theShmoo
commented
3 years ago your Linux Developer Guide says in "5. Appendix A: Supported APIs" RAND_seed is supported
Open theShmoo opened 3 years ago
theShmoo
commented
3 years ago your Linux Developer Guide says in "5. Appendix A: Supported APIs" RAND_seed is supported
ShundaZhang
commented
3 years ago We use the latest version of the Intel SGX SDK. (intel/linux-sgx: Intel SGX for Linux* (github.com) Also we need to use OpenSSL in the Intel SGX Enclave. For that we use the up to date version of intel-sgx-ssl.
We recognized that you replace the rand_lib.c of OpenSSL with your own version: intel-sgx-ssl/rand_lib.c at master · intel/intel-sgx-ssl (github.com))
But your version does not provide any possibility to seed the random number generator!
In the lines #L847-L854 you see that the seed function pointer is just empty.
If you then call RAND_seed just nothing happens! Which is extremely dangerous, if we would not have looked at your source code, we would have never detected this problem! We need to seed the random number generator with numbers provided by a Hardware Security Module as a requirement.
What do you suggest? Why is this not implemented? Is there another way to seed?
To your question, we suggest you to use the default RDRAND engine without seed, it is secure.
theShmoo
commented
3 years ago Thank you for your response!
Do the random numbers generated by RDRAND comply with the specifications from AIS-20?
It is hard for us to understand all the details and for us it would be easier to just seed the PRNG by our self. But if RDRAND is good enough for this specification it would be great.
ShundaZhang
commented
3 years ago Thank you for your response!
Do the random numbers generated by RDRAND comply with the specifications from AIS-20?
It is hard for us to understand all the details and for us it would be easier to just seed the PRNG by our self. But if RDRAND is good enough for this specification it would be great.
Yes, I think the random numbers generated correctly by RDRAND comply with AIS20. You can refer to https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=20 Intel RDRAND is a HW based instruction, and a NDRNG (Nondeterministic Random Number Generator), complies NIST 800-90 A/B/C and BSI AIS-20/31.
theShmoo
commented
3 years ago Thank you very much for your help!
We will consider using "only" RDRAND. I will update you here if it is sufficient for us.
I won't close the issue, because I consider it a bug that the RAND_seed method just does nothing. But feel free to close if you disagree.
We use the latest version of the Intel SGX SDK. (intel/linux-sgx: Intel SGX for Linux* (github.com) Also we need to use OpenSSL in the Intel SGX Enclave. For that we use the up to date version of intel-sgx-ssl.
We recognized that you replace the rand_lib.c of OpenSSL with your own version: intel-sgx-ssl/rand_lib.c at master · intel/intel-sgx-ssl (github.com))
But your version does not provide any possibility to seed the random number generator!
In the lines #L847-L854 you see that the seed function pointer is just empty.
If you then call RAND_seed just nothing happens! Which is extremely dangerous, if we would not have looked at your source code, we would have never detected this problem! We need to seed the random number generator with numbers provided by a Hardware Security Module as a requirement.
What do you suggest? Why is this not implemented? Is there another way to seed?