Hello Jaemin,
* Jaemin Park <jmpark81@...9...> [2015-12-09 17:52:19 +0900]:
I'm currently modifying tz_vmm to use openssl (librcrypto) to generate RSA key pair on i.mx53 QSB. (That is, RSA key pair is generated inside the Secure World.)
Whenever I try to execute the following code, the error occurs.
The source code in tz_vmm (main.cc)
/* key pair generation */ int generate_keypair(){ int keylen; char *pem_key; BIGNUM *e=NULL;
keypair = RSA_new(); e = BN_new(); BN_set_word(e, 65537); if (!RSA_generate_key_ex(keypair, 2048, e, NULL)) PERR("failed to generate key pair"); /* the big number is no longer used */ BN_free(e); e = NULL; /* To get the C-string PEM form: */ BIO *pub = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPublicKey(pub, keypair); keylen = BIO_pending(pub); pem_key = (char*)malloc(keylen+1); BIO_read(pub, pem_key, keylen); pem_key[keylen+1] = '\0'; BIO_free_all(pub); return keylen; }The error code (imx53 QSB)
[init -> tz_vmm] read_rtc: rtc not configured, returning 0 [init -> tz_vmm] no plugin found for fcntl(2) [init -> tz_vmm] no plugin found for write(2) [init -> tz_vmm] failed to generate key pair
What should I do to fix up this error? Any comment is welcome.
The 'no plugin found' messages inform you that the component could not open fd 2 (= stderr). You have to point the libc to the VFS node that provides stderr (see [1]). I suspect libcrypto wants to print some error message. On a side note, our libcrypto port uses the normal POSIX backend and wants to use '/dev/random'. Therefore you have to configure the VFS to provide this node.
Note that there is currently no random source besides an older version of the jitterentropy RNG [2] available on Genode. So, for all use cases that go beyond mere experimentation, the generated keys should be considered as insecure if you only use this as source.
Regards Josef
[1] http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file... [2] http://www.chronox.de/jent.html