Home > OS >  Getting true random numbers from secure enclave in iPhone?
Getting true random numbers from secure enclave in iPhone?

Time:01-20

Is it possible to get true random numbers from the secure enclave in the iPhone? I read the secure enclave includes a TRNG. I'm not sure if it's possible to use this to get random numbers or if it's for internal use of the secure enclave only. Any ideas?

I have read some official Apple documentation about the secure enclave which states it does have a TRNG, but haven't found any code samples or any information on how to use it, if even possible.

CodePudding user response:

Direct access is exposed to the secure enclave via the CryptoKit module, but this can only be used for NIST P-256 signature operations via the SecureEnclave.P256 namespace. There's no direct TRNG functionality exposed via the secure enclave.

In Swift, random values are generated using the SystemRandomNumberGenerator by default (such as when you call Bool.random()). The documentation states that the actual source of this data depends on the platform, but on Apple platforms this internally uses arc4random_buf(3), which itself is seeded by getentropy(2).

This implies that any random data generated from SystemRandomNumberGenerator is ultimately from getentropy(2) which, according to Apple's security documentation, sources its data from the kernel's CPRNG. This CPRNG is seeded from the Secure Enclave's hardware TRNG (among other sources), depending on availability.

Despite the TRNG being an implementation detail of the kernel, you can consider the kernel's CPRNG a secure source of random data. As this source of random data is exposed by default to .random() APIs in Swift on Apple platforms, you can expect high-quality random data by default.

  • Related