| /* |
| * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License as |
| * published by the Free Software Foundation; either version 2 of the |
| * License, or (at your option) any later version. |
| * |
| * This program is distributed in the hope that it will be useful, but |
| * WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| * 02110-1301, USA. |
| * |
| * You can also choose to distribute this program under the terms of |
| * the Unmodified Binary Distribution Licence (as given in the file |
| * COPYING.UBDL), provided that you have satisfied its requirements. |
| */ |
| |
| FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); |
| |
| #include <errno.h> |
| #include <ipxe/entropy.h> |
| #include <ipxe/crc32.h> |
| #include <ipxe/efi/efi.h> |
| #include <ipxe/efi/Protocol/Rng.h> |
| |
| /** @file |
| * |
| * EFI random number generator protocol entropy source |
| * |
| */ |
| |
| struct entropy_source efirng_entropy __entropy_source ( ENTROPY_NORMAL ); |
| |
| /** Random number generator protocol */ |
| static EFI_RNG_PROTOCOL *efirng; |
| EFI_REQUEST_PROTOCOL ( EFI_RNG_PROTOCOL, &efirng ); |
| |
| /** Minimum number of bytes to request from RNG |
| * |
| * The UEFI spec states (for no apparently good reason) that "When a |
| * Deterministic Random Bit Generator (DRBG) is used on the output of |
| * a (raw) entropy source, its security level must be at least 256 |
| * bits." The EDK2 codebase (mis)interprets this to mean that the |
| * call to GetRNG() should fail if given a buffer less than 32 bytes. |
| * |
| * Incidentally, nothing in the EFI RNG protocol provides any way to |
| * report the actual amount of entropy returned by GetRNG(). |
| */ |
| #define EFIRNG_LEN 32 |
| |
| /** |
| * Enable entropy gathering |
| * |
| * @ret rc Return status code |
| */ |
| static int efirng_enable ( void ) { |
| |
| /* Check for RNG protocol support */ |
| if ( ! efirng ) { |
| DBGC ( &efirng, "EFIRNG has no RNG protocol\n" ); |
| return -ENOTSUP; |
| } |
| |
| /* Nothing in the EFI specification provides any clue as to |
| * how much entropy will be returned by GetRNG(). Make a |
| * totally uninformed (and conservative guess) that each |
| * sample will contain at least one bit of entropy. |
| */ |
| entropy_init ( &efirng_entropy, MIN_ENTROPY ( 1.0 ) ); |
| |
| return 0; |
| } |
| |
| /** |
| * Get noise sample from RNG protocol |
| * |
| * @ret noise Noise sample |
| * @ret rc Return status code |
| */ |
| static int efirng_get_noise ( noise_sample_t *noise ) { |
| uint8_t buf[EFIRNG_LEN]; |
| EFI_STATUS efirc; |
| int rc; |
| |
| /* Sanity check */ |
| assert ( efirng != NULL ); |
| |
| /* Get the minimum allowed number of random bytes */ |
| if ( ( efirc = efirng->GetRNG ( efirng, NULL, sizeof ( buf ), |
| buf ) ) != 0 ) { |
| rc = -EEFI ( efirc ); |
| DBGC ( &efirng, "ENTROPY could not read from RNG: %s\n", |
| strerror ( rc ) ); |
| return rc; |
| } |
| |
| /* Reduce random bytes to a single noise sample. This seems |
| * like overkill, but we have no way of knowing how much |
| * entropy is actually present in the bytes returned by the |
| * RNG protocol. |
| */ |
| *noise = crc32_le ( 0, buf, sizeof ( buf ) ); |
| |
| return 0; |
| } |
| |
| /** EFI random number generator protocol entropy source */ |
| struct entropy_source efirng_entropy __entropy_source ( ENTROPY_NORMAL ) = { |
| .name = "efirng", |
| .enable = efirng_enable, |
| .get_noise = efirng_get_noise, |
| }; |
