, "%a: Could not locate RNG protocol, Status = %r\n", __func__, Status));

    return Status;

  }


  RngArraySize = 0;


  Status = mRngProtocol->GetInfo (mRngProtocol, &RngArraySize, NULL);

  if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {

    return Status;

  } else if (RngArraySize == 0) {

    return EFI_NOT_FOUND;

  }


  RngArrayCnt = RngArraySize / sizeof (*RngArray);


  RngArray = AllocateZeroPool (RngArraySize);

  if (RngArray == NULL) {

    return EFI_OUT_OF_RESOURCES;

  }


  Status = mRngProtocol->GetInfo (mRngProtocol, &RngArraySize, RngArray);

  if (EFI_ERROR (Status)) {

    goto ExitHandler;

  }


  for (Index = 0; Index < RngArrayCnt; Index++) {

    for (Index1 = 0; Index1 < ARRAY_SIZE (mSecureHashAlgorithms); Index1++) {

      if (CompareGuid (&RngArray[Index], mSecureHashAlgorithms[Index1].Guid)) {

        mSecureHashAlgorithms[Index1].Available = TRUE;

        if (mFirstAlgo == MAX_UINTN) {

          mFirstAlgo = Index1;

        }


        break;

      }

    }

  }


ExitHandler:

  FreePool (RngArray);

  return Status;

}


STATIC

EFI_STATUS

GenerateRandomNumberViaNist800Algorithm (

  OUT UINT8  *Buffer,

  IN  UINTN  BufferSize

  )

{

  EFI_STATUS             Status;

  UINTN                  Index;

  SECURE_RNG_ALGO_ARRAY  *Algo;


  if (Buffer == NULL) {

    DEBUG ((DEBUG_ERROR, "%a: Buffer == NULL.\n", __func__));

    return EFI_INVALID_PARAMETER;

  }


  if (mRngProtocol == NULL) {

    return EFI_NOT_FOUND;

  }


  // Try the first available algorithm.

  if (mFirstAlgo != MAX_UINTN) {

    Algo   = &mSecureHashAlgorithms[mFirstAlgo];

    Status = mRngProtocol->GetRNG (mRngProtocol, Algo->Guid, BufferSize, Buffer);

    DEBUG ((

      DEBUG_INFO,

      "%a: GetRNG algorithm %a - Status = %r\n",

      __func__,

      Algo->Name,

      Status

      ));

    if (!EFI_ERROR (Status)) {

      return Status;

    }


    Index = mFirstAlgo + 1;

  } else {

    Index = 0;

  }


  // Iterate over other available algorithms.

  for ( ; Index < ARRAY_SIZE (mSecureHashAlgorithms); Index++) {

    Algo = &mSecureHashAlgorithms[Index];

    if (!Algo->Available) {

      continue;

    }


    Status = mRngProtocol->GetRNG (mRngProtocol, Algo->Guid, BufferSize, Buffer);

    DEBUG ((

      DEBUG_INFO,

      "%a: GetRNG algorithm %a - Status = %r\n",

      __func__,

      Algo->Name,

      Status

      ));

    if (!EFI_ERROR (Status)) {

      return Status;

    }

  }


  if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) {

    // If all the other methods have failed, use the default method from the RngProtocol

    Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);

    DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));

    if (!EFI_ERROR (Status)) {

      return Status;

    }

  }


  // If we get to this point, we have failed

  DEBUG ((DEBUG_ERROR, "%a: GetRNG() failed, Status = %r\n", __func__, Status));


  return Status;

}// GenerateRandomNumberViaNist800Algorithm()


BOOLEAN

EFIAPI

GetRandomNumber16 (

  OUT UINT16  *Rand

  )

{

  EFI_STATUS  Status;


  if (Rand == NULL) {

    return FALSE;

  }


  Status = GenerateRandomNumberViaNist800Algorithm ((UINT8 *)Rand, sizeof (UINT16));

  if (EFI_ERROR (Status)) {

    return FALSE;

  }


  return TRUE;

}


BOOLEAN

EFIAPI

GetRandomNumber32 (

  OUT UINT32  *Rand

  )

{

  EFI_STATUS  Status;


  if (Rand == NULL) {

    return FALSE;

  }


  Status = GenerateRandomNumberViaNist800Algorithm ((UINT8 *)Rand, sizeof (UINT32));

  if (EFI_ERROR (Status)) {

    return FALSE;

  }


  return TRUE;

}


BOOLEAN

EFIAPI

GetRandomNumber64 (

  OUT UINT64  *Rand

  )

{

  EFI_STATUS  Status;


  if (Rand == NULL) {

    return FALSE;

  }


  Status = GenerateRandomNumberViaNist800Algorithm ((UINT8 *)Rand, sizeof (UINT64));

  if (EFI_ERROR (Status)) {

    return FALSE;

  }


  return TRUE;

}


BOOLEAN

EFIAPI

GetRandomNumber128 (

  OUT UINT64  *Rand

  )

{

  EFI_STATUS  Status;


  if (Rand == NULL) {

    return FALSE;

  }


  Status = GenerateRandomNumberViaNist800Algorithm ((UINT8 *)Rand, 2 * sizeof (UINT64));

  if (EFI_ERROR (Status)) {

    return FALSE;

  }


  return TRUE;

}


EFI_STATUS

EFIAPI

GetRngGuid (

  GUID  *RngGuid

  )

{

  /* It is not possible to know beforehand which Rng algorithm will

   * be used by this library.

   * This API is mainly used by RngDxe. RngDxe relies on the RngLib.

   * The RngLib|DxeRngLib.inf implementation locates and uses an installed

   * EFI_RNG_PROTOCOL.

   * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf.

   * and it is ok not to support this API.

   */

  return EFI_UNSUPPORTED;

}

UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112

BaseMemoryLib.h

CompareGuid
BOOLEAN EFIAPI CompareGuid(IN CONST GUID *Guid1, IN CONST GUID *Guid2)
Definition: MemLibGuid.c:73

GetRandomNumber16
BOOLEAN EFIAPI GetRandomNumber16(OUT UINT16 *Rand)
Definition: DxeRngLib.c:235

GetRngGuid
EFI_STATUS EFIAPI GetRngGuid(GUID *RngGuid)
Definition: DxeRngLib.c:358

GetRandomNumber32
BOOLEAN EFIAPI GetRandomNumber32(OUT UINT32 *Rand)
Definition: DxeRngLib.c:266

GetRandomNumber128
BOOLEAN EFIAPI GetRandomNumber128(OUT UINT64 *Rand)
Definition: DxeRngLib.c:328

DxeRngLibConstructor
EFI_STATUS EFIAPI DxeRngLibConstructor(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
Definition: DxeRngLib.c:77

GenerateRandomNumberViaNist800Algorithm
STATIC EFI_STATUS GenerateRandomNumberViaNist800Algorithm(OUT UINT8 *Buffer, IN UINTN BufferSize)
Definition: DxeRngLib.c:149

GetRandomNumber64
BOOLEAN EFIAPI GetRandomNumber64(OUT UINT64 *Rand)
Definition: DxeRngLib.c:297

AllocateZeroPool
VOID *EFIAPI AllocateZeroPool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:234

FreePool
VOID EFIAPI FreePool(IN VOID *Buffer)
Definition: MemoryAllocationLib.c:266

NULL
#define NULL
Definition: Base.h:319

CONST
#define CONST
Definition: Base.h:259

STATIC
#define STATIC
Definition: Base.h:264

TRUE
#define TRUE
Definition: Base.h:301

FALSE
#define FALSE
Definition: Base.h:307

ARRAY_SIZE
#define ARRAY_SIZE(Array)
Definition: Base.h:1393

IN
#define IN
Definition: Base.h:279

OUT
#define OUT
Definition: Base.h:284

GLOBAL_REMOVE_IF_UNREFERENCED
#define GLOBAL_REMOVE_IF_UNREFERENCED
Definition: Base.h:48

DebugLib.h

DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434

MemoryAllocationLib.h

PcdGetBool
#define PcdGetBool(TokenName)
Definition: PcdLib.h:401

Rng.h

RngLib.h

Rand
UINTN Rand(VOID)
Definition: Support.c:39

Uefi.h

EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29

EFI_HANDLE
VOID * EFI_HANDLE
Definition: UefiBaseType.h:33

UefiBootServicesTableLib.h

gBS
EFI_BOOT_SERVICES * gBS
Definition: UefiBootServicesTableLib.c:17

_EFI_RNG_PROTOCOL
Definition: Rng.h:146

EFI_SYSTEM_TABLE
Definition: UefiSpec.h:2028

GUID
Definition: Base.h:213

SECURE_RNG_ALGO_ARRAY
Definition: DxeRngLib.c:20

SECURE_RNG_ALGO_ARRAY::Available
BOOLEAN Available
The algorithm is available for use.
Definition: DxeRngLib.c:28

SECURE_RNG_ALGO_ARRAY::Name
CONST CHAR8 * Name
Algorithm name.
Definition: DxeRngLib.c:25

SECURE_RNG_ALGO_ARRAY::Guid
EFI_GUID * Guid
Guid of the secure algorithm.
Definition: DxeRngLib.c:22