From 7ce960e7129f6eedd2fd426f6d64f1f33cbe1154 Mon Sep 17 00:00:00 2001 From: tye1 Date: Thu, 10 May 2012 07:58:02 +0000 Subject: [PATCH] Use current time value as default random seed in BaseCryptLib. Signed-off by: Ye Ting Reviewed-by: Yao Jiewen Reviewed-by: Sun Rui Reviewed-by: Long Qin git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13300 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/BaseCryptLib/BaseCryptLib.inf | 15 ++- .../Library/BaseCryptLib/Rand/CryptRandItc.c | 101 ++++++++++++++++++ .../Library/BaseCryptLib/Rand/CryptRandTsc.c | 101 ++++++++++++++++++ .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 ++- .../Library/BaseCryptLib/SmmCryptLib.inf | 13 ++- 5 files changed, 239 insertions(+), 4 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index c21ee01c4b..84faecd873 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -1,7 +1,7 @@ ## @file # Cryptographic Library Instance for DXE_DRIVER. # -# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -37,7 +37,6 @@ Cipher/CryptAes.c Cipher/CryptTdes.c Cipher/CryptArc4.c - Rand/CryptRand.c Pk/CryptRsa.c Pk/CryptPkcs7.c Pk/CryptDh.c @@ -68,6 +67,17 @@ SysCall/Ia32/MathLShiftS64.S | GCC SysCall/Ia32/MathRShiftU64.S | GCC + Rand/CryptRandTsc.c + +[Sources.X64] + Rand/CryptRandTsc.c + +[Sources.IPF] + Rand/CryptRandItc.c + +[Sources.ARM] + Rand/CryptRand.c + [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec @@ -79,6 +89,7 @@ DebugLib OpensslLib IntrinsicLib + PrintLib # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c new file mode 100644 index 0000000000..881141cd08 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandItc.c @@ -0,0 +1,101 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation over OpenSSL. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include +#include + +/** + Sets up the seed value for the pseudorandom number generator. + + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + CHAR8 DefaultSeed[128]; + + // + // Seed the pseudorandom number generator with user-supplied value. + // NOTE: A cryptographic PRNG must be seeded with unpredictable data. + // + if (Seed != NULL) { + RAND_seed (Seed, (UINT32) SeedSize); + } else { + // + // Retrieve current time. + // + AsciiSPrint ( + DefaultSeed, + sizeof (DefaultSeed), + "UEFI Crypto Library default seed (%ld)", + AsmReadItc () + ); + + RAND_seed (DefaultSeed, sizeof (DefaultSeed)); + } + + return TRUE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of randome bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + // + // Check input parameters. + // + if (Output == NULL) { + return FALSE; + } + + // + // Generate random data. + // + if (RAND_bytes (Output, (UINT32) Size) != 1) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c new file mode 100644 index 0000000000..bb8783d354 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c @@ -0,0 +1,101 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation over OpenSSL. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include +#include + +/** + Sets up the seed value for the pseudorandom number generator. + + This function sets up the seed value for the pseudorandom number generator. + If Seed is not NULL, then the seed passed in is used. + If Seed is NULL, then default seed is used. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval TRUE Pseudorandom number generator has enough entropy for random generation. + @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + CHAR8 DefaultSeed[128]; + + // + // Seed the pseudorandom number generator with user-supplied value. + // NOTE: A cryptographic PRNG must be seeded with unpredictable data. + // + if (Seed != NULL) { + RAND_seed (Seed, (UINT32) SeedSize); + } else { + // + // Retrieve current time. + // + AsciiSPrint ( + DefaultSeed, + sizeof (DefaultSeed), + "UEFI Crypto Library default seed (%ld)", + AsmReadTsc () + ); + + RAND_seed (DefaultSeed, sizeof (DefaultSeed)); + } + + return TRUE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + If Output is NULL, then return FALSE. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of randome bytes to generate. + + @retval TRUE Pseudorandom byte stream generated successfully. + @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + // + // Check input parameters. + // + if (Output == NULL) { + return FALSE; + } + + // + // Generate random data. + // + if (RAND_bytes (Output, (UINT32) Size) != 1) { + return FALSE; + } + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 99b4295c04..87f3b93fb9 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -31,7 +31,6 @@ Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c - Rand/CryptRand.c Pk/CryptRsa.c Pk/CryptPkcs7.c Pk/CryptX509.c @@ -60,6 +59,17 @@ SysCall/Ia32/MathLShiftS64.S | GCC SysCall/Ia32/MathRShiftU64.S | GCC + Rand/CryptRandTsc.c + +[Sources.X64] + Rand/CryptRandTsc.c + +[Sources.IPF] + Rand/CryptRandItc.c + +[Sources.ARM] + Rand/CryptRand.c + [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec @@ -73,6 +83,7 @@ DebugLib OpensslLib IntrinsicLib + PrintLib # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index a6eea164a1..03ed82f687 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -31,7 +31,6 @@ Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c - Rand/CryptRand.c Pk/CryptRsa.c Pk/CryptPkcs7.c Pk/CryptX509.c @@ -60,6 +59,17 @@ SysCall/Ia32/MathLShiftS64.S | GCC SysCall/Ia32/MathRShiftU64.S | GCC + Rand/CryptRandTsc.c + +[Sources.X64] + Rand/CryptRandTsc.c + +[Sources.IPF] + Rand/CryptRandItc.c + +[Sources.ARM] + Rand/CryptRand.c + [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec @@ -71,6 +81,7 @@ MemoryAllocationLib OpensslLib IntrinsicLib + PrintLib # # Remove these [BuildOptions] after this library is cleaned up