This is an automated email from the ASF dual-hosted git repository. yuanz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-trustzone-sdk.git
commit 4f8ca69ebc021cc51cec48799b23b76efa2da740 Author: Yuan Zhuang <[email protected]> AuthorDate: Mon Aug 18 09:09:48 2025 +0000 examples: register custom rng to avoid patching getrandom --- crates/rustls_provider/Cargo.toml | 7 ++----- crates/rustls_provider/src/lib.rs | 16 +++++++++++++++- examples/tls_client-rs/ta/Cargo.lock | 5 ++++- examples/tls_client-rs/ta/Cargo.toml | 9 ++++----- examples/tls_client-rs/ta/src/main.rs | 10 ++++++++++ examples/tls_server-rs/ta/Cargo.lock | 5 ++++- examples/tls_server-rs/ta/Cargo.toml | 9 ++++----- examples/tls_server-rs/ta/src/main.rs | 10 ++++++++++ 8 files changed, 53 insertions(+), 18 deletions(-) diff --git a/crates/rustls_provider/Cargo.toml b/crates/rustls_provider/Cargo.toml index 41bd569..bf60462 100644 --- a/crates/rustls_provider/Cargo.toml +++ b/crates/rustls_provider/Cargo.toml @@ -28,11 +28,8 @@ edition = "2018" optee-utee = { path = "../../optee-utee" } rustls = { version = "0.23.12", default-features = false, features = ["std"] } rustls-rustcrypto = "0.0.2-alpha" +getrandom = "0.2" # Pin these crates for compatibility with our Rustc version nightly-2024-05-15 base64ct = "=1.6.0" -ed25519-dalek = "=2.1.0" - -[patch.crates-io] -# For getrandom 0.2, we add the OP-TEE backend and maintain in teaclave crates -getrandom = { git = "https://github.com/apache/incubator-teaclave-crates.git"; } \ No newline at end of file +ed25519-dalek = "=2.1.0" \ No newline at end of file diff --git a/crates/rustls_provider/src/lib.rs b/crates/rustls_provider/src/lib.rs index 6cd8f57..6c8ce3d 100644 --- a/crates/rustls_provider/src/lib.rs +++ b/crates/rustls_provider/src/lib.rs @@ -15,12 +15,26 @@ // specific language governing permissions and limitations // under the License. -use optee_utee::Time; +use optee_utee::{Random, Time}; use rustls::crypto::CryptoProvider; use rustls::pki_types::UnixTime; use rustls::time_provider::TimeProvider; use std::time::Duration; +/// Custom getrandom function using OP-TEE UTEE Random API +/// +/// In getrandom 0.2 there is no built-in OP-TEE target, so we rely on the +/// `custom` feature to provide an OP-TEE RNG for the crypto provider. +/// Reference: https://docs.rs/getrandom/0.2.16/getrandom/macro.register_custom_getrandom.html +/// +/// The shared `optee_getrandom` function is defined in this crate and +/// registered in the main.rs of tls client and server example. +pub fn optee_getrandom(buf: &mut [u8]) -> Result<(), getrandom::Error> { + // Use OP-TEE's random number generator + Random::generate(buf); + Ok(()) +} + /// CryptoProvider from rustls-rustcrypto, with the rng backend for OP-TEE in getrandom crate pub fn optee_crypto_provider() -> CryptoProvider { rustls_rustcrypto::provider() diff --git a/examples/tls_client-rs/ta/Cargo.lock b/examples/tls_client-rs/ta/Cargo.lock index 17af4c5..2d46493 100644 --- a/examples/tls_client-rs/ta/Cargo.lock +++ b/examples/tls_client-rs/ta/Cargo.lock @@ -323,7 +323,8 @@ dependencies = [ [[package]] name = "getrandom" version = "0.2.16" -source = "git+https://github.com/apache/incubator-teaclave-crates.git#0e0b1fe5daedcff4d4eed18bd1bb9736559cfebd"; +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" dependencies = [ "cfg-if", "libc", @@ -890,6 +891,7 @@ version = "0.1.0" dependencies = [ "base64ct", "ed25519-dalek", + "getrandom", "optee-utee", "rustls", "rustls-rustcrypto", @@ -1036,6 +1038,7 @@ name = "ta" version = "0.5.0" dependencies = [ "anyhow", + "getrandom", "optee-utee", "optee-utee-build", "optee-utee-sys", diff --git a/examples/tls_client-rs/ta/Cargo.toml b/examples/tls_client-rs/ta/Cargo.toml index cf867ad..84a287f 100644 --- a/examples/tls_client-rs/ta/Cargo.toml +++ b/examples/tls_client-rs/ta/Cargo.toml @@ -34,6 +34,9 @@ rustls = { version = "0.23.12", default-features = false, features = ["std"] } webpki-roots = "1" anyhow = "1.0" +# Add getrandom and enable its custom feature, see more details in main.rs +getrandom = { version = "0.2", default-features = false, features = ["custom"] } + [build-dependencies] proto = { path = "../proto" } optee-utee-build = { path = "../../../optee-utee-build" } @@ -41,8 +44,4 @@ optee-utee-build = { path = "../../../optee-utee-build" } [profile.release] panic = "abort" lto = false -opt-level = 3 - -[patch.crates-io] -# For getrandom 0.2, we add the OP-TEE backend and maintain in teaclave crates -getrandom = { git = "https://github.com/apache/incubator-teaclave-crates.git"; } \ No newline at end of file +opt-level = 3 \ No newline at end of file diff --git a/examples/tls_client-rs/ta/src/main.rs b/examples/tls_client-rs/ta/src/main.rs index a601288..43e4b5e 100644 --- a/examples/tls_client-rs/ta/src/main.rs +++ b/examples/tls_client-rs/ta/src/main.rs @@ -29,6 +29,16 @@ use std::convert::TryInto; use std::io::{Read, Write}; use std::sync::Arc; +// Register the custom getrandom implementation. +// +// In getrandom 0.2 there is no built-in OP-TEE target, so we rely on the +// `custom` feature to provide an OP-TEE RNG. +// Reference: https://docs.rs/getrandom/0.2.16/getrandom/macro.register_custom_getrandom.html +// +// For this example, the shared `optee_getrandom` function is defined in the +// `rustls_provider` crate and registered here. +getrandom::register_custom_getrandom!(rustls_provider::optee_getrandom); + #[ta_create] fn create() -> Result<()> { trace_println!("[+] TA create"); diff --git a/examples/tls_server-rs/ta/Cargo.lock b/examples/tls_server-rs/ta/Cargo.lock index 12d1f23..1ed811e 100644 --- a/examples/tls_server-rs/ta/Cargo.lock +++ b/examples/tls_server-rs/ta/Cargo.lock @@ -323,7 +323,8 @@ dependencies = [ [[package]] name = "getrandom" version = "0.2.16" -source = "git+https://github.com/apache/incubator-teaclave-crates.git#0e0b1fe5daedcff4d4eed18bd1bb9736559cfebd"; +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" dependencies = [ "cfg-if", "libc", @@ -890,6 +891,7 @@ version = "0.1.0" dependencies = [ "base64ct", "ed25519-dalek", + "getrandom", "optee-utee", "rustls", "rustls-rustcrypto", @@ -1036,6 +1038,7 @@ name = "ta" version = "0.5.0" dependencies = [ "anyhow", + "getrandom", "lazy_static", "optee-utee", "optee-utee-build", diff --git a/examples/tls_server-rs/ta/Cargo.toml b/examples/tls_server-rs/ta/Cargo.toml index ff90258..ef7e6a2 100644 --- a/examples/tls_server-rs/ta/Cargo.toml +++ b/examples/tls_server-rs/ta/Cargo.toml @@ -34,6 +34,9 @@ rustls = { version = "0.23.12", default-features = false, features = ["std"] } lazy_static = { version = "1.4.0", features=["spin_no_std"] } anyhow = "1.0" +# Add getrandom and enable its custom feature, see more details in main.rs +getrandom = { version = "0.2", default-features = false, features = ["custom"] } + [build-dependencies] proto = { path = "../proto" } optee-utee-build = { path = "../../../optee-utee-build" } @@ -41,8 +44,4 @@ optee-utee-build = { path = "../../../optee-utee-build" } [profile.release] panic = "abort" lto = false -opt-level = 3 - -[patch.crates-io] -# For getrandom 0.2, we add the OP-TEE backend and maintain in teaclave crates -getrandom = { git = "https://github.com/apache/incubator-teaclave-crates.git"; } \ No newline at end of file +opt-level = 3 \ No newline at end of file diff --git a/examples/tls_server-rs/ta/src/main.rs b/examples/tls_server-rs/ta/src/main.rs index 723f556..37378fa 100644 --- a/examples/tls_server-rs/ta/src/main.rs +++ b/examples/tls_server-rs/ta/src/main.rs @@ -30,6 +30,16 @@ use std::collections::HashMap; use std::io::{Cursor, Read, Write}; use std::sync::{Arc, Mutex, RwLock}; +// Register the custom getrandom implementation. +// +// In getrandom 0.2 there is no built-in OP-TEE target, so we rely on the +// `custom` feature to provide an OP-TEE RNG. +// Reference: https://docs.rs/getrandom/0.2.16/getrandom/macro.register_custom_getrandom.html +// +// For this example, the shared `optee_getrandom` function is defined in the +// `rustls_provider` crate and registered here. +getrandom::register_custom_getrandom!(rustls_provider::optee_getrandom); + lazy_static! { static ref TLS_SESSIONS: RwLock<HashMap<u32, Mutex<rustls::ServerConnection>>> = RwLock::new(HashMap::new()); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
