Hi,

Thank you for your response.

I could figure out the problems in my test program. I'll also consider your comments on "random", but currently I'm implementing the test program only. (It's fine till now.)

On Wed, Dec 9, 2015 at 8:05 PM, Josef Söntgen < josef.soentgen@...1...> wrote:

Hello Jaemin,

• Jaemin Park <jmpark81@...9...> [2015-12-09 17:52:19 +0900]:

...

I'm currently modifying tz_vmm to use openssl (librcrypto) to generate

RSA

...

key pair on i.mx53 QSB. (That is, RSA key pair is generated inside the Secure World.)

Whenever I try to execute the following code, the error occurs.

The source code in tz_vmm (main.cc)

/* key pair generation */ int generate_keypair(){ int keylen; char *pem_key; BIGNUM *e=NULL;

                    keypair = RSA_new();

                    e = BN_new();
                    BN_set_word(e, 65537);

                    if (!RSA_generate_key_ex(keypair, 2048, e, NULL))
                            PERR("failed to generate key pair");

                    /* the big number is no longer used */
                    BN_free(e);
                    e = NULL;

                    /* To get the C-string PEM form: */
                    BIO *pub = BIO_new(BIO_s_mem());
                    PEM_write_bio_RSAPublicKey(pub, keypair);

                    keylen = BIO_pending(pub);
                    pem_key = (char*)malloc(keylen+1);
                    BIO_read(pub, pem_key, keylen);
                    pem_key[keylen+1] = '\0';

                    BIO_free_all(pub);

                    return keylen;
            }

The error code (imx53 QSB)

[init -> tz_vmm] read_rtc: rtc not configured, returning 0 [init -> tz_vmm] no plugin found for fcntl(2) [init -> tz_vmm] no plugin found for write(2) [init -> tz_vmm] failed to generate key pair

What should I do to fix up this error? Any comment is welcome.

The 'no plugin found' messages inform you that the component could not open fd 2 (= stderr). You have to point the libc to the VFS node that provides stderr (see [1]). I suspect libcrypto wants to print some error message. On a side note, our libcrypto port uses the normal POSIX backend and wants to use '/dev/random'. Therefore you have to configure the VFS to provide this node.

Note that there is currently no random source besides an older version of the jitterentropy RNG [2] available on Genode. So, for all use cases that go beyond mere experimentation, the generated keys should be considered as insecure if you only use this as source.

Regards Josef

[1] http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file... [2] http://www.chronox.de/jent.html

---

---

genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main