Hi,

Thank you for your response.

I could figure out the problems in my test program.
I'll also consider your comments on "random", but currently I'm implementing the test program only. (It's fine till now.)

On Wed, Dec 9, 2015 at 8:05 PM, Josef Söntgen <josef.soentgen@...1...> wrote:
Hello Jaemin,

* Jaemin Park <jmpark81@...9...> [2015-12-09 17:52:19 +0900]:
> I'm currently modifying tz_vmm to use openssl (librcrypto) to generate RSA
> key pair on i.mx53 QSB.
> (That is, RSA key pair is generated inside the Secure World.)
>
> Whenever I try to execute the following code, the error occurs.
>
> The source code in tz_vmm (main.cc)
> ===========================================================
> /* key pair generation */
>                 int generate_keypair(){
>                         int keylen;
>                         char *pem_key;
>                         BIGNUM *e=NULL;
>
>                         keypair = RSA_new();
>
>                         e = BN_new();
>                         BN_set_word(e, 65537);
>
>                         if (!RSA_generate_key_ex(keypair, 2048, e, NULL))
>                                 PERR("failed to generate key pair");
>
>                         /* the big number is no longer used */
>                         BN_free(e);
>                         e = NULL;
>
>                         /* To get the C-string PEM form: */
>                         BIO *pub = BIO_new(BIO_s_mem());
>                         PEM_write_bio_RSAPublicKey(pub, keypair);
>
>                         keylen = BIO_pending(pub);
>                         pem_key = (char*)malloc(keylen+1);
>                         BIO_read(pub, pem_key, keylen);
>                         pem_key[keylen+1] = '\0';
>
>                         BIO_free_all(pub);
>
>                         return keylen;
>                 }
>
> The error code (imx53 QSB)
> ============================================================
> [init -> tz_vmm] read_rtc: rtc not configured, returning 0
> [init -> tz_vmm] no plugin found for fcntl(2)
> [init -> tz_vmm] no plugin found for write(2)
> [init -> tz_vmm] failed to generate key pair
>
> What should I do to fix up this error?
> Any comment is welcome.

The 'no plugin found' messages inform you that the component could not
open fd 2 (= stderr). You have to point the libc to the VFS node that
provides stderr (see [1]). I suspect libcrypto wants to print some
error message. On a side note, our libcrypto port uses the normal POSIX
backend and wants to use '/dev/random'. Therefore you have to configure
the VFS to provide this node.

Note that there is currently no random source besides an older version
of the jitterentropy RNG [2] available on Genode. So, for all use cases
that go beyond mere experimentation, the generated keys should be
considered as insecure if you only use this as source.


Regards Josef

[1] http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file_systems
[2] http://www.chronox.de/jent.html

------------------------------------------------------------------------------
_______________________________________________
genode-main mailing list
genode-main@...12...ceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main