/** Generates random numbers of specified size. If the Random Generator wasn't initiated, initiate it first, then call RandomBytes. @param[out] OutBuffer Pointer to buffer to receive random value. @param[in] Bytes Size of randome bytes to generate. @retval EFI_SUCCESS The operation perfoms successfully. @retval Otherwise The operation is failed. **/ EFI_STATUS IpSecCryptoIoGenerateRandomBytes ( OUT UINT8* OutBuffer, IN UINTN Bytes ) { if (!mInitialRandomSeed) { RandomSeed (NULL, 0); mInitialRandomSeed = TRUE; } if (RandomBytes (OutBuffer, Bytes)) { return EFI_SUCCESS; } else { return EFI_INVALID_PARAMETER; } }
/** * PKCS #1 PSS encoding */ static int PSS_encode(unsigned char *encoded, unsigned int message_bytes, const unsigned char *message) { unsigned char M[8 + RSA_SHA_BYTES + RSA_SALT_BYTES]; unsigned char DB[RSA_MOD_BYTES - RSA_SHA_BYTES - 1]; // Compute the hash of m debugValue("PSS encode: message", message, message_bytes); SHA(RSA_SHA_BYTES, M + 8, message_bytes, message); debugValue("PSS encode: hashed message", M + 8, RSA_SHA_BYTES); // Generate the salt and construct M RandomBytes(M + 8 + RSA_SHA_BYTES, RSA_SALT_BYTES); debugValue("PSS encode: salt", M + 8 + RSA_SHA_BYTES, RSA_SALT_BYTES); debugValue("PSS encode: message to be encoded", M, 8 + RSA_SHA_BYTES + RSA_SALT_BYTES); // Construct DB DB[RSA_MOD_BYTES - RSA_SALT_BYTES - RSA_SHA_BYTES - 2] = 0x01; Copy(RSA_SALT_BYTES, DB + RSA_MOD_BYTES - RSA_SALT_BYTES - RSA_SHA_BYTES - 1, M + 8 + RSA_SHA_BYTES); debugValue("PSS encode: DB", DB, RSA_MOD_BYTES - RSA_SHA_BYTES - 1); // Compute maskedDB SHA(RSA_SHA_BYTES, encoded + RSA_MOD_BYTES - RSA_SHA_BYTES - 1, 8 + RSA_SHA_BYTES + RSA_SALT_BYTES, M); debugValue("PSS encode: hash of message to be encoded", encoded + RSA_MOD_BYTES - RSA_SHA_BYTES - 1, RSA_SHA_BYTES); Copy(RSA_SHA_BYTES, M, encoded + RSA_MOD_BYTES - RSA_SHA_BYTES - 1); MGF1(RSA_SHA_BYTES, M, RSA_MOD_BYTES - RSA_SHA_BYTES - 1, encoded); debugValue("PSS encode: dbMask", encoded, RSA_MOD_BYTES - RSA_SHA_BYTES - 1); XorAssign(RSA_MOD_BYTES - RSA_SHA_BYTES - 1, DB, encoded); debugValue("PSS encode: maskedDB", encoded, RSA_MOD_BYTES - RSA_SHA_BYTES - 1); // Construct the encoded message Copy(RSA_MOD_BYTES - RSA_SHA_BYTES - 1, encoded, DB); encoded[RSA_MOD_BYTES - 1] = 0xbc; debugValue("PSS encode: encoded message", encoded, RSA_MOD_BYTES); return RSA_MOD_BYTES; }
/** Validate UEFI-OpenSSL pseudorandom number generator interfaces. @retval EFI_SUCCESS Validation succeeded. @retval EFI_ABORTED Validation failed. **/ EFI_STATUS ValidateCryptPrng ( VOID ) { UINTN Index; BOOLEAN Status; Print (L" \nUEFI-OpenSSL PRNG Engine Testing:\n"); Print (L"- Random Generation..."); Status = RandomSeed (SeedString, sizeof (SeedString)); if (!Status) { Print (L"[Fail]"); return EFI_ABORTED; } for (Index = 0; Index < 10; Index ++) { Status = RandomBytes (RandomBuffer, RANDOM_NUMBER_SIZE); if (!Status) { Print (L"[Fail]"); return EFI_ABORTED; } if (CompareMem (PreviousRandomBuffer, RandomBuffer, RANDOM_NUMBER_SIZE) == 0) { Print (L"[Fail]"); return EFI_ABORTED; } CopyMem (PreviousRandomBuffer, RandomBuffer, RANDOM_NUMBER_SIZE); } Print (L"[Pass]\n"); return EFI_SUCCESS; }
/** * PKCS #1 OAEP encoding */ static int OAEP_encode(unsigned char *encoded, unsigned int message_bytes, const unsigned char *message, unsigned int label_bytes, const unsigned char *label) { unsigned char DB[RSA_MOD_BYTES - RSA_SHA_BYTES - 1 /* Add MGF1 buffer space */ + 4]; unsigned char seed[RSA_SHA_BYTES /* Add MGF1 buffer space */ + 4]; // Construct DB debugValue("OAEP encode: label", label, label_bytes); SHA(RSA_SHA_BYTES, DB, label_bytes, label); debugValue("OAEP encode: hash of label", DB, RSA_SHA_BYTES); DB[RSA_MOD_BYTES - RSA_SHA_BYTES - message_bytes - 2] = 0x01; debugValue("OAEP encode: message", message, message_bytes); CopyBytes(message_bytes, DB + RSA_MOD_BYTES - RSA_SHA_BYTES - message_bytes - 1, message); debugValue("OAEP encode: DB", DB, RSA_MOD_BYTES - RSA_SHA_BYTES - 1); // Make a random seed RandomBytes(seed, RSA_SHA_BYTES); debugValue("OAEP encode: seed", seed, RSA_SHA_BYTES); // Construct maskedDB and maskedSeed MGF1(RSA_SHA_BYTES, seed, RSA_MOD_BYTES - RSA_SHA_BYTES - 1, encoded + 1 + RSA_SHA_BYTES); debugValue("OAEP encode: dbMask", encoded + 1 + RSA_SHA_BYTES, RSA_MOD_BYTES - RSA_SHA_BYTES - 1); XorAssign(RSA_MOD_BYTES - RSA_SHA_BYTES - 1, DB, encoded + 1 + RSA_SHA_BYTES); debugValue("OAEP encode: maskedDB", DB, RSA_MOD_BYTES - RSA_SHA_BYTES - 1); MGF1(RSA_MOD_BYTES - RSA_SHA_BYTES - 1, DB, RSA_SHA_BYTES, encoded + 1); debugValue("OAEP encode: seedMask", encoded + 1, RSA_SHA_BYTES); XorAssign(RSA_SHA_BYTES, seed, encoded + 1); debugValue("OAEP encode: maskedSeed", encoded + 1, RSA_SHA_BYTES); Copy(RSA_SHA_BYTES, encoded + 1, seed); Copy(RSA_MOD_BYTES - RSA_SHA_BYTES - 1, encoded + 1 + RSA_SHA_BYTES, DB); debugValue("OAEP encode: encoded message", encoded, RSA_MOD_BYTES); return RSA_MOD_BYTES; }
int ConnectMain( int argc, char * argv[] ) { (void)argc; (void)argv; Allocator & allocator = GetDefaultAllocator(); uint64_t clientId = 0; RandomBytes( (uint8_t*) &clientId, 8 ); printf( "\nclient id is %.16" PRIx64 "\n", clientId ); Matcher matcher( allocator ); if ( !matcher.Initialize() ) { printf( "error: failed to initialize matcher\n" ); return 1; } matcher.RequestMatch( ProtocolId, clientId ); if ( matcher.GetStatus() == MATCHER_FAILED ) { printf( "\nerror: request match failed. is the matcher running?\n\n" ); return 1; } printf( "requesting match from https://localhost:8080\n" ); MatchResponse matchResponse; matcher.GetMatchResponse( matchResponse ); if ( matchResponse.numServerAddresses == 0 ) { printf( "error: could not find a match\n" ); return 1; } printf( "received match response\n" ); ClientServerPacketFactory packetFactory; GameNetworkTransport clientTransport( packetFactory ); if ( clientTransport.GetError() != SOCKET_ERROR_NONE ) { printf( "error: failed to initialize client socket\n" ); return 1; } printf( "client started on port %d\n", clientTransport.GetAddress().GetPort() ); GameClient client( GetDefaultAllocator(), clientTransport ); client.Connect( matchResponse.serverAddresses[0], matchResponse.connectTokenData, matchResponse.connectTokenNonce, matchResponse.clientToServerKey, matchResponse.serverToClientKey ); double time = 0.0; const double deltaTime = 0.1; signal( SIGINT, interrupt_handler ); while ( !quit ) { client.SendPackets(); clientTransport.WritePackets(); clientTransport.ReadPackets(); client.ReceivePackets(); client.CheckForTimeOut(); if ( client.IsDisconnected() ) break; time += deltaTime; client.AdvanceTime( time ); clientTransport.AdvanceTime( time ); if ( client.ConnectionFailed() ) break; platform_sleep( deltaTime ); } if ( quit ) printf( "\nclient stopped\n" ); printf( "\n" ); if ( client.IsConnected() ) client.Disconnect(); return 0; }