Implement oe_random_internal for OP-TEE.

Signed-off-by: Hernan Gatta <[email protected]>

Fix based on comments

Signed-off-by: Ming-Wei Shih <[email protected]>

Fix

Signed-off-by: Ming-Wei Shih <[email protected]>

Update change log

Signed-off-by: Ming-Wei Shih <[email protected]>

CHANGELOG.md

@@ -16,6 +16,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed 
 - Fixed Jenkins pipeline to produce a valid open-enclave NuGet package. Fixes #2523. 
 
+### Changed
+- `oe_random()` now depends on the hardware-based source of RNG instead of cryptography libraries.
+
 [v0.8.0][v0.8.0_log] - 2020-01-22
 ---------------------
 

enclave/README.md

@@ -4,10 +4,7 @@ enclave
 This directory contains the sources for the oeenclave library, which implements
 the enclave extras, which depend on mbedtls and oelibc. The main parts include:
 
-- Certificate management ([cert.c](cert.c))
-
-- EC key management ([ec.c](ec.c))
-
-- RSA key management ([rsa.c](rsa.c))
-
-- SHA hash management ([sha.c](sha.c))
+- Remote attestation support
+  - Certificate operations ([tls_cert.c](tls_cert.c))
+  - Asymmetric key operations ([asym_keys.c](asym_keys.c))
+  - Platform-specific implementations ([sgx/](sgx/) and [optee/](optee/))

enclave/core/README.md

@@ -4,32 +4,30 @@ core
 This directory contains the sources for the oecore library, which implements
 the enclave intrinsics. The main parts include:
 
-- Enclave entry ([main.S](main.S)) and exit ([exit.S](exit.S)) functions
+- Enclave entry ([sgx/enter.S](sgx/enter.S)) and exit ([sgx/exit.S](sgx/exit.S)) functions
 
-- Enclave initialization ([init.c](init.c))
+- Enclave initialization ([sgx/init.c](sgx/init.c))
 
 - ECALL and OCALL dispatching logic ([calls.c](calls.c))
 
-- The thread data (TD) structure ([td.c](td.c))
+- The thread data (TD) structure ([sgx/td.c](sgx/td.c))
 
-- Spinlock implementation ([spinlock.c](spinlock.c))
+- Spinlock implementation ([sgx/spinlock.c](sgx/spinlock.c) and [optee/spinlock.c](optee/spinlock.c))
 
-- Enclave threads implementation ([thread.c](thread.c))
+- Enclave threads implementation ([sgx/thread.c](sgx/thread.c) and [optee/thread.c](sgx/thread.c))
 
-- Functions for testing enclave memory boundaries ([memory.c](memory.c))
+- Functions for testing enclave memory boundaries ([sgx/memory.c](sgx/memory.c))
 
-- Globals set during enclave signing and loading ([globals.c](globals.c))
+- Globals set during enclave signing and loading ([sgx/globals.c](sgx/globals.c) and [optee/globals](optee/globals.c))
 
-- Host calls ([hostcalls.c](hostcalls.c))
+- Host calls ([sgx/hostcalls.c](sgx/hostcalls.c) and [optee/hostcalls.c](optee/hostcalls.c))
 
 - Standard-like string functions ([string.c](string.c))
 
 - Assertion implementation ([assert.c](assert.c))
 
-- Enclave setjmp and longjmp functions ([jump.c](jump.c))
-
-- Functions for report creation (ENCLU.EREPORT) ([report.c](report.c))
+- Enclave setjmp and longjmp functions ([sgx/longjmp.S](sgx/longjmp.S) and [sgx/setjmp.S](sgx/setjmp.S))
 
 - Enclave sbrk() implementation ([sbrk.c](sbrk.c))
 
-- Entropy ([random.c](random.c)
+- Entropy ([random.c](random.c))

enclave/core/optee/random_internal.c

@@ -1,11 +1,17 @@
 // Copyright (c) Open Enclave SDK contributors.
 // Licensed under the MIT License.
 
+#define OE_NEED_STDC_NAMES
 #include <openenclave/enclave.h>
 
+#include <tee_internal_api.h>
+
 oe_result_t oe_random_internal(void* data, size_t size)
 {
-    OE_UNUSED(data);
-    OE_UNUSED(size);
-    return OE_UNSUPPORTED;
-}
+    if (size > OE_UINT32_MAX)
+        return OE_OUT_OF_BOUNDS;
+
+    TEE_GenerateRandom(data, (uint32_t)size);
+
+    return OE_OK;
+}

enclave/core/sgx/random_internal.c

@@ -5,7 +5,7 @@
 #include <openenclave/enclave.h>
 #include <openenclave/internal/rdrand.h>
 
-// The RDRAND generats 8-byte random value.
+// The RDRAND generates 8-byte random value.
 #define RDRAND_BYTES 8
 
 oe_result_t oe_random_internal(void* data, size_t size)
@@ -22,4 +22,4 @@ oe_result_t oe_random_internal(void* data, size_t size)
     }
 
     return OE_OK;
-}
+}