OP-TEE RNG Oddity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-10 02:25 PM
Hello,
Sorry for a long post this needs some context.
I've been configuring and testing OP-TEE from the following guide:
https://wiki.st.com/stm32mpu/wiki/How_to_configure_OP-TEE
I'm using the STMicro fork of optee_os (tag 3.16.0-stm32mp-r2), and the OP-TEE client, test, and examples from v3.16 from the OPTEE and linaro github repos. The full xtest passes.
Eventually I'll need more than 16 random bytes so changed the optee_example_random to generate more random bytes. Now for the Oddity. When generating longer runs of random bytes, there is almost always a string of all zeros towards the beginning. Here is the output of the linaro version (generates 16 bytes):
# seq 8 | xargs -I -- /usr/bin/optee_example_random
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0xbbe9fda061c8fd5b43632e5126fd12
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x2f448cb95069476141daed86052c461
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0xa3ac3a8719da5ce58e6dad29a8e9fbe9
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x7f437f3de098e599ffc6b60d4661f8d
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x478d186c583d6c7ca3f9fd5ae7c9e77
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0xb218164e80c0925df79fe849e56fe31
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x4f66ec9bafcf5c5f24e8ec7434b6a46
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x526f14533ae4fc5d2d449d2f981f2d1
Now do the same for 32 bytes:
# seq 8 | xargs -I -- /usr/bin/optee_example_random_32
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x159387711116e9d9733c64b8feac1130bd4e9e0be486a12ae618a4624e2a38
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x90883986afa9b4f76551dc63ab16abc3bc64773e56b3a4d34adb4dd5244522
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xf276ac2ae00cb98418d22a8fc42163fc434b55d182767f90fc6961a218b3f
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x719c81a638568e76bd3165dc8fd2137dbc1241b91d1eeabff9a94faa3a35edf
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x88a1b2a8d72cbfeaf7f2f38000019352dac516db4b7c2cf8f2bcd56b1ea
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x6319897f76cfa5c8aa5583c0000137ff3dda91278759ecd4cf5ee98a4ec
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xbc8e87b43bd238b6d50e552000064acfeb2f517f8d860bdfbdafe5fe917
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x52a95fa8396174f6a733c4630000e2f8dc616b80f5fdd3848d42ad5facc1
# seq 16 | xargs -I -- /usr/bin/optee_example_random_32
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x53978d94ccb126b4666d296387ba9252edde887ad68dc2d457403c8dd5803794
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x3ad2282c48e27329c8cc976e8615e40dd2dfcf1a95f74df488d3fa1afe317
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xe1844678e88289ec46fbdbaf3f9d461963ac2415ba9d9c6e99967dfd5399cf5e
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x7c26ed542a0e87734ac4001c9f61732a54927a1bc42a374777f22739ec2e
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xcfaaf5ebf8339c765ee7810000c265925b9067eac97efc1c183cdf94dc
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x82cae935ab11f2f353682b510000eebf7f9f246cd684f37f779618b328ad
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x75bb54797bd5d497dad9f7e3000036bff4fb8f13e282677417d9aeea8afb
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x57b858eef04572f43ca8ab490000ea1f24575c3ccdfae9c36cb7ed8718a
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xc4eb12bdee3985b9351227e20000d1c73576b2469f86884198e99f8b544b
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xe6f1e4c398d6249979f75ab00000c672f08f50cb285e3a254e4159e5119
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x4d9ade2927b8d77fadbff140000c94398b358def624c6452a405d50e486
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x7c3fe2ee212689fdb21916000037133c9b734ab78c57dcc15d68328118
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x70123222fd6758112c6131a00000e0a78ac96b22db984d9614ba6a482f1
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x43aec366a35733b4db7fe5a0000c374253e74a358999a5d3b8d9e7a9dc
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xd9f02f457cfc3b5147974ab0000cb37cb408a3025aec9499e9d692a38a
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xd8ae825765bf61531efe74400000cea8baa8ac9f4cf491f926318f3793
#
See the zeros in most of the outputs? They look suspicious to me. Has anyone tested the ST OP-TEE RNG implementation against the NIST SP800-90b test suite?
Any questions, answers, or comments most welcome!
-Mark Carlin
Solved! Go to Solution.
- Labels:
-
STM32MP15 Lines
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-24 07:22 AM
@Community member​ ,
Please, can you try the attached patch to see if it corrects things from your side ?
Kind regards,
Erwan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-12 06:14 AM
HI @Community member​ ,
could you please confirm you are using the STM32MP1-ecosystem-v4.1.0 (which is the one who is tested with OP-TEE 3.16.0-stm32mp-r2).
Could you share your modified code ?
I have entered an internal case (151843) to followup on our side.
The RNG HW is fully compliant and tested with NIST requirements.
We will check if we have a regression inside OP-TEE SW implementation.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-16 05:51 PM
Hi @PatrickF​,
Thanks for the reply. I haven't had time to go back and look at this, but plan to later on this week. Yes we are using OpenSTLinux v4.1.0, but using Buildroot not Yocto. Attached is the modified version of optee_example_random.c that I used for testing 32 bytes.
Our optee-os fork of the STMicro fork is on Github, you can find it at:
https://github.com/DatumSystems/optee_os.git
Not many changes from OP-TEE 3.16.0-stm32mp-r2. I was using the code at tag v3.16.0-datum.2.
BR,
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-23 12:51 AM
[EDIT] message deleted due to error
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-23 04:30 PM
Hello @Community member​,
I just took a better look at your example. I suppose that you are also using the example program provided on optee-example github for your Host program on Linux side.
I just have seen the following thing:
printf("TA generated UUID value = 0x");
for (i = 0; i < 32; i++)
printf("%x", random_uuid[i]);
printf("\n");
I think there is a simple error of 0 padding in the way they print the final result...
Please can you try with the following modification ?
printf("TA generated UUID value = 0x");
for (i = 0; i < 32; i++)
printf("%02x", random_uuid[i]);
printf("\n");
It will avoid 0 to get away from the final result, and then produce the massive 0 on the left of your final random word.
Kind regards,
Erwan.
In order to give better visibility on the answered topics, please click on 'Select as Best' on the reply which solved your issue or answered your question. See also 'Best Answers'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-23 05:16 PM
Hello @Erwan SZYMANSKI​,
I'm not sure that printf would pad zeros to the format specifier "%x" but made the changes and the problem is still there. Attached are my modified source file and output. I've got an STM32MP157C-DK2 board somewhere around here, was thinking of using the Starter-Package image to try the same test. Do you think this would be useful?
BR,
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-23 05:16 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-24 12:21 AM
Hi @Community member​,
OK I see, my logs in OP-TEE seems to have changed the output behavior.
Let me complete the tests deeper, as I think I can reproduce what you can observe on your side.
Kind regards,
Erwan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-24 03:19 AM
@Community member​ ,
Issue is confirmed from our side.
What happens is that data are not always ready when we read the random value in on of our loop, see below in stm32_rng.c driver from OP-TEE
static TEE_Result stm32_rng_read_available(struct stm32_rng_device *dev,
uint8_t *out, size_t size)
{
vaddr_t base = get_base(dev);
uint8_t *buf = out;
assert(size <= RNG_FIFO_BYTE_DEPTH);
if (dev->error_conceal || io_read32(base + RNG_SR) & RNG_SR_SEIS) {
conceal_seed_error(dev);
return TEE_ERROR_NO_DATA;
}
if (!(io_read32(base + RNG_SR) & RNG_SR_DRDY))
return TEE_ERROR_NO_DATA;
/* RNG is ready: read up to 4 32bit words */
while (size) {
uint32_t data32;
size_t sz;
if (!(io_read32(base + RNG_SR) & RNG_SR_DRDY))
panic("[ALERT | PANIC] random data are not ready");
data32 = io_read32(base + RNG_DR);
sz = MIN(size, sizeof(uint32_t));
if (data32 == 0)
{
IMSG("[WARNING] Generation of 0 detected | SR : %x", io_read32(base + RNG_SR));
}
// IMSG("[TEST] size : %d | data32 read = %x \n", (int)sz, data32);
memcpy(buf, &data32, sz);
buf += sz;
size -= sz;
}
return TEE_SUCCESS;
}
In this situation, the panic that I added in OP-TEE is triggered, we have so an issue on our side. We enter an internal ticket to patch this ASAP.
Thanks a lot for your feedback on this issue.
Kind regards,
Erwan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2023-05-24 07:22 AM
@Community member​ ,
Please, can you try the attached patch to see if it corrects things from your side ?
Kind regards,
Erwan.