in source/nitro_enclaves.c [61:110]
int aws_nitro_enclaves_library_seed_entropy(uint64_t num_bytes) {
int nsm_fd = nsm_lib_init();
if (nsm_fd < 0) {
return AWS_OP_ERR;
}
int dev_fd = open("/dev/random", O_WRONLY);
if (dev_fd < 0) {
nsm_lib_exit(nsm_fd);
return AWS_OP_ERR;
}
uint64_t count = 0;
while (count != num_bytes) {
uint8_t buf[NSM_RANDOM_REQ_SIZE];
size_t buf_len = sizeof(buf) > (num_bytes - count) ? (num_bytes - count) : sizeof(buf);
/* Yields up to 256 bytes */
int rc = nsm_get_random(nsm_fd, buf, &buf_len);
if (rc)
goto err;
if (buf_len == 0) {
/* NSM starts yielding zero entropy */
goto err;
}
if ((ssize_t)buf_len != write(dev_fd, buf, buf_len))
goto err;
int bits = buf_len * 8;
rc = ioctl(dev_fd, RNDADDTOENTCNT, &bits);
if (rc < 0)
goto err;
count += buf_len;
}
close(dev_fd);
nsm_lib_exit(nsm_fd);
return AWS_OP_SUCCESS;
err:
close(dev_fd);
nsm_lib_exit(nsm_fd);
return AWS_OP_ERR;
}