Solved
OP-TEE RNG Oddity
Hello,
Sorry for a long post this needs some context.
I've been configuring and testing OP-TEE from the following guide:
https://wiki.st.com/stm32mpu/wiki/How_to_configure_OP-TEE
I'm using the STMicro fork of optee_os (tag 3.16.0-stm32mp-r2), and the OP-TEE client, test, and examples from v3.16 from the OPTEE and linaro github repos. The full xtest passes.
Eventually I'll need more than 16 random bytes so changed the optee_example_random to generate more random bytes. Now for the Oddity. When generating longer runs of random bytes, there is almost always a string of all zeros towards the beginning. Here is the output of the linaro version (generates 16 bytes):
# seq 8 | xargs -I -- /usr/bin/optee_example_random
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0xbbe9fda061c8fd5b43632e5126fd12
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x2f448cb95069476141daed86052c461
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0xa3ac3a8719da5ce58e6dad29a8e9fbe9
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x7f437f3de098e599ffc6b60d4661f8d
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x478d186c583d6c7ca3f9fd5ae7c9e77
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0xb218164e80c0925df79fe849e56fe31
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x4f66ec9bafcf5c5f24e8ec7434b6a46
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 16 bytes.
TA generated UUID value = 0x526f14533ae4fc5d2d449d2f981f2d1Now do the same for 32 bytes:
# seq 8 | xargs -I -- /usr/bin/optee_example_random_32
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x159387711116e9d9733c64b8feac1130bd4e9e0be486a12ae618a4624e2a38
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x90883986afa9b4f76551dc63ab16abc3bc64773e56b3a4d34adb4dd5244522
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xf276ac2ae00cb98418d22a8fc42163fc434b55d182767f90fc6961a218b3f
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x719c81a638568e76bd3165dc8fd2137dbc1241b91d1eeabff9a94faa3a35edf
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x88a1b2a8d72cbfeaf7f2f38000019352dac516db4b7c2cf8f2bcd56b1ea
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x6319897f76cfa5c8aa5583c0000137ff3dda91278759ecd4cf5ee98a4ec
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xbc8e87b43bd238b6d50e552000064acfeb2f517f8d860bdfbdafe5fe917
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x52a95fa8396174f6a733c4630000e2f8dc616b80f5fdd3848d42ad5facc1
# seq 16 | xargs -I -- /usr/bin/optee_example_random_32
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x53978d94ccb126b4666d296387ba9252edde887ad68dc2d457403c8dd5803794
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x3ad2282c48e27329c8cc976e8615e40dd2dfcf1a95f74df488d3fa1afe317
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xe1844678e88289ec46fbdbaf3f9d461963ac2415ba9d9c6e99967dfd5399cf5e
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x7c26ed542a0e87734ac4001c9f61732a54927a1bc42a374777f22739ec2e
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xcfaaf5ebf8339c765ee7810000c265925b9067eac97efc1c183cdf94dc
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x82cae935ab11f2f353682b510000eebf7f9f246cd684f37f779618b328ad
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x75bb54797bd5d497dad9f7e3000036bff4fb8f13e282677417d9aeea8afb
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x57b858eef04572f43ca8ab490000ea1f24575c3ccdfae9c36cb7ed8718a
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xc4eb12bdee3985b9351227e20000d1c73576b2469f86884198e99f8b544b
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xe6f1e4c398d6249979f75ab00000c672f08f50cb285e3a254e4159e5119
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x4d9ade2927b8d77fadbff140000c94398b358def624c6452a405d50e486
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x7c3fe2ee212689fdb21916000037133c9b734ab78c57dcc15d68328118
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x70123222fd6758112c6131a00000e0a78ac96b22db984d9614ba6a482f1
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0x43aec366a35733b4db7fe5a0000c374253e74a358999a5d3b8d9e7a9dc
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xd9f02f457cfc3b5147974ab0000cb37cb408a3025aec9499e9d692a38a
Invoking TA to generate random UUID...
D/TA: random_number_generate:74 has been called
I/TA: Generating random data over 32 bytes.
TA generated UUID value = 0xd8ae825765bf61531efe74400000cea8baa8ac9f4cf491f926318f3793
#See the zeros in most of the outputs? They look suspicious to me. Has anyone tested the ST OP-TEE RNG implementation against the NIST SP800-90b test suite?
Any questions, answers, or comments most welcome!
-Mark Carlin