Implement TEE-supported RNG for oe_random_internal

Signed-off-by: Ming-Wei Shih <[email protected]>

Add the missing file

Signed-off-by: Ming-Wei Shih <[email protected]>

enclave/CMakeLists.txt

@@ -32,7 +32,6 @@ add_library(oeenclave STATIC
     ../common/datetime.c
     asym_keys.c
     link.c
-    random.c
     tls_cert.c
     ${PLATFORM_SRC})
 

enclave/README.md

@@ -10,7 +10,4 @@ the enclave extras, which depend on mbedtls and oelibc. The main parts include:
 
 - RSA key management ([rsa.c](rsa.c))
 
-- Entropy ([random.c](random.c))
-
 - SHA hash management ([sha.c](sha.c))
-

enclave/core/CMakeLists.txt

@@ -63,6 +63,7 @@ if (OE_SGX)
         sgx/keys.c
         sgx/memory.c
         sgx/properties.c
+        sgx/random_internal.c
         sgx/report.c
         sgx/sched_yield.c
         sgx/spinlock.c
@@ -104,6 +105,7 @@ elseif (OE_TRUSTZONE)
         optee/gp.c
         optee/keys.c
         optee/printf.c
+        optee/random_internal.c
         optee/sched_yield.c
         optee/spinlock.c
         optee/stubs.c
@@ -125,6 +127,7 @@ add_library(oecore STATIC
     ${MUSL_SRC_DIR}/string/memset.c
     __secs_to_tm.c
     __stack_chk_fail.c
+    arena.c
     assert.c
     atexit.c
     backtrace.c
@@ -140,9 +143,9 @@ add_library(oecore STATIC
     once.c
     printf.c
     pthread.c
+    random.c
     result.c
     sbrk.c
-    arena.c
     stdio.c
     strerror.c
     string.c

enclave/core/README.md

@@ -32,3 +32,4 @@ the enclave intrinsics. The main parts include:
 
 - Enclave sbrk() implementation ([sbrk.c](sbrk.c))
 
+- Entropy ([random.c](random.c)

enclave/core/optee/random_internal.c

@@ -0,0 +1,11 @@
+// Copyright (c) Open Enclave SDK contributors.
+// Licensed under the MIT License.
+
+#include <openenclave/enclave.h>
+
+oe_result_t oe_random_internal(void* data, size_t size)
+{
+    OE_UNUSED(data);
+    OE_UNUSED(size);
+    return OE_UNSUPPORTED;
+}

enclave/core/sgx/random_internal.c

@@ -0,0 +1,25 @@
+// Copyright (c) Open Enclave SDK contributors.
+// Licensed under the MIT License.
+
+#include <openenclave/corelibc/string.h>
+#include <openenclave/enclave.h>
+#include <openenclave/internal/rdrand.h>
+
+// The RDRAND generats 8-byte random value.
+#define RDRAND_BYTES 8
+
+oe_result_t oe_random_internal(void* data, size_t size)
+{
+    for (size_t i = 0; i < size; i += RDRAND_BYTES)
+    {
+        size_t request_size = size - i;
+        if (request_size > RDRAND_BYTES)
+        {
+            request_size = RDRAND_BYTES;
+        }
+        uint64_t random_bytes = oe_rdrand();
+        memcpy((void*)((uint8_t*)data + i), (void*)&random_bytes, request_size);
+    }
+
+    return OE_OK;
+}

enclave/crypto/CMakeLists.txt

@@ -8,11 +8,11 @@ add_library(oecryptombed STATIC
     asn1.c
     cert.c
     crl.c
+    ctr_drbg.c
     ec.c
     cmac.c
     hmac.c
     key.c
-    random_internal.c
     rsa.c
     sha.c)
 

enclave/crypto/cert.c

@@ -20,9 +20,9 @@
 #include <openenclave/internal/utils.h>
 #include <string.h>
 #include "crl.h"
+#include "ctr_drbg.h"
 #include "ec.h"
 #include "pem.h"
-#include "random_internal.h"
 #include "rsa.h"
 
 /*

enclave/crypto/random_internal.c → enclave/crypto/ctr_drbg.c

@@ -1,11 +1,10 @@
 // Copyright (c) Open Enclave SDK contributors.
 // Licensed under the MIT License.
 
-#include "random_internal.h"
+#include "ctr_drbg.h"
 #include <mbedtls/entropy.h>
 #include <openenclave/enclave.h>
 #include <openenclave/internal/raise.h>
-#include <openenclave/internal/random.h>
 #include <openenclave/internal/thread.h>
 
 /*
@@ -49,40 +48,3 @@ mbedtls_ctr_drbg_context* oe_mbedtls_get_drbg()
     oe_once(&_seed_once, _seed_entropy_source_once);
     return (_seed_result == OE_OK) ? &_drbg : NULL;
 }
-
-/*
-**==============================================================================
-**
-** Public functions
-**
-**==============================================================================
-*/
-
-oe_result_t oe_random_internal(void* data, size_t size)
-{
-    oe_result_t result = OE_UNEXPECTED;
-    int rc;
-
-    /* Seed the entropy source on the first call */
-    {
-        oe_once(&_seed_once, _seed_entropy_source_once);
-        OE_CHECK(_seed_result);
-    }
-
-    /* Generate random data (synchronize access to _drbg instance) */
-    for (size_t i = 0; i < size; i += MBEDTLS_CTR_DRBG_MAX_REQUEST)
-    {
-        size_t request_size = size - i;
-        if (request_size > MBEDTLS_CTR_DRBG_MAX_REQUEST)
-            request_size = MBEDTLS_CTR_DRBG_MAX_REQUEST;
-
-        rc = mbedtls_ctr_drbg_random(&_drbg, (uint8_t*)data + i, request_size);
-        if (rc != 0)
-            OE_RAISE_MSG(OE_CRYPTO_ERROR, "rc = 0x%x\n", rc);
-    }
-
-    result = OE_OK;
-done:
-
-    return result;
-}

enclave/crypto/random_internal.h → enclave/crypto/ctr_drbg.h

@@ -1,11 +1,11 @@
 // Copyright (c) Open Enclave SDK contributors.
 // Licensed under the MIT License.
 
-#ifndef _CRYPTO_ENCLAVE_RANDOM_H
-#define _CRYPTO_ENCLAVE_RANDOM_H
+#ifndef _CRYPTO_ENCLAVE_CTR_DRBG_H
+#define _CRYPTO_ENCLAVE_CTR_DRBG_H
 
 #include <mbedtls/ctr_drbg.h>
 
 mbedtls_ctr_drbg_context* oe_mbedtls_get_drbg();
 
-#endif /* _CRYPTO_ENCLAVE_RANDOM_H */
+#endif /* _CRYPTO_ENCLAVE_CTR_DRBG_H */

enclave/crypto/ec.c

@@ -9,9 +9,9 @@
 #include <openenclave/internal/raise.h>
 #include <openenclave/internal/safecrt.h>
 #include <openenclave/internal/utils.h>
+#include "ctr_drbg.h"
 #include "key.h"
 #include "pem.h"
-#include "random_internal.h"
 
 static uint64_t _PRIVATE_KEY_MAGIC = 0xf12c37bb02814eeb;
 static uint64_t _PUBLIC_KEY_MAGIC = 0xd7490a56f6504ee6;

enclave/crypto/rsa.c

@@ -7,7 +7,6 @@
 #include <openenclave/internal/utils.h>
 #include "key.h"
 #include "pem.h"
-#include "random_internal.h"
 
 static uint64_t _PRIVATE_KEY_MAGIC = 0xd48de5bae3994b41;
 static uint64_t _PUBLIC_KEY_MAGIC = 0x713600af058c447a;